File tree Expand file tree Collapse file tree 3 files changed +30
-8
lines changed Expand file tree Collapse file tree 3 files changed +30
-8
lines changed Original file line number Diff line number Diff line change @@ -44,21 +44,24 @@ paths='
4444/usr
4545'
4646
47- split_args_by_lf () {
48- lf='
47+ lf='
4948'
50- printf ' %s' " $1 " | case " $1 " in * $lf * ) cat ;; * ) tr ' ' ' \n' esac
51- }
52- IFS='
53- ' # Split args only on newline
49+ split_args_by_lf () { printf ' %s' " $1 " | case " $1 " in * $lf * ) cat ;; * ) tr ' ' ' \n' esac ; }
50+ # Support BWRAP_ARGS passed to the process as well as via .env file
51+ prev_BWRAP_ARGS=" ${BWRAP_ARGS:- } "
52+ # Init env from dotenv file
53+ # shellcheck disable=SC2046
54+ [ ! -e " $cwd /.env" || { . " $cwd /.env" ; export $( grep -Pzo ' (?m)^\w*(?==)' " $cwd /.env" | tr ' \0' ' \n' ) ; }
55+ IFS=" $lf " # Split args only on newline
5456# shellcheck disable=SC2046
55- set -- $( split_args_by_lf " ${BWRAP_ARGS:- } " ) " $bin " " $@ "
57+ set -- $( split_args_by_lf " ${BWRAP_ARGS:- } " ) $( split_args_by_lf " ${prev_BWRAP_ARGS :- } " ) " $bin " " $@ "
5658unset IFS
5759
5860home=" $cwd /.sandbox-home"
5961mkdir -p " $home /tmp"
6062
61- # Set env vars
63+ # Pass our own redacted copy of env
64+ # Expose all vars passed exclusively to this process (i.e. not its parent)
6265IFS=$( printf ' \037' )
6366for var in $( env -0 |
6467 grep -Ez -e ' ^('
@@ -72,6 +75,7 @@ for var in $(env -0 |
7275 paste -z -s -d ' |' ) )$" |
7376 paste -z -s -d ' |' ) )=" |
7477 grep -Ezv -e ' ^(_|LS_COLORS|PS1)=' |
78+ grep -Ezv -e ' ^(BWRAP_ARGS)=' |
7579 tr ' \0' ' \037' ) ; do
7680 set -- --setenv " ${var%% =* } " " ${var#* =} " " $@ "
7781done
Original file line number Diff line number Diff line change 1+ #! /bin/sh
2+ set -eu
3+
4+ . " ${0%/* } /_init.sh"
5+
6+ BWRAP_ARGS=' --ro-bind /etc/os-release /file'
Original file line number Diff line number Diff line change 1+ #! /bin/sh
2+ set -eu
3+
4+ . " ${0%/* } /_init.sh"
5+
6+
7+ FOOBAR=1 sandbox-run sh -c ' set -u; echo $FOOBAR'
8+ echo " FOOBAR_DOTENV=1" > .env
9+ FOOBAR=1 sandbox-run sh -c ' set -u; echo $FOOBAR_DOTENV'
10+ # Sanity checks
11+ sandbox-run sh -c ' set -u; echo $PWD'
12+ ! sandbox-run sh -c ' set -u; echo $NONEXISTENT' 2> /dev/null
You can’t perform that action at this time.
0 commit comments