sane.programs: firejail: support wrapping "runCommand" packages

This commit is contained in:
2024-01-22 09:16:25 +00:00
parent 3d763a0021
commit 60547204a8
2 changed files with 12 additions and 2 deletions

View File

@@ -114,7 +114,7 @@ let
${pkgs.buildPackages.gnused}/bin/sed -i s'/devtools-commandkey-inspector = C/devtools-commandkey-inspector = VK_F12/' omni/localization/en-US/devtools/startup/key-shortcuts.ftl
pushd omni; ${pkgs.buildPackages.zip}/bin/zip $out/lib/${cfg.browser.libName}/browser/omni.ja -r ./*; popd
# runHook postFixup to allow sandbox wrappers to wrap the binaries
# runHook postFixup to allow sane.programs sandbox wrappers to wrap the binaries
runHook postFixup
'';
});

View File

@@ -86,7 +86,17 @@ let
# no.1 may bloat rebuild times.
#
# ultimately, no.1 is probably more reliable, but i expect i'll factor out a switch to allow either approach -- particularly when debugging package buld failures.
packageWrapped = package.overrideAttrs (unwrapped: {
package' = if package.override.__functionArgs ? runCommand then
package.override {
runCommand = name: env: cmd: pkgs.runCommand name env (cmd + lib.optionalString (name == package.name) ''
# if the package is a runCommand (common for wrappers), then patch it to call our `postFixup` hook, first
runHook postFixup
'');
}
else
package
;
packageWrapped = package'.overrideAttrs (unwrapped: {
postFixup = (unwrapped.postFixup or "") + ''
tryFirejailProfile() {
_maybeProfile="${pkgs.firejail}/etc/firejail/$1.profile"