diff options
author | aszlig <aszlig@nix.build> | 2017-11-30 06:42:49 +0100 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2017-11-30 08:33:59 +0100 |
commit | 38d3fe573f4d0ad2115eaca71a0b8f67fd01a580 (patch) | |
tree | d09bf338919056089be3b59194fa7b647794b15b /pkgs/build-support/build-sandbox/default.nix | |
parent | 28ac40c9d9e1c9afc63c19646f223b28b7ed3bc8 (diff) |
build-sandbox: Move to top-level build-support
This is not only useful for packaging games, so let's make it available from the vuizvui scope, so we can use it from other packages as well. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'pkgs/build-support/build-sandbox/default.nix')
-rw-r--r-- | pkgs/build-support/build-sandbox/default.nix | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/pkgs/build-support/build-sandbox/default.nix b/pkgs/build-support/build-sandbox/default.nix new file mode 100644 index 00000000..fa4bac57 --- /dev/null +++ b/pkgs/build-support/build-sandbox/default.nix @@ -0,0 +1,75 @@ +{ stdenv, lib, pkgconfig, nix }: + +drv: { paths ? {}, ... }@attrs: + +let + # Extra paths that are required so they are created prior to bind-mounting. + pathsRequired = paths.required or []; + # Extra paths that are skipped if they don't exist. + pathsWanted = paths.wanted or []; + # Paths extracted from PATH-like environment variables, eg. LD_LIBRARY_PATH. + pathsRuntimeVars = paths.runtimeVars or []; + + # Create code snippets for params.c to add extra_mount() calls. + mkExtraMountParams = isRequired: lib.concatMapStringsSep "\n" (extra: let + escaped = lib.escape ["\\" "\""] extra; + reqBool = if isRequired then "true" else "false"; + code = "if (!extra_mount(\"${escaped}\", ${reqBool})) return false;"; + in "echo ${lib.escapeShellArg code} >> params.c"); + +in stdenv.mkDerivation ({ + name = "${drv.name}-sandboxed"; + + src = ./src; + + inherit drv; + + exportReferencesGraph = [ "sandbox-closure" drv ]; + + configurePhase = '' + runtimeDeps="$(sed -ne ' + p; n; n + + :cdown + /^0*$/b + :l; s/0\(X*\)$/X\1/; tl + + s/^\(X*\)$/9\1/; tdone + ${lib.concatMapStrings (num: '' + s/${toString num}\(X*\)$/${toString (num - 1)}\1/; tdone + '') (lib.range 1 9)} + + :done + y/X/9/ + x; n; p; x + bcdown + ' ../sandbox-closure | sort -u)" + + echo '#include "setup.h"' > params.c + echo 'bool setup_app_paths(void) {' >> params.c + + for dep in $runtimeDeps; do + echo 'if (!bind_mount("'"$dep"'", true, true)) return false;' >> params.c + done + + ${mkExtraMountParams true pathsRequired} + ${mkExtraMountParams false pathsWanted} + + echo 'return true; }' >> params.c + + echo 'bool mount_runtime_path_vars(struct query_state *qs) {' >> params.c + + ${lib.concatMapStringsSep "\n" (pathvar: let + escaped = lib.escapeShellArg (lib.escape ["\\" "\""] pathvar); + fun = "mount_from_path_var"; + result = "echo 'if (!${fun}(qs, \"'${escaped}'\")) return false;'"; + in "${result} >> params.c") pathsRuntimeVars} + + echo 'return true; }' >> params.c + ''; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ nix ]; + makeFlags = [ "BINDIR=${drv}/bin" ]; + +} // removeAttrs attrs [ "paths" ]) |