sane-scripts: package using resholve
this makes it easier to propagate paths in and such. it does more sanity checking than e.g. `wrapProgram`, plus it doesn't do any indirection -- rather, substitution.
This commit is contained in:
parent
25c75b10bf
commit
118007075f
|
@ -1,16 +1,64 @@
|
|||
{ lib
|
||||
, pkgs
|
||||
, stdenv
|
||||
, resholve
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "sane-scripts";
|
||||
# resholve documentation:
|
||||
# - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md
|
||||
# - generic: https://github.com/abathur/resholve
|
||||
resholve.mkDerivation {
|
||||
pname = "sane-scripts";
|
||||
version = "0.1.0";
|
||||
|
||||
src = ./src;
|
||||
|
||||
# See: https://nixos.org/nixpkgs/manual/#ssec-stdenv-dependencies
|
||||
# TODO: we aren't propagating all dependencies here (e.g. rmlint)
|
||||
buildInputs = [ pkgs.rsync ];
|
||||
solutions = {
|
||||
default = {
|
||||
scripts = [ "bin/*" ];
|
||||
interpreter = "${pkgs.bash}/bin/bash";
|
||||
inputs = with pkgs; [
|
||||
coreutils
|
||||
curl
|
||||
findutils
|
||||
gnugrep
|
||||
ifuse
|
||||
inotifyTools
|
||||
oath-toolkit
|
||||
openssh
|
||||
rmlint
|
||||
rsync
|
||||
ssh-to-age
|
||||
sops
|
||||
sudo
|
||||
which
|
||||
];
|
||||
keep = {
|
||||
# we write here: keep it
|
||||
"/tmp/rmlint.sh" = true;
|
||||
};
|
||||
fake = {
|
||||
external = [
|
||||
# https://github.com/abathur/resholve/issues/29
|
||||
"umount"
|
||||
"sudo"
|
||||
|
||||
# this is actually internal; probably a better fix
|
||||
"sane-mount-servo"
|
||||
];
|
||||
};
|
||||
|
||||
# list of programs which *can* or *cannot* exec their arguments
|
||||
execer = [
|
||||
"cannot:${pkgs.ifuse}/bin/ifuse"
|
||||
"cannot:${pkgs.oath-toolkit}/bin/oathtool"
|
||||
"cannot:${pkgs.openssh}/bin/ssh-keygen"
|
||||
"cannot:${pkgs.rmlint}/bin/rmlint"
|
||||
"cannot:${pkgs.rsync}/bin/rsync"
|
||||
"cannot:${pkgs.ssh-to-age}/bin/ssh-to-age"
|
||||
"cannot:${pkgs.sops}/bin/sops"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p "$out"
|
||||
|
|
Loading…
Reference in New Issue
Block a user