| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now distinguish between paths that have to exist and paths that are
fine to skip during bind mounting.
So far we had hard failures whenever a path that needed to be mounted
didn't exist, for example something like $XDG_CONFIG_HOME/unity3d failed
whenever the directory didn't exist.
Apart from that we now have a more clean attribute structure for sandbox
parameters, which are now:
* paths.required: Created prior to bind-mounting
* paths.wanted: Skipped if it doesn't exist
* paths.runtimeVars: Extracted from PATH-like environment variables
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
We already mount /etc, but it isn't quite enough, because it contains
files symlinked to /etc/static, which in turn is a store path so we need
to mount the closure of that path as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
First of all this is to bring down the amount of syscalls we're doing
but it's also useful to avoid errors when we try to mount a path over an
already mounted path.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
| |
This is using buildSandbox with the addition of adding LD_LIBRARY_PATH
to the default runtimePathVars. I've also renamed the attribute to be
called runtimePathVars instead of runtimePathVariables, simply because
it's shorter.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On NixOS the LD_LIBRARY_PATH looks similar to this (depending on the
configuration):
/run/opengl-driver/lib:/run/opengl-driver-32/lib
However, we don't have these paths available within the sandbox, because
so far we've only used exportReferencesGraph to gather the runtime
dependencies after the build has succeeded.
This obviously doesn't take into account runtime dependencies from the
system itself.
We are now taking care of this by using the Nix store library to query
the requisities of all the paths that are contained inside path-like
variables (multiple paths delimited by colons) and mount them during
sandbox setup.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
| |
This leaves sandbox.c with only the main() function and nothing else, so
that whenever we have a lot of binaries to generate, the compilation
time should be much lower now.
The change doesn't change anything in functionality.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
| |
We're now using a makefile for building the sandbox and use pkg-config
to pass in the flags we need for compiling against lib(nix)store.
Right now the sandbox itself doesn't do anything different because we're
not actually using the (incomplete) code for querying the store.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
| |
These paths are things such as /etc and /run but also the .Xauthority
file, which contains the cookie to connect to the X server.
What is still missing is access to the DRI libraries, which is a bit
trickier, because we need to add those store paths at runtime and we
need to also mount all of the dependencies.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've already pointed out in the previous commit that using /tmp for the
root directory isn't a very good idea, mainly because we can't access
sockets from /tmp (eg. the X server sockets).
So what we're now doing is using the store path that contains the
sandbox wrappers, because that very path won't be mounted into the
sandbox anyway, so we get a free directory just as an entry point.
This has the main advantage that we don't need to create any temporary
directories which we later need to clean up nor do we need to assume
that some paths might exist in the system. For example if we'd use /usr
we still have /usr/bin/env on NixOS, but if that's going to go away in
the future or we are on a distro that doesn't have it at all, the
sandbox setup will fail.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
So far creating the sandbox has been a setup hook, however it's a bit
ugly how we gathered the needed paths for the chroot file system by
recursively searching for store paths.
While I'd like to have the sandbox being built within the main
derivation, it really isn't very practical when the build takes longer
than 10 minutes.
With this implementation however the sandbox builds really fast and we
can also modify the sandbox without needing to rebuild a particular
game.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|