From 6cab6286e014c354dfd2f1c4d37e97ef2ea065f2 Mon Sep 17 00:00:00 2001 From: Tom Bereknyei Date: Tue, 3 Dec 2019 20:17:21 -0500 Subject: [PATCH 1/3] Add build users and bashInteractive build --- default.nix | 19 +++++++++++++++++++ nix-verify.sh | 6 ++++++ 2 files changed, 25 insertions(+) diff --git a/default.nix b/default.nix index a3bc527..cf7959f 100644 --- a/default.nix +++ b/default.nix @@ -86,7 +86,18 @@ let # Create root user mkdir -p /etc echo 'root:x:0:0::/root:/root/.nix-profile/bin/bash' > /etc/passwd + echo 'nixbld0:x:3000:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld1:x:3001:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld2:x:3002:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld3:x:3003:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld4:x:3004:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld5:x:3005:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld6:x:3006:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld7:x:3007:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld8:x:3008:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd + echo 'nixbld9:x:3009:1::/root:/root/.nix-profile/bin/bash' >> /etc/passwd echo 'root:x:0:' > /etc/group + echo 'nixbld:x:1:nixbld0,nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9' > /etc/group # TODO: why do we need this files explain in comments mkdir -p /etc @@ -121,6 +132,7 @@ let # Make the shell source nix.sh during login. nix_profile=/root/.nix-profile/etc/profile.d/nix.sh echo "if [ -e $nix_profile ]; then . $nix_profile; fi" >> /root/.bash_profile + '' + runAsRoot; })); @@ -142,6 +154,13 @@ in pkgs.gnugrep ]; }; + interactive = buildImageWithNix { + name = "nix"; + tag = nixVersion; + contents = [ + pkgs.bashInteractive + ]; + }; # TODO: withSandbox = buildImageWithNixSandbox { # name = "nix-sandbox"; # tag = nixVersion; diff --git a/nix-verify.sh b/nix-verify.sh index d6a46b0..73d7b01 100644 --- a/nix-verify.sh +++ b/nix-verify.sh @@ -44,6 +44,12 @@ cd $BATS_TMPDIR [ "`./result/bin/hello`" == "Hello, world!" ] } +@test "Verify hello build using nix-build" { + nix-build -E 'with (import {}); hello.overrideAttrs(old:{forcerebuild=1;})' + nix-build -E '' -A hello --check + [ "`./result/bin/hello`" == "Hello, world!" ] +} + @test "Test sandbox is disabled" { cat >tmp.nix <<'EOL' let From 3a446ff411768edf2d2552b5c55b58ad38ce181f Mon Sep 17 00:00:00 2001 From: Tom Bereknyei Date: Tue, 3 Dec 2019 20:37:59 -0500 Subject: [PATCH 2/3] Set sandbox false --- default.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/default.nix b/default.nix index cf7959f..a95460b 100644 --- a/default.nix +++ b/default.nix @@ -153,13 +153,10 @@ in pkgs.tree pkgs.gnugrep ]; - }; - interactive = buildImageWithNix { - name = "nix"; - tag = nixVersion; - contents = [ - pkgs.bashInteractive - ]; + extraCommands = '' + mkdir -p /etc/nix + echo "sandbox = false" > /etc/nix/nix.conf + ''; }; # TODO: withSandbox = buildImageWithNixSandbox { # name = "nix-sandbox"; From 7d9351376aa9d16d4b94040eefa61d3d2ef9c0f2 Mon Sep 17 00:00:00 2001 From: Tom Bereknyei Date: Tue, 3 Dec 2019 21:04:55 -0500 Subject: [PATCH 3/3] Sandbox Need to set sandbox directory to tmp, not sure why. --- default.nix | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/default.nix b/default.nix index a95460b..3e8f3e3 100644 --- a/default.nix +++ b/default.nix @@ -158,10 +158,16 @@ in echo "sandbox = false" > /etc/nix/nix.conf ''; }; - # TODO: withSandbox = buildImageWithNixSandbox { - # name = "nix-sandbox"; - # tag = nixVersion; - # }; + withSandbox = buildImageWithNix { + name = "nix-sandbox"; + tag = nixVersion; + contents = [ + pkgs.bashInteractive + ]; + runAsRoot = '' + echo "sandbox-build-dir = /tmp" > /etc/nix/nix.conf + ''; + }; # TODO: withDeamon = buildImageWithNixDaemon { # name = "nix-daemon"; # tag = nixVersion;