pleroma: Potentially wrap binaries with RELEASE_COOKIE
Pleroma_ctl and pleroma depend on mix_release to run which itself depends on a RELEASE_COOKIE. It'll fail to run without such a cookie. Allowing the user to wrap this binary with a RELEASE_COOKIE. We don't set any by default, meaning this diff is no-op for the existing deployments relying on the pleroma package but not on the NixOS module.
This commit is contained in:
Félix Baylac-Jacqué
parent
40a3103c0f
commit
8b7845fee9
1 changed files with 30 additions and 1 deletions
|
|
@ -1,7 +1,8 @@
|
|||
{ lib, beamPackages
|
||||
, fetchFromGitHub, fetchFromGitLab
|
||||
, file, cmake
|
||||
, file, cmake, bash
|
||||
, nixosTests, writeText
|
||||
, cookieFile ? null
|
||||
, ...
|
||||
}:
|
||||
|
||||
|
|
@ -17,6 +18,34 @@ beamPackages.mixRelease rec {
|
|||
sha256 = "sha256-RcqqNNNCR4cxETUCyjChkpq+cQ1QzNOHHzdqBLtOc6g=";
|
||||
};
|
||||
|
||||
preFixup = if (cookieFile != null) then ''
|
||||
# There's no way to use a subprocess to cat the content of the
|
||||
# file cookie using wrapProgram: it gets escaped (by design) with
|
||||
# a pair of backticks :(
|
||||
# We have to come up with our own custom wrapper to do this.
|
||||
function wrapWithCookie () {
|
||||
local hidden
|
||||
hidden="$(dirname "$1")/.$(basename "$1")"-wrapped
|
||||
while [ -e "$hidden" ]; do
|
||||
hidden="''${hidden}_"
|
||||
done
|
||||
mv "$1" "''${hidden}"
|
||||
|
||||
cat > "$1" << EOF
|
||||
#!${bash}/bin/bash
|
||||
export RELEASE_COOKIE="\$(cat "${cookieFile}")"
|
||||
exec -a "\$0" "''${hidden}" "\$@"
|
||||
EOF
|
||||
chmod +x "$1"
|
||||
}
|
||||
|
||||
for f in "$out"/bin/*; do
|
||||
if [[ -x "$f" ]]; then
|
||||
wrapWithCookie "$f"
|
||||
fi
|
||||
done
|
||||
'' else "";
|
||||
|
||||
mixNixDeps = import ./mix.nix {
|
||||
inherit beamPackages lib;
|
||||
overrides = (final: prev: {
|
||||
|
|
|
|||
Loading…
Reference in a new issue