2021-07-27 12:23:24 +00:00
|
|
|
#include "run.hh"
|
2016-06-02 14:29:49 +00:00
|
|
|
#include "command.hh"
|
|
|
|
#include "common-args.hh"
|
|
|
|
#include "shared.hh"
|
|
|
|
#include "store-api.hh"
|
|
|
|
#include "derivations.hh"
|
2016-06-02 14:51:43 +00:00
|
|
|
#include "local-store.hh"
|
2016-06-02 16:19:10 +00:00
|
|
|
#include "finally.hh"
|
2017-08-29 11:21:07 +00:00
|
|
|
#include "fs-accessor.hh"
|
2017-08-29 13:13:30 +00:00
|
|
|
#include "progress-bar.hh"
|
2019-05-31 21:45:13 +00:00
|
|
|
#include "eval.hh"
|
2016-06-02 14:51:43 +00:00
|
|
|
|
|
|
|
#if __linux__
|
|
|
|
#include <sys/mount.h>
|
|
|
|
#endif
|
2016-06-02 14:29:49 +00:00
|
|
|
|
2018-08-09 11:01:03 +00:00
|
|
|
#include <queue>
|
|
|
|
|
2016-06-02 14:29:49 +00:00
|
|
|
using namespace nix;
|
|
|
|
|
2017-08-29 11:21:07 +00:00
|
|
|
std::string chrootHelperName = "__run_in_chroot";
|
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
namespace nix {
|
|
|
|
|
|
|
|
void runProgramInStore(ref<Store> store,
|
|
|
|
const std::string & program,
|
|
|
|
const Strings & args)
|
2019-05-31 21:45:13 +00:00
|
|
|
{
|
2021-07-27 12:23:24 +00:00
|
|
|
stopProgressBar();
|
2020-12-01 13:57:56 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
restoreProcessContext();
|
2020-12-01 13:57:56 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
/* If this is a diverted store (i.e. its "logical" location
|
|
|
|
(typically /nix/store) differs from its "physical" location
|
|
|
|
(e.g. /home/eelco/nix/store), then run the command in a
|
|
|
|
chroot. For non-root users, this requires running it in new
|
|
|
|
mount and user namespaces. Unfortunately,
|
|
|
|
unshare(CLONE_NEWUSER) doesn't work in a multithreaded program
|
|
|
|
(which "nix" is), so we exec() a single-threaded helper program
|
|
|
|
(chrootHelper() below) to do the work. */
|
2022-03-28 12:58:38 +00:00
|
|
|
auto store2 = store.dynamic_pointer_cast<LocalFSStore>();
|
2019-05-31 21:45:13 +00:00
|
|
|
|
2022-03-28 12:58:38 +00:00
|
|
|
if (!store2)
|
|
|
|
throw Error("store '%s' is not a local store so it does not support command execution", store->getUri());
|
|
|
|
|
|
|
|
if (store->storeDir != store2->getRealStoreDir()) {
|
2021-07-27 12:23:24 +00:00
|
|
|
Strings helperArgs = { chrootHelperName, store->storeDir, store2->getRealStoreDir(), program };
|
|
|
|
for (auto & arg : args) helperArgs.push_back(arg);
|
2019-05-31 21:45:13 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
execv(readLink("/proc/self/exe").c_str(), stringsToCharPtrs(helperArgs).data());
|
2019-05-31 21:45:13 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
throw SysError("could not execute chroot helper");
|
|
|
|
}
|
2019-05-31 21:45:13 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
execvp(program.c_str(), stringsToCharPtrs(args).data());
|
2019-05-31 21:45:13 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
throw SysError("unable to execute '%s'", program);
|
|
|
|
}
|
2019-05-31 21:45:13 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
}
|
2019-05-31 21:45:13 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
struct CmdShell : InstallablesCommand, MixEnvironment
|
2016-06-02 14:29:49 +00:00
|
|
|
{
|
2020-12-01 13:57:56 +00:00
|
|
|
|
|
|
|
using InstallablesCommand::run;
|
|
|
|
|
2020-04-07 12:29:40 +00:00
|
|
|
std::vector<std::string> command = { getEnv("SHELL").value_or("bash") };
|
2017-08-29 12:28:57 +00:00
|
|
|
|
2020-04-29 20:02:37 +00:00
|
|
|
CmdShell()
|
2016-06-02 14:29:49 +00:00
|
|
|
{
|
2020-05-04 20:40:19 +00:00
|
|
|
addFlag({
|
|
|
|
.longName = "command",
|
|
|
|
.shortName = 'c',
|
2021-01-13 13:18:04 +00:00
|
|
|
.description = "Command and arguments to be executed, defaulting to `$SHELL`",
|
2020-05-04 20:40:19 +00:00
|
|
|
.labels = {"command", "args"},
|
|
|
|
.handler = {[&](std::vector<std::string> ss) {
|
2017-08-29 12:28:57 +00:00
|
|
|
if (ss.empty()) throw UsageError("--command requires at least one argument");
|
|
|
|
command = ss;
|
2020-05-04 20:40:19 +00:00
|
|
|
}}
|
|
|
|
});
|
2016-06-02 14:29:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
std::string description() override
|
|
|
|
{
|
|
|
|
return "run a shell in which the specified packages are available";
|
|
|
|
}
|
|
|
|
|
2020-12-08 16:16:23 +00:00
|
|
|
std::string doc() override
|
2017-09-07 18:09:04 +00:00
|
|
|
{
|
2020-12-08 16:16:23 +00:00
|
|
|
return
|
|
|
|
#include "shell.md"
|
|
|
|
;
|
2017-09-07 18:09:04 +00:00
|
|
|
}
|
|
|
|
|
2019-11-01 01:46:49 +00:00
|
|
|
void run(ref<Store> store) override
|
|
|
|
{
|
2022-03-02 12:54:08 +00:00
|
|
|
auto outPaths = Installable::toStorePaths(getEvalStore(), store, Realise::Outputs, OperateOn::Output, installables);
|
2019-11-01 01:46:49 +00:00
|
|
|
|
|
|
|
auto accessor = store->getFSAccessor();
|
|
|
|
|
2019-12-05 18:11:09 +00:00
|
|
|
std::unordered_set<StorePath> done;
|
|
|
|
std::queue<StorePath> todo;
|
2020-06-16 20:20:18 +00:00
|
|
|
for (auto & path : outPaths) todo.push(path);
|
2018-08-09 11:01:03 +00:00
|
|
|
|
2019-11-07 23:18:31 +00:00
|
|
|
setEnviron();
|
2019-11-05 00:40:25 +00:00
|
|
|
|
2019-11-22 15:06:44 +00:00
|
|
|
auto unixPath = tokenizeString<Strings>(getEnv("PATH").value_or(""), ":");
|
2018-08-09 11:01:03 +00:00
|
|
|
|
|
|
|
while (!todo.empty()) {
|
2020-06-16 20:20:18 +00:00
|
|
|
auto path = todo.front();
|
2018-08-09 11:01:03 +00:00
|
|
|
todo.pop();
|
2020-06-16 20:20:18 +00:00
|
|
|
if (!done.insert(path).second) continue;
|
2018-08-09 11:01:03 +00:00
|
|
|
|
|
|
|
if (true)
|
2019-12-05 18:11:09 +00:00
|
|
|
unixPath.push_front(store->printStorePath(path) + "/bin");
|
2018-08-09 11:01:03 +00:00
|
|
|
|
2019-12-05 18:11:09 +00:00
|
|
|
auto propPath = store->printStorePath(path) + "/nix-support/propagated-user-env-packages";
|
2018-08-09 11:01:03 +00:00
|
|
|
if (accessor->stat(propPath).type == FSAccessor::tRegular) {
|
|
|
|
for (auto & p : tokenizeString<Paths>(readFile(propPath)))
|
2019-12-05 18:11:09 +00:00
|
|
|
todo.push(store->parseStorePath(p));
|
2018-08-09 11:01:03 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-02 14:29:49 +00:00
|
|
|
setenv("PATH", concatStringsSep(":", unixPath).c_str(), 1);
|
|
|
|
|
2017-10-24 10:45:11 +00:00
|
|
|
Strings args;
|
|
|
|
for (auto & arg : command) args.push_back(arg);
|
2017-08-29 11:21:07 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
runProgramInStore(store, *command.begin(), args);
|
2019-05-31 21:45:13 +00:00
|
|
|
}
|
|
|
|
};
|
2017-08-29 13:13:30 +00:00
|
|
|
|
2020-10-06 11:36:55 +00:00
|
|
|
static auto rCmdShell = registerCommand<CmdShell>("shell");
|
2019-02-05 09:49:19 +00:00
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
struct CmdRun : InstallableCommand
|
2019-05-31 21:45:13 +00:00
|
|
|
{
|
2020-12-01 13:57:56 +00:00
|
|
|
using InstallableCommand::run;
|
|
|
|
|
2019-06-17 15:05:37 +00:00
|
|
|
std::vector<std::string> args;
|
|
|
|
|
2020-04-29 20:02:37 +00:00
|
|
|
CmdRun()
|
2019-05-31 21:45:13 +00:00
|
|
|
{
|
2020-05-11 13:46:18 +00:00
|
|
|
expectArgs({
|
|
|
|
.label = "args",
|
|
|
|
.handler = {&args},
|
|
|
|
.completer = completePath
|
|
|
|
});
|
2019-05-31 21:45:13 +00:00
|
|
|
}
|
2018-08-19 10:05:08 +00:00
|
|
|
|
2019-05-31 21:45:13 +00:00
|
|
|
std::string description() override
|
|
|
|
{
|
|
|
|
return "run a Nix application";
|
|
|
|
}
|
2017-08-29 11:21:07 +00:00
|
|
|
|
2020-12-08 16:16:23 +00:00
|
|
|
std::string doc() override
|
2019-05-31 21:45:13 +00:00
|
|
|
{
|
2020-12-08 16:16:23 +00:00
|
|
|
return
|
|
|
|
#include "run.md"
|
|
|
|
;
|
2019-05-31 21:45:13 +00:00
|
|
|
}
|
2017-08-29 11:21:07 +00:00
|
|
|
|
2019-05-31 21:45:13 +00:00
|
|
|
Strings getDefaultFlakeAttrPaths() override
|
|
|
|
{
|
2022-02-11 17:11:08 +00:00
|
|
|
Strings res{
|
|
|
|
"apps." + settings.thisSystem.get() + ".default",
|
|
|
|
"defaultApp." + settings.thisSystem.get(),
|
|
|
|
};
|
2020-06-29 17:08:50 +00:00
|
|
|
for (auto & s : SourceExprCommand::getDefaultFlakeAttrPaths())
|
|
|
|
res.push_back(s);
|
|
|
|
return res;
|
2019-05-31 21:45:13 +00:00
|
|
|
}
|
2017-08-29 11:21:07 +00:00
|
|
|
|
2019-06-17 14:58:59 +00:00
|
|
|
Strings getDefaultFlakeAttrPathPrefixes() override
|
|
|
|
{
|
2021-08-21 18:17:05 +00:00
|
|
|
Strings res{"apps." + settings.thisSystem.get() + "."};
|
2020-06-29 17:08:50 +00:00
|
|
|
for (auto & s : SourceExprCommand::getDefaultFlakeAttrPathPrefixes())
|
|
|
|
res.push_back(s);
|
|
|
|
return res;
|
2019-06-17 14:58:59 +00:00
|
|
|
}
|
|
|
|
|
2019-05-31 21:45:13 +00:00
|
|
|
void run(ref<Store> store) override
|
|
|
|
{
|
|
|
|
auto state = getEvalState();
|
|
|
|
|
2021-07-16 14:04:47 +00:00
|
|
|
auto app = installable->toApp(*state).resolve(getEvalStore(), store);
|
2019-05-31 21:45:13 +00:00
|
|
|
|
2019-06-17 15:05:37 +00:00
|
|
|
Strings allArgs{app.program};
|
|
|
|
for (auto & i : args) allArgs.push_back(i);
|
|
|
|
|
2021-07-27 12:23:24 +00:00
|
|
|
runProgramInStore(store, app.program, allArgs);
|
2016-06-02 14:29:49 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2020-10-06 11:36:55 +00:00
|
|
|
static auto rCmdRun = registerCommand<CmdRun>("run");
|
2017-08-29 11:21:07 +00:00
|
|
|
|
|
|
|
void chrootHelper(int argc, char * * argv)
|
|
|
|
{
|
|
|
|
int p = 1;
|
|
|
|
std::string storeDir = argv[p++];
|
|
|
|
std::string realStoreDir = argv[p++];
|
|
|
|
std::string cmd = argv[p++];
|
|
|
|
Strings args;
|
|
|
|
while (p < argc)
|
|
|
|
args.push_back(argv[p++]);
|
|
|
|
|
|
|
|
#if __linux__
|
|
|
|
uid_t uid = getuid();
|
|
|
|
uid_t gid = getgid();
|
|
|
|
|
|
|
|
if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1)
|
2019-07-25 13:37:57 +00:00
|
|
|
/* Try with just CLONE_NEWNS in case user namespaces are
|
|
|
|
specifically disabled. */
|
|
|
|
if (unshare(CLONE_NEWNS) == -1)
|
|
|
|
throw SysError("setting up a private mount namespace");
|
2017-08-29 11:21:07 +00:00
|
|
|
|
|
|
|
/* Bind-mount realStoreDir on /nix/store. If the latter mount
|
|
|
|
point doesn't already exists, we have to create a chroot
|
|
|
|
environment containing the mount point and bind mounts for the
|
|
|
|
children of /. Would be nice if we could use overlayfs here,
|
|
|
|
but that doesn't work in a user namespace yet (Ubuntu has a
|
|
|
|
patch for this:
|
|
|
|
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1478578). */
|
2017-11-20 16:59:32 +00:00
|
|
|
if (!pathExists(storeDir)) {
|
2017-08-29 11:21:07 +00:00
|
|
|
// FIXME: Use overlayfs?
|
|
|
|
|
|
|
|
Path tmpDir = createTempDir();
|
|
|
|
|
|
|
|
createDirs(tmpDir + storeDir);
|
|
|
|
|
|
|
|
if (mount(realStoreDir.c_str(), (tmpDir + storeDir).c_str(), "", MS_BIND, 0) == -1)
|
|
|
|
throw SysError("mounting '%s' on '%s'", realStoreDir, storeDir);
|
|
|
|
|
|
|
|
for (auto entry : readDirectory("/")) {
|
2017-11-20 16:58:23 +00:00
|
|
|
auto src = "/" + entry.name;
|
2017-08-29 11:21:07 +00:00
|
|
|
Path dst = tmpDir + "/" + entry.name;
|
|
|
|
if (pathExists(dst)) continue;
|
2020-12-22 11:28:50 +00:00
|
|
|
auto st = lstat(src);
|
|
|
|
if (S_ISDIR(st.st_mode)) {
|
|
|
|
if (mkdir(dst.c_str(), 0700) == -1)
|
|
|
|
throw SysError("creating directory '%s'", dst);
|
|
|
|
if (mount(src.c_str(), dst.c_str(), "", MS_BIND | MS_REC, 0) == -1)
|
|
|
|
throw SysError("mounting '%s' on '%s'", src, dst);
|
|
|
|
} else if (S_ISLNK(st.st_mode))
|
|
|
|
createSymlink(readLink(src), dst);
|
2017-08-29 11:21:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
char * cwd = getcwd(0, 0);
|
|
|
|
if (!cwd) throw SysError("getting current directory");
|
|
|
|
Finally freeCwd([&]() { free(cwd); });
|
|
|
|
|
|
|
|
if (chroot(tmpDir.c_str()) == -1)
|
2020-04-21 23:07:07 +00:00
|
|
|
throw SysError("chrooting into '%s'", tmpDir);
|
2017-08-29 11:21:07 +00:00
|
|
|
|
|
|
|
if (chdir(cwd) == -1)
|
2020-04-21 23:07:07 +00:00
|
|
|
throw SysError("chdir to '%s' in chroot", cwd);
|
2017-08-29 11:21:07 +00:00
|
|
|
} else
|
|
|
|
if (mount(realStoreDir.c_str(), storeDir.c_str(), "", MS_BIND, 0) == -1)
|
|
|
|
throw SysError("mounting '%s' on '%s'", realStoreDir, storeDir);
|
|
|
|
|
|
|
|
writeFile("/proc/self/setgroups", "deny");
|
|
|
|
writeFile("/proc/self/uid_map", fmt("%d %d %d", uid, uid, 1));
|
|
|
|
writeFile("/proc/self/gid_map", fmt("%d %d %d", gid, gid, 1));
|
|
|
|
|
|
|
|
execvp(cmd.c_str(), stringsToCharPtrs(args).data());
|
|
|
|
|
|
|
|
throw SysError("unable to exec '%s'", cmd);
|
|
|
|
|
|
|
|
#else
|
2017-08-31 09:05:18 +00:00
|
|
|
throw Error("mounting the Nix store on '%s' is not supported on this platform", storeDir);
|
2017-08-29 11:21:07 +00:00
|
|
|
#endif
|
|
|
|
}
|