Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't replace /etc in fhs-userenv #80457

Closed
wants to merge 1 commit into from
Closed

Don't replace /etc in fhs-userenv #80457

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
if (expr) \
fail(#expr, errno);

const gchar *bind_blacklist[] = {"bin", "etc", "host", "real-host", "usr", "lib", "lib64", "lib32", "sbin", NULL};
const gchar *bind_blacklist[] = {"bin", "host", "real-host", "usr", "lib", "lib64", "lib32", "sbin", NULL};

int pivot_root(const char *new_root, const char *put_old) {
return syscall(SYS_pivot_root, new_root, put_old);
Expand Down
2 changes: 1 addition & 1 deletion pkgs/build-support/build-fhs-userenv/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ let
[ -d "$1" ] && [ -r "$1" ] && cd "$1"
shift

source /etc/profile
source ${env.profile}
exec ${run} "$@"
'';

Expand Down
55 changes: 3 additions & 52 deletions pkgs/build-support/build-fhs-userenv/env.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ let
[ (toString gcc.cc.lib)
];

etcProfile = writeText "profile" ''
shellProfile = writeText "profile" ''
export PS1='${name}-chrootenv:\u@\h:\w\$ '
export LOCALE_ARCHIVE='/usr/lib/locale/locale-archive'
export LD_LIBRARY_PATH="/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
Expand All @@ -68,60 +68,10 @@ let
${profile}
'';

# Compose /etc for the chroot environment
etcPkg = stdenv.mkDerivation {
Copy link
Member

@Mic92 Mic92 Jul 25, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only reason I can think of is to provide /etc/ld.so.conf but this is not provided here either.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @vcunat @matthewbauer Any idea why this was added in the first place? Is there some impurity introduced if we keep the original /etc?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this maybe needed on non-nixos distributions because /etc/ld.so.conf could mess with the build?

Copy link
Member

@vcunat vcunat Aug 1, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My guess of the intention: link as little as possible, thus reducing impurity brought from the host OS. EDIT: say, why should config of most OS services be visible in there?

name = "${name}-chrootenv-etc";
buildCommand = ''
mkdir -p $out/etc
cd $out/etc

# environment variables
ln -s ${etcProfile} profile

# compatibility with NixOS
ln -s /host/etc/static static

# symlink some NSS stuff
ln -s /host/etc/passwd passwd
ln -s /host/etc/group group
ln -s /host/etc/shadow shadow
ln -s /host/etc/hosts hosts
ln -s /host/etc/resolv.conf resolv.conf
ln -s /host/etc/nsswitch.conf nsswitch.conf

# symlink sudo and su stuff
ln -s /host/etc/login.defs login.defs
ln -s /host/etc/sudoers sudoers
ln -s /host/etc/sudoers.d sudoers.d

# symlink other core stuff
ln -s /host/etc/localtime localtime
ln -s /host/etc/zoneinfo zoneinfo
ln -s /host/etc/machine-id machine-id
ln -s /host/etc/os-release os-release

# symlink PAM stuff
ln -s /host/etc/pam.d pam.d

# symlink fonts stuff
ln -s /host/etc/fonts fonts

# symlink ALSA stuff
ln -s /host/etc/asound.conf asound.conf

# symlink SSL certs
mkdir -p ssl
ln -s /host/etc/ssl/certs ssl/certs

# symlink /etc/mtab -> /proc/mounts (compat for old userspace progs)
ln -s /proc/mounts mtab
'';
};

# Composes a /usr-like directory structure
staticUsrProfileTarget = buildEnv {
name = "${name}-usr-target";
paths = [ etcPkg ] ++ basePkgs ++ targetPaths;
paths = basePkgs ++ targetPaths;
extraOutputsToInstall = [ "out" "lib" "bin" ] ++ extraOutputsToInstall;
ignoreCollisions = true;
};
Expand Down Expand Up @@ -199,4 +149,5 @@ in stdenv.mkDerivation {
'';
preferLocalBuild = true;
allowSubstitutes = false;
profile = shellProfile;
}