summary refs log tree commit diff
path: root/pkgs/build-support/build-fhs-userenv/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/build-support/build-fhs-userenv/default.nix')
-rw-r--r--pkgs/build-support/build-fhs-userenv/default.nix37
1 files changed, 37 insertions, 0 deletions
diff --git a/pkgs/build-support/build-fhs-userenv/default.nix b/pkgs/build-support/build-fhs-userenv/default.nix
new file mode 100644
index 00000000000..67484857ee1
--- /dev/null
+++ b/pkgs/build-support/build-fhs-userenv/default.nix
@@ -0,0 +1,37 @@
+{ writeTextFile, stdenv, ruby } : { env, runScript } :
+
+let
+  name = env.pname;
+
+  # Sandboxing script
+  chroot-user = writeTextFile {
+    name = "chroot-user";
+    executable = true;
+    destination = "/bin/chroot-user";
+    text = ''
+      #! ${ruby}/bin/ruby
+      ${builtins.readFile ./chroot-user.rb}
+    '';
+  };
+
+in stdenv.mkDerivation {
+  name = "${name}-userenv";
+  buildInputs = [ ruby ];
+  preferLocalBuild = true;
+  buildCommand = ''
+    mkdir -p $out/bin
+    cat > $out/bin/${name} <<EOF
+    #! ${stdenv.shell}
+    exec ${chroot-user}/bin/chroot-user ${env} $out/libexec/run "\$@"
+    EOF
+    chmod +x $out/bin/${name}
+
+    mkdir -p $out/libexec
+    cat > $out/libexec/run <<EOF
+    #! ${stdenv.shell}
+    source /etc/profile
+    ${runScript} "\$@"
+    EOF
+    chmod +x $out/libexec/run
+  '';
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-29 19:30:43 +0000