2f26b82411
Previously is was assumed that bash was in the path when calling the environment setup script. This changes all of the references of bash to be absolute paths so that the user doesn't have to worry about the environment they call it with.
51 lines
1.4 KiB
Nix
51 lines
1.4 KiB
Nix
{ runCommand, lib, writeText, writeScriptBin, stdenv, bash, ruby } :
|
|
{ env, runScript ? "${bash}/bin/bash", extraBindMounts ? [], extraInstallCommands ? "" } :
|
|
|
|
let
|
|
name = env.pname;
|
|
bash' = "${bash}/bin/bash";
|
|
|
|
# Sandboxing script
|
|
chroot-user = writeScriptBin "chroot-user" ''
|
|
#! ${ruby}/bin/ruby
|
|
${builtins.readFile ./chroot-user.rb}
|
|
'';
|
|
|
|
init = run: writeText "${name}-init" ''
|
|
# Make /tmp directory
|
|
mkdir -m 1777 /tmp
|
|
|
|
# Expose sockets in /tmp
|
|
for i in /host-tmp/.*-unix; do
|
|
ln -s "$i" "/tmp/$(basename "$i")"
|
|
done
|
|
|
|
[ -d "$1" ] && [ -r "$1" ] && cd "$1"
|
|
shift
|
|
exec ${run} "$@"
|
|
'';
|
|
|
|
in runCommand name {
|
|
passthru.env =
|
|
runCommand "${name}-shell-env" {
|
|
shellHook = ''
|
|
export CHROOTENV_EXTRA_BINDS="${lib.concatStringsSep ":" extraBindMounts}:$CHROOTENV_EXTRA_BINDS"
|
|
exec ${chroot-user}/bin/chroot-user ${env} ${bash'} -l ${init bash'} "$(pwd)"
|
|
'';
|
|
} ''
|
|
echo >&2 ""
|
|
echo >&2 "*** User chroot 'env' attributes are intended for interactive nix-shell sessions, not for building! ***"
|
|
echo >&2 ""
|
|
exit 1
|
|
'';
|
|
} ''
|
|
mkdir -p $out/bin
|
|
cat <<EOF >$out/bin/${name}
|
|
#! ${stdenv.shell}
|
|
export CHROOTENV_EXTRA_BINDS="${lib.concatStringsSep ":" extraBindMounts}:\$CHROOTENV_EXTRA_BINDS"
|
|
exec ${chroot-user}/bin/chroot-user ${env} ${bash'} -l ${init runScript} "\$(pwd)" "\$@"
|
|
EOF
|
|
chmod +x $out/bin/${name}
|
|
${extraInstallCommands}
|
|
''
|