abbyswag/qwen-code
1
0
Fork 0
mirror of https://github.com/QwenLM/qwen-code.git synced 2025-12-20 16:57:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix debugging with seatbelt, including in strict profile (#300)

Browse Source
This commit is contained in:
Olcan
2025-05-09 08:44:40 -07:00
committed by GitHub
parent baa26e9e2e
commit b35a3856a2
4 changed files with 42 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
scripts/sandbox_command.sh
View File

@@ -54,35 +54,37 @@ if [ -z "${GEMINI_CODE_SANDBOX:-}" ]; then
done
fi
# if GEMINI_CODE_SANDBOX is still not set, then exit immediately w/ code 1
if [ -z "${GEMINI_CODE_SANDBOX:-}" ]; then exit 1; fi
# lowercase GEMINI_CODE_SANDBOX
GEMINI_CODE_SANDBOX=$(echo "${GEMINI_CODE_SANDBOX:-}" | tr '[:upper:]' '[:lower:]')
# if GEMINI_CODE_SANDBOX is set to 0 or false, then exit immediately w/ code 1
if [[ "${GEMINI_CODE_SANDBOX:-}" =~ ^(0|false)$ ]]; then
exit 1
fi
# if GEMINI_CODE_SANDBOX is set to 1 or true, then try to use docker or podman
# if GEMINI_CODE_SANDBOX is set to 1|true, then try to use docker or podman
# if non-empty and not 0|false, treat as custom command and check that it exists
# if empty or 0|false, then fail silently (after checking for possible fallbacks)
command=""
if [[ "${GEMINI_CODE_SANDBOX:-}" =~ ^(1|true)$ ]]; then
if command -v docker &>/dev/null; then
if [ "$QUIET" = false ]; then echo "docker"; fi
exit 0
command="docker"
elif command -v podman &>/dev/null; then
if [ "$QUIET" = false ]; then echo "podman"; fi
exit 0
command="podman"
else
echo "ERROR: install docker or podman or specify command in GEMINI_CODE_SANDBOX" >&2
exit 1
fi
elif [ -n "${GEMINI_CODE_SANDBOX:-}" ] && [[ ! "${GEMINI_CODE_SANDBOX:-}" =~ ^(0|false)$ ]]; then
if ! command -v "$GEMINI_CODE_SANDBOX" &>/dev/null; then
echo "ERROR: missing sandbox command '$GEMINI_CODE_SANDBOX' (from GEMINI_CODE_SANDBOX)" >&2
exit 1
fi
command="$GEMINI_CODE_SANDBOX"
else
# if we are on macOS and sandbox-exec is available, use that for minimal sandboxing
# unless SEATBELT_PROFILE is set to 'none', which we allow as an escape hatch
if [ "$(uname)" = "Darwin" ] && command -v sandbox-exec &>/dev/null && [ "${SEATBELT_PROFILE:-}" != "none" ]; then
command="sandbox-exec"
else # GEMINI_CODE_SANDBOX is empty or 0|false, so we fail w/o error msg
exit 1
fi
fi
if ! command -v "$GEMINI_CODE_SANDBOX" &>/dev/null; then
echo "ERROR: missing sandbox command '$GEMINI_CODE_SANDBOX' (from GEMINI_CODE_SANDBOX)" >&2
exit 1
fi
if [ "$QUIET" = false ]; then echo "$GEMINI_CODE_SANDBOX"; fi
if [ "$QUIET" = false ]; then echo "$command"; fi
exit 0

1
scripts/start.sh
View File

@@ -20,6 +20,7 @@ node ./scripts/check-build-status.js
# if debugging is enabled and sandboxing is disabled, use --inspect-brk flag
# note with sandboxing this flag is passed to the binary inside the sandbox
# inside sandbox SANDBOX should be set and sandbox_command.sh should fail
node_args=()
if [ -n "${DEBUG:-}" ] && ! scripts/sandbox_command.sh -q; then
if [ -n "${SANDBOX:-}" ]; then