Open ghost opened 3 years ago
(For the second issue we discussed splitting those directories, for example one directory for each binary or for each package so that we can create a PATH
variable which really represent the binaries declared as dependencies (similarly to nix))
Dumping here the result of various discussions we had with about environment variables, for future reference.
Currently, Dune passes through the environment it is executed in to commands it runs. The only management of the environment we do is allowing users to declare dependency on environment variables, so that actions are re-executed when such environment variables change.
There are several issues we know about regarding the environment:
PATH
so that commands can access binaries with a public name or binaries locally added to thePATH
via(env (_ (binaries ...)))
. It does something similar for libraries by settingOCAMLPATH
. When an aciton is sandboxed, such variables still point to paths outside of the sandbox, allowing actions to "escape" the sandbox and see things they are not supposed to seeFor the first issue, we discussed and/or tested a few ideas:
libc
or some other library might be reading some variable to be set that we don't know aboutX
via theenv
stanza, then any action declaring a dependency onX
will see it, andX
will be clearer from the environment of actions that don't declare a dependency on itAs always, any behaviour change should be tied to the version of the Dune language to ensure good backward compatibility.
We are currently passing around the environment as a string map, and overall it feels like we should probably use some more structured representation.