pyrox.dev / nixpkgs
lol
fork atom

Add missing dependencies and restore working runtimes

Bert Proesmans 7683f254 5317e562

+526 -72
unified split
+37
pkgs/by-name/wi/windmill/download.py.config.proto.patch
···
··· 1 + diff --git a/windmill-worker/nsjail/download.py.config.proto b/windmill-worker/nsjail/download.py.config.proto 2 + index 5c2989417..7896bde7a 100644 3 + --- a/windmill-worker/nsjail/download.py.config.proto 4 + +++ b/windmill-worker/nsjail/download.py.config.proto 5 + @@ -22,17 +22,24 @@ keep_caps: true 6 + keep_env: true 7 + mount_proc: true 8 + 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + + is_bind: true 13 + +} 14 + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + + mandatory: false 20 + } 21 + 22 + mount { 23 + src: "/lib" 24 + dst: "/lib" 25 + is_bind: true 26 + + mandatory: false 27 + } 28 + 29 + mount { 30 + @@ -46,6 +53,7 @@ mount { 31 + src: "/usr" 32 + dst: "/usr" 33 + is_bind: true 34 + + mandatory: false 35 + } 36 + 37 + mount {
+84 -21
pkgs/by-name/wi/windmill/package.nix
··· 22 rustfmt, 23 stdenv, 24 swagger-cli, 25 _experimental-update-script-combinators, 26 nix-update-script, 27 writeScript, ··· 30 inherit (callPackage ./fetchers.nix { }) fetchLibrustyV8; 31 } 32 ), 33 }: 34 35 let ··· 42 rev = "v${version}"; 43 hash = "sha256-JhgqBXiX0ClEQZkWl7YBsBlQHk2Jp4jIdHy5CDvdoAM="; 44 }; 45 - 46 - pythonEnv = python3.withPackages (ps: [ ps.pip-tools ]); 47 in 48 rustPlatform.buildRustPackage (finalAttrs: { 49 inherit pname version src; ··· 65 }; 66 }; 67 68 patches = [ 69 - ./swagger-cli.patch 70 ./run.go.config.proto.patch 71 ./run.python3.config.proto.patch 72 - ./run.bash.config.proto.patch 73 ]; 74 75 postPatch = '' 76 - substituteInPlace windmill-worker/src/bash_executor.rs \ 77 - --replace '"/bin/bash"' '"${bash}/bin/bash"' 78 - 79 - substituteInPlace windmill-api/src/lib.rs \ 80 - --replace 'unknown-version' 'v${version}' 81 82 - substituteInPlace src/main.rs \ 83 - --replace 'unknown-version' 'v${version}' 84 ''; 85 86 buildInputs = [ ··· 88 rustfmt 89 lld 90 (lib.getLib stdenv.cc.cc) 91 ]; 92 93 nativeBuildInputs = [ 94 pkg-config 95 makeWrapper 96 cmake # for libz-ng-sys crate 97 ]; 98 99 # needs a postgres database running 100 doCheck = false; 101 102 postFixup = '' 103 - patchelf --set-rpath ${lib.makeLibraryPath [ openssl ]} $out/bin/windmill 104 - 105 wrapProgram "$out/bin/windmill" \ 106 --prefix PATH : ${ 107 lib.makeBinPath [ 108 - go 109 - pythonEnv 110 - deno 111 - nsjail 112 - bash 113 ] 114 } \ 115 - --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ stdenv.cc.cc ]} \ 116 - --set PYTHON_PATH "${pythonEnv}/bin/python3" \ 117 --set GO_PATH "${go}/bin/go" \ 118 --set DENO_PATH "${deno}/bin/deno" \ 119 - --set NSJAIL_PATH "${nsjail}/bin/nsjail" 120 ''; 121 122 passthru.web-ui = buildNpmPackage {
··· 22 rustfmt, 23 stdenv, 24 swagger-cli, 25 + perl, 26 _experimental-update-script-combinators, 27 nix-update-script, 28 writeScript, ··· 31 inherit (callPackage ./fetchers.nix { }) fetchLibrustyV8; 32 } 33 ), 34 + libxml2, 35 + xmlsec, 36 + libxslt, 37 + flock, 38 + powershell, 39 + uv, 40 + bun, 41 + dotnet-sdk_9, 42 + php, 43 + procps, 44 + cargo, 45 + coreutils, 46 + withEnterpriseFeatures ? false, 47 }: 48 49 let ··· 56 rev = "v${version}"; 57 hash = "sha256-JhgqBXiX0ClEQZkWl7YBsBlQHk2Jp4jIdHy5CDvdoAM="; 58 }; 59 in 60 rustPlatform.buildRustPackage (finalAttrs: { 61 inherit pname version src; ··· 77 }; 78 }; 79 80 + buildFeatures = 81 + [ 82 + "embedding" 83 + "parquet" 84 + "prometheus" 85 + "openidconnect" 86 + "cloud" 87 + "jemalloc" 88 + "deno_core" 89 + "license" 90 + "http_trigger" 91 + "zip" 92 + "oauth2" 93 + "kafka" 94 + "otel" 95 + "dind" 96 + "php" 97 + "mysql" 98 + "mssql" 99 + "bigquery" 100 + "websocket" 101 + "python" 102 + "smtp" 103 + "csharp" 104 + "static_frontend" 105 + # "rust" # compiler environment is incomplete 106 + ] 107 + ++ (lib.optionals withEnterpriseFeatures [ 108 + "enterprise" 109 + "enterprise_saml" 110 + "tantivy" 111 + "stripe" 112 + ]); 113 + 114 patches = [ 115 + ./download.py.config.proto.patch 116 + ./python_executor.patch 117 + ./run.ansible.config.proto.patch 118 + ./run.bash.config.proto.patch 119 + ./run.bun.config.proto.patch 120 + ./run.csharp.config.proto.patch 121 ./run.go.config.proto.patch 122 + ./run.php.config.proto.patch 123 + ./run.powershell.config.proto.patch 124 ./run.python3.config.proto.patch 125 + ./run.rust.config.proto.patch 126 + ./rust_executor.patch 127 + ./swagger-cli.patch 128 ]; 129 130 postPatch = '' 131 + substituteInPlace windmill-common/src/utils.rs \ 132 + --replace-fail 'unknown-version' 'v${version}' 133 134 + substituteInPlace windmill-worker/src/python_executor.rs \ 135 + --replace-fail 'unknown_system_python_version' '${python3.version}' 136 ''; 137 138 buildInputs = [ ··· 140 rustfmt 141 lld 142 (lib.getLib stdenv.cc.cc) 143 + libxml2 144 + xmlsec 145 + libxslt 146 ]; 147 148 nativeBuildInputs = [ 149 pkg-config 150 makeWrapper 151 cmake # for libz-ng-sys crate 152 + perl 153 ]; 154 155 # needs a postgres database running 156 doCheck = false; 157 158 + # TODO; Check if the rpath is still required 159 + # patchelf --set-rpath ${lib.makeLibraryPath [ openssl ]} $out/bin/windmill 160 postFixup = '' 161 wrapProgram "$out/bin/windmill" \ 162 + --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ stdenv.cc.cc ]} \ 163 --prefix PATH : ${ 164 lib.makeBinPath [ 165 + python3 # uv searches PATH for system python 166 + procps # bash_executor 167 + coreutils # bash_executor 168 ] 169 } \ 170 + --set PYTHON_PATH "${python3}/bin/python3" \ 171 --set GO_PATH "${go}/bin/go" \ 172 --set DENO_PATH "${deno}/bin/deno" \ 173 + --set NSJAIL_PATH "${nsjail}/bin/nsjail" \ 174 + --set FLOCK_PATH "${flock}/bin/flock" \ 175 + --set BASH_PATH "${bash}/bin/bash" \ 176 + --set POWERSHELL_PATH "${powershell}/bin/pwsh" \ 177 + --set BUN_PATH "${bun}/bin/bun" \ 178 + --set UV_PATH "${uv}/bin/uv" \ 179 + --set DOTNET_PATH "${dotnet-sdk_9}/bin/dotnet" \ 180 + --set DOTNET_ROOT "${dotnet-sdk_9}/share/dotnet" \ 181 + --set PHP_PATH "${php}/bin/php" \ 182 + --set CARGO_PATH "${cargo}/bin/cargo" 183 ''; 184 185 passthru.web-ui = buildNpmPackage {
+100
pkgs/by-name/wi/windmill/python_executor.patch
···
··· 1 + diff --git a/windmill-worker/src/python_executor.rs b/windmill-worker/src/python_executor.rs 2 + index 1180652d3..7b4ccf6cf 100644 3 + --- a/windmill-worker/src/python_executor.rs 4 + +++ b/windmill-worker/src/python_executor.rs 5 + @@ -290,70 +290,8 @@ impl PyVersion { 6 + occupancy_metrics: &mut Option<&mut OccupancyMetrics>, 7 + ) -> error::Result<()> { 8 + let v = self.to_string_with_dot(); 9 + - append_logs(job_id, w_id, format!("\nINSTALLING PYTHON ({})", v), db).await; 10 + - // Create dirs for newly installed python 11 + - // If we dont do this, NSJAIL will not be able to mount cache 12 + - // For the default version directory created during startup (main.rs) 13 + - DirBuilder::new() 14 + - .recursive(true) 15 + - .create(self.to_cache_dir()) 16 + - .await 17 + - .expect("could not create initial worker dir"); 18 + - 19 + - let logs = String::new(); 20 + - 21 + - #[cfg(windows)] 22 + - let uv_cmd = "uv"; 23 + - 24 + - #[cfg(unix)] 25 + - let uv_cmd = UV_PATH.as_str(); 26 + - 27 + - let mut child_cmd = Command::new(uv_cmd); 28 + - child_cmd 29 + - .env_clear() 30 + - .env("HOME", HOME_ENV.to_string()) 31 + - .env("PATH", PATH_ENV.to_string()) 32 + - .envs(PROXY_ENVS.clone()) 33 + - .args(["python", "install", v, "--python-preference=only-managed"]) 34 + - // TODO: Do we need these? 35 + - .envs([("UV_PYTHON_INSTALL_DIR", PY_INSTALL_DIR)]) 36 + - .stdout(Stdio::piped()) 37 + - .stderr(Stdio::piped()); 38 + - 39 + - #[cfg(windows)] 40 + - { 41 + - child_cmd 42 + - .env("SystemRoot", SYSTEM_ROOT.as_str()) 43 + - .env("USERPROFILE", crate::USERPROFILE_ENV.as_str()) 44 + - .env( 45 + - "TMP", 46 + - std::env::var("TMP").unwrap_or_else(|_| String::from("/tmp")), 47 + - ) 48 + - .env( 49 + - "LOCALAPPDATA", 50 + - std::env::var("LOCALAPPDATA") 51 + - .unwrap_or_else(|_| format!("{}\\AppData\\Local", HOME_ENV.as_str())), 52 + - ); 53 + - } 54 + - 55 + - let child_process = start_child_process(child_cmd, "uv").await?; 56 + - 57 + - append_logs(&job_id, &w_id, logs, db).await; 58 + - handle_child( 59 + - job_id, 60 + - db, 61 + - mem_peak, 62 + - &mut None, 63 + - child_process, 64 + - false, 65 + - worker_name, 66 + - &w_id, 67 + - "uv", 68 + - None, 69 + - false, 70 + - occupancy_metrics, 71 + - ) 72 + - .await 73 + + append_logs(job_id, w_id, format!("\nREQUESTED PYTHON INSTALL IGNORED ({})", v), db).await; 74 + + Err(error::Error::BadConfig(format!("Python is managed through the NixOS system configuration. Change the Windmill instance setting to version 'unknown_system_python_version'"))) 75 + } 76 + async fn find_python(self) -> error::Result<Option<String>> { 77 + #[cfg(windows)] 78 + @@ -391,11 +329,11 @@ impl PyVersion { 79 + "find", 80 + self.to_string_with_dot(), 81 + "--system", 82 + - "--python-preference=only-managed", 83 + + "--python-preference=only-system", 84 + ]) 85 + .envs([ 86 + ("UV_PYTHON_INSTALL_DIR", PY_INSTALL_DIR), 87 + - ("UV_PYTHON_PREFERENCE", "only-managed"), 88 + + ("UV_PYTHON_PREFERENCE", "only-system"), 89 + ]) 90 + // .stdout(Stdio::piped()) 91 + .stderr(Stdio::piped()) 92 + @@ -561,7 +499,7 @@ pub async fn uv_pip_compile( 93 + "-p", 94 + &py_version.to_string_with_dot(), 95 + "--python-preference", 96 + - "only-managed", 97 + + "only-system", 98 + ]); 99 + 100 + if no_cache {
+44
pkgs/by-name/wi/windmill/run.ansible.config.proto.patch
···
··· 1 + diff --git a/windmill-worker/nsjail/run.ansible.config.proto b/windmill-worker/nsjail/run.ansible.config.proto 2 + index 65a8ea700..d4c8c2afc 100644 3 + --- a/windmill-worker/nsjail/run.ansible.config.proto 4 + +++ b/windmill-worker/nsjail/run.ansible.config.proto 5 + @@ -18,16 +18,24 @@ keep_caps: false 6 + keep_env: true 7 + mount_proc: true 8 + 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + + is_bind: true 13 + +} 14 + + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + + mandatory: false 20 + } 21 + 22 + mount { 23 + src: "/lib" 24 + dst: "/lib" 25 + is_bind: true 26 + + mandatory: false 27 + } 28 + 29 + 30 + @@ -42,12 +50,14 @@ mount { 31 + src: "/root/.local/share/uv/tools/ansible" 32 + dst: "/root/.local/share/uv/tools/ansible" 33 + is_bind: true 34 + + mandatory: false 35 + } 36 + 37 + mount { 38 + src: "/usr" 39 + dst: "/usr" 40 + is_bind: true 41 + + mandatory: false 42 + } 43 + 44 + mount {
+22 -17
pkgs/by-name/wi/windmill/run.bash.config.proto.patch
··· 1 - diff --git a/windmill-worker/nsjail/run.bash.config.proto b/backend/windmill-worker/nsjail/run.bash.config.proto 2 - index e93e6b45..bbedb165 100644 3 --- a/windmill-worker/nsjail/run.bash.config.proto 4 +++ b/windmill-worker/nsjail/run.bash.config.proto 5 - @@ -18,6 +18,12 @@ clone_newuser: {CLONE_NEWUSER} 6 - keep_caps: false 7 keep_env: true 8 9 +mount { 10 - + src: "/nix/store" 11 - + dst: "/nix/store" 12 + is_bind: true 13 +} 14 + 15 mount { 16 src: "/bin" 17 dst: "/bin" 18 - @@ -25,6 +31,7 @@ mount { 19 } 20 21 mount { 22 + mandatory: false 23 src: "/lib" 24 dst: "/lib" 25 is_bind: true 26 - @@ -32,6 +39,7 @@ mount { 27 - 28 - 29 - mount { 30 + mandatory: false 31 - src: "/lib64" 32 - dst: "/lib64" 33 - is_bind: true 34 - @@ -39,6 +47,7 @@ mount { 35 36 37 - mount { 38 - + mandatory: false 39 src: "/usr" 40 dst: "/usr" 41 is_bind: true
··· 1 + diff --git a/windmill-worker/nsjail/run.bash.config.proto b/windmill-worker/nsjail/run.bash.config.proto 2 + index 63018f765..d8bb0c0a7 100644 3 --- a/windmill-worker/nsjail/run.bash.config.proto 4 +++ b/windmill-worker/nsjail/run.bash.config.proto 5 + @@ -15,10 +15,17 @@ keep_caps: false 6 keep_env: true 7 + mount_proc: true 8 9 +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + is_bind: true 13 +} 14 + 15 mount { 16 src: "/bin" 17 dst: "/bin" 18 + is_bind: true 19 + + mandatory: false 20 } 21 22 mount { 23 + @@ -32,6 +39,7 @@ mount { 24 + src: "/bin" 25 + dst: "/bin" 26 + is_bind: true 27 + mandatory: false 28 + } 29 + 30 + mount { 31 + @@ -45,6 +53,7 @@ mount { 32 src: "/lib" 33 dst: "/lib" 34 is_bind: true 35 + mandatory: false 36 + } 37 38 39 + @@ -60,6 +69,7 @@ mount { 40 src: "/usr" 41 dst: "/usr" 42 is_bind: true 43 + + mandatory: false 44 + } 45 + 46 + mount {
+37
pkgs/by-name/wi/windmill/run.bun.config.proto.patch
···
··· 1 + diff --git a/windmill-worker/nsjail/run.bun.config.proto b/windmill-worker/nsjail/run.bun.config.proto 2 + index 527d49cf7..b5e64beec 100644 3 + --- a/windmill-worker/nsjail/run.bun.config.proto 4 + +++ b/windmill-worker/nsjail/run.bun.config.proto 5 + @@ -17,16 +17,24 @@ clone_newcgroup: false 6 + keep_caps: false 7 + keep_env: true 8 + 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + + is_bind: true 13 + +} 14 + + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + + mandatory: false 20 + } 21 + 22 + mount { 23 + src: "/lib" 24 + dst: "/lib" 25 + is_bind: true 26 + + mandatory: false 27 + } 28 + 29 + mount { 30 + @@ -47,6 +55,7 @@ mount { 31 + src: "/usr" 32 + dst: "/usr" 33 + is_bind: true 34 + + mandatory: false 35 + } 36 + 37 + mount {
+37
pkgs/by-name/wi/windmill/run.csharp.config.proto.patch
···
··· 1 + diff --git a/windmill-worker/nsjail/run.csharp.config.proto b/windmill-worker/nsjail/run.csharp.config.proto 2 + index 389448eff..ee51c1bfb 100644 3 + --- a/windmill-worker/nsjail/run.csharp.config.proto 4 + +++ b/windmill-worker/nsjail/run.csharp.config.proto 5 + @@ -15,16 +15,24 @@ keep_caps: false 6 + keep_env: true 7 + mount_proc: true 8 + 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + + is_bind: true 13 + +} 14 + + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + + mandatory: false 20 + } 21 + 22 + mount { 23 + src: "/lib" 24 + dst: "/lib" 25 + is_bind: true 26 + + mandatory: false 27 + } 28 + 29 + 30 + @@ -40,6 +48,7 @@ mount { 31 + src: "/usr" 32 + dst: "/usr" 33 + is_bind: true 34 + + mandatory: false 35 + } 36 + 37 + mount {
+20 -17
pkgs/by-name/wi/windmill/run.go.config.proto.patch
··· 1 diff --git a/windmill-worker/nsjail/run.go.config.proto b/windmill-worker/nsjail/run.go.config.proto 2 - index 3af548d1..39ff4da7 100644 3 --- a/windmill-worker/nsjail/run.go.config.proto 4 +++ b/windmill-worker/nsjail/run.go.config.proto 5 - @@ -25,6 +25,13 @@ mount { 6 - } 7 8 - mount { 9 - + src: "/nix/store" 10 - + dst: "/nix/store" 11 + is_bind: true 12 +} 13 + 14 - +mount { 15 + mandatory: false 16 src: "/lib" 17 dst: "/lib" 18 is_bind: true 19 - @@ -32,6 +39,7 @@ mount { 20 - 21 - 22 - mount { 23 + mandatory: false 24 - src: "/lib64" 25 - dst: "/lib64" 26 - is_bind: true 27 - @@ -39,6 +47,7 @@ mount { 28 29 30 - mount { 31 - + mandatory: false 32 src: "/usr" 33 dst: "/usr" 34 is_bind: true
··· 1 diff --git a/windmill-worker/nsjail/run.go.config.proto b/windmill-worker/nsjail/run.go.config.proto 2 + index 1ba6f52d5..21614fabb 100644 3 --- a/windmill-worker/nsjail/run.go.config.proto 4 +++ b/windmill-worker/nsjail/run.go.config.proto 5 + @@ -14,16 +14,24 @@ clone_newuser: {CLONE_NEWUSER} 6 + keep_caps: false 7 + keep_env: true 8 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + is_bind: true 13 +} 14 + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + mandatory: false 20 + } 21 + 22 + mount { 23 src: "/lib" 24 dst: "/lib" 25 is_bind: true 26 + mandatory: false 27 + } 28 29 30 + @@ -39,6 +47,7 @@ mount { 31 src: "/usr" 32 dst: "/usr" 33 is_bind: true 34 + + mandatory: false 35 + } 36 + 37 + mount {
+37
pkgs/by-name/wi/windmill/run.php.config.proto.patch
···
··· 1 + diff --git a/windmill-worker/nsjail/run.php.config.proto b/windmill-worker/nsjail/run.php.config.proto 2 + index d3752d33b..9e4b19793 100644 3 + --- a/windmill-worker/nsjail/run.php.config.proto 4 + +++ b/windmill-worker/nsjail/run.php.config.proto 5 + @@ -15,16 +15,24 @@ keep_caps: false 6 + keep_env: true 7 + mount_proc: true 8 + 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + + is_bind: true 13 + +} 14 + + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + + mandatory: false 20 + } 21 + 22 + mount { 23 + src: "/lib" 24 + dst: "/lib" 25 + is_bind: true 26 + + mandatory: false 27 + } 28 + 29 + 30 + @@ -40,6 +48,7 @@ mount { 31 + src: "/usr" 32 + dst: "/usr" 33 + is_bind: true 34 + + mandatory: false 35 + } 36 + 37 + mount {
+38
pkgs/by-name/wi/windmill/run.powershell.config.proto.patch
···
··· 1 + diff --git a/windmill-worker/nsjail/run.powershell.config.proto b/windmill-worker/nsjail/run.powershell.config.proto 2 + index 93a48d4fe..97dc236e5 100644 3 + --- a/windmill-worker/nsjail/run.powershell.config.proto 4 + +++ b/windmill-worker/nsjail/run.powershell.config.proto 5 + @@ -15,10 +15,17 @@ keep_caps: false 6 + keep_env: true 7 + mount_proc: true 8 + 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + + is_bind: true 13 + +} 14 + + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + + mandatory: false 20 + } 21 + 22 + mount { 23 + @@ -38,6 +45,7 @@ mount { 24 + src: "/lib" 25 + dst: "/lib" 26 + is_bind: true 27 + + mandatory: false 28 + } 29 + 30 + 31 + @@ -53,6 +61,7 @@ mount { 32 + src: "/usr" 33 + dst: "/usr" 34 + is_bind: true 35 + + mandatory: false 36 + } 37 + 38 + mount {
+20 -17
pkgs/by-name/wi/windmill/run.python3.config.proto.patch
··· 1 diff --git a/windmill-worker/nsjail/run.python3.config.proto b/windmill-worker/nsjail/run.python3.config.proto 2 - index 9f106c23..9da2d2a8 100644 3 --- a/windmill-worker/nsjail/run.python3.config.proto 4 +++ b/windmill-worker/nsjail/run.python3.config.proto 5 - @@ -27,6 +27,13 @@ mount { 6 - } 7 8 - mount { 9 - + src: "/nix/store" 10 - + dst: "/nix/store" 11 + is_bind: true 12 +} 13 + 14 - +mount { 15 + mandatory: false 16 src: "/lib" 17 dst: "/lib" 18 is_bind: true 19 - @@ -34,6 +35,7 @@ mount { 20 - 21 - 22 - mount { 23 + mandatory: false 24 - src: "/lib64" 25 - dst: "/lib64" 26 - is_bind: true 27 - @@ -41,6 +43,7 @@ mount { 28 29 30 - mount { 31 - + mandatory: false 32 src: "/usr" 33 dst: "/usr" 34 is_bind: true
··· 1 diff --git a/windmill-worker/nsjail/run.python3.config.proto b/windmill-worker/nsjail/run.python3.config.proto 2 + index b49b9cfbf..35241bbd0 100644 3 --- a/windmill-worker/nsjail/run.python3.config.proto 4 +++ b/windmill-worker/nsjail/run.python3.config.proto 5 + @@ -18,16 +18,24 @@ keep_caps: false 6 + keep_env: true 7 + mount_proc: true 8 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + is_bind: true 13 +} 14 + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + mandatory: false 20 + } 21 + 22 + mount { 23 src: "/lib" 24 dst: "/lib" 25 is_bind: true 26 + mandatory: false 27 + } 28 29 30 + @@ -43,6 +51,7 @@ mount { 31 src: "/usr" 32 dst: "/usr" 33 is_bind: true 34 + + mandatory: false 35 + } 36 + 37 + mount {
+37
pkgs/by-name/wi/windmill/run.rust.config.proto.patch
···
··· 1 + diff --git a/windmill-worker/nsjail/run.rust.config.proto b/windmill-worker/nsjail/run.rust.config.proto 2 + index 3357cd88a..c0a1e9534 100644 3 + --- a/windmill-worker/nsjail/run.rust.config.proto 4 + +++ b/windmill-worker/nsjail/run.rust.config.proto 5 + @@ -14,16 +14,24 @@ clone_newuser: {CLONE_NEWUSER} 6 + keep_caps: false 7 + keep_env: true 8 + 9 + +mount { 10 + + src: "/nix/store" 11 + + dst: "/nix/store" 12 + + is_bind: true 13 + +} 14 + + 15 + mount { 16 + src: "/bin" 17 + dst: "/bin" 18 + is_bind: true 19 + + mandatory: false 20 + } 21 + 22 + mount { 23 + src: "/lib" 24 + dst: "/lib" 25 + is_bind: true 26 + + mandatory: false 27 + } 28 + 29 + 30 + @@ -39,6 +47,7 @@ mount { 31 + src: "/usr" 32 + dst: "/usr" 33 + is_bind: true 34 + + mandatory: false 35 + } 36 + 37 + mount {
+13
pkgs/by-name/wi/windmill/rust_executor.patch
···
··· 1 + diff --git a/windmill-worker/src/rust_executor.rs b/windmill-worker/src/rust_executor.rs 2 + index 95fd82210..ed7b298e1 100644 3 + --- a/windmill-worker/src/rust_executor.rs 4 + +++ b/windmill-worker/src/rust_executor.rs 5 + @@ -29,7 +29,7 @@ use crate::SYSTEM_ROOT; 6 + const NSJAIL_CONFIG_RUN_RUST_CONTENT: &str = include_str!("../nsjail/run.rust.config.proto"); 7 + 8 + lazy_static::lazy_static! { 9 + - static ref HOME_DIR: String = std::env::var("HOME").expect("Could not find the HOME environment variable"); 10 + + static ref HOME_DIR: String = std::env::var("HOME").unwrap_or_else(|_| format!("{}/cargo", windmill_common::worker::ROOT_CACHE_DIR)); 11 + static ref CARGO_HOME: String = std::env::var("CARGO_HOME").unwrap_or_else(|_| { CARGO_HOME_DEFAULT.clone() }); 12 + static ref RUSTUP_HOME: String = std::env::var("RUSTUP_HOME").unwrap_or_else(|_| { RUSTUP_HOME_DEFAULT.clone() }); 13 + static ref CARGO_PATH: String = std::env::var("CARGO_PATH").unwrap_or_else(|_| format!("{}/bin/cargo", CARGO_HOME.as_str()));