2015-12-14 17:14:53 +01:00
|
|
|
{ runCommand, lib, writeText, writeScriptBin, stdenv, bash, ruby } :
|
2016-01-06 09:50:49 +01:00
|
|
|
{ env, runScript ? "${bash}/bin/bash", extraBindMounts ? [], extraInstallCommands ? "", importMeta ? {} } :
|
2015-02-05 16:14:28 +01:00
|
|
|
|
|
|
|
let
|
|
|
|
name = env.pname;
|
2015-12-14 17:14:53 +01:00
|
|
|
bash' = "${bash}/bin/bash";
|
2015-02-05 16:14:28 +01:00
|
|
|
|
|
|
|
# Sandboxing script
|
2015-04-22 14:50:49 +02:00
|
|
|
chroot-user = writeScriptBin "chroot-user" ''
|
|
|
|
#! ${ruby}/bin/ruby
|
|
|
|
${builtins.readFile ./chroot-user.rb}
|
|
|
|
'';
|
2015-02-05 16:14:28 +01:00
|
|
|
|
2015-08-26 18:37:48 +02:00
|
|
|
init = run: writeText "${name}-init" ''
|
2016-01-23 13:44:52 +01:00
|
|
|
source /etc/profile
|
|
|
|
|
2015-08-26 18:37:48 +02:00
|
|
|
# Make /tmp directory
|
|
|
|
mkdir -m 1777 /tmp
|
2015-08-24 00:59:20 +02:00
|
|
|
|
2015-08-26 18:37:48 +02:00
|
|
|
# Expose sockets in /tmp
|
|
|
|
for i in /host-tmp/.*-unix; do
|
|
|
|
ln -s "$i" "/tmp/$(basename "$i")"
|
|
|
|
done
|
2015-08-24 00:42:40 +02:00
|
|
|
|
2015-08-26 18:37:48 +02:00
|
|
|
[ -d "$1" ] && [ -r "$1" ] && cd "$1"
|
|
|
|
shift
|
|
|
|
exec ${run} "$@"
|
|
|
|
'';
|
2015-02-05 16:14:28 +01:00
|
|
|
|
2015-08-26 18:37:48 +02:00
|
|
|
in runCommand name {
|
2016-01-06 09:50:49 +01:00
|
|
|
meta = importMeta;
|
2015-08-26 18:37:48 +02:00
|
|
|
passthru.env =
|
|
|
|
runCommand "${name}-shell-env" {
|
|
|
|
shellHook = ''
|
2015-10-06 16:34:20 +02:00
|
|
|
export CHROOTENV_EXTRA_BINDS="${lib.concatStringsSep ":" extraBindMounts}:$CHROOTENV_EXTRA_BINDS"
|
2015-12-14 17:14:53 +01:00
|
|
|
exec ${chroot-user}/bin/chroot-user ${env} ${bash'} -l ${init bash'} "$(pwd)"
|
2015-08-26 18:37:48 +02:00
|
|
|
'';
|
|
|
|
} ''
|
|
|
|
echo >&2 ""
|
|
|
|
echo >&2 "*** User chroot 'env' attributes are intended for interactive nix-shell sessions, not for building! ***"
|
|
|
|
echo >&2 ""
|
|
|
|
exit 1
|
|
|
|
'';
|
|
|
|
} ''
|
|
|
|
mkdir -p $out/bin
|
|
|
|
cat <<EOF >$out/bin/${name}
|
2015-04-22 14:50:49 +02:00
|
|
|
#! ${stdenv.shell}
|
2015-10-06 16:34:20 +02:00
|
|
|
export CHROOTENV_EXTRA_BINDS="${lib.concatStringsSep ":" extraBindMounts}:\$CHROOTENV_EXTRA_BINDS"
|
2016-01-23 13:44:52 +01:00
|
|
|
exec ${chroot-user}/bin/chroot-user ${env} ${bash'} ${init runScript} "\$(pwd)" "\$@"
|
2015-08-26 18:37:48 +02:00
|
|
|
EOF
|
|
|
|
chmod +x $out/bin/${name}
|
2015-12-03 22:25:59 +01:00
|
|
|
${extraInstallCommands}
|
2015-04-22 14:50:49 +02:00
|
|
|
''
|