mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-15 02:36:16 +02:00
0f7242ff87
We were bedeviled by sandboxing issues when working on the layered store. The problem ended up being that when we have nested nix builds, and the inner store is inside the build dir (e.g. store is `/build/nix-test/$name/store`, build dir is `/build`) bind mounts clobber each other and store paths cannot be found. After thoroughly cleaning up `local-derivation-goal.cc`, we might be able to make that work. But that is a lot of work. For now, we just fail earlier with a proper error message. Finally, test this: nested sandboxing without the problematic store dir should work, and with should fail with the expected error message. Co-authored-by: Dylan Green <67574902+cidkidnix@users.noreply.github.com> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
24 lines
599 B
Nix
24 lines
599 B
Nix
{ altitude, storeFun }:
|
|
|
|
with import ../config.nix;
|
|
|
|
mkDerivation {
|
|
name = "nested-sandboxing";
|
|
busybox = builtins.getEnv "busybox";
|
|
EXTRA_SANDBOX = builtins.getEnv "EXTRA_SANDBOX";
|
|
buildCommand = if altitude == 0 then ''
|
|
echo Deep enough! > $out
|
|
'' else ''
|
|
cp -r ${../common} ./common
|
|
cp ${../common.sh} ./common.sh
|
|
cp ${../config.nix} ./config.nix
|
|
cp -r ${./.} ./nested-sandboxing
|
|
|
|
export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH
|
|
|
|
source common.sh
|
|
source ./nested-sandboxing/command.sh
|
|
|
|
runNixBuild ${storeFun} ${toString altitude} >> $out
|
|
'';
|
|
}
|