From 4e7fdf429f16c383c042292a47dd1cac0cb96f45 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 9 Feb 2017 09:50:28 +0100 Subject: proot: fix seccomp filters --- krebs/5pkgs/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'krebs/5pkgs/default.nix') diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index c1ec0f33..e01b6e80 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -44,6 +44,14 @@ with import ; }; buildbot-worker = callPackage ./buildbot/worker.nix {}; + # https://github.com/proot-me/PRoot/issues/106 + proot = overrideDerivation pkgs.proot (oldAttrs: { + patches = singleton (pkgs.fetchurl { + url = https://github.com/openmole/PRoot/commit/10119a1f1fd7dea012464ae176c2b5fc3eb18928.diff; + sha256 = "0cmd95mz8p5ifjvfvi4g9zzyxqddbscxin2j3a9zbmbjl2wi458g"; + }); + }); + # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let x = pkgs.symlinkJoin args; -- cgit v1.2.3 From 954477b8674156754cd51021d92885b456a04a5b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Feb 2017 12:41:11 +0100 Subject: k 5: fix proot signal 11 error with wrapper --- krebs/5pkgs/default.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'krebs/5pkgs/default.nix') diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index e01b6e80..c79a639a 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -45,12 +45,11 @@ with import ; buildbot-worker = callPackage ./buildbot/worker.nix {}; # https://github.com/proot-me/PRoot/issues/106 - proot = overrideDerivation pkgs.proot (oldAttrs: { - patches = singleton (pkgs.fetchurl { - url = https://github.com/openmole/PRoot/commit/10119a1f1fd7dea012464ae176c2b5fc3eb18928.diff; - sha256 = "0cmd95mz8p5ifjvfvi4g9zzyxqddbscxin2j3a9zbmbjl2wi458g"; - }); - }); + proot = pkgs.writeScriptBin "proot" '' + #!${pkgs.dash}/bin/dash + export PROOT_NO_SECCOMP=1 + exec ${pkgs.proot}/bin/proot "$@" + ''; # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let -- cgit v1.2.3 From c34f8a33dc0d10e471fa6f4fb7d6e7dd54164ff2 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 9 Feb 2017 15:11:02 +0100 Subject: packageOverrides: allow using pkgs in addition to oldpkgs --- krebs/5pkgs/default.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'krebs/5pkgs/default.nix') diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index c79a639a..ec9b6bdb 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,13 +1,13 @@ { config, lib, pkgs, ... }@args: with import ; { - nixpkgs.config.packageOverrides = pkgs: let + nixpkgs.config.packageOverrides = oldpkgs: let # This callPackage will try to detect obsolete overrides. callPackage = path: args: let override = pkgs.callPackage path args; upstream = optionalAttrs (override ? "name") - (pkgs.${(parseDrvName override.name).name} or {}); + (oldpkgs.${(parseDrvName override.name).name} or {}); in if upstream ? "name" && override ? "name" && compareVersions upstream.name override.name != -1 @@ -22,7 +22,7 @@ with import ; // { empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out"; - haskellPackages = pkgs.haskellPackages.override { + haskellPackages = oldpkgs.haskellPackages.override { overrides = self: super: mapAttrs (name: path: self.callPackage path {}) (mapAttrs' @@ -45,16 +45,15 @@ with import ; buildbot-worker = callPackage ./buildbot/worker.nix {}; # https://github.com/proot-me/PRoot/issues/106 - proot = pkgs.writeScriptBin "proot" '' - #!${pkgs.dash}/bin/dash + proot = pkgs.writeDashBin "proot" '' export PROOT_NO_SECCOMP=1 - exec ${pkgs.proot}/bin/proot "$@" + exec ${oldpkgs.proot}/bin/proot "$@" ''; # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let - x = pkgs.symlinkJoin args; - in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths; + x = oldpkgs.symlinkJoin args; + in if typeOf x != "lambda" then x else oldpkgs.symlinkJoin name paths; test = { infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {}; -- cgit v1.2.3 From a4683911af0a0ee74d94cec90fb2e5c1524b6006 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 9 Feb 2017 15:31:25 +0100 Subject: krebs builders: turn file into module --- krebs/5pkgs/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'krebs/5pkgs/default.nix') diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index ec9b6bdb..379022b6 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,6 +1,9 @@ { config, lib, pkgs, ... }@args: with import ; { + imports = [ + ./builders.nix + ]; nixpkgs.config.packageOverrides = oldpkgs: let # This callPackage will try to detect obsolete overrides. @@ -15,7 +18,6 @@ with import ; else override; in {} - // import ./builders.nix args // mapAttrs (_: flip callPackage {}) (filterAttrs (_: dir: pathExists (dir + "/default.nix")) (subdirsOf ./.)) -- cgit v1.2.3 From bf81d1b6b97703c9e5f08c73b8a8490d25bca277 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 9 Feb 2017 15:43:13 +0100 Subject: krebs builders -> krebs writers --- krebs/5pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/5pkgs/default.nix') diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 379022b6..8bb244cd 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -2,7 +2,7 @@ with import ; { imports = [ - ./builders.nix + ./writers.nix ]; nixpkgs.config.packageOverrides = oldpkgs: let -- cgit v1.2.3