Commit Graph

53 Commits

Author SHA1 Message Date
Atemu
91f5aa3446
Merge pull request #213378 from Atemu/steam-env-vars
steam: add extraEnv argument
2023-03-28 17:25:14 +02:00
Atemu
bdf0dd28b9
Merge pull request #219091 from cdepillabout/buildfhsuserenv-version
buildFHSUserEnv: add version arg
2023-03-27 08:46:24 +02:00
Atemu
192c3ecd4b buildFHSEnvBubblewrap: allow deeper introspection via passthru 2023-03-26 17:19:29 +02:00
Zhaofeng Li
42ef5ded06 build-fhs-userenv-bubblewrap: Use more descriptive names 2023-03-17 11:03:12 -06:00
Zhaofeng Li
58d73d2397 build-fhs-userenv-bubblewrap: Preserve symlinks in /etc
If the original file in /etc is a symlink, make it a symlink inside
the sandbox as well.

This fixes https://github.com/NixOS/nixpkgs/issues/126234#issuecomment-1192203498

Co-authored-by: Linus Heckemann <git@sphalerite.org>
2023-03-17 11:03:11 -06:00
Dennis Gosnell
81d23b8d3a
buildFHSUserEnv: rewrite not isNull check
Co-authored-by: Atemu <atemu.main@gmail.com>
2023-03-03 09:04:17 +09:00
Dennis Gosnell
23ee769358
buildFHSUserEnv: add version arg
This lets you set the version for the derivation produced from
`buildFHSUserEnvChroot` and `buildFHSUserEnvBubblewrap`.

This can help to make it more clear to end-users to see the versions of
the packages they are using.
2023-03-02 10:07:06 +09:00
K900
31b278c0a4
Merge pull request #215837 from K900/fhsenv-x11-socket-permissions
buildFHSUserEnv: fix permissions on /tmp/.X11-unix
2023-02-16 12:25:04 +03:00
Felix Buehler
cdb39a86e0 treewide: use optionalString 2023-02-13 21:52:34 +01:00
K900
9788650f52 buildFHSUserEnv: fix permissions on /tmp/.X11-unix
This is kinda cursed, but it makes things like `steam-run gamescope` work OOTB.
2023-02-11 17:33:06 +03:00
Sandro Jäckel
50e0012f9d
treewide: cleanup some unused bindings 2023-02-07 01:36:15 +01:00
Daniel Poelzleithner
9331c0c772 FHSEnv: export /etc/shells
/etc/shells is often read by programs to determine which shells should be
provided. Fixes problems with extensions in vscode-fhs
2022-10-18 22:59:26 -07:00
Stella
fbf83cda37 build-fhs-userenv-bubblewrap: use -m not -f for readlink
This change will let more inexistent paths be passed along, avoiding extremely weird and hard to debug behavior. See https://github.com/containers/bubblewrap/issues/520 for what I personally encountered.
2022-10-18 22:50:59 -07:00
K900
59888d2218 build-fhs-userenv-bubblewrap: fix eval 2022-08-17 22:36:45 +03:00
Pascal Bach
6af1c99422
Merge pull request #132963 from jonringer/plex-on-aarch64
plex: allow use on non-x86 platforms
2022-08-17 20:14:38 +02:00
ash lea
488056a418 steam: fix opengl inside pressure-vessel 2022-08-02 13:48:34 -07:00
Jonathan Ringer
d6915ebb3f
buildFHSUserEnvBubblewrap: allow for non-x86 platforms 2022-06-14 22:13:43 -07:00
Artturi
74f33d9a4a
Merge pull request #164825 from ilya-fedin/fhs-less-copy 2022-04-11 16:37:01 +03:00
Jonathan Ringer
44afbd4432 buildFHSUserEnvBubblewrap: append graphics share to XDG_DATA_DIR 2022-03-24 12:53:39 -07:00
David McFarland
d5bf6bac5c buildFHSUserEnv{Chroot,Bubblewrap}: fix handling of glib schema
An error would occur if share/glib-2.0/schema was a symlink.
2022-03-20 20:38:53 -03:00
Ilya Fedin
0f488afad2 build-fhs-userenv-bubblewrap: symlink share directory when there's no need to merge
There's no need to copy files if the directory won't be merged with multilib one leading to unnecessary increase of closure size
2022-03-19 10:09:55 +04:00
Artturi
b54e7571e2
Merge pull request #161739 from Artturin/gsettingsfhsenv 2022-03-15 00:03:56 +02:00
Artturin
3e7e6ab84a buildFHSUserEnv{Chroot,Bubblewrap}: link gsettings-schemas to the FHS location
We shouldn't need to use wrapGAppsHook in expressions
that use this builder.
2022-03-03 01:22:09 +02:00
Daniel Fullmer
0a8007498f bash: use default PATH in FHS environments
If bash is executed within an environment where PATH is not set, it uses
the DEFAULT_PATH_VALUE compiled into bash to set PATH. In nixpkgs we set
this to /no-such-path by default. This makes sense in a nixpkgs/NixOS
environment since paths like /bin or /usr/bin should not be used.
However, when bash is used inside an FHS environment, this produces
results that differ from distributions which follow the FHS standard.

Before this change:
$ steam-run env -i /bin/bash -c 'echo $PATH'
/no-such-path

After this change:
$ steam-run env -i /bin/bash -c 'echo $PATH'
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.
2022-02-27 15:59:39 -08:00
Linus Heckemann
f76bef6136
Merge pull request #145258 from Ma27/steam-resolv-conf-override
steam: fix `/etc/resolv.conf` reference in FHS env
2022-01-18 22:59:08 +01:00
Ben Pye
29b40b07db fhs-userenv-bubblewrap: allow additional arguments to bwrap 2022-01-01 16:53:27 -08:00
Maximilian Bosch
f3f82d8330
steam: fix /etc/resolv.conf reference in FHS env
It seems as if it's a problem if `/etc/resolv.conf` is a symlink to
`/run/systemd/resolve/stub-resolv.conf` which is the case when using
`systemd-resolved.service`:

    bwrap: Can't bind mount /oldroot/etc/resolv.conf on /newroot/etc/resolv.conf: Unable to mount source on destination: No such file or directory

I confirmed that by following the symlink of `/etc/resolv.conf`
(pointing to `/run/systemd/resolve/stub-resolv.conf`) with `readlink -f`
the issues are all gone.
2021-12-25 19:32:52 +01:00
Artturi
d9e8a587e1
Merge pull request #128126 from wentasah/chrootenv-opt 2021-11-19 04:40:34 +02:00
libjared
badb5a1af2 fhs-userenv-bubblewrap: add ca-certificates to fhs
In Arch Linux, many of the certs in /etc/ssl/certs/ are symlinks to
/etc/ca-certificates/extracted/. These symlinks are broken in the FHS
env.

This commit adds ca-certificates to the list of bind mounts, which fixes
connection issues with Steam, wget, etc on Arch Linux hosts.
2021-11-15 15:29:33 -08:00
Simon Bruder
ac5cd3a6a2
build-fhs-user-env-bubblewrap: add compatibility for pipewire alsa emulation
The NixOS pipewire module places its alsa compatiblity configuration in
/etc/alsa/conf.d/ instead of /etc/asound.conf. This commit enables
applications running in a bubblewrap fhs environment to use alsa on
systems running pipewire.
2021-07-10 12:50:52 +02:00
Michal Sojka
b681ad3254 buildFHSUserEnv: Allow having custom /opt in the FHS environment
buildFHSUserEnv is meant primarily for running 3rd-party software
which is difficult to patch for NixOS. Such software is often built to
run from /opt. Currently, running such a software from FHS environment
is difficult for two reasons:

1. If the 3rd-party software is put into the Nix store via a simple
   derivation (with e.g. installPhase = "dpkg-deb -x $src $out"), the
   content of /opt directory of that derivation does not appear in the
   FHSEnv even if the derivation is specified in targetPkgs. This is
   why we change env.nix.

2. If using buildFHSUserEnvChroot and the host system has the /opt
   directory, it always gets bind-mounted to the FHSEnv even if some
   targetPkgs contain /opt (NB buildFHSUserEnvBubblewrap does not have
   this problem). If that directory is not accessible for non-root
   users (which is what docker's containerd does with /opt :-(), the
   user running the FHSEnv cannot use it.

   With the change in chrootenv.c, /opt is not bind-mounted to the
   container, but instead created as user-modifiable symlink to
   /host/opt (see the init attribute in
   build-fhs-userenv/default.nix). If needed, the user can remove this
   symlink and create an empty /opt directory which is under his/her
   control.
2021-06-27 08:33:51 +02:00
Jonathan Ringer
73a0b6c826 buildFHSUserEnvBubblewrap: add dieWithParent option, and /etc/nix
Allows for processes which fork to not be immediately
killed when the parent process dies.
2021-05-02 13:38:52 -07:00
Matthew Mazzanti
eb268eabad fhs-userenv-bubblewrap: Add store path to readlink
Commit df4761 added a call to readlink, which fails if it is not in the
user's path when run. Updated the readlink call to pull from the
coreutils store path directly.
2021-03-11 08:50:15 -05:00
Bernardo Meurer
cdcaafc3fe
Merge pull request #114024 from LuigiPiucco/pressure-vessel
steam: fix proton versions with pressure-vessel
2021-02-23 19:20:12 +00:00
Luigi Sartor Piucco
548d50d695 build-fhs-userenv-bubblewrap:->writeShellScriptBin 2021-02-23 11:47:40 -03:00
Luigi Sartor Piucco
12c2eae2c5 build-fhs-userenv-bubblewrap: add folders comment 2021-02-23 11:44:16 -03:00
André Silva
770cd71936
build-fhs-userenv: fix ssl certificates mount point 2021-02-22 19:54:04 +00:00
Luigi Sartor Piucco
baaec29531 fhs-bubblewrap: mount cache on 32 bit glibc too 2021-02-22 14:35:45 -03:00
Luigi Sartor Piucco
bdd9027760 fhs-bubblewrap: merge /usr/share from both archs 2021-02-22 14:35:45 -03:00
Benedikt Morbach
d5cbb650e1 fhs-userenv-bubblewrap: add ld.so.conf/cache to fhs 2021-02-22 14:35:44 -03:00
Benedikt Morbach
df4761d450 fhs-userenv-bubblewrap: Preserve symlinks
Preserve top-level symlinks such as /lib -> /usr/lib.

This allows nested containers such as Steam's new runtime to remount
/usr if they need to and then run unmodified binaries that reference
e.g. /lib/ld-linux-x86-64.so.2

Before, we would mount the fully resolved host directory at /lib and
thus the dynamic loader would always be the one from the host filesystem.
2021-02-22 14:35:44 -03:00
André Silva
34fae590bf
build-fhs-userenv-bubblewrap: don't bind /etc/fonts from fhs environment 2021-01-26 00:53:59 +00:00
André Silva
fe49d856b0
build-fhs-userenv: bind /etc/profiles 2021-01-26 00:41:50 +00:00
André Silva
65de42b9cc
build-fhs-userenv-bubblewrap: remove unused variable 2021-01-26 00:41:01 +00:00
Pavol Rusnak
a6ce00c50c
treewide: remove stdenv where not needed 2021-01-25 18:31:47 +01:00
Jonathan Ringer
6c52434eb0
buildFHSUserEnvBubblewrap: expand unshare options 2020-12-08 18:40:51 -08:00
Atemu
74c4a55e10 buildFHSUserEnvBubblewrap: use arrays for constructing argument list
Generally a cleaner way of doing it and prevents issues with spaces in paths

Used to fix #97234 but #101967 already didt this with a smaller scope
2020-11-22 19:26:59 +01:00
Jonathan Ringer
ec38df81a9 buildFHSUserEnvBubblewrap: fix whitespace with root directories 2020-10-30 22:52:58 -07:00
Jörg Thalheim
b1d86d0e51 build-fhs-user-env-bubblewrap: consistent camelCase 2020-08-17 10:05:25 +02:00
Michael Eden
8c91b3c5b7 fhs-userenv-bubblewrap: bind mount host's devfs
Allows us to talk to devices
2020-08-17 08:49:34 +02:00