pkgs/build-support/build-fhs-userenv/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

{ writeTextFile, stdenv, ruby } : { env, runScript } :

let
  name = env.pname;

  # Sandboxing script
  chroot-user = writeTextFile {
    name = "chroot-user";
    executable = true;
    destination = "/bin/chroot-user";
    text = ''
      #! ${ruby}/bin/ruby
      ${builtins.readFile ./chroot-user.rb}
    '';
  };

in stdenv.mkDerivation {
  name = "${name}-userenv";
  buildInputs = [ ruby ];
  preferLocalBuild = true;
  buildCommand = ''
    mkdir -p $out/bin
    cat > $out/bin/${name} <<EOF
    #! ${stdenv.shell}
    exec ${chroot-user}/bin/chroot-user ${env} $out/libexec/run "\$@"
    EOF
    chmod +x $out/bin/${name}

    mkdir -p $out/libexec
    cat > $out/libexec/run <<EOF
    #! ${stdenv.shell}
    source /etc/profile
    ${runScript} "\$@"
    EOF
    chmod +x $out/libexec/run
  '';
}