commit e96a0b3c8bf728e9d711765450a3769223a67e40

pyrox.dev / nixpkgs

lol

fork atom

insync: fix bwrap namespaces

- share bwrap namespaces as possible with the user

Miao, ZhiCheng 2 years ago e96a0b3c 63ad6387

+36 -29

1 changed file

expand all

unified split

pkgs

applications

networking

insync

default.nix

+36 -29

pkgs/applications/networking/insync/default.nix

··· 1 1 { lib 2 2 , writeShellScript 3 - , buildFHSEnv 3 + , buildFHSEnvBubblewrap 4 4 , stdenvNoCC 5 5 , fetchurl 6 6 , autoPatchelfHook ··· 40 40 }; 41 41 42 42 insync-pkg = stdenvNoCC.mkDerivation { 43 - inherit pname version meta; 43 + name = "${pname}-pkg-${version}"; 44 + inherit version meta; 44 45 45 46 src = fetchurl { 46 47 # Find a binary from https://www.insynchq.com/downloads/linux#ubuntu. 47 - url = "https://cdn.insynchq.com/builds/linux/${pname}_${version}-lunar_amd64.deb"; 48 + url = "https://cdn.insynchq.com/builds/linux/insync_${version}-lunar_amd64.deb"; 48 49 sha256 = "sha256-BxTFtQ1rAsOuhKnH5vsl3zkM7WOd+vjA4LKZGxl4jk0="; 49 50 }; 50 51 ··· 66 67 installPhase = '' 67 68 runHook preInstall 68 69 69 - mkdir -p $out/bin $out/lib $out/share 70 + mkdir -p $out 70 71 cp -R usr/* $out/ 71 72 72 73 # use system glibc ··· 75 76 # remove badly packaged plugins 76 77 rm $out/lib/insync/PySide2/plugins/platforminputcontexts/libqtvirtualkeyboardplugin.so 77 78 79 + # remove the unused vendor wrapper 80 + rm $out/bin/insync 81 + 78 82 runHook postInstall 79 83 ''; 80 84 ··· 82 86 dontStrip = true; 83 87 }; 84 88 85 - insync-fhsenv = buildFHSEnv { 86 - name = "${pname}-${version}"; 87 - inherit meta; 89 + in buildFHSEnvBubblewrap { 90 + name = pname; 91 + inherit meta; 88 92 89 - # for including insync's xdg data dirs 90 - extraOutputsToInstall = [ "share" ]; 93 + targetPkgs = pkgs: with pkgs; [ 94 + insync-pkg 95 + libudev0-shim 96 + ]; 91 97 92 - targetPkgs = pkgs: with pkgs; [ 93 - insync-pkg 94 - libudev0-shim 95 - ]; 98 + runScript = writeShellScript "insync-wrapper.sh" '' 99 + # QT_STYLE_OVERRIDE was used to suppress a QT warning, it should have no actual effect for this binary. 100 + echo Unsetting QT_STYLE_OVERRIDE=$QT_STYLE_OVERRIDE 101 + echo Unsetting QT_QPA_PLATFORMTHEME=$QT_QPA_PLATFORMTHEME 102 + unset QT_STYLE_OVERRIDE 103 + unset QPA_PLATFORMTHEME 96 104 97 - runScript = writeShellScript "insync-wrapper.sh" '' 98 - # QT_STYLE_OVERRIDE was used to suppress a QT warning, it should have no actual effect for this binary. 99 - export QT_STYLE_OVERRIDE=Fusion 100 105 # xkb configuration needed: https://github.com/NixOS/nixpkgs/issues/236365 101 106 export XKB_CONFIG_ROOT=${xkeyboard_config}/share/X11/xkb/ 102 - exec "${insync-pkg.outPath}/lib/insync/insync" "$@" 103 - ''; 107 + echo XKB_CONFIG_ROOT=$XKB_CONFIG_ROOT 104 108 105 - # "insync start" command starts a daemon. 106 - dieWithParent = false; 107 - }; 109 + # For debuging: 110 + # export QT_DEBUG_PLUGINS=1 111 + # find -L /usr/share -name "*insync*" 108 112 109 - in stdenvNoCC.mkDerivation { 110 - inherit pname version meta; 113 + exec /usr/lib/insync/insync "$@" 114 + ''; 111 115 112 - dontUnpack = true; 113 - installPhase = '' 114 - mkdir -p $out/bin 115 - ln -s ${insync-fhsenv}/bin/${insync-fhsenv.name} $out/bin/insync 116 - ln -s ${insync-pkg}/share $out/share 117 - ''; 116 + # As intended by this bubble wrap, share as much namespaces as possible with user. 117 + unshareUser = false; 118 + unshareIpc = false; 119 + unsharePid = false; 120 + unshareNet = false; 121 + unshareUts = false; 122 + unshareCgroup = false; 123 + # Since "insync start" command starts a daemon, this daemon should die with it. 124 + dieWithParent = false; 118 125 }