* [PATCH] Add .envrc files for use with nix-direnv
@ 2025-08-08 20:58 Demi Marie Obenour
2025-08-14 21:17 ` Demi Marie Obenour
0 siblings, 1 reply; 2+ messages in thread
From: Demi Marie Obenour @ 2025-08-08 20:58 UTC (permalink / raw)
To: Spectrum OS Development; +Cc: Alyssa Ross, Demi Marie Obenour
This allows automatically setting up environment variables when entering
a directory.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
.envrc | 1 +
.gitignore | 1 +
host/initramfs/.envrc | 1 +
host/rootfs/.envrc | 1 +
img/app/.envrc | 1 +
release/checks/wayland/surface-notify/.envrc | 1 +
release/live/.envrc | 1 +
tools/.envrc | 1 +
tools/lseek/.envrc | 1 +
vm/sys/net/.envrc | 1 +
10 files changed, 10 insertions(+)
diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/.gitignore b/.gitignore
index 8bb50396847bb2d64fb7db9ea230f0fab23b17b1..86ebca8ba9af2c63122364a6f2b2a5337ca0f0e5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ target/
**/subprojects/*
!**/subprojects/*.wrap
!**/subprojects/packagefiles
+**/.direnv/*
diff --git a/host/initramfs/.envrc b/host/initramfs/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/host/initramfs/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/host/rootfs/.envrc b/host/rootfs/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/host/rootfs/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/img/app/.envrc b/img/app/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/img/app/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/release/checks/wayland/surface-notify/.envrc b/release/checks/wayland/surface-notify/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/release/checks/wayland/surface-notify/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/release/live/.envrc b/release/live/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/release/live/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/tools/.envrc b/tools/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/tools/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/tools/lseek/.envrc b/tools/lseek/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/tools/lseek/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/vm/sys/net/.envrc b/vm/sys/net/.envrc
new file mode 100644
index 0000000000000000000000000000000000000000..1d953f4bd73593aba0a2af3db2d14178e2b8b9fe
--- /dev/null
+++ b/vm/sys/net/.envrc
@@ -0,0 +1 @@
+use nix
---
base-commit: ecafd460a61e3ecf1a084e3e66eba32a0f7865a7
change-id: 20250808-envrc-d05f5fe739d7
--
Sincerely,
Demi Marie Obenour (she/her/hers)
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] Add .envrc files for use with nix-direnv
2025-08-08 20:58 [PATCH] Add .envrc files for use with nix-direnv Demi Marie Obenour
@ 2025-08-14 21:17 ` Demi Marie Obenour
0 siblings, 0 replies; 2+ messages in thread
From: Demi Marie Obenour @ 2025-08-14 21:17 UTC (permalink / raw)
To: Spectrum OS Development; +Cc: Alyssa Ross
[-- Attachment #1.1.1: Type: text/plain, Size: 1172 bytes --]
On 8/8/25 16:58, Demi Marie Obenour wrote:
> This allows automatically setting up environment variables when entering
> a directory.
On further thought, I'm not sure this is actually a good idea, especially
for anyone (like Alyssa :)) who will reviewing third-party patches. The
reason is that changes to nix or envrc files will be executed without
confirmation, so the only chance to validate that a patch doesn't contain
malicious code is _before_ it is applied. That can be more difficult than
reviewing an already-applied (but not built or committed) patch. One can
mitigate this by using a separate worktree where the envrc files are not
authorized, but that's extra work and more prone to human error. Not a
good thing for security.
I actually made this mistake by using `b4 shazam -m` instead of
`b4 --offline shazam -m` or `git am`, which will pull patches from
the mailing list if they are newer than the patch in the mbox.
Thankfully no such patch exists on the list and the `b4 shazam`
output made that clear. Still, it's an easy mistake to make and
the consequences could be very bad.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-08-14 21:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-08 20:58 [PATCH] Add .envrc files for use with nix-direnv Demi Marie Obenour
2025-08-14 21:17 ` Demi Marie Obenour
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).