pyrox.dev
fhs-userenv: refactor and try to chdir to the current directory
runScript now expects a filename instead of a Bash snippet; thus, "exec" should be
omitted.
+14
-30
pkgs/build-support/build-fhs-userenv/default.nix
+14
-30
pkgs/build-support/build-fhs-userenv/default.nix
···
1
-
{ writeTextFile, stdenv, ruby } : { env, runScript } :
2
3
let
4
name = env.pname;
5
6
# Sandboxing script
7
-
chroot-user = writeTextFile {
8
-
name = "chroot-user";
9
-
executable = true;
10
-
destination = "/bin/chroot-user";
11
-
text = ''
12
-
#! ${ruby}/bin/ruby
13
-
${builtins.readFile ./chroot-user.rb}
14
-
'';
15
-
};
16
17
-
in stdenv.mkDerivation {
18
-
name = "${name}-userenv";
19
-
buildInputs = [ ruby ];
20
-
preferLocalBuild = true;
21
-
buildCommand = ''
22
-
mkdir -p $out/bin
23
-
cat > $out/bin/${name} <<EOF
24
-
#! ${stdenv.shell}
25
-
exec ${chroot-user}/bin/chroot-user ${env} $out/libexec/run "\$@"
26
-
EOF
27
-
chmod +x $out/bin/${name}
28
29
-
mkdir -p $out/libexec
30
-
cat > $out/libexec/run <<EOF
31
-
#! ${stdenv.shell}
32
-
source /etc/profile
33
-
${runScript} "\$@"
34
-
EOF
35
-
chmod +x $out/libexec/run
36
-
'';
37
-
}
···
1
+
{ writeText, writeScriptBin, stdenv, ruby } : { env, runScript } :
2
3
let
4
name = env.pname;
5
6
# Sandboxing script
7
+
chroot-user = writeScriptBin "chroot-user" ''
8
+
#! ${ruby}/bin/ruby
9
+
${builtins.readFile ./chroot-user.rb}
10
+
'';
11
12
+
init = writeText "init" ''
13
+
[ -d "$1" ] && [ -r "$1" ] && cd "$1"
14
+
shift
15
+
exec "${runScript}" "$@"
16
+
'';
17
18
+
in writeScriptBin name ''
19
+
#! ${stdenv.shell}
20
+
exec ${chroot-user}/bin/chroot-user ${env} bash -l ${init} "$(pwd)" "$@"
21
+
''