diff options
| author | Arun Isaac | 2024-10-07 15:46:58 +0100 |
|---|---|---|
| committer | Arun Isaac | 2024-10-07 15:46:58 +0100 |
| commit | 454a0ff7744963433c03ab813cf9309be5c6b0a9 (patch) | |
| tree | 64a3090c5b16d3388a8fe17de20064bb2b9a622d | |
| parent | f2ab2860f2e02b4ddc080242154c8f44dec9081e (diff) | |
| download | ravanan-454a0ff7744963433c03ab813cf9309be5c6b0a9.tar.gz ravanan-454a0ff7744963433c03ab813cf9309be5c6b0a9.tar.lz ravanan-454a0ff7744963433c03ab813cf9309be5c6b0a9.zip | |
bin: Load manifests without their definitions leaking out.
* bin/ravanan: Do not import (gnu packages) and (guix profiles).
(load-manifest): New function.
(main): Use load-manifest.
| -rwxr-xr-x | bin/ravanan | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/bin/ravanan b/bin/ravanan index 2b44163..19bb8b5 100755 --- a/bin/ravanan +++ b/bin/ravanan @@ -29,11 +29,7 @@ exec guile --no-auto-compile -e main -s "$0" "$@" (json) (ravanan reader) (ravanan utils) - (ravanan workflow) - - ;; required to load manifest files - (gnu packages) - (guix profiles)) + (ravanan workflow)) (define %options (list (option (list "batch-system" "batchSystem") #t #f @@ -101,6 +97,27 @@ files that have the token in the @verbatim{SLURM_JWT=token} format." string-trim-both get-string-all))) +(define (load-manifest manifest-file) + "Load manifest from @var{manifest-file} and return it." + ;; We load the manifest file into a dummy module of its own so that any + ;; definitions from there don't leak out. We also ensure that this dummy + ;; module is different for different manifest files so that definitions from + ;; one manifest file don't leak into other manifest files. + (let ((manifest-file-path (canonicalize-file-name manifest-file)) + (manifest-module (resolve-module (match (file-name-split manifest-file-path) + (("" parts ...) + (map string->symbol parts)))))) + ;; Import modules required for loading manifests. + (for-each (lambda (module-name) + (module-use! manifest-module (resolve-interface module-name))) + '((guile) + (gnu packages) + (guix profiles))) + (save-module-excursion + (lambda () + (set-current-module manifest-module) + (load manifest-file-path))))) + (define main (match-lambda ((program args ...) @@ -134,8 +151,9 @@ files that have the token in the @verbatim{SLURM_JWT=token} format." ;; We must not try to compile guix manifest files. (set! %load-should-auto-compile #f) (scm->json (run-workflow (file-name-stem workflow-file) - (load (canonicalize-path - (assq-ref args 'guix-manifest-file))) + (load-manifest + (canonicalize-path + (assq-ref args 'guix-manifest-file))) (read-workflow workflow-file) (read-inputs inputs-file) (case (assq-ref args 'batch-system) |