diff options
author | Michal Sojka <michal.sojka@cvut.cz> | 2021-06-25 18:08:56 +0200 |
---|---|---|
committer | Michal Sojka <michal.sojka@cvut.cz> | 2021-06-27 08:33:51 +0200 |
commit | b681ad32540c5bcb93d3cb98dfd25f22f2eb5503 (patch) | |
tree | ab3336505f9899e07bc8e50924f2def1acc2dc57 | |
parent | 9470f462d594dc6e59be2c5880ba569c28873943 (diff) | |
download | nixpkgs-b681ad32540c5bcb93d3cb98dfd25f22f2eb5503.tar nixpkgs-b681ad32540c5bcb93d3cb98dfd25f22f2eb5503.tar.gz nixpkgs-b681ad32540c5bcb93d3cb98dfd25f22f2eb5503.tar.bz2 nixpkgs-b681ad32540c5bcb93d3cb98dfd25f22f2eb5503.tar.lz nixpkgs-b681ad32540c5bcb93d3cb98dfd25f22f2eb5503.tar.xz nixpkgs-b681ad32540c5bcb93d3cb98dfd25f22f2eb5503.tar.zst nixpkgs-b681ad32540c5bcb93d3cb98dfd25f22f2eb5503.zip |
buildFHSUserEnv: Allow having custom /opt in the FHS environment
buildFHSUserEnv is meant primarily for running 3rd-party software which is difficult to patch for NixOS. Such software is often built to run from /opt. Currently, running such a software from FHS environment is difficult for two reasons: 1. If the 3rd-party software is put into the Nix store via a simple derivation (with e.g. installPhase = "dpkg-deb -x $src $out"), the content of /opt directory of that derivation does not appear in the FHSEnv even if the derivation is specified in targetPkgs. This is why we change env.nix. 2. If using buildFHSUserEnvChroot and the host system has the /opt directory, it always gets bind-mounted to the FHSEnv even if some targetPkgs contain /opt (NB buildFHSUserEnvBubblewrap does not have this problem). If that directory is not accessible for non-root users (which is what docker's containerd does with /opt :-(), the user running the FHSEnv cannot use it. With the change in chrootenv.c, /opt is not bind-mounted to the container, but instead created as user-modifiable symlink to /host/opt (see the init attribute in build-fhs-userenv/default.nix). If needed, the user can remove this symlink and create an empty /opt directory which is under his/her control.
-rw-r--r-- | pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix | 2 | ||||
-rw-r--r-- | pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c | 2 | ||||
-rw-r--r-- | pkgs/build-support/build-fhs-userenv/env.nix | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix b/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix index b9c719a4c78..0051961d9f1 100644 --- a/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix +++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/env.nix @@ -156,7 +156,7 @@ let done cd .. - for i in var etc; do + for i in var etc opt; do if [ -d "${staticUsrProfileTarget}/$i" ]; then cp -rsHf "${staticUsrProfileTarget}/$i" "$i" fi diff --git a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c index 27e70e3fe5c..d8d87cd7dac 100644 --- a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c +++ b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c @@ -18,7 +18,7 @@ if (expr) \ fail(#expr, errno); -const gchar *bind_blacklist[] = {"bin", "etc", "host", "real-host", "usr", "lib", "lib64", "lib32", "sbin", NULL}; +const gchar *bind_blacklist[] = {"bin", "etc", "host", "real-host", "usr", "lib", "lib64", "lib32", "sbin", "opt", NULL}; int pivot_root(const char *new_root, const char *put_old) { return syscall(SYS_pivot_root, new_root, put_old); diff --git a/pkgs/build-support/build-fhs-userenv/env.nix b/pkgs/build-support/build-fhs-userenv/env.nix index 226904f311b..f24af87037f 100644 --- a/pkgs/build-support/build-fhs-userenv/env.nix +++ b/pkgs/build-support/build-fhs-userenv/env.nix @@ -180,7 +180,7 @@ let done cd .. - for i in var etc; do + for i in var etc opt; do if [ -d "${staticUsrProfileTarget}/$i" ]; then cp -rsHf "${staticUsrProfileTarget}/$i" "$i" fi |