diff options
author | Atemu <atemu.main@gmail.com> | 2020-09-20 17:02:08 +0200 |
---|---|---|
committer | Atemu <atemu.main@gmail.com> | 2020-11-22 19:26:59 +0100 |
commit | 74c4a55e1076ecd93b2e44f44f402b8980cff464 (patch) | |
tree | c977d72775a5fa4599144416531f41675c32ed81 /pkgs/build-support/build-fhs-userenv-bubblewrap | |
parent | a322b32e9d74fb476944ff6cfb55833dc69cfaaa (diff) | |
download | nixpkgs-74c4a55e1076ecd93b2e44f44f402b8980cff464.tar nixpkgs-74c4a55e1076ecd93b2e44f44f402b8980cff464.tar.gz nixpkgs-74c4a55e1076ecd93b2e44f44f402b8980cff464.tar.bz2 nixpkgs-74c4a55e1076ecd93b2e44f44f402b8980cff464.tar.lz nixpkgs-74c4a55e1076ecd93b2e44f44f402b8980cff464.tar.xz nixpkgs-74c4a55e1076ecd93b2e44f44f402b8980cff464.tar.zst nixpkgs-74c4a55e1076ecd93b2e44f44f402b8980cff464.zip |
buildFHSUserEnvBubblewrap: use arrays for constructing argument list
Generally a cleaner way of doing it and prevents issues with spaces in paths Used to fix #97234 but #101967 already didt this with a smaller scope
Diffstat (limited to 'pkgs/build-support/build-fhs-userenv-bubblewrap')
-rw-r--r-- | pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix index 83d5d371b39..3a3c9e932fd 100644 --- a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix +++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix @@ -50,7 +50,7 @@ let "ssl/certs" "pki" ]; - in concatStringsSep " \\\n " + in concatStringsSep "\n " (map (file: "--ro-bind-try /etc/${file} /etc/${file}") files); init = run: writeShellScriptBin "${name}-init" '' @@ -59,21 +59,21 @@ let ''; bwrapCmd = { initArgs ? "" }: '' - blacklist="/nix /dev /proc /etc" - ro_mounts="" + blacklist=(/nix /dev /proc /etc) + ro_mounts=() for i in ${env}/*; do path="/''${i##*/}" if [[ $path == '/etc' ]]; then continue fi - ro_mounts="$ro_mounts --ro-bind $i $path" - blacklist="$blacklist $path" + ro_mounts+=(--ro-bind "$i" "$path") + blacklist+=("$path") done if [[ -d ${env}/etc ]]; then for i in ${env}/etc/*; do path="/''${i##*/}" - ro_mounts="$ro_mounts --ro-bind $i /etc$path" + ro_mounts+=(--ro-bind "$i" "/etc$path") done fi @@ -81,24 +81,27 @@ let # loop through all directories in the root for dir in /*; do # if it is a directory and it is not in the blacklist - if [[ -d "$dir" ]] && grep -v "$dir" <<< "$blacklist" >/dev/null; then + if [[ -d "$dir" ]] && [[ ! "''${blacklist[@]}" =~ "$dir" ]]; then # add it to the mount list auto_mounts+=(--bind "$dir" "$dir") fi done - exec ${bubblewrap}/bin/bwrap \ - --dev-bind /dev /dev \ - --proc /proc \ - --chdir "$(pwd)" \ - --unshare-all \ - --share-net \ - --die-with-parent \ - --ro-bind /nix /nix \ - ${etcBindFlags} \ - $ro_mounts \ - "''${auto_mounts[@]}" \ + cmd=( + ${bubblewrap}/bin/bwrap + --dev-bind /dev /dev + --proc /proc + --chdir "$(pwd)" + --unshare-all + --share-net + --die-with-parent + --ro-bind /nix /nix + ${etcBindFlags} + "''${ro_mounts[@]}" + "''${auto_mounts[@]}" ${init runScript}/bin/${name}-init ${initArgs} + ) + exec "''${cmd[@]}" ''; bin = writeShellScriptBin name (bwrapCmd { initArgs = ''"$@"''; }); |