Nix: 在 –pure 模式下,Go 包仍然指向主机的 GOPATH。

huangapple go评论83阅读模式
英文:

Nix: go package in --pure mode still pointing to host's GOPATH

问题

我正在尝试使用go包运行一个nix shell来测试一个go程序。然而,为了确保可重现性,我不希望nix-shell中的go指向任何与主机相关的路径或信息。所以,有人建议我在命令中使用--pure标志。

我的最终命令如下:

$ nix-shell --pure -p go

一旦shell启动,我运行go env,结果如下:

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/HOSTUSERNAME/.cache/go-build"
GOENV="/home/HOSTUSERNAME/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/HOSTUSERNAME/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/HOSTUSERNAME/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/nix/store/a7875alzpnr46z6mv4ssymfdwmvr6xbq-go-1.19.4/share/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/nix/store/a7875alzpnr46z6mv4ssymfdwmvr6xbq-go-1.19.4/share/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19.4"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/run/user/1000/go-build3633664660=/tmp/go-build -gno-record-gcc-switches"

我原本期望以一种可重现的方式安装我的Go项目,而不使用主机继承的GOPATH和其他相关的环境变量。

有没有办法通过Nix在shell中安装的go包完全与主机系统的依赖项分离,然后测试Go项目?

英文:

I'm trying to run a nix shell with the go package to test a go program. However, to ensure reproducability, I do not want the go in nix-shell to point back to any host related path or info. So, I was advised to use the --pure flag in the command.

My final command looks like this:

$ nix-shell --pure -p go

Once the shell is live, I run go env and I see this:

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/HOSTUSERNAME/.cache/go-build"
GOENV="/home/HOSTUSERNAME/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/HOSTUSERNAME/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/HOSTUSERNAME/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/nix/store/a7875alzpnr46z6mv4ssymfdwmvr6xbq-go-1.19.4/share/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/nix/store/a7875alzpnr46z6mv4ssymfdwmvr6xbq-go-1.19.4/share/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19.4"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/run/user/1000/go-build3633664660=/tmp/go-build -gno-record-gcc-switches"

I was expecting to install my Go project in a reproducible way without using the host's inherited GOPATH and other related environment variables.

Is there way to completely detach the host system's dependencies by Nix's go package installed in the shell and then test the Go Project?

答案1

得分: 1

即使环境变量GOPATHGOENVGOMODCACHE等"完全未设置",go env和相关工具仍会合成相对于$HOME的默认值。

因此,如果您想定期测试您的项目是否对您的主目录有隐藏的依赖关系,您应该将其构建包装在一个Nix派生中;假设您在一个支持沙箱的平台上,并且启用了此功能,这将导致该构建在一个沙箱中进行,无法访问您的主目录。

有关构建一个派生来包装您的程序构建的指导,请参阅gomod2nix和更一般地参阅nixos.wiki上的Go条目


另外,请注意,nix-shell --pure并不能创建在每个方面都是纯净的shell:仍然存在对来自本地通道的nixpkgs的依赖。如果您想要控制这一点,您需要一个shell.nixflake.nix,以固定特定的nixpkgs版本。

英文:

Even when the environment variables GOPATH, GOENV, GOMODCACHE, &c. are completely unset, go env and related tools synthesize default values relative to $HOME.

Thus, if you want to test on a regular basis that your project doesn't have hidden dependencies on your home directory, you should wrap its build in a Nix derivation; assuming you're on a platform where Nix supports sandboxing, and that this feature is enabled, this will cause that build to be done in a sandbox with no access to your home directory.

See gomod2nix and more generally the Go entry on nixos.wiki for guidance on building a derivation to wrap your program's build.


Also, note that nix-shell --pure doesn't create shells that are pure in every sense of the world: There's still a dependency on nixpkgs coming from your local channels. If you want to control that, you'll want a shell.nix or flake.nix that pins a specific nixpkgs revision.

huangapple
  • 本文由 发表于 2023年1月3日 03:19:28
  • 转载请务必保留本文链接:https://go.coder-hub.com/74986251.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定