* An option nix.useChroot to enable chroot builds in NixOS.

svn path=/nixos/trunk/; revision=9583
2007-11-05 11:19:51 +00:00 · 2007-11-05 11:19:51 +00:00 · 81c7e17e02
commit 81c7e17e02
parent 8c9d312e21
4 changed files with 27 additions and 15 deletions
--- a/etc/default.nix
+++ b/etc/default.nix
@ -116,6 +116,17 @@ import ../helpers/make-etc.nix {
      target = "inputrc";
    }

+    { # Nix configuration.
+      source = pkgs.writeText "nix.conf" "
+        # WARNING: this file is generated.
+        build-users-group = nixbld
+        build-max-jobs = ${toString (config.get ["nix" "maxJobs"])}
+        build-use-chroot = ${if config.get ["nix" "useChroot"] then "true" else "false"}
+        build-chroot-dirs = /dev /proc /bin /etc
+        ${config.get ["nix" "extraOptions"]}
+      ";
+      target = "nix.conf"; # will be symlinked from /nix/etc/nix/nix.conf in activate-configuration.sh.
+    }
  ]

  # Configuration file for fontconfig used to locate
--- a/system/activate-configuration.sh
+++ b/system/activate-configuration.sh
@ -101,17 +101,8 @@ fi

 # Set up Nix.
 if test -z "@readOnlyRoot@"; then
-
    mkdir -p /nix/etc/nix
-    cat > /nix/etc/nix/nix.conf <<EOF
-# WARNING: this file is generated.
-build-users-group = nixbld
-build-max-jobs = @maxJobs@
-
-@extraNixOptions@
-
-EOF
-
+    ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf
    chown root.nixbld /nix/store
    chmod 1775 /nix/store
 fi
--- a/system/options.nix
+++ b/system/options.nix
@ -1073,15 +1073,27 @@
    ";
  }

+  {
+    name = ["nix" "useChroot"];
+    default = false;
+    example = true;
+    description = "
+      If set, Nix will perform builds in a chroot-environment that it
+      will set up automatically for each build.  This prevents
+      impurities in builds by disallowing access to dependencies
+      outside of the Nix store.
+    ";
+  }
+  
  {
    name = ["nix" "extraOptions"];
    default = "";
    example = "
-	gc-keep-outputs = true
-	gc-keep-derivations = true
+      gc-keep-outputs = true
+      gc-keep-derivations = true
    ";
    description = "
-	This option allows to append lines to nix.conf. 
+      This option allows to append lines to nix.conf. 
    ";
  }
  
--- a/system/system.nix
+++ b/system/system.nix
@ -266,8 +266,6 @@ rec {
      config.get ["security" "setuidPrograms"] ++
      config.get ["security" "extraSetuidPrograms"] ++
      pkgs.lib.optional (config.get ["security" "sudo" "enable"]) "sudo";
-    maxJobs = config.get ["nix" "maxJobs"];
-    extraNixOptions = config.get ["nix" "extraOptions"];

    inherit (usersGroups) createUsersGroups usersList groupsList;