nixpkgs/pkgs/build-support/build-fhs-userenv/default.nix

48 lines
1.3 KiB
Nix
Raw Normal View History

{ runCommand, lib, writeText, writeScriptBin, stdenv, ruby } : { env, runScript ? "bash", extraBindMounts ? [] } :
2015-02-05 15:14:28 +00:00
let
name = env.pname;
# Sandboxing script
chroot-user = writeScriptBin "chroot-user" ''
#! ${ruby}/bin/ruby
${builtins.readFile ./chroot-user.rb}
'';
2015-02-05 15:14:28 +00:00
2015-08-26 17:37:48 +01:00
init = run: writeText "${name}-init" ''
# Make /tmp directory
mkdir -m 1777 /tmp
2015-08-26 17:37:48 +01:00
# Expose sockets in /tmp
for i in /host-tmp/.*-unix; do
ln -s "$i" "/tmp/$(basename "$i")"
done
2015-08-26 17:37:48 +01:00
[ -d "$1" ] && [ -r "$1" ] && cd "$1"
shift
exec ${run} "$@"
'';
2015-02-05 15:14:28 +00:00
2015-08-26 17:37:48 +01:00
in runCommand name {
passthru.env =
runCommand "${name}-shell-env" {
shellHook = ''
2015-10-06 15:34:20 +01:00
export CHROOTENV_EXTRA_BINDS="${lib.concatStringsSep ":" extraBindMounts}:$CHROOTENV_EXTRA_BINDS"
2015-08-26 17:37:48 +01:00
exec ${chroot-user}/bin/chroot-user ${env} bash -l ${init "bash"} "$(pwd)"
'';
} ''
echo >&2 ""
echo >&2 "*** User chroot 'env' attributes are intended for interactive nix-shell sessions, not for building! ***"
echo >&2 ""
exit 1
'';
} ''
mkdir -p $out/bin
cat <<EOF >$out/bin/${name}
#! ${stdenv.shell}
2015-10-06 15:34:20 +01:00
export CHROOTENV_EXTRA_BINDS="${lib.concatStringsSep ":" extraBindMounts}:\$CHROOTENV_EXTRA_BINDS"
2015-08-26 17:37:48 +01:00
exec ${chroot-user}/bin/chroot-user ${env} bash -l ${init runScript} "\$(pwd)" "\$@"
EOF
chmod +x $out/bin/${name}
''