movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

schroot: init at 1.6.13-5 (#351765)

Browse source
This commit is contained in:
Arne Keller 2024-12-23 09:57:18 +01:00 committed by GitHub
commit 852e3f019e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 473 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
maintainers/maintainer-list.nix
View file

@ -2995,6 +2995,12 @@
githubId = 133602;
name = "Bjørn Forsman";
};
bjsowa = {
email = "bsowa123@gmail.com";
github = "bjsowa";
githubId = 23124539;
name = "Błażej Sowa";
};
bkchr = {
email = "nixos@kchr.de";
github = "bkchr";

2
nixos/doc/manual/release-notes/rl-2505.section.md
View file

@ -36,6 +36,8 @@
- [Traccar](https://www.traccar.org/), a modern GPS Tracking Platform. Available as [services.traccar](#opt-services.traccar.enable).
- [Schroot](https://codeberg.org/shelter/reschroot), a lightweight virtualisation tool. Securely enter a chroot and run a command or login shell. Available as [programs.schroot](#opt-programs.schroot.enable).
- [crab-hole](https://github.com/LuckyTurtleDev/crab-hole), a cross platform Pi-hole clone written in Rust using hickory-dns/trust-dns. Available as [services.crab-hole](#opt-services.crab-hole.enable).
- [Amazon CloudWatch Agent](https://github.com/aws/amazon-cloudwatch-agent), the official telemetry collector for AWS CloudWatch and AWS X-Ray. Available as [services.amazon-cloudwatch-agent](options.html#opt-services.amazon-cloudwatch-agent.enable).

1
nixos/modules/module-list.nix
View file

@ -285,6 +285,7 @@
./programs/rust-motd.nix
./programs/ryzen-monitor-ng.nix
./programs/screen.nix
./programs/schroot.nix
./programs/seahorse.nix
./programs/sedutil.nix
./programs/shadow.nix

137
nixos/modules/programs/schroot.nix Normal file
View file

@ -0,0 +1,137 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.schroot;
iniFmt = pkgs.formats.ini { };
in
{
options = {
programs.schroot = {
enable = lib.mkEnableOption "schroot, a lightweight virtualisation tool";
package = lib.mkPackageOption pkgs "schroot" { };
settings = lib.mkOption {
type = iniFmt.type;
default = { };
example = {
"noble" = {
type = "directory";
description = "Ubuntu 24.04 Noble";
directory = "/srv/chroot/noble";
users = "my-user";
root-users = "my-user";
personality = "linux";
preserve-environment = false;
profile = "my-profile";
shell = "/bin/bash";
};
};
description = ''
Schroot configuration settings.
For more details, see {manpage}`schroot.conf(5)`.
'';
};
profiles = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
options = {
copyfiles = lib.mkOption {
type = lib.types.listOf lib.types.str;
example = [ "/etc/resolv.conf" ];
description = "A list of files to copy into the chroot from the host system.";
};
fstab = lib.mkOption {
type = lib.types.path;
example = lib.literalExpression ''
pkgs.writeText "my-schroot-fstab" '''
/proc /proc none rw,bind 0 0
/sys /sys none rw,bind 0 0
/dev /dev none rw,bind 0 0
/dev/pts /dev/pts none rw,bind 0 0
/home /home none rw,rbind 0 0
/tmp /tmp none rw,bind 0 0
/dev/shm /dev/shm none rw,bind 0 0
/nix /nix none ro,bind 0 0
/run/current-system /run/current-system none rw,bind 0 0
/run/wrappers /run/wrappers none rw,bind 0 0
'''
'';
description = ''
A file in the format described in {manpage}`fstab(5)`, used to mount filesystems inside the chroot.
The mount location is relative to the root of the chroot.
'';
};
nssdatabases = lib.mkOption {
type = lib.types.listOf lib.types.str;
example = [
"passwd"
"shadow"
"group"
"gshadow"
"services"
"protocols"
"networks"
"hosts"
];
description = ''
System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
'';
};
};
}
);
default = { };
description = "Custom configuration profiles for schroot.";
};
};
};
config = lib.mkIf cfg.enable {
environment = {
systemPackages = [ cfg.package ];
etc =
{
# schroot requires this directory to exist
"schroot/chroot.d/.keep".text = "";
"schroot/schroot.conf".source = iniFmt.generate "schroot.conf" cfg.settings;
}
// (lib.attrsets.concatMapAttrs (
name:
{
copyfiles,
fstab,
nssdatabases,
}:
{
"schroot/${name}/copyfiles".text = (lib.strings.concatStringsSep "\n" copyfiles) + "\n";
"schroot/${name}/fstab".source = fstab;
"schroot/${name}/nssdatabases".text = (lib.strings.concatStringsSep "\n" nssdatabases) + "\n";
}
) cfg.profiles);
};
security.wrappers.schroot = {
source = "${cfg.package}/bin/schroot";
owner = "root";
group = "root";
setuid = true;
};
# Schroot requires these directories to exist
systemd.tmpfiles.rules = [
"d /var/lib/schroot/session - root root - -"
"d /var/lib/schroot/unpack - root root - -"
"d /var/lib/schroot/union - root root - -"
"d /var/lib/schroot/union/overlay - root root - -"
"d /var/lib/schroot/union/underlay - root root - -"
];
};
}

70
pkgs/by-name/sc/schroot/debian-patches.nix Normal file
View file

@ -0,0 +1,70 @@
# Generated by debian-patches.sh from debian-patches.txt
let
prefix = "https://salsa.debian.org/debian/schroot/-/raw/debian/master/1.6.13-4/debian/patches";
in
[
{
url = "${prefix}/1539621689.revert.schroot-1.6.10-48-g2600bcab.revert-environment-preserve-empty-values.patch";
sha256 = "0kvp47qkhq4s7bqil1pcq7c0a63hiw7xgmrxv460rfb9irvlp2wn";
}
{
url = "${prefix}/1448890714.schroot-1.7.2-72-gbf30a928.setup-d-20copyfiles-canonicalize-destination-path.patch";
sha256 = "09vliqpmqn4yvh3mxsa9iqlwxkfrhfjraizm945ir6v23m622i6k";
}
{
url = "${prefix}/1453505583.schroot-1.7.2-72-g11587fd8.etc-setup-d-20copyfiles-replace-dangling-symlink-during-cp.patch";
sha256 = "036g3br7251ykhmgq48zbjdgyy06m0rhrv1hf540zb7n6ildygkz";
}
{
url = "${prefix}/1496783678.schroot-1.7.2-127-ga5e5d8d9.fix-bash-completion.patch";
sha256 = "0adqpyqkw5kyg1843ygificm2hxawl4pi1lbyn2dvzw11yawvv9k";
}
{
url = "${prefix}/1530433671.schroot-1.7.2-129-g00c0a972.cmake-use-soelim-r-option.patch";
sha256 = "0csn6j6xsi8bd16r7bvd33albwz6v7fv7wawakkiimbj59zbinhn";
}
{
url = "${prefix}/1487872945.schroot-1.7.2-137-g5c36362b.support-copyfiles-installation-into-non-existent-directories.patch";
sha256 = "1iizprcdnisdjgp091y0zjsayq5qqfwh9d2d9zns1d0414jafp7b";
}
{
url = "${prefix}/1487872999.schroot-1.7.2-138-g5a611c49.support-copyfiles-source-destination-specifications.patch";
sha256 = "03f735zyzj4zmrrmynb2xl49i8s8580d9dyp0kxq5aq555sl7hx2";
}
{
url = "${prefix}/1662655911.reschroot-1.6.13-2-g779349dc.replace-usage-of-egrep-and-which.patch";
sha256 = "0f2wziwchfg3v193i8x7s60vr9yx72z3f7ddgsfkshay4m5mrprs";
}
{
url = "${prefix}/1662656169.reschroot-1.6.13-3-ga9e100e5.clean-up-mess-created-in-the-portuguese-translations.patch";
sha256 = "1yq05pc38rkbb0njwllfwjc8dl73i7g7z89spsa7ls3amkyccm7w";
}
{
url = "${prefix}/1664011392.reschroot-1.6.13-4-g93017cff.update-french-translation.patch";
sha256 = "0qhcifjxgipxh67fjf0ydclvxn9yys7hfcwxir9jnw572y9igx1k";
}
{
url = "${prefix}/1665995770.reschroot-1.6.13-5-g81b88b45.document-a-login-shell-might-be-switched-to-a-regular-shell.patch";
sha256 = "1lwslyqrfz1xmi28j1s80pq763k63f9g4qgx9vr3qm247gb7v55l";
}
{
url = "${prefix}/1692468301.reschroot-1.6.13-6-g271acf6e.subject-mount-a-new-instance-of-dev-pts-in-the-chroot.patch";
sha256 = "1j04bxcbg2bigss7sjqyg7cn8547wwmp5zj8406v3vk5g71iaijf";
}
{
url = "${prefix}/1664222056.reschroot-1.6.13-9-g55af32cf.fix-localename-type.patch";
sha256 = "15kjl3g6c79jfqh45mr3h3qbl5gx2pmxqc2pmsjplxdkksx9i6yn";
}
{
url = "${prefix}/1658716738.reschroot-1.6.12-2-g2045008e.fix-variable-usage-in-copyfiles-copy-file-function.patch";
sha256 = "02c6zsmprdvkgf3krl6z1qwvx144arng0s34ry1dq8qvwl5fd66c";
}
{
url = "${prefix}/fix-dupes-in-buildd-configuration.patch";
sha256 = "0s8racsl2s4mix6n7xb09dmncs5w0jmnb0vrjxpwx9c1yhz46dwl";
}
{
url = "${prefix}/fix-example-configuration.patch";
sha256 = "1r6kffc7a4aanksjv4658vs4xs31gmrhpa2gmpqkr21s7zk45yav";
}
]

17
pkgs/by-name/sc/schroot/debian-patches.txt Normal file
View file

@ -0,0 +1,17 @@
schroot/1.6.13-5
1539621689.revert.schroot-1.6.10-48-g2600bcab.revert-environment-preserve-empty-values.patch
1448890714.schroot-1.7.2-72-gbf30a928.setup-d-20copyfiles-canonicalize-destination-path.patch
1453505583.schroot-1.7.2-72-g11587fd8.etc-setup-d-20copyfiles-replace-dangling-symlink-during-cp.patch
1496783678.schroot-1.7.2-127-ga5e5d8d9.fix-bash-completion.patch
1530433671.schroot-1.7.2-129-g00c0a972.cmake-use-soelim-r-option.patch
1487872945.schroot-1.7.2-137-g5c36362b.support-copyfiles-installation-into-non-existent-directories.patch
1487872999.schroot-1.7.2-138-g5a611c49.support-copyfiles-source-destination-specifications.patch
1662655911.reschroot-1.6.13-2-g779349dc.replace-usage-of-egrep-and-which.patch
1662656169.reschroot-1.6.13-3-ga9e100e5.clean-up-mess-created-in-the-portuguese-translations.patch
1664011392.reschroot-1.6.13-4-g93017cff.update-french-translation.patch
1665995770.reschroot-1.6.13-5-g81b88b45.document-a-login-shell-might-be-switched-to-a-regular-shell.patch
1692468301.reschroot-1.6.13-6-g271acf6e.subject-mount-a-new-instance-of-dev-pts-in-the-chroot.patch
1664222056.reschroot-1.6.13-9-g55af32cf.fix-localename-type.patch
1658716738.reschroot-1.6.12-2-g2045008e.fix-variable-usage-in-copyfiles-copy-file-function.patch
fix-dupes-in-buildd-configuration.patch
fix-example-configuration.patch

43
pkgs/by-name/sc/schroot/fix-absolute-paths.patch Normal file
View file

@ -0,0 +1,43 @@
diff --git a/etc/setup.d/20copyfiles b/etc/setup.d/20copyfiles
index 3247ae2a..eed9fa46 100755
--- a/etc/setup.d/20copyfiles
+++ b/etc/setup.d/20copyfiles
@@ -39,9 +39,9 @@ copy_file()
if [ -e "$2" ]; then
# Device and inode
- da=$(/usr/bin/stat --format="%d %i" "$1")
+ da=$(stat --format="%d %i" "$1")
# This one can fail since it might not exist yet
- db=$(/usr/bin/stat --format="%d %i" "$2" 2>/dev/null || :)
+ db=$(stat --format="%d %i" "$2" 2>/dev/null || :)
if [ "$da" = "$db" ]; then
COPY="false"
@@ -50,8 +50,8 @@ copy_file()
:
elif [ -f "$1" ] && [ -f "$2" ]; then
# Content
- ca=$(/usr/bin/md5sum "$1" | sed -e 's/\(^[0-9a-f][0-9a-f]*\).*$/\1/')
- cb=$(/usr/bin/md5sum "$2" 2>/dev/null || :)
+ ca=$(md5sum "$1" | sed -e 's/\(^[0-9a-f][0-9a-f]*\).*$/\1/')
+ cb=$(md5sum "$2" 2>/dev/null || :)
cb=$(echo "$cb" | sed -e 's/\(^[0-9a-f][0-9a-f]*\).*$/\1/')
# Copy only if file contents differ
if [ "$ca" = "$cb" ]; then
diff --git a/etc/setup.d/20nssdatabases b/etc/setup.d/20nssdatabases
index ac7206b7..00645362 100755
--- a/etc/setup.d/20nssdatabases
+++ b/etc/setup.d/20nssdatabases
@@ -42,9 +42,9 @@ if [ $STAGE = "setup-start" ] || [ $STAGE = "setup-recover" ]; then
fi
# Device and inode
- dr=$(/usr/bin/stat --format="%d %i" "/etc/$db")
+ dr=$(stat --format="%d %i" "/etc/$db")
# This one can fail since it might not exist yet
- dc=$(/usr/bin/stat --format="%d %i" "${CHROOT_PATH}/etc/$db" 2>/dev/null || :)
+ dc=$(stat --format="%d %i" "${CHROOT_PATH}/etc/$db" 2>/dev/null || :)
# If the database inside and outside the chroot is the
# same, it's very likely that dup_nss would blank the

37
pkgs/by-name/sc/schroot/fix-boost-includes.patch Normal file
View file

@ -0,0 +1,37 @@
diff --git a/sbuild/sbuild-chroot-config.cc b/sbuild/sbuild-chroot-config.cc
index 48f8edad..388e2cac 100644
--- a/sbuild/sbuild-chroot-config.cc
+++ b/sbuild/sbuild-chroot-config.cc
@@ -32,6 +32,7 @@
#include <cstring>
#include <boost/filesystem/operations.hpp>
+#include <boost/filesystem/directory.hpp>
#include <sys/types.h>
#include <sys/stat.h>
diff --git a/sbuild/sbuild-run-parts.cc b/sbuild/sbuild-run-parts.cc
index 23132601..48bd9d67 100644
--- a/sbuild/sbuild-run-parts.cc
+++ b/sbuild/sbuild-run-parts.cc
@@ -30,6 +30,7 @@
#include <boost/format.hpp>
#include <boost/filesystem/operations.hpp>
+#include <boost/filesystem/directory.hpp>
using boost::format;
using namespace sbuild;
diff --git a/sbuild/sbuild-util.cc b/sbuild/sbuild-util.cc
index b6af7e89..dde32b49 100644
--- a/sbuild/sbuild-util.cc
+++ b/sbuild/sbuild-util.cc
@@ -35,8 +35,6 @@
#include <time.h>
#endif
-#include <boost/filesystem/convenience.hpp>
-
using namespace sbuild;
namespace

33
pkgs/by-name/sc/schroot/no-default-config.patch Normal file
View file

@ -0,0 +1,33 @@
diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt
index dd31fd3d..65521010 100644
--- a/etc/CMakeLists.txt
+++ b/etc/CMakeLists.txt
@@ -19,20 +19,20 @@
set(schroot_sysconf_data
schroot.conf)
-install(FILES ${schroot_sysconf_data}
- DESTINATION ${SCHROOT_SYSCONF_DIR})
+# install(FILES ${schroot_sysconf_data}
+# DESTINATION ${SCHROOT_SYSCONF_DIR})
set(files
copyfiles
fstab
nssdatabases)
-set(profiles
- buildd
- default
- desktop
- minimal
- sbuild)
+# set(profiles
+# buildd
+# default
+# desktop
+# minimal
+# sbuild)
set(arches
${SBUILD_PLATFORM})

10
pkgs/by-name/sc/schroot/no-pam-service.patch Normal file
View file

@ -0,0 +1,10 @@
--- a/etc/CMakeLists.txt
+++ b/etc/CMakeLists.txt
@@ -68,6 +68,6 @@ foreach(profile ${profiles})
endforeach(file)
endforeach(profile)
-add_subdirectory(pam)
+# add_subdirectory(pam)
add_subdirectory(bash_completion)
add_subdirectory(setup.d)

12
pkgs/by-name/sc/schroot/no-setuid.patch Normal file
View file

@ -0,0 +1,12 @@
--- a/bin/schroot/CMakeLists.txt
+++ b/bin/schroot/CMakeLists.txt
@@ -40,8 +40,7 @@ install(TARGETS schroot RUNTIME
DESTINATION ${CMAKE_INSTALL_FULL_BINDIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE
GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE
- SETUID)
+ WORLD_READ WORLD_EXECUTE)
set(installdirs
${SCHROOT_CONF_CHROOT_D}

105
pkgs/by-name/sc/schroot/package.nix Normal file
View file

@ -0,0 +1,105 @@
{
lib,
stdenv,
fetchurl,
# Runtime script dependencies
coreutils,
getent,
gnugrep,
gnused,
gnutar,
util-linux,
# Native build inputs
cmake,
findutils,
gettext,
mandoc,
makeWrapper,
perlPackages,
# Build inputs
boost,
}:
let
scripts-bin-path = lib.makeBinPath [
coreutils
getent
gnugrep
gnused
gnutar
util-linux
];
upstream-version = "1.6.13";
in
stdenv.mkDerivation {
pname = "schroot";
version = "${upstream-version}-5";
src = fetchurl {
url = "https://codeberg.org/shelter/reschroot/archive/release/reschroot-${upstream-version}.tar.gz";
hash = "sha256-wF1qG7AhDUAeZSLu4sRl4LQ8bJj3EB1nH56e+Is6zPU=";
};
patches = map fetchurl (import ./debian-patches.nix) ++ [
./no-setuid.patch
./no-pam-service.patch
./no-default-config.patch
./fix-absolute-paths.patch
./fix-boost-includes.patch
];
nativeBuildInputs = [
cmake
findutils
gettext
mandoc
makeWrapper
perlPackages.Po4a
];
buildInputs = [
boost
];
cmakeFlags = [
(lib.cmakeFeature "CMAKE_INSTALL_LOCALSTATEDIR" "/var")
(lib.cmakeFeature "SCHROOT_SYSCONF_DIR" "/etc/schroot")
(lib.cmakeFeature "SCHROOT_CONF_SETUP_D" "${placeholder "out"}/etc/schroot/setup.d")
];
postPatch = ''
# Substitute the path to the mount binary
substituteInPlace bin/schroot-mount/schroot-mount-main.cc \
--replace-fail "/bin/mount" "${util-linux}/bin/mount"
'';
postFixup = ''
# Make wrappers for all shell scripts used by schroot
# The wrapped script are put into a separate directory to not be run by schroot during setup
mkdir $out/etc/schroot/setup.d.wrapped
cd $out/etc/schroot/setup.d
find * -type f | while read -r file; do
mv "$file" $out/etc/schroot/setup.d.wrapped
makeWrapper "$out/etc/schroot/setup.d.wrapped/$file" "$file" --set PATH ${scripts-bin-path}
done
# Get rid of stuff that's (probably) not needed
rm -vrf $out/lib $out/include
'';
meta = {
description = "Lightweight virtualisation tool";
longDescription = ''
Schroot is a program that allows the user to run a command or a login shell in a chroot environment.
'';
homepage = "https://codeberg.org/shelter/reschroot";
changelog = "https://codeberg.org/shelter/reschroot/raw/tag/release/reschroot-${upstream-version}/NEWS";
mainProgram = "schroot";
maintainers = with lib.maintainers; [ bjsowa ];
license = lib.licenses.gpl3Plus;
platforms = lib.platforms.linux;
};
}