Commit graph

24 commits

Author SHA1 Message Date
Nikolay Amiantov
74107a7867 buildFHSEnv: refactor and simplify, drop buildFHSChrootEnv
This takes another approach at binding FHS directory structure. We
now bind-mount all the root filesystem to directory "/host" in the target tree.
From that we symlink all the directories into the tree if they do not already
exist in FHS structure.

This probably makes `CHROOTENV_EXTRA_BINDS` unnecessary -- its main usecase was
to add bound directories from the host to the sandbox, and we not just symlink
all of them. I plan to get some feedback on its usage and maybe deprecate it.

This also drops old `buildFHSChrootEnv` infrastructure. The main problem with it
is it's very difficult to unmount a recursive-bound directory when mount is not
sandboxed. This problem is a bug even without these changes -- if
you have for example `/home/alice` mounted to somewhere, you wouldn't see
it in `buildFHSChrootEnv` now. With the new directory structure, it's
impossible to use regular bind at all. After some tackling with this I realized
that the fix would be brittle and dangerous (if you don't unmount everything
clearly and proceed to removing the temporary directory, bye-bye fs!). It also
probably doesn't worth it because I haven't heard that someone actually uses it
for a long time, and `buildFHSUserEnv` should cover most cases while being much
more maintainable and safe for the end-user.
2016-06-07 04:06:35 +03:00
Nikolay Amiantov
1b2139b3e2 buildFHSEnv: use separate gcc for 64- and 32-bit 2016-05-29 23:22:58 +03:00
Nikolay Amiantov
d0fd551876 buildFHSEnv: post-closure-size fix 2016-04-13 14:28:33 +03:00
Christoph Hrdinka
54fa4c4cec build-fhs-chrootenv: set PKG_CONFIG_PATH
Currently `PKG_CONFIG_PATH` isn't set in FHS chroots rendering `pkg-config`
unusable. This patch sets it to `/usr/lib/pkgconfig`.
2016-04-13 11:06:33 +02:00
Nikolay Amiantov
9488fee869 buildFHSEnv: add standard paths for compilers 2016-03-15 19:44:42 +03:00
Nikolay Amiantov
ed4219964d chrootenv: add setuid wrappers to path 2015-12-17 14:21:17 +03:00
Nikolay Amiantov
d6c1150195 chrootenv: symlink su and sudo stuff 2015-12-17 14:21:13 +03:00
Nikolay Amiantov
0427b21aba chrootenv: symlink some directories instead of copying 2015-11-23 21:39:49 +03:00
Nikolay Amiantov
6d6c1d3523 chrootenv: fix include directories 2015-11-23 19:54:07 +03:00
William A. Kennington III
6602f49495 Revert "Revert "Merge pull request #9543 from NixOS/staging.post-15.06""
This reverts commit 741bf840da.

This reverts the fallout from reverting the major changes.
2015-11-14 12:32:51 -08:00
Nikolay Amiantov
1b69894d74 fhs-env: symlink /usr/lib to libs for the main architecture 2015-11-11 00:01:02 +03:00
Bjørn Forsman
ad49db64da build-fhs-chrootenv: add /etc/mtab -> /proc/mounts symlink
Needed to be able to run some programs (e.g. tune2fs) in the chroot.

AFAIK, /etc/mtab is deprecated, but programs still use it.
2015-10-21 21:44:29 +02:00
Nikolay Amiantov
da38314be6 buildFHSEnv: create /etc/profile with writeText
This should avoid accidential expansion of variables, i.e. in
"export PATH=/some/path:$PATH"
$PATH would have been expanded in the environment builder!
2015-10-21 16:02:08 +03:00
Nikolay Amiantov
ab730370ba chroot-env: simplify, clean directories structure 2015-10-12 17:38:35 +03:00
Bjørn Forsman
05668fbe92 build-fhs-chrootenv: add /etc/os-release from host
This allows software inside the chroot to identify the host OS via the
standard /etc/os-release file.
2015-10-03 14:58:41 +02:00
Bjørn Forsman
cd22214e0e build-fhs-chrootenv: add missing /usr/include
This patch brings the include/ directories of all specified packages to
appear under /usr/include in the FHS chroot. As per spec[1].

[1] http://www.pathname.com/fhs/pub/fhs-2.3.html#USRINCLUDEDIRECTORYFORSTANDARDINCLU
2015-10-02 19:13:41 +02:00
Nikolay Amiantov
68fabf295d fhs-chrootenv-env: cleanup 2015-04-22 17:50:40 +03:00
Nikolay Amiantov
7a01374bf3 fhs-chrootenv-env: refactor /etc build and add ssl certs 2015-04-22 17:50:40 +03:00
Nikolay Amiantov
3e395b71da chroot-env: add locales, refactor environment 2015-03-09 17:29:43 +03:00
Nikolay Amiantov
e3ab3df26e chroot-env: ignore collisions and fix permissions 2015-03-09 17:29:43 +03:00
Nikolay Amiantov
4aba7639c8 chroot-env: build /etc 2015-03-09 17:29:43 +03:00
Nikolay Amiantov
b002fdd89f buiildFHSEnv: check if multiPkgs is empty
Fixes #6486
2015-02-23 13:54:41 +03:00
Nikolay Amiantov
3500978b8f build-fhs-*: prefer local build 2015-02-05 20:39:01 +03:00
Nikolay Amiantov
b3ee378f50 buildFHSChrootEnv: split environment and chroot scripts 2015-02-05 19:46:00 +03:00