From 05fbf61f0e4f2670d23929235e2da5342599d447 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 5 Mar 2010 18:26:47 +0000 Subject: [PATCH 1/3] * nix-prefetch-url depends on sed (see http://hydra.nixos.org/build/311170). --- configure.ac | 1 + scripts/nix-prefetch-url.in | 2 +- substitute.mk | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 46036113b..708e61968 100644 --- a/configure.ac +++ b/configure.ac @@ -149,6 +149,7 @@ AC_PATH_PROG(w3m, w3m, false) AC_PATH_PROG(flex, flex, false) AC_PATH_PROG(bison, bison, false) NEED_PROG(perl, perl) +NEED_PROG(sed, sed) NEED_PROG(tar, tar) AC_PATH_PROG(dot, dot) AC_PATH_PROG(dblatex, dblatex) diff --git a/scripts/nix-prefetch-url.in b/scripts/nix-prefetch-url.in index 7d8bd93a4..31170fa95 100644 --- a/scripts/nix-prefetch-url.in +++ b/scripts/nix-prefetch-url.in @@ -24,7 +24,7 @@ fi # Handle escaped characters in the URI. `+', `=' and `?' are the only # characters that are valid in Nix store path names but have a special # meaning in URIs. -name=$(basename "$url" | sed -e 's/%2b/+/g' -e 's/%3d/=/g' -e 's/%3f/\?/g') +name=$(basename "$url" | @sed@ -e 's/%2b/+/g' -e 's/%3d/=/g' -e 's/%3f/\?/g') if test -z "$name"; then echo "invalid url"; exit 1; fi diff --git a/substitute.mk b/substitute.mk index ae11ce2b3..729116477 100644 --- a/substitute.mk +++ b/substitute.mk @@ -16,6 +16,7 @@ -e "s^@bzip2_bin_test\@^$(bzip2_bin_test)^g" \ -e "s^@perl\@^$(perl)^g" \ -e "s^@coreutils\@^$(coreutils)^g" \ + -e "s^@sed\@^$(sed)^g" \ -e "s^@tar\@^$(tar)^g" \ -e "s^@gzip\@^$(gzip)^g" \ -e "s^@tr\@^$(tr)^g" \ From 2e8eaca573ccda707ff42c136a6f38a34f2975b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 11 Mar 2010 10:21:23 +0000 Subject: [PATCH 2/3] Clear supplementary groups of `nixbld' in /etc/passwd in chroots. * src/libstore/build.cc (nix::DerivationGoal::startBuilder): Don't display any supplementary groups for `nixbld' in /etc/passwd. --- src/libstore/build.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index f4478a4db..85948f799 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1566,14 +1566,15 @@ void DerivationGoal::startBuilder() createDirs(chrootTmpDir); chmod(chrootTmpDir, 01777); - /* Create a /etc/passwd with entries for the build user and - the nobody account. The latter is kind of a hack to - support Samba-in-QEMU. */ + /* Create a /etc/passwd with entries for the build user and the + nobody account. The latter is kind of a hack to support + Samba-in-QEMU. For the sake of consistency with the setgroups(2) + call below, the build user has no supplementary groups. */ createDirs(chrootRootDir + "/etc"); writeFile(chrootRootDir + "/etc/passwd", (format( - "nixbld:x:%1%:65534:Nix build user:/:/noshell\n" + "nixbld:x:%1%:%1%:Nix build user:/:/noshell\n" "nobody:x:65534:65534:Nobody:/:/noshell\n") % (buildUser.enabled() ? buildUser.getUID() : getuid())).str()); From c752c9f41aa88ff2129cdc0863fe74f76328835c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 11 Mar 2010 10:33:04 +0000 Subject: [PATCH 3/3] Fix thinko in r20547. * src/libstore/build.cc (nix::DerivationGoal::startBuilder): Fix the GID of the build user in /etc/passwd. --- src/libstore/build.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 85948f799..4d542e31d 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1568,15 +1568,15 @@ void DerivationGoal::startBuilder() /* Create a /etc/passwd with entries for the build user and the nobody account. The latter is kind of a hack to support - Samba-in-QEMU. For the sake of consistency with the setgroups(2) - call below, the build user has no supplementary groups. */ + Samba-in-QEMU. */ createDirs(chrootRootDir + "/etc"); writeFile(chrootRootDir + "/etc/passwd", (format( - "nixbld:x:%1%:%1%:Nix build user:/:/noshell\n" + "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n" "nobody:x:65534:65534:Nobody:/:/noshell\n") - % (buildUser.enabled() ? buildUser.getUID() : getuid())).str()); + % (buildUser.enabled() ? buildUser.getUID() : getuid()) + % (buildUser.enabled() ? buildUser.getGID() : getgid())).str()); /* Bind-mount a user-configurable set of directories from the host file system. The `/dev/pts' directory must be mounted