From af83c63ef1926a7571943926fbbd08c6c129d737 Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 21 Nov 2017 07:06:08 +0100 Subject: pkgs/sandbox: Handle non-existing paths We now distinguish between paths that have to exist and paths that are fine to skip during bind mounting. So far we had hard failures whenever a path that needed to be mounted didn't exist, for example something like $XDG_CONFIG_HOME/unity3d failed whenever the directory didn't exist. Apart from that we now have a more clean attribute structure for sandbox parameters, which are now: * paths.required: Created prior to bind-mounting * paths.wanted: Skipped if it doesn't exist * paths.runtimeVars: Extracted from PATH-like environment variables Signed-off-by: aszlig --- pkgs/games/build-support/build-sandbox/default.nix | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) (limited to 'pkgs/games/build-support/build-sandbox/default.nix') diff --git a/pkgs/games/build-support/build-sandbox/default.nix b/pkgs/games/build-support/build-sandbox/default.nix index e4826405..fa4bac57 100644 --- a/pkgs/games/build-support/build-sandbox/default.nix +++ b/pkgs/games/build-support/build-sandbox/default.nix @@ -1,8 +1,23 @@ { stdenv, lib, pkgconfig, nix }: -drv: { extraSandboxPaths ? [], runtimePathVars ? [], ... }@attrs: - -stdenv.mkDerivation ({ +drv: { paths ? {}, ... }@attrs: + +let + # Extra paths that are required so they are created prior to bind-mounting. + pathsRequired = paths.required or []; + # Extra paths that are skipped if they don't exist. + pathsWanted = paths.wanted or []; + # Paths extracted from PATH-like environment variables, eg. LD_LIBRARY_PATH. + pathsRuntimeVars = paths.runtimeVars or []; + + # Create code snippets for params.c to add extra_mount() calls. + mkExtraMountParams = isRequired: lib.concatMapStringsSep "\n" (extra: let + escaped = lib.escape ["\\" "\""] extra; + reqBool = if isRequired then "true" else "false"; + code = "if (!extra_mount(\"${escaped}\", ${reqBool})) return false;"; + in "echo ${lib.escapeShellArg code} >> params.c"); + +in stdenv.mkDerivation ({ name = "${drv.name}-sandboxed"; src = ./src; @@ -37,10 +52,8 @@ stdenv.mkDerivation ({ echo 'if (!bind_mount("'"$dep"'", true, true)) return false;' >> params.c done - ${lib.concatMapStringsSep "\n" (extra: let - escaped = lib.escapeShellArg (lib.escape ["\\" "\""] extra); - result = "echo 'if (!extra_mount(\"'${escaped}'\")) return false;'"; - in "${result} >> params.c") extraSandboxPaths} + ${mkExtraMountParams true pathsRequired} + ${mkExtraMountParams false pathsWanted} echo 'return true; }' >> params.c @@ -50,7 +63,7 @@ stdenv.mkDerivation ({ escaped = lib.escapeShellArg (lib.escape ["\\" "\""] pathvar); fun = "mount_from_path_var"; result = "echo 'if (!${fun}(qs, \"'${escaped}'\")) return false;'"; - in "${result} >> params.c") runtimePathVars} + in "${result} >> params.c") pathsRuntimeVars} echo 'return true; }' >> params.c ''; @@ -59,4 +72,4 @@ stdenv.mkDerivation ({ buildInputs = [ nix ]; makeFlags = [ "BINDIR=${drv}/bin" ]; -} // removeAttrs attrs [ "extraSandboxPaths" "runtimePathVars" ]) +} // removeAttrs attrs [ "paths" ]) -- cgit 1.4.1