nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-22 13:43:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

* Set up Nix so that builds are never performed as root, but rather

Browse Source 
under nix-build-N.

svn path=/nixos/trunk/; revision=7172
This commit is contained in:
Eelco Dolstra 2006-11-29 23:41:21 +00:00
parent ec764b7c08
commit bc3f4f8352
3 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
boot/boot-stage-2-init.sh
View File

@ -105,9 +105,18 @@ test -e /etc/login.defs || touch /etc/login.defs
# Enable a password-less root login. # Enable a password-less root login.
source @accounts@
if ! test -e /etc/passwd; then if ! test -e /etc/passwd; then
echo "root::0:0:root:/:@shell@" > /etc/passwd if test -n "@readOnlyRoot@"; then
rootHome=/
else
rootHome=/home/root
mkdir -p $rootHome
fi
createUser root '' 0 0 'System administrator' $rootHome/var/empty @shell@
fi fi
if ! test -e /etc/group; then if ! test -e /etc/group; then
echo "root:*:0" > /etc/group echo "root:*:0" > /etc/group
fi fi
@ -118,6 +127,28 @@ echo "127.0.0.1 localhost" > /etc/hosts
echo "hosts: files dns" > /etc/nsswitch.conf echo "hosts: files dns" > /etc/nsswitch.conf
# Set up Nix accounts.
if test -z "@readOnlyRoot@"; then
for i in $(seq 1 10); do
account=nix-build-$i
if ! userExists $account; then
createUser $account x \
$((i + 30000)) $((i + 30000)) \
'Nix build user' /var/empty /noshell
fi
accounts="$accounts $account"
done
mkdir -p /nix/etc/nix
cat > /nix/etc/nix/nix.conf <<EOF
build-allow-root = false
build-users = $accounts
EOF
fi
# Set up the Upstart jobs. # Set up the Upstart jobs.
export UPSTART_CFG_DIR=/etc/event.d export UPSTART_CFG_DIR=/etc/event.d

2
boot/boot-stage-2.nix
View File

@ -43,4 +43,6 @@ genericSubstituter {
}; };
wrapperDir = setuidWrapper.wrapperDir; wrapperDir = setuidWrapper.wrapperDir;
accounts = ../helpers/accounts.sh;
} }

4
installer/nixos-installer.sh
View File

@ -63,7 +63,6 @@ mkdir -m 0755 -p $mountPoint/var
# Create the necessary Nix directories on the target device, if they # Create the necessary Nix directories on the target device, if they
# don't already exist. # don't already exist.
mkdir -m 0755 -p \ mkdir -m 0755 -p \
$mountPoint/nix/store \
$mountPoint/nix/var/nix/gcroots \ $mountPoint/nix/var/nix/gcroots \
$mountPoint/nix/var/nix/temproots \ $mountPoint/nix/var/nix/temproots \
$mountPoint/nix/var/nix/manifests \ $mountPoint/nix/var/nix/manifests \
@ -72,6 +71,9 @@ mkdir -m 0755 -p \
$mountPoint/nix/var/nix/db \ $mountPoint/nix/var/nix/db \
$mountPoint/nix/var/log/nix/drvs $mountPoint/nix/var/log/nix/drvs
mkdir -m 1777 -p \
$mountPoint/nix/store \
# Get the store paths to copy from the references graph. # Get the store paths to copy from the references graph.
storePaths=$(@shell@ @pathsFromGraph@ @nixClosure@) storePaths=$(@shell@ @pathsFromGraph@ @nixClosure@)