pyrox.dev
Add missing dependencies and restore working runtimes
+37
pkgs/by-name/wi/windmill/download.py.config.proto.patch
+37
pkgs/by-name/wi/windmill/download.py.config.proto.patch
···
1
+
diff --git a/windmill-worker/nsjail/download.py.config.proto b/windmill-worker/nsjail/download.py.config.proto
2
+
index 5c2989417..7896bde7a 100644
3
+
--- a/windmill-worker/nsjail/download.py.config.proto
4
+
+++ b/windmill-worker/nsjail/download.py.config.proto
5
+
@@ -22,17 +22,24 @@ keep_caps: true
6
+
keep_env: true
7
+
mount_proc: true
8
+
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
12
+
+ is_bind: true
13
+
+}
14
+
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
19
+
+ mandatory: false
20
+
}
21
+
22
+
mount {
23
+
src: "/lib"
24
+
dst: "/lib"
25
+
is_bind: true
26
+
+ mandatory: false
27
+
}
28
+
29
+
mount {
30
+
@@ -46,6 +53,7 @@ mount {
31
+
src: "/usr"
32
+
dst: "/usr"
33
+
is_bind: true
34
+
+ mandatory: false
35
+
}
36
+
37
+
mount {
+84
-21
pkgs/by-name/wi/windmill/package.nix
+84
-21
pkgs/by-name/wi/windmill/package.nix
···
22
22
rustfmt,
23
23
stdenv,
24
24
swagger-cli,
25
+
perl,
25
26
_experimental-update-script-combinators,
26
27
nix-update-script,
27
28
writeScript,
···
30
31
inherit (callPackage ./fetchers.nix { }) fetchLibrustyV8;
31
32
}
32
33
),
34
+
libxml2,
35
+
xmlsec,
36
+
libxslt,
37
+
flock,
38
+
powershell,
39
+
uv,
40
+
bun,
41
+
dotnet-sdk_9,
42
+
php,
43
+
procps,
44
+
cargo,
45
+
coreutils,
46
+
withEnterpriseFeatures ? false,
33
47
}:
34
48
35
49
let
···
42
56
rev = "v${version}";
43
57
hash = "sha256-JhgqBXiX0ClEQZkWl7YBsBlQHk2Jp4jIdHy5CDvdoAM=";
44
58
};
45
-
46
-
pythonEnv = python3.withPackages (ps: [ ps.pip-tools ]);
47
59
in
48
60
rustPlatform.buildRustPackage (finalAttrs: {
49
61
inherit pname version src;
···
65
77
};
66
78
};
67
79
80
+
buildFeatures =
81
+
[
82
+
"embedding"
83
+
"parquet"
84
+
"prometheus"
85
+
"openidconnect"
86
+
"cloud"
87
+
"jemalloc"
88
+
"deno_core"
89
+
"license"
90
+
"http_trigger"
91
+
"zip"
92
+
"oauth2"
93
+
"kafka"
94
+
"otel"
95
+
"dind"
96
+
"php"
97
+
"mysql"
98
+
"mssql"
99
+
"bigquery"
100
+
"websocket"
101
+
"python"
102
+
"smtp"
103
+
"csharp"
104
+
"static_frontend"
105
+
# "rust" # compiler environment is incomplete
106
+
]
107
+
++ (lib.optionals withEnterpriseFeatures [
108
+
"enterprise"
109
+
"enterprise_saml"
110
+
"tantivy"
111
+
"stripe"
112
+
]);
113
+
68
114
patches = [
69
-
./swagger-cli.patch
115
+
./download.py.config.proto.patch
116
+
./python_executor.patch
117
+
./run.ansible.config.proto.patch
118
+
./run.bash.config.proto.patch
119
+
./run.bun.config.proto.patch
120
+
./run.csharp.config.proto.patch
70
121
./run.go.config.proto.patch
122
+
./run.php.config.proto.patch
123
+
./run.powershell.config.proto.patch
71
124
./run.python3.config.proto.patch
72
-
./run.bash.config.proto.patch
125
+
./run.rust.config.proto.patch
126
+
./rust_executor.patch
127
+
./swagger-cli.patch
73
128
];
74
129
75
130
postPatch = ''
76
-
substituteInPlace windmill-worker/src/bash_executor.rs \
77
-
--replace '"/bin/bash"' '"${bash}/bin/bash"'
78
-
79
-
substituteInPlace windmill-api/src/lib.rs \
80
-
--replace 'unknown-version' 'v${version}'
131
+
substituteInPlace windmill-common/src/utils.rs \
132
+
--replace-fail 'unknown-version' 'v${version}'
81
133
82
-
substituteInPlace src/main.rs \
83
-
--replace 'unknown-version' 'v${version}'
134
+
substituteInPlace windmill-worker/src/python_executor.rs \
135
+
--replace-fail 'unknown_system_python_version' '${python3.version}'
84
136
'';
85
137
86
138
buildInputs = [
···
88
140
rustfmt
89
141
lld
90
142
(lib.getLib stdenv.cc.cc)
143
+
libxml2
144
+
xmlsec
145
+
libxslt
91
146
];
92
147
93
148
nativeBuildInputs = [
94
149
pkg-config
95
150
makeWrapper
96
151
cmake # for libz-ng-sys crate
152
+
perl
97
153
];
98
154
99
155
# needs a postgres database running
100
156
doCheck = false;
101
157
158
+
# TODO; Check if the rpath is still required
159
+
# patchelf --set-rpath ${lib.makeLibraryPath [ openssl ]} $out/bin/windmill
102
160
postFixup = ''
103
-
patchelf --set-rpath ${lib.makeLibraryPath [ openssl ]} $out/bin/windmill
104
-
105
161
wrapProgram "$out/bin/windmill" \
162
+
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ stdenv.cc.cc ]} \
106
163
--prefix PATH : ${
107
164
lib.makeBinPath [
108
-
go
109
-
pythonEnv
110
-
deno
111
-
nsjail
112
-
bash
165
+
python3 # uv searches PATH for system python
166
+
procps # bash_executor
167
+
coreutils # bash_executor
113
168
]
114
169
} \
115
-
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ stdenv.cc.cc ]} \
116
-
--set PYTHON_PATH "${pythonEnv}/bin/python3" \
170
+
--set PYTHON_PATH "${python3}/bin/python3" \
117
171
--set GO_PATH "${go}/bin/go" \
118
172
--set DENO_PATH "${deno}/bin/deno" \
119
-
--set NSJAIL_PATH "${nsjail}/bin/nsjail"
173
+
--set NSJAIL_PATH "${nsjail}/bin/nsjail" \
174
+
--set FLOCK_PATH "${flock}/bin/flock" \
175
+
--set BASH_PATH "${bash}/bin/bash" \
176
+
--set POWERSHELL_PATH "${powershell}/bin/pwsh" \
177
+
--set BUN_PATH "${bun}/bin/bun" \
178
+
--set UV_PATH "${uv}/bin/uv" \
179
+
--set DOTNET_PATH "${dotnet-sdk_9}/bin/dotnet" \
180
+
--set DOTNET_ROOT "${dotnet-sdk_9}/share/dotnet" \
181
+
--set PHP_PATH "${php}/bin/php" \
182
+
--set CARGO_PATH "${cargo}/bin/cargo"
120
183
'';
121
184
122
185
passthru.web-ui = buildNpmPackage {
+100
pkgs/by-name/wi/windmill/python_executor.patch
+100
pkgs/by-name/wi/windmill/python_executor.patch
···
1
+
diff --git a/windmill-worker/src/python_executor.rs b/windmill-worker/src/python_executor.rs
2
+
index 1180652d3..7b4ccf6cf 100644
3
+
--- a/windmill-worker/src/python_executor.rs
4
+
+++ b/windmill-worker/src/python_executor.rs
5
+
@@ -290,70 +290,8 @@ impl PyVersion {
6
+
occupancy_metrics: &mut Option<&mut OccupancyMetrics>,
7
+
) -> error::Result<()> {
8
+
let v = self.to_string_with_dot();
9
+
- append_logs(job_id, w_id, format!("\nINSTALLING PYTHON ({})", v), db).await;
10
+
- // Create dirs for newly installed python
11
+
- // If we dont do this, NSJAIL will not be able to mount cache
12
+
- // For the default version directory created during startup (main.rs)
13
+
- DirBuilder::new()
14
+
- .recursive(true)
15
+
- .create(self.to_cache_dir())
16
+
- .await
17
+
- .expect("could not create initial worker dir");
18
+
-
19
+
- let logs = String::new();
20
+
-
21
+
- #[cfg(windows)]
22
+
- let uv_cmd = "uv";
23
+
-
24
+
- #[cfg(unix)]
25
+
- let uv_cmd = UV_PATH.as_str();
26
+
-
27
+
- let mut child_cmd = Command::new(uv_cmd);
28
+
- child_cmd
29
+
- .env_clear()
30
+
- .env("HOME", HOME_ENV.to_string())
31
+
- .env("PATH", PATH_ENV.to_string())
32
+
- .envs(PROXY_ENVS.clone())
33
+
- .args(["python", "install", v, "--python-preference=only-managed"])
34
+
- // TODO: Do we need these?
35
+
- .envs([("UV_PYTHON_INSTALL_DIR", PY_INSTALL_DIR)])
36
+
- .stdout(Stdio::piped())
37
+
- .stderr(Stdio::piped());
38
+
-
39
+
- #[cfg(windows)]
40
+
- {
41
+
- child_cmd
42
+
- .env("SystemRoot", SYSTEM_ROOT.as_str())
43
+
- .env("USERPROFILE", crate::USERPROFILE_ENV.as_str())
44
+
- .env(
45
+
- "TMP",
46
+
- std::env::var("TMP").unwrap_or_else(|_| String::from("/tmp")),
47
+
- )
48
+
- .env(
49
+
- "LOCALAPPDATA",
50
+
- std::env::var("LOCALAPPDATA")
51
+
- .unwrap_or_else(|_| format!("{}\\AppData\\Local", HOME_ENV.as_str())),
52
+
- );
53
+
- }
54
+
-
55
+
- let child_process = start_child_process(child_cmd, "uv").await?;
56
+
-
57
+
- append_logs(&job_id, &w_id, logs, db).await;
58
+
- handle_child(
59
+
- job_id,
60
+
- db,
61
+
- mem_peak,
62
+
- &mut None,
63
+
- child_process,
64
+
- false,
65
+
- worker_name,
66
+
- &w_id,
67
+
- "uv",
68
+
- None,
69
+
- false,
70
+
- occupancy_metrics,
71
+
- )
72
+
- .await
73
+
+ append_logs(job_id, w_id, format!("\nREQUESTED PYTHON INSTALL IGNORED ({})", v), db).await;
74
+
+ Err(error::Error::BadConfig(format!("Python is managed through the NixOS system configuration. Change the Windmill instance setting to version 'unknown_system_python_version'")))
75
+
}
76
+
async fn find_python(self) -> error::Result<Option<String>> {
77
+
#[cfg(windows)]
78
+
@@ -391,11 +329,11 @@ impl PyVersion {
79
+
"find",
80
+
self.to_string_with_dot(),
81
+
"--system",
82
+
- "--python-preference=only-managed",
83
+
+ "--python-preference=only-system",
84
+
])
85
+
.envs([
86
+
("UV_PYTHON_INSTALL_DIR", PY_INSTALL_DIR),
87
+
- ("UV_PYTHON_PREFERENCE", "only-managed"),
88
+
+ ("UV_PYTHON_PREFERENCE", "only-system"),
89
+
])
90
+
// .stdout(Stdio::piped())
91
+
.stderr(Stdio::piped())
92
+
@@ -561,7 +499,7 @@ pub async fn uv_pip_compile(
93
+
"-p",
94
+
&py_version.to_string_with_dot(),
95
+
"--python-preference",
96
+
- "only-managed",
97
+
+ "only-system",
98
+
]);
99
+
100
+
if no_cache {
+44
pkgs/by-name/wi/windmill/run.ansible.config.proto.patch
+44
pkgs/by-name/wi/windmill/run.ansible.config.proto.patch
···
1
+
diff --git a/windmill-worker/nsjail/run.ansible.config.proto b/windmill-worker/nsjail/run.ansible.config.proto
2
+
index 65a8ea700..d4c8c2afc 100644
3
+
--- a/windmill-worker/nsjail/run.ansible.config.proto
4
+
+++ b/windmill-worker/nsjail/run.ansible.config.proto
5
+
@@ -18,16 +18,24 @@ keep_caps: false
6
+
keep_env: true
7
+
mount_proc: true
8
+
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
12
+
+ is_bind: true
13
+
+}
14
+
+
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
19
+
+ mandatory: false
20
+
}
21
+
22
+
mount {
23
+
src: "/lib"
24
+
dst: "/lib"
25
+
is_bind: true
26
+
+ mandatory: false
27
+
}
28
+
29
+
30
+
@@ -42,12 +50,14 @@ mount {
31
+
src: "/root/.local/share/uv/tools/ansible"
32
+
dst: "/root/.local/share/uv/tools/ansible"
33
+
is_bind: true
34
+
+ mandatory: false
35
+
}
36
+
37
+
mount {
38
+
src: "/usr"
39
+
dst: "/usr"
40
+
is_bind: true
41
+
+ mandatory: false
42
+
}
43
+
44
+
mount {
+22
-17
pkgs/by-name/wi/windmill/run.bash.config.proto.patch
+22
-17
pkgs/by-name/wi/windmill/run.bash.config.proto.patch
···
1
-
diff --git a/windmill-worker/nsjail/run.bash.config.proto b/backend/windmill-worker/nsjail/run.bash.config.proto
2
-
index e93e6b45..bbedb165 100644
1
+
diff --git a/windmill-worker/nsjail/run.bash.config.proto b/windmill-worker/nsjail/run.bash.config.proto
2
+
index 63018f765..d8bb0c0a7 100644
3
3
--- a/windmill-worker/nsjail/run.bash.config.proto
4
4
+++ b/windmill-worker/nsjail/run.bash.config.proto
5
-
@@ -18,6 +18,12 @@ clone_newuser: {CLONE_NEWUSER}
6
-
keep_caps: false
5
+
@@ -15,10 +15,17 @@ keep_caps: false
7
6
keep_env: true
7
+
mount_proc: true
8
8
9
9
+mount {
10
-
+ src: "/nix/store"
11
-
+ dst: "/nix/store"
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
12
12
+ is_bind: true
13
13
+}
14
14
+
15
15
mount {
16
16
src: "/bin"
17
17
dst: "/bin"
18
-
@@ -25,6 +31,7 @@ mount {
18
+
is_bind: true
19
+
+ mandatory: false
19
20
}
20
21
21
22
mount {
23
+
@@ -32,6 +39,7 @@ mount {
24
+
src: "/bin"
25
+
dst: "/bin"
26
+
is_bind: true
22
27
+ mandatory: false
28
+
}
29
+
30
+
mount {
31
+
@@ -45,6 +53,7 @@ mount {
23
32
src: "/lib"
24
33
dst: "/lib"
25
34
is_bind: true
26
-
@@ -32,6 +39,7 @@ mount {
27
-
28
-
29
-
mount {
30
35
+ mandatory: false
31
-
src: "/lib64"
32
-
dst: "/lib64"
33
-
is_bind: true
34
-
@@ -39,6 +47,7 @@ mount {
36
+
}
35
37
36
38
37
-
mount {
38
-
+ mandatory: false
39
+
@@ -60,6 +69,7 @@ mount {
39
40
src: "/usr"
40
41
dst: "/usr"
41
42
is_bind: true
43
+
+ mandatory: false
44
+
}
45
+
46
+
mount {
+37
pkgs/by-name/wi/windmill/run.bun.config.proto.patch
+37
pkgs/by-name/wi/windmill/run.bun.config.proto.patch
···
1
+
diff --git a/windmill-worker/nsjail/run.bun.config.proto b/windmill-worker/nsjail/run.bun.config.proto
2
+
index 527d49cf7..b5e64beec 100644
3
+
--- a/windmill-worker/nsjail/run.bun.config.proto
4
+
+++ b/windmill-worker/nsjail/run.bun.config.proto
5
+
@@ -17,16 +17,24 @@ clone_newcgroup: false
6
+
keep_caps: false
7
+
keep_env: true
8
+
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
12
+
+ is_bind: true
13
+
+}
14
+
+
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
19
+
+ mandatory: false
20
+
}
21
+
22
+
mount {
23
+
src: "/lib"
24
+
dst: "/lib"
25
+
is_bind: true
26
+
+ mandatory: false
27
+
}
28
+
29
+
mount {
30
+
@@ -47,6 +55,7 @@ mount {
31
+
src: "/usr"
32
+
dst: "/usr"
33
+
is_bind: true
34
+
+ mandatory: false
35
+
}
36
+
37
+
mount {
+37
pkgs/by-name/wi/windmill/run.csharp.config.proto.patch
+37
pkgs/by-name/wi/windmill/run.csharp.config.proto.patch
···
1
+
diff --git a/windmill-worker/nsjail/run.csharp.config.proto b/windmill-worker/nsjail/run.csharp.config.proto
2
+
index 389448eff..ee51c1bfb 100644
3
+
--- a/windmill-worker/nsjail/run.csharp.config.proto
4
+
+++ b/windmill-worker/nsjail/run.csharp.config.proto
5
+
@@ -15,16 +15,24 @@ keep_caps: false
6
+
keep_env: true
7
+
mount_proc: true
8
+
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
12
+
+ is_bind: true
13
+
+}
14
+
+
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
19
+
+ mandatory: false
20
+
}
21
+
22
+
mount {
23
+
src: "/lib"
24
+
dst: "/lib"
25
+
is_bind: true
26
+
+ mandatory: false
27
+
}
28
+
29
+
30
+
@@ -40,6 +48,7 @@ mount {
31
+
src: "/usr"
32
+
dst: "/usr"
33
+
is_bind: true
34
+
+ mandatory: false
35
+
}
36
+
37
+
mount {
+20
-17
pkgs/by-name/wi/windmill/run.go.config.proto.patch
+20
-17
pkgs/by-name/wi/windmill/run.go.config.proto.patch
···
1
1
diff --git a/windmill-worker/nsjail/run.go.config.proto b/windmill-worker/nsjail/run.go.config.proto
2
-
index 3af548d1..39ff4da7 100644
2
+
index 1ba6f52d5..21614fabb 100644
3
3
--- a/windmill-worker/nsjail/run.go.config.proto
4
4
+++ b/windmill-worker/nsjail/run.go.config.proto
5
-
@@ -25,6 +25,13 @@ mount {
6
-
}
5
+
@@ -14,16 +14,24 @@ clone_newuser: {CLONE_NEWUSER}
6
+
keep_caps: false
7
+
keep_env: true
7
8
8
-
mount {
9
-
+ src: "/nix/store"
10
-
+ dst: "/nix/store"
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
11
12
+ is_bind: true
12
13
+}
13
14
+
14
-
+mount {
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
15
19
+ mandatory: false
20
+
}
21
+
22
+
mount {
16
23
src: "/lib"
17
24
dst: "/lib"
18
25
is_bind: true
19
-
@@ -32,6 +39,7 @@ mount {
20
-
21
-
22
-
mount {
23
26
+ mandatory: false
24
-
src: "/lib64"
25
-
dst: "/lib64"
26
-
is_bind: true
27
-
@@ -39,6 +47,7 @@ mount {
27
+
}
28
28
29
29
30
-
mount {
31
-
+ mandatory: false
30
+
@@ -39,6 +47,7 @@ mount {
32
31
src: "/usr"
33
32
dst: "/usr"
34
33
is_bind: true
34
+
+ mandatory: false
35
+
}
36
+
37
+
mount {
+37
pkgs/by-name/wi/windmill/run.php.config.proto.patch
+37
pkgs/by-name/wi/windmill/run.php.config.proto.patch
···
1
+
diff --git a/windmill-worker/nsjail/run.php.config.proto b/windmill-worker/nsjail/run.php.config.proto
2
+
index d3752d33b..9e4b19793 100644
3
+
--- a/windmill-worker/nsjail/run.php.config.proto
4
+
+++ b/windmill-worker/nsjail/run.php.config.proto
5
+
@@ -15,16 +15,24 @@ keep_caps: false
6
+
keep_env: true
7
+
mount_proc: true
8
+
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
12
+
+ is_bind: true
13
+
+}
14
+
+
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
19
+
+ mandatory: false
20
+
}
21
+
22
+
mount {
23
+
src: "/lib"
24
+
dst: "/lib"
25
+
is_bind: true
26
+
+ mandatory: false
27
+
}
28
+
29
+
30
+
@@ -40,6 +48,7 @@ mount {
31
+
src: "/usr"
32
+
dst: "/usr"
33
+
is_bind: true
34
+
+ mandatory: false
35
+
}
36
+
37
+
mount {
+38
pkgs/by-name/wi/windmill/run.powershell.config.proto.patch
+38
pkgs/by-name/wi/windmill/run.powershell.config.proto.patch
···
1
+
diff --git a/windmill-worker/nsjail/run.powershell.config.proto b/windmill-worker/nsjail/run.powershell.config.proto
2
+
index 93a48d4fe..97dc236e5 100644
3
+
--- a/windmill-worker/nsjail/run.powershell.config.proto
4
+
+++ b/windmill-worker/nsjail/run.powershell.config.proto
5
+
@@ -15,10 +15,17 @@ keep_caps: false
6
+
keep_env: true
7
+
mount_proc: true
8
+
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
12
+
+ is_bind: true
13
+
+}
14
+
+
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
19
+
+ mandatory: false
20
+
}
21
+
22
+
mount {
23
+
@@ -38,6 +45,7 @@ mount {
24
+
src: "/lib"
25
+
dst: "/lib"
26
+
is_bind: true
27
+
+ mandatory: false
28
+
}
29
+
30
+
31
+
@@ -53,6 +61,7 @@ mount {
32
+
src: "/usr"
33
+
dst: "/usr"
34
+
is_bind: true
35
+
+ mandatory: false
36
+
}
37
+
38
+
mount {
+20
-17
pkgs/by-name/wi/windmill/run.python3.config.proto.patch
+20
-17
pkgs/by-name/wi/windmill/run.python3.config.proto.patch
···
1
1
diff --git a/windmill-worker/nsjail/run.python3.config.proto b/windmill-worker/nsjail/run.python3.config.proto
2
-
index 9f106c23..9da2d2a8 100644
2
+
index b49b9cfbf..35241bbd0 100644
3
3
--- a/windmill-worker/nsjail/run.python3.config.proto
4
4
+++ b/windmill-worker/nsjail/run.python3.config.proto
5
-
@@ -27,6 +27,13 @@ mount {
6
-
}
5
+
@@ -18,16 +18,24 @@ keep_caps: false
6
+
keep_env: true
7
+
mount_proc: true
7
8
8
-
mount {
9
-
+ src: "/nix/store"
10
-
+ dst: "/nix/store"
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
11
12
+ is_bind: true
12
13
+}
13
14
+
14
-
+mount {
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
15
19
+ mandatory: false
20
+
}
21
+
22
+
mount {
16
23
src: "/lib"
17
24
dst: "/lib"
18
25
is_bind: true
19
-
@@ -34,6 +35,7 @@ mount {
20
-
21
-
22
-
mount {
23
26
+ mandatory: false
24
-
src: "/lib64"
25
-
dst: "/lib64"
26
-
is_bind: true
27
-
@@ -41,6 +43,7 @@ mount {
27
+
}
28
28
29
29
30
-
mount {
31
-
+ mandatory: false
30
+
@@ -43,6 +51,7 @@ mount {
32
31
src: "/usr"
33
32
dst: "/usr"
34
33
is_bind: true
34
+
+ mandatory: false
35
+
}
36
+
37
+
mount {
+37
pkgs/by-name/wi/windmill/run.rust.config.proto.patch
+37
pkgs/by-name/wi/windmill/run.rust.config.proto.patch
···
1
+
diff --git a/windmill-worker/nsjail/run.rust.config.proto b/windmill-worker/nsjail/run.rust.config.proto
2
+
index 3357cd88a..c0a1e9534 100644
3
+
--- a/windmill-worker/nsjail/run.rust.config.proto
4
+
+++ b/windmill-worker/nsjail/run.rust.config.proto
5
+
@@ -14,16 +14,24 @@ clone_newuser: {CLONE_NEWUSER}
6
+
keep_caps: false
7
+
keep_env: true
8
+
9
+
+mount {
10
+
+ src: "/nix/store"
11
+
+ dst: "/nix/store"
12
+
+ is_bind: true
13
+
+}
14
+
+
15
+
mount {
16
+
src: "/bin"
17
+
dst: "/bin"
18
+
is_bind: true
19
+
+ mandatory: false
20
+
}
21
+
22
+
mount {
23
+
src: "/lib"
24
+
dst: "/lib"
25
+
is_bind: true
26
+
+ mandatory: false
27
+
}
28
+
29
+
30
+
@@ -39,6 +47,7 @@ mount {
31
+
src: "/usr"
32
+
dst: "/usr"
33
+
is_bind: true
34
+
+ mandatory: false
35
+
}
36
+
37
+
mount {
+13
pkgs/by-name/wi/windmill/rust_executor.patch
+13
pkgs/by-name/wi/windmill/rust_executor.patch
···
1
+
diff --git a/windmill-worker/src/rust_executor.rs b/windmill-worker/src/rust_executor.rs
2
+
index 95fd82210..ed7b298e1 100644
3
+
--- a/windmill-worker/src/rust_executor.rs
4
+
+++ b/windmill-worker/src/rust_executor.rs
5
+
@@ -29,7 +29,7 @@ use crate::SYSTEM_ROOT;
6
+
const NSJAIL_CONFIG_RUN_RUST_CONTENT: &str = include_str!("../nsjail/run.rust.config.proto");
7
+
8
+
lazy_static::lazy_static! {
9
+
- static ref HOME_DIR: String = std::env::var("HOME").expect("Could not find the HOME environment variable");
10
+
+ static ref HOME_DIR: String = std::env::var("HOME").unwrap_or_else(|_| format!("{}/cargo", windmill_common::worker::ROOT_CACHE_DIR));
11
+
static ref CARGO_HOME: String = std::env::var("CARGO_HOME").unwrap_or_else(|_| { CARGO_HOME_DEFAULT.clone() });
12
+
static ref RUSTUP_HOME: String = std::env::var("RUSTUP_HOME").unwrap_or_else(|_| { RUSTUP_HOME_DEFAULT.clone() });
13
+
static ref CARGO_PATH: String = std::env::var("CARGO_PATH").unwrap_or_else(|_| format!("{}/bin/cargo", CARGO_HOME.as_str()));