modules/programs: patch old /nix/store paths in .desktop files
This commit is contained in:
parent
1cb2c5225f
commit
4f8d476ebf
|
@ -130,25 +130,30 @@ let
|
||||||
# - share/man
|
# - share/man
|
||||||
# - share/mime
|
# - share/mime
|
||||||
# TODO: it'd be nice to just symlink these instead, but then we couldn't leverage `disallowedReferences` like this.
|
# TODO: it'd be nice to just symlink these instead, but then we couldn't leverage `disallowedReferences` like this.
|
||||||
copyNonBinaries = pkgName: package: runCommand "${pkgName}-sandboxed-non-binary" {
|
copyNonBinaries = pkgName: package: sandboxedBins: runCommand "${pkgName}-sandboxed-non-binary" {
|
||||||
disallowedReferences = [ package ];
|
disallowedReferences = [ package ];
|
||||||
} ''
|
} ''
|
||||||
mkdir "$out"
|
mkdir "$out"
|
||||||
if [ -e "${package}/share" ]; then
|
if [ -e "${package}/share" ]; then
|
||||||
cp -R "${package}/share" "$out/"
|
cp -R "${package}/share" "$out/"
|
||||||
fi
|
fi
|
||||||
|
# fixup a few files i understand well enough
|
||||||
|
for d in $out/share/applications/*.desktop; do
|
||||||
|
substituteInPlace "$d" \
|
||||||
|
--replace "Exec=${package}/bin/" "Exec=${sandboxedBins}/bin/"
|
||||||
|
done
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# take the nearly-final sandboxed package, with binaries and and else, and
|
# take the nearly-final sandboxed package, with binaries and and else, and
|
||||||
# populate passthru attributes the caller expects, like `sandboxProfiles` and `checkSandboxed`.
|
# populate passthru attributes the caller expects, like `sandboxProfiles` and `checkSandboxed`.
|
||||||
fixupMetaAndPassthru = pkgName: pkg: sandboxProfiles: pkg.overrideAttrs (orig: let
|
fixupMetaAndPassthru = pkgName: pkg: sandboxProfiles: extraPassthru: pkg.overrideAttrs (orig: let
|
||||||
final = fixupMetaAndPassthru pkgName pkg sandboxProfiles;
|
final = fixupMetaAndPassthru pkgName pkg sandboxProfiles;
|
||||||
in {
|
in {
|
||||||
meta = (orig.meta or {}) // {
|
meta = (orig.meta or {}) // {
|
||||||
# take precedence over non-sandboxed versions of the same binary.
|
# take precedence over non-sandboxed versions of the same binary.
|
||||||
priority = ((orig.meta or {}).priority or 0) - 1;
|
priority = ((orig.meta or {}).priority or 0) - 1;
|
||||||
};
|
};
|
||||||
passthru = (pkg.passthru or {}) // {
|
passthru = (pkg.passthru or {}) // extraPassthru // {
|
||||||
inherit sandboxProfiles;
|
inherit sandboxProfiles;
|
||||||
checkSandboxed = runCommand "${pkgName}-check-sandboxed" {} ''
|
checkSandboxed = runCommand "${pkgName}-check-sandboxed" {} ''
|
||||||
# invoke each binary in a way only the sandbox wrapper will recognize,
|
# invoke each binary in a way only the sandbox wrapper will recognize,
|
||||||
|
@ -225,33 +230,31 @@ let
|
||||||
# 2. pkgs.symlinkJoin, creating an entirely new package which calls into the inner binaries.
|
# 2. pkgs.symlinkJoin, creating an entirely new package which calls into the inner binaries.
|
||||||
#
|
#
|
||||||
# here we switch between the options.
|
# here we switch between the options.
|
||||||
# note that no.2 ("wrappedDerivation") *doesn't support .desktop files yet*.
|
# regardless of which one is chosen here, all other options are exposed via `passthru`.
|
||||||
# the final package simply doesn't include .desktop files, only bin/.
|
sandboxedBy = {
|
||||||
packageWrapped = if wrapperType == "inplace" then
|
inplace = sandboxBinariesInPlace
|
||||||
sandboxBinariesInPlace
|
|
||||||
binMap
|
binMap
|
||||||
sane-sandboxed'
|
sane-sandboxed'
|
||||||
maybeEmbedProfilesDir
|
maybeEmbedProfilesDir
|
||||||
pkgName
|
pkgName
|
||||||
(makeHookable package)
|
(makeHookable package);
|
||||||
else if wrapperType == "wrappedDerivation" then
|
|
||||||
let
|
wrappedDerivation = let
|
||||||
binariesOnly = symlinkBinaries pkgName package;
|
binaries = sandboxBinariesInPlace
|
||||||
binariesWrapped = sandboxBinariesInPlace
|
|
||||||
binMap
|
binMap
|
||||||
sane-sandboxed'
|
sane-sandboxed'
|
||||||
maybeEmbedProfilesDir
|
maybeEmbedProfilesDir
|
||||||
pkgName
|
pkgName
|
||||||
binariesOnly;
|
(symlinkBinaries pkgName package);
|
||||||
in
|
nonBinaries = copyNonBinaries pkgName package binaries;
|
||||||
symlinkJoin {
|
in symlinkJoin {
|
||||||
name = "${pkgName}-sandboxed-all";
|
name = "${pkgName}-sandboxed-all";
|
||||||
paths = [
|
paths = [ binaries nonBinaries ];
|
||||||
binariesWrapped
|
passthru = { inherit binaries nonBinaries; };
|
||||||
(copyNonBinaries pkgName package)
|
};
|
||||||
];
|
};
|
||||||
}
|
packageWrapped = sandboxedBy."${wrapperType}";
|
||||||
else
|
|
||||||
builtins.throw "unknown wrapperType: ${wrapperType}";
|
|
||||||
in
|
in
|
||||||
fixupMetaAndPassthru pkgName packageWrapped sandboxProfilesPkg
|
fixupMetaAndPassthru pkgName packageWrapped sandboxProfilesPkg {
|
||||||
|
inherit sandboxedBy;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user