forked from colin/nix-files
assorted: prefer runCommandLocal over runCommand where it makes sense
This commit is contained in:
parent
8f424dcd5a
commit
6ef729bbaf
@ -2,6 +2,7 @@
|
|||||||
, buildPackages
|
, buildPackages
|
||||||
, callPackage
|
, callPackage
|
||||||
, runCommand
|
, runCommand
|
||||||
|
, runCommandLocal
|
||||||
, runtimeShell
|
, runtimeShell
|
||||||
, sane-sandboxed
|
, sane-sandboxed
|
||||||
, symlinkJoin
|
, symlinkJoin
|
||||||
@ -143,7 +144,7 @@ let
|
|||||||
} else {};
|
} else {};
|
||||||
|
|
||||||
# helper used for `wrapperType == "wrappedDerivation"` which simply symlinks all a package's binaries into a new derivation
|
# helper used for `wrapperType == "wrappedDerivation"` which simply symlinks all a package's binaries into a new derivation
|
||||||
symlinkBinaries = pkgName: package: (runCommand "${pkgName}-bin-only" {} ''
|
symlinkBinaries = pkgName: package: (runCommandLocal "${pkgName}-bin-only" {} ''
|
||||||
set -e
|
set -e
|
||||||
if [ -e "${package}/bin" ]; then
|
if [ -e "${package}/bin" ]; then
|
||||||
mkdir -p "$out/bin"
|
mkdir -p "$out/bin"
|
||||||
@ -199,7 +200,7 @@ let
|
|||||||
# we have to patch those out as a way to whitelist them.
|
# we have to patch those out as a way to whitelist them.
|
||||||
checkSandboxed = let
|
checkSandboxed = let
|
||||||
sandboxedNonBin = fixHardcodedRefs unsandboxed "/dev/null" unsandboxedNonBin;
|
sandboxedNonBin = fixHardcodedRefs unsandboxed "/dev/null" unsandboxedNonBin;
|
||||||
in runCommand "${sandboxedNonBin.name}-check-sandboxed"
|
in runCommandLocal "${sandboxedNonBin.name}-check-sandboxed"
|
||||||
{ disallowedReferences = [ unsandboxed ]; }
|
{ disallowedReferences = [ unsandboxed ]; }
|
||||||
''
|
''
|
||||||
# dereference every symlink, ensuring that whatever data is behind it does not reference non-sandboxed binaries.
|
# dereference every symlink, ensuring that whatever data is behind it does not reference non-sandboxed binaries.
|
||||||
@ -215,7 +216,7 @@ let
|
|||||||
# patch them to use the sandboxed binaries,
|
# patch them to use the sandboxed binaries,
|
||||||
# and add some passthru metadata to enforce no lingering references to the unsandboxed binaries.
|
# and add some passthru metadata to enforce no lingering references to the unsandboxed binaries.
|
||||||
sandboxNonBinaries = pkgName: unsandboxed: sandboxedBin: let
|
sandboxNonBinaries = pkgName: unsandboxed: sandboxedBin: let
|
||||||
sandboxedWithoutFixedRefs = (runCommand "${pkgName}-sandboxed-non-binary" {} ''
|
sandboxedWithoutFixedRefs = (runCommandLocal "${pkgName}-sandboxed-non-binary" {} ''
|
||||||
set -e
|
set -e
|
||||||
mkdir "$out"
|
mkdir "$out"
|
||||||
# link in a limited subset of the directories.
|
# link in a limited subset of the directories.
|
||||||
@ -245,7 +246,7 @@ let
|
|||||||
priority = ((prevAttrs.meta or {}).priority or 0) - 1;
|
priority = ((prevAttrs.meta or {}).priority or 0) - 1;
|
||||||
};
|
};
|
||||||
passthru = (prevAttrs.passthru or {}) // extraPassthru // {
|
passthru = (prevAttrs.passthru or {}) // extraPassthru // {
|
||||||
checkSandboxed = runCommand "${pkgName}-check-sandboxed" {} ''
|
checkSandboxed = runCommandLocal "${pkgName}-check-sandboxed" {} ''
|
||||||
set -e
|
set -e
|
||||||
# invoke each binary in a way only the sandbox wrapper will recognize,
|
# invoke each binary in a way only the sandbox wrapper will recognize,
|
||||||
# ensuring that every binary has in fact been wrapped.
|
# ensuring that every binary has in fact been wrapped.
|
||||||
|
@ -61,6 +61,7 @@ in rec {
|
|||||||
in
|
in
|
||||||
stdenv.mkDerivation (final: {
|
stdenv.mkDerivation (final: {
|
||||||
version = "0.1.0"; # default version
|
version = "0.1.0"; # default version
|
||||||
|
preferLocalBuild = true;
|
||||||
patchPhase = ''
|
patchPhase = ''
|
||||||
substituteInPlace ${srcPath} \
|
substituteInPlace ${srcPath} \
|
||||||
--replace '#!/usr/bin/env nix-shell' '#!${interpreter}' \
|
--replace '#!/usr/bin/env nix-shell' '#!${interpreter}' \
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ runCommand
|
{ runCommandLocal
|
||||||
, rmDbusServicesInPlace
|
, rmDbusServicesInPlace
|
||||||
, symlinkJoin
|
, symlinkJoin
|
||||||
}:
|
}:
|
||||||
@ -7,7 +7,7 @@
|
|||||||
# its own package, but otherwise keeping the same path.
|
# its own package, but otherwise keeping the same path.
|
||||||
# this is done by copying the bits, so as to avoid including the item's neighbors
|
# this is done by copying the bits, so as to avoid including the item's neighbors
|
||||||
# in its runtime closure.
|
# in its runtime closure.
|
||||||
copyIntoOwnPackage = pkg: path: runCommand "${pkg.pname or pkg.name}-${path}" {
|
copyIntoOwnPackage = pkg: path: runCommandLocal "${pkg.pname or pkg.name}-${path}" {
|
||||||
env.item = path;
|
env.item = path;
|
||||||
env.fromPkg = pkg;
|
env.fromPkg = pkg;
|
||||||
} ''
|
} ''
|
||||||
@ -16,7 +16,7 @@
|
|||||||
runHook postFixup
|
runHook postFixup
|
||||||
'';
|
'';
|
||||||
|
|
||||||
linkIntoOwnPackage = pkg: path: runCommand "${pkg.pname or pkg.name}-${path}" {
|
linkIntoOwnPackage = pkg: path: runCommandLocal "${pkg.pname or pkg.name}-${path}" {
|
||||||
env.item = path;
|
env.item = path;
|
||||||
env.fromPkg = pkg;
|
env.fromPkg = pkg;
|
||||||
} ''
|
} ''
|
||||||
|
Loading…
Reference in New Issue
Block a user