WIP tests: Enable nix sandboxing

This is more faithful to what happens on real systems, and avoids musl to leak into the build. This fixes the test-static-code failure, and reproduces test failures that happen in upstream builds.
martinpitt · Dec 27, 2020 · cc33e02 · cc33e02
1 parent 946f3dd
commit cc33e02
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/tests/run-nix b/tests/run-nix
@@ -10,10 +10,9 @@ else
     RUNC="sudo docker"
 fi
 
-$RUNC run --interactive ${OPTS:-} --volume `pwd`:/source:ro docker.io/nixos/nix /bin/sh <<EOF
-# HACK: test-static-code fails: /~https://github.com/martinpitt/umockdev/issues/115#issuecomment-751456532
-cp -a /source /tmp/source
-sed -i '/test-static-code/d' /tmp/source/meson.build
+# sandboxing requires privileged container; /~https://github.com/NixOS/docker#limitations
+$RUNC run --interactive ${OPTS:-} --privileged --volume `pwd`:/source:ro docker.io/nixos/nix /bin/sh <<EOF
+sed -i '/sandbox/ s/false/true/' /etc/nix/nix.conf
 
-nix-build --keep-failed -E '(import (builtins.fetchTarball { url = "/~https://github.com/NixOS/nixpkgs/archive/master.tar.gz"; }) {}).umockdev.overrideAttrs (attrs: { src = /tmp/source; patches = []; preCheck = ""; doCheck = true; })'
+nix-build --keep-failed -E '(import (builtins.fetchTarball { url = "/~https://github.com/NixOS/nixpkgs/archive/master.tar.gz"; }) {}).umockdev.overrideAttrs (attrs: { src = /source; patches = []; preCheck = ""; doCheck = true; })'
 EOF