nixpkgs/pkgs/build-support/build-fhs-userenv/default.nix

54 lines
1.5 KiB
Nix
Raw Normal View History

{ runCommand, lib, writeText, writeScriptBin, stdenv, bash, ruby } :
{ env, runScript ? "${bash}/bin/bash", extraBindMounts ? [], extraInstallCommands ? "", importMeta ? {} } :
2015-02-05 16:14:28 +01:00
let
name = env.pname;
bash' = "${bash}/bin/bash";
2015-02-05 16:14:28 +01:00
# Sandboxing script
chroot-user = writeScriptBin "chroot-user" ''
#! ${ruby}/bin/ruby
${builtins.readFile ./chroot-user.rb}
'';
2015-02-05 16:14:28 +01:00
2015-08-26 18:37:48 +02:00
init = run: writeText "${name}-init" ''
source /etc/profile
2015-08-26 18:37:48 +02:00
# Make /tmp directory
mkdir -m 1777 /tmp
2015-08-26 18:37:48 +02:00
# Expose sockets in /tmp
for i in /host-tmp/.*-unix; do
ln -s "$i" "/tmp/$(basename "$i")"
done
2015-08-26 18:37:48 +02:00
[ -d "$1" ] && [ -r "$1" ] && cd "$1"
shift
exec ${run} "$@"
'';
2015-02-05 16:14:28 +01:00
2015-08-26 18:37:48 +02:00
in runCommand name {
meta = importMeta;
2015-08-26 18:37:48 +02:00
passthru.env =
runCommand "${name}-shell-env" {
shellHook = ''
2015-10-06 16:34:20 +02:00
export CHROOTENV_EXTRA_BINDS="${lib.concatStringsSep ":" extraBindMounts}:$CHROOTENV_EXTRA_BINDS"
exec ${chroot-user}/bin/chroot-user ${env} ${bash'} -l ${init bash'} "$(pwd)"
2015-08-26 18:37:48 +02:00
'';
} ''
echo >&2 ""
echo >&2 "*** User chroot 'env' attributes are intended for interactive nix-shell sessions, not for building! ***"
echo >&2 ""
exit 1
'';
} ''
mkdir -p $out/bin
cat <<EOF >$out/bin/${name}
#! ${stdenv.shell}
2015-10-06 16:34:20 +02:00
export CHROOTENV_EXTRA_BINDS="${lib.concatStringsSep ":" extraBindMounts}:\$CHROOTENV_EXTRA_BINDS"
exec ${chroot-user}/bin/chroot-user ${env} ${bash'} ${init runScript} "\$(pwd)" "\$@"
2015-08-26 18:37:48 +02:00
EOF
chmod +x $out/bin/${name}
${extraInstallCommands}
''