diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2020-12-09 18:15:18 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-09 18:15:18 +0000 |
commit | faad8493f775c33d6ce559dd1fb5989245e95d22 (patch) | |
tree | 79b245e9978c2d5837eacbd38511baa08d1176ac /pkgs/build-support | |
parent | 4090c86280f0baed6ba3db9ee4e2297ddadf0e75 (diff) | |
parent | ace2457eafa8169ed9495251d28371b37eb71fa5 (diff) | |
download | nixlib-faad8493f775c33d6ce559dd1fb5989245e95d22.tar nixlib-faad8493f775c33d6ce559dd1fb5989245e95d22.tar.gz nixlib-faad8493f775c33d6ce559dd1fb5989245e95d22.tar.bz2 nixlib-faad8493f775c33d6ce559dd1fb5989245e95d22.tar.lz nixlib-faad8493f775c33d6ce559dd1fb5989245e95d22.tar.xz nixlib-faad8493f775c33d6ce559dd1fb5989245e95d22.tar.zst nixlib-faad8493f775c33d6ce559dd1fb5989245e95d22.zip |
Merge master into staging-next
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix | 33 | ||||
-rw-r--r-- | pkgs/build-support/fetchfirefoxaddon/default.nix | 3 |
2 files changed, 24 insertions, 12 deletions
diff --git a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix index 3a3c9e932fdb..b40569a479bc 100644 --- a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix +++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix @@ -1,20 +1,27 @@ -{ callPackage, runCommandLocal, writeShellScriptBin, stdenv, coreutils, bubblewrap }: - -let buildFHSEnv = callPackage ./env.nix { }; in +{ lib, callPackage, runCommandLocal, writeShellScriptBin, stdenv, coreutils, bubblewrap }: args @ { - name, - runScript ? "bash", - extraInstallCommands ? "", - meta ? {}, - passthru ? {}, - ... + name +, runScript ? "bash" +, extraInstallCommands ? "" +, meta ? {} +, passthru ? {} +, unshareUser ? true +, unshareIpc ? true +, unsharePid ? true +, unshareNet ? false +, unshareUts ? true +, unshareCgroup ? true +, ... }: with builtins; let + buildFHSEnv = callPackage ./env.nix { }; + env = buildFHSEnv (removeAttrs args [ "runScript" "extraInstallCommands" "meta" "passthru" + "unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc" ]); chrootenv = callPackage ./chrootenv {}; @@ -92,8 +99,12 @@ let --dev-bind /dev /dev --proc /proc --chdir "$(pwd)" - --unshare-all - --share-net + ${lib.optionalString unshareUser "--unshare-user"} + ${lib.optionalString unshareIpc "--unshare-ipc"} + ${lib.optionalString unsharePid "--unshare-pid"} + ${lib.optionalString unshareNet "--unshare-net"} + ${lib.optionalString unshareUts "--unshare-uts"} + ${lib.optionalString unshareCgroup "--unshare-cgroup"} --die-with-parent --ro-bind /nix /nix ${etcBindFlags} diff --git a/pkgs/build-support/fetchfirefoxaddon/default.nix b/pkgs/build-support/fetchfirefoxaddon/default.nix index 3426743b2cf1..4b7c68484d2e 100644 --- a/pkgs/build-support/fetchfirefoxaddon/default.nix +++ b/pkgs/build-support/fetchfirefoxaddon/default.nix @@ -5,6 +5,7 @@ , sha1 ? "" , sha256 ? "" , sha512 ? "" +, hash ? "" }: stdenv.mkDerivation rec { @@ -30,7 +31,7 @@ stdenv.mkDerivation rec { ''; src = fetchurl { url = url; - inherit md5 sha1 sha256 sha512; + inherit md5 sha1 sha256 sha512 hash; }; nativeBuildInputs = [ coreutils unzip zip jq ]; } |