From 6314fe724c31c54bc53bf15ebcc9c2ce9769583c Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@nix.build>
Date: Tue, 23 Jun 2020 23:05:46 +0200
Subject: sandbox: Use closureInfo for getting runtime deps

A while ago[1], @Profpatsch added this comment above the definition of
the $runtimeDeps variable:

  # Reads the dependency closures and does ? something? TODO: explain

I just recently (yesterday as of the date of this commit) found out
about that comment by accident.

While this should probably be better of as an issue instead, the comment
does have a point, since not everybody enjoys reading/writing sed
expressions.

In a nutshell, what the implementation actually does is parsing the
output of the files generated by exportReferencesGraph.

At the time of writing the implementation, we didn't have a JSON-based
interface in Nix for doing the same, nor did we have something like
pkgs.closureInfo. There was only a small Perl script[2], which did
something like this, but given that it can be easily done via sed, I
opted to instead use the latter.

Nevertheless however, using closureInfo is not only more concise in its
implementation, it also makes our implementation much more concise as
well and also obvious on what we're doing here.

[1]: 09dc1d8ad625b9a1d5b89593b184d316837ba1cc
[2]: https://github.com/NixOS/nixpkgs/blob/8747190024205a5a3534b4e9a18dbaf3f3ee7b39/pkgs/build-support/kernel/paths-from-graph.pl

Signed-off-by: aszlig <aszlig@nix.build>
---
 pkgs/build-support/build-sandbox/default.nix | 30 +++++-----------------------
 1 file changed, 5 insertions(+), 25 deletions(-)

diff --git a/pkgs/build-support/build-sandbox/default.nix b/pkgs/build-support/build-sandbox/default.nix
index 4e5cffe9..0e1d4a4d 100644
--- a/pkgs/build-support/build-sandbox/default.nix
+++ b/pkgs/build-support/build-sandbox/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, pkgconfig, nix, boost, dash }:
+{ stdenv, lib, pkgconfig, closureInfo, nix, boost, dash }:
 
 drv: { paths ? {}, ... }@attrs:
 
@@ -30,31 +30,11 @@ in stdenv.mkDerivation ({
 
   inherit drv;
 
-  # writes files "sandbox-*" to the builder (see nix manual)
-  exportReferencesGraph =
-    [ "sandbox-closure" drv ] ++
-    lib.optionals allowBinSh [ "sandbox-binsh" dash ];
+  closureInfo = closureInfo {
+    rootPaths = lib.singleton drv ++ lib.optional allowBinSh dash;
+  };
 
   configurePhase = ''
-    # Reads the dependency closures and does … something? TODO: explain
-    runtimeDeps="$(sed -ne '
-      p; n; n
-
-      :cdown
-      /^0*$/b
-      :l; s/0\(X*\)$/X\1/; tl
-
-      s/^\(X*\)$/9\1/; tdone
-      ${lib.concatMapStrings (num: ''
-        s/${toString num}\(X*\)$/${toString (num - 1)}\1/; tdone
-      '') (lib.range 1 9)}
-
-      :done
-      y/X/9/
-      x; n; p; x
-      bcdown
-    ' ../sandbox-* | sort -u)"
-
     echo '#include "setup.h"' > params.c
     echo 'bool setup_app_paths(void) {' >> params.c
 
@@ -66,7 +46,7 @@ in stdenv.mkDerivation ({
         >> params.c
 
     '' else ''
-      for dep in $runtimeDeps; do
+      for dep in $(< "$closureInfo/store-paths"); do
         echo 'if (!bind_mount("'"$dep"'", true, true, true)) return false;' \
           >> params.c
       done
-- 
cgit 1.4.1