fhs-userenv: refactor and try to chdir to the current directory
runScript now expects a filename instead of a Bash snippet; thus, "exec" should be omitted.
This commit is contained in:
parent
508ef7e629
commit
19c497050e
@ -1,37 +1,21 @@
|
||||
{ writeTextFile, stdenv, ruby } : { env, runScript } :
|
||||
{ writeText, writeScriptBin, stdenv, ruby } : { env, runScript } :
|
||||
|
||||
let
|
||||
name = env.pname;
|
||||
|
||||
# Sandboxing script
|
||||
chroot-user = writeTextFile {
|
||||
name = "chroot-user";
|
||||
executable = true;
|
||||
destination = "/bin/chroot-user";
|
||||
text = ''
|
||||
#! ${ruby}/bin/ruby
|
||||
${builtins.readFile ./chroot-user.rb}
|
||||
'';
|
||||
};
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
name = "${name}-userenv";
|
||||
buildInputs = [ ruby ];
|
||||
preferLocalBuild = true;
|
||||
buildCommand = ''
|
||||
mkdir -p $out/bin
|
||||
cat > $out/bin/${name} <<EOF
|
||||
#! ${stdenv.shell}
|
||||
exec ${chroot-user}/bin/chroot-user ${env} $out/libexec/run "\$@"
|
||||
EOF
|
||||
chmod +x $out/bin/${name}
|
||||
|
||||
mkdir -p $out/libexec
|
||||
cat > $out/libexec/run <<EOF
|
||||
#! ${stdenv.shell}
|
||||
source /etc/profile
|
||||
${runScript} "\$@"
|
||||
EOF
|
||||
chmod +x $out/libexec/run
|
||||
chroot-user = writeScriptBin "chroot-user" ''
|
||||
#! ${ruby}/bin/ruby
|
||||
${builtins.readFile ./chroot-user.rb}
|
||||
'';
|
||||
}
|
||||
|
||||
init = writeText "init" ''
|
||||
[ -d "$1" ] && [ -r "$1" ] && cd "$1"
|
||||
shift
|
||||
exec "${runScript}" "$@"
|
||||
'';
|
||||
|
||||
in writeScriptBin name ''
|
||||
#! ${stdenv.shell}
|
||||
exec ${chroot-user}/bin/chroot-user ${env} bash -l ${init} "$(pwd)" "$@"
|
||||
''
|
||||
|
Loading…
Reference in New Issue
Block a user