diff --git a/nixos/modules/programs/command-not-found/command-not-found.nix b/nixos/modules/programs/command-not-found/command-not-found.nix index 8d501f686660..47c5e0de3f8b 100644 --- a/nixos/modules/programs/command-not-found/command-not-found.nix +++ b/nixos/modules/programs/command-not-found/command-not-found.nix @@ -12,16 +12,18 @@ let cfg = config.programs.command-not-found; - commandNotFound = pkgs.substituteAll { + commandNotFound = pkgs.replaceVarsWith { name = "command-not-found"; dir = "bin"; src = ./command-not-found.pl; isExecutable = true; - inherit (cfg) dbPath; - perl = pkgs.perl.withPackages (p: [ - p.DBDSQLite - p.StringShellQuote - ]); + replacements = { + inherit (cfg) dbPath; + perl = pkgs.perl.withPackages (p: [ + p.DBDSQLite + p.StringShellQuote + ]); + }; }; in diff --git a/nixos/modules/services/networking/hylafax/systemd.nix b/nixos/modules/services/networking/hylafax/systemd.nix index 8850d961e63d..1405cbc3e826 100644 --- a/nixos/modules/services/networking/hylafax/systemd.nix +++ b/nixos/modules/services/networking/hylafax/systemd.nix @@ -49,27 +49,31 @@ let preferLocalBuild = true; } ''mkdir --parents "$out/" ${concatStringsSep "\n" (mapModems mkLine)}''; - setupSpoolScript = pkgs.substituteAll { + setupSpoolScript = pkgs.replaceVarsWith { name = "hylafax-setup-spool.sh"; src = ./spool.sh; isExecutable = true; - faxuser = "uucp"; - faxgroup = "uucp"; - lockPath = "/var/lock"; - inherit globalConfigPath modemConfigPath; - inherit (cfg) sendmailPath spoolAreaPath userAccessFile; - inherit (pkgs) hylafaxplus runtimeShell; + replacements = { + faxuser = "uucp"; + faxgroup = "uucp"; + lockPath = "/var/lock"; + inherit globalConfigPath modemConfigPath; + inherit (cfg) spoolAreaPath userAccessFile; + inherit (pkgs) hylafaxplus runtimeShell; + }; }; - waitFaxqScript = pkgs.substituteAll { + waitFaxqScript = pkgs.replaceVarsWith { # This script checks the modems status files # and waits until all modems report readiness. name = "hylafax-faxq-wait-start.sh"; src = ./faxq-wait.sh; isExecutable = true; - timeoutSec = toString 10; - inherit (cfg) spoolAreaPath; - inherit (pkgs) runtimeShell; + replacements = { + timeoutSec = toString 10; + inherit (cfg) spoolAreaPath; + inherit (pkgs) runtimeShell; + }; }; sockets.hylafax-hfaxd = { diff --git a/nixos/modules/services/web-apps/kasmweb/default.nix b/nixos/modules/services/web-apps/kasmweb/default.nix index 9cb64a1495d5..a5a5edd6deac 100644 --- a/nixos/modules/services/web-apps/kasmweb/default.nix +++ b/nixos/modules/services/web-apps/kasmweb/default.nix @@ -140,31 +140,33 @@ in serviceConfig = { Type = "oneshot"; TimeoutStartSec = 300; - ExecStart = pkgs.substituteAll { + ExecStart = pkgs.replaceVarsWith { src = ./initialize_kasmweb.sh; isExecutable = true; - binPath = lib.makeBinPath [ - pkgs.docker - pkgs.openssl - pkgs.gnused - pkgs.yq-go - ]; - runtimeShell = pkgs.runtimeShell; - kasmweb = pkgs.kasmweb; - postgresUser = "postgres"; - postgresPassword = "postgres"; - inherit (cfg) - datastorePath - sslCertificate - sslCertificateKey - redisPassword - networkSubnet - defaultUserPassword - defaultAdminPassword - defaultManagerToken - defaultRegistrationToken - defaultGuacToken - ; + replacements = { + binPath = lib.makeBinPath [ + pkgs.docker + pkgs.openssl + pkgs.gnused + pkgs.yq-go + ]; + runtimeShell = pkgs.runtimeShell; + kasmweb = pkgs.kasmweb; + postgresUser = "postgres"; + postgresPassword = "postgres"; + inherit (cfg) + datastorePath + sslCertificate + sslCertificateKey + redisPassword + networkSubnet + defaultUserPassword + defaultAdminPassword + defaultManagerToken + defaultRegistrationToken + defaultGuacToken + ; + }; }; }; }; diff --git a/nixos/modules/system/boot/loader/generations-dir/generations-dir-builder.sh b/nixos/modules/system/boot/loader/generations-dir/generations-dir-builder.sh index 8ae23dc988c2..041fd905fed1 100644 --- a/nixos/modules/system/boot/loader/generations-dir/generations-dir-builder.sh +++ b/nixos/modules/system/boot/loader/generations-dir/generations-dir-builder.sh @@ -2,8 +2,7 @@ shopt -s nullglob -export PATH=/empty -for i in @path@; do PATH=$PATH:$i/bin; done +export PATH=/empty:@path@ default=$1 if test -z "$1"; then diff --git a/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix b/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix index 397326899d8d..2eaddd48dd8e 100644 --- a/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix +++ b/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix @@ -4,12 +4,14 @@ with lib; let - generationsDirBuilder = pkgs.substituteAll { + generationsDirBuilder = pkgs.replaceVarsWith { src = ./generations-dir-builder.sh; isExecutable = true; - inherit (pkgs) bash; - path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep]; - inherit (config.boot.loader.generationsDir) copyKernels; + replacements = { + inherit (pkgs) bash; + path = lib.makeBinPath [pkgs.coreutils pkgs.gnused pkgs.gnugrep]; + inherit (config.boot.loader.generationsDir) copyKernels; + }; }; in diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix index 576a07c1d272..9158daa01440 100644 --- a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix @@ -1,8 +1,10 @@ -{ pkgs }: +{ lib, pkgs }: -pkgs.substituteAll { +pkgs.replaceVarsWith { src = ./extlinux-conf-builder.sh; isExecutable = true; - path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep]; - inherit (pkgs) bash; + replacements = { + path = lib.makeBinPath [pkgs.coreutils pkgs.gnused pkgs.gnugrep]; + inherit (pkgs) bash; + }; } diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh index b50eae024122..5601c30827d6 100644 --- a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh @@ -2,8 +2,7 @@ shopt -s nullglob -export PATH=/empty -for i in @path@; do PATH=$PATH:$i/bin; done +export PATH=/empty:@path@ usage() { echo "usage: $0 -t -c [-d ] [-g ] [-n ] [-r]" >&2 diff --git a/nixos/modules/system/boot/loader/init-script/init-script-builder.sh b/nixos/modules/system/boot/loader/init-script/init-script-builder.sh index 755ea259c425..60b9fe901db0 100644 --- a/nixos/modules/system/boot/loader/init-script/init-script-builder.sh +++ b/nixos/modules/system/boot/loader/init-script/init-script-builder.sh @@ -2,8 +2,7 @@ shopt -s nullglob -export PATH=/empty -for i in @path@; do PATH=$PATH:$i/bin; done +export PATH=/empty:@path@ if test $# -ne 1; then echo "Usage: init-script-builder.sh DEFAULT-CONFIG" diff --git a/nixos/modules/system/boot/loader/init-script/init-script.nix b/nixos/modules/system/boot/loader/init-script/init-script.nix index 5c4974f32ae0..46abdec71db6 100644 --- a/nixos/modules/system/boot/loader/init-script/init-script.nix +++ b/nixos/modules/system/boot/loader/init-script/init-script.nix @@ -9,16 +9,18 @@ with lib; let - initScriptBuilder = pkgs.substituteAll { + initScriptBuilder = pkgs.replaceVarsWith { src = ./init-script-builder.sh; isExecutable = true; - inherit (pkgs) bash; - inherit (config.system.nixos) distroName; - path = [ - pkgs.coreutils - pkgs.gnused - pkgs.gnugrep - ]; + replacements = { + inherit (pkgs) bash; + inherit (config.system.nixos) distroName; + path = lib.makeBinPath [ + pkgs.coreutils + pkgs.gnused + pkgs.gnugrep + ]; + }; }; in diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 280d38ce32f4..ff7cf4777ddf 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -289,11 +289,8 @@ let # The init script of boot stage 1 (loading kernel modules for # mounting the root FS). - bootStage1 = pkgs.substituteAll { + bootStage1 = pkgs.replaceVarsWith { src = ./stage-1-init.sh; - - shell = "${extraUtils}/bin/ash"; - isExecutable = true; postInstall = '' @@ -304,35 +301,39 @@ let ${pkgs.buildPackages.busybox}/bin/ash -n $target ''; - inherit linkUnits udevRules extraUtils; + replacements = { + shell = "${extraUtils}/bin/ash"; - inherit (config.boot) resumeDevice; + inherit linkUnits udevRules extraUtils; - inherit (config.system.nixos) distroName; + inherit (config.boot) resumeDevice; - inherit (config.system.build) earlyMountScript; + inherit (config.system.nixos) distroName; - inherit (config.boot.initrd) checkJournalingFS verbose - preLVMCommands preDeviceCommands postDeviceCommands postResumeCommands postMountCommands preFailCommands kernelModules; + inherit (config.system.build) earlyMountScript; - resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}") - (filter (sd: hasPrefix "/dev/" sd.device && !sd.randomEncryption.enable - # Don't include zram devices - && !(hasPrefix "/dev/zram" sd.device) - ) config.swapDevices); + inherit (config.boot.initrd) checkJournalingFS verbose + preLVMCommands preDeviceCommands postDeviceCommands postResumeCommands postMountCommands preFailCommands kernelModules; - fsInfo = - let f = fs: [ fs.mountPoint (if fs.device != null then fs.device else "/dev/disk/by-label/${fs.label}") fs.fsType (builtins.concatStringsSep "," fs.options) ]; - in pkgs.writeText "initrd-fsinfo" (concatStringsSep "\n" (concatMap f fileSystems)); + resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}") + (filter (sd: hasPrefix "/dev/" sd.device && !sd.randomEncryption.enable + # Don't include zram devices + && !(hasPrefix "/dev/zram" sd.device) + ) config.swapDevices); - setHostId = optionalString (config.networking.hostId != null) '' - hi="${config.networking.hostId}" - ${if pkgs.stdenv.hostPlatform.isBigEndian then '' - echo -ne "\x''${hi:0:2}\x''${hi:2:2}\x''${hi:4:2}\x''${hi:6:2}" > /etc/hostid - '' else '' - echo -ne "\x''${hi:6:2}\x''${hi:4:2}\x''${hi:2:2}\x''${hi:0:2}" > /etc/hostid - ''} - ''; + fsInfo = + let f = fs: [ fs.mountPoint (if fs.device != null then fs.device else "/dev/disk/by-label/${fs.label}") fs.fsType (builtins.concatStringsSep "," fs.options) ]; + in pkgs.writeText "initrd-fsinfo" (concatStringsSep "\n" (concatMap f fileSystems)); + + setHostId = optionalString (config.networking.hostId != null) '' + hi="${config.networking.hostId}" + ${if pkgs.stdenv.hostPlatform.isBigEndian then '' + echo -ne "\x''${hi:0:2}\x''${hi:2:2}\x''${hi:4:2}\x''${hi:6:2}" > /etc/hostid + '' else '' + echo -ne "\x''${hi:6:2}\x''${hi:4:2}\x''${hi:2:2}\x''${hi:0:2}" > /etc/hostid + ''} + ''; + }; }; diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix index beb887d0f3e5..d72ea225fb24 100644 --- a/nixos/modules/system/boot/stage-2.nix +++ b/nixos/modules/system/boot/stage-2.nix @@ -11,26 +11,28 @@ let useHostResolvConf = config.networking.resolvconf.enable && config.networking.useHostResolvConf; - bootStage2 = pkgs.substituteAll { + bootStage2 = pkgs.replaceVarsWith { src = ./stage-2-init.sh; - shellDebug = "${pkgs.bashInteractive}/bin/bash"; - shell = "${pkgs.bash}/bin/bash"; - inherit (config.boot) readOnlyNixStore systemdExecutable extraSystemdUnitPaths; - inherit (config.system.nixos) distroName; isExecutable = true; - inherit useHostResolvConf; - inherit (config.system.build) earlyMountScript; - path = lib.makeBinPath ( - [ - pkgs.coreutils - pkgs.util-linux - ] - ++ lib.optional useHostResolvConf pkgs.openresolv - ); - postBootCommands = pkgs.writeText "local-cmds" '' - ${config.boot.postBootCommands} - ${config.powerManagement.powerUpCommands} - ''; + replacements = { + shell = "${pkgs.bash}/bin/bash"; + systemConfig = null; # replaced in ../activation/top-level.nix + inherit (config.boot) readOnlyNixStore systemdExecutable; + inherit (config.system.nixos) distroName; + inherit useHostResolvConf; + inherit (config.system.build) earlyMountScript; + path = lib.makeBinPath ( + [ + pkgs.coreutils + pkgs.util-linux + ] + ++ lib.optional useHostResolvConf pkgs.openresolv + ); + postBootCommands = pkgs.writeText "local-cmds" '' + ${config.boot.postBootCommands} + ${config.powerManagement.powerUpCommands} + ''; + }; }; in diff --git a/pkgs/build-support/appimage/appimage-exec.sh b/pkgs/build-support/appimage/appimage-exec.sh index 975dfb4c3d93..29b695fd0848 100755 --- a/pkgs/build-support/appimage/appimage-exec.sh +++ b/pkgs/build-support/appimage/appimage-exec.sh @@ -1,4 +1,4 @@ -#!@shell@ +#!@runtimeShell@ # shellcheck shell=bash if [ -n "$DEBUG" ] ; then diff --git a/pkgs/build-support/appimage/default.nix b/pkgs/build-support/appimage/default.nix index df662f265104..32f6222ef2c1 100644 --- a/pkgs/build-support/appimage/default.nix +++ b/pkgs/build-support/appimage/default.nix @@ -11,19 +11,22 @@ }: rec { - appimage-exec = pkgs.substituteAll { + appimage-exec = pkgs.replaceVarsWith { src = ./appimage-exec.sh; isExecutable = true; dir = "bin"; - path = lib.makeBinPath [ - bash - binutils-unwrapped - coreutils - gawk - libarchive - pv - squashfsTools - ]; + replacements = { + inherit (pkgs) runtimeShell; + path = lib.makeBinPath [ + bash + binutils-unwrapped + coreutils + gawk + libarchive + pv + squashfsTools + ]; + }; }; extract = args@{ pname, version, name ? null, postExtract ? "", src, ... }: diff --git a/pkgs/build-support/dotnet/add-nuget-deps/default.nix b/pkgs/build-support/dotnet/add-nuget-deps/default.nix index fb349679e579..4ae4db4f0f67 100644 --- a/pkgs/build-support/dotnet/add-nuget-deps/default.nix +++ b/pkgs/build-support/dotnet/add-nuget-deps/default.nix @@ -3,7 +3,7 @@ runtimeShell, nix, lib, - substituteAll, + replaceVarsWith, nuget-to-nix, nixfmt-rfc-style, cacert, @@ -63,12 +63,13 @@ attrs let drv = builtins.unsafeDiscardOutputDependency fetch-drv.drvPath; - innerScript = substituteAll { + innerScript = replaceVarsWith { src = ./fetch-deps.sh; isExecutable = true; - inherit cacert; - nugetToNix = nuget-to-nix; - nixfmt = nixfmt-rfc-style; + replacements = { + nugetToNix = nuget-to-nix; + nixfmt = nixfmt-rfc-style; + }; }; defaultDepsFile = diff --git a/pkgs/by-name/ga/gargoyle/package.nix b/pkgs/by-name/ga/gargoyle/package.nix index f4bc572b513d..7fb5dd5eb010 100644 --- a/pkgs/by-name/ga/gargoyle/package.nix +++ b/pkgs/by-name/ga/gargoyle/package.nix @@ -2,7 +2,7 @@ lib, stdenv, fetchFromGitHub, - substituteAll, + replaceVarsWith, jam, cctools, pkg-config, @@ -77,8 +77,8 @@ stdenv.mkDerivation rec { installPhase = if stdenv.hostPlatform.isDarwin then - (substituteAll { - inherit (stdenv) shell; + (replaceVarsWith { + replacements = { inherit (stdenv) shell; }; isExecutable = true; src = ./darwin.sh; }) diff --git a/pkgs/by-name/rp/rpmextract/package.nix b/pkgs/by-name/rp/rpmextract/package.nix index 5decce67d5aa..71630ed687c1 100644 --- a/pkgs/by-name/rp/rpmextract/package.nix +++ b/pkgs/by-name/rp/rpmextract/package.nix @@ -3,7 +3,7 @@ stdenv, rpm, cpio, - substituteAll, + replaceVarsWith, }: stdenv.mkDerivation { @@ -13,11 +13,13 @@ stdenv.mkDerivation { install -Dm755 $script $out/bin/rpmextract ''; - script = substituteAll { + script = replaceVarsWith { src = ./rpmextract.sh; isExecutable = true; - inherit rpm cpio; - inherit (stdenv) shell; + replacements = { + inherit rpm cpio; + inherit (stdenv) shell; + }; }; meta = with lib; { diff --git a/pkgs/by-name/se/service-wrapper/package.nix b/pkgs/by-name/se/service-wrapper/package.nix index 3a6c450449fd..31e272b7edae 100644 --- a/pkgs/by-name/se/service-wrapper/package.nix +++ b/pkgs/by-name/se/service-wrapper/package.nix @@ -2,7 +2,7 @@ lib, stdenv, runCommand, - substituteAll, + replaceVarsWith, coreutils, }: @@ -12,11 +12,13 @@ let in runCommand name { - script = substituteAll { + script = replaceVarsWith { src = ./service-wrapper.sh; isExecutable = true; - inherit (stdenv) shell; - inherit coreutils; + replacements = { + inherit (stdenv) shell; + inherit coreutils; + }; }; meta = with lib; { diff --git a/pkgs/development/libraries/gobject-introspection/default.nix b/pkgs/development/libraries/gobject-introspection/default.nix index 24732a588525..ef4ad0c3af4a 100644 --- a/pkgs/development/libraries/gobject-introspection/default.nix +++ b/pkgs/development/libraries/gobject-introspection/default.nix @@ -16,7 +16,8 @@ cctools, cairo, gnome, - substituteAll, + replaceVars, + replaceVarsWith, buildPackages, gobject-introspection-unwrapped, nixStoreDir ? builtins.storeDir, @@ -63,17 +64,18 @@ stdenv.mkDerivation (finalAttrs: { # Make g-ir-scanner put absolute path to GIR files it generates # so that programs can just dlopen them without having to muck # with LD_LIBRARY_PATH environment variable. - (substituteAll { - src = ./absolute_shlib_path.patch; + (replaceVars ./absolute_shlib_path.patch { inherit nixStoreDir; }) ] ++ lib.optionals x11Support [ # Hardcode the cairo shared library path in the Cairo gir shipped with this package. # https://github.com/NixOS/nixpkgs/issues/34080 - (substituteAll { - src = ./absolute_gir_path.patch; + (replaceVars ./absolute_gir_path.patch { cairoLib = "${lib.getLib cairo}/lib"; + # original source code in patch's context + CAIRO_GIR_PACKAGE = null; + CAIRO_SHARED_LIBRARY = null; }) ]; @@ -117,12 +119,14 @@ stdenv.mkDerivation (finalAttrs: { ] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ "-Dgi_cross_ldd_wrapper=${ - substituteAll { + replaceVarsWith { name = "g-ir-scanner-lddwrapper"; isExecutable = true; src = ./wrappers/g-ir-scanner-lddwrapper.sh; - inherit (buildPackages) bash; - buildlddtree = "${buildPackages.pax-utils}/bin/lddtree"; + replacements = { + inherit (buildPackages) bash; + buildlddtree = "${buildPackages.pax-utils}/bin/lddtree"; + }; } }" "-Dgi_cross_binary_wrapper=${stdenv.hostPlatform.emulator buildPackages}" diff --git a/pkgs/os-specific/linux/rfkill/udev.nix b/pkgs/os-specific/linux/rfkill/udev.nix index 1b17349f33d8..9d5ce46533e2 100644 --- a/pkgs/os-specific/linux/rfkill/udev.nix +++ b/pkgs/os-specific/linux/rfkill/udev.nix @@ -1,7 +1,7 @@ { lib, stdenv, - substituteAll, + replaceVarsWith, }: # Provides a facility to hook into rfkill changes. @@ -29,8 +29,8 @@ # in the rfkill package. let - rfkillHook = substituteAll { - inherit (stdenv) shell; + rfkillHook = replaceVarsWith { + replacements = { inherit (stdenv) shell; }; isExecutable = true; src = ./rfkill-hook.sh; }; diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index 1adcf622e62d..cc4eb1e06f46 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -6,7 +6,7 @@ autoreconfHook, makeWrapper, pkg-config, - substituteAll, + replaceVarsWith, curl, gtk3, libassuan, @@ -70,10 +70,12 @@ stdenv.mkDerivation rec { postInstall = let - eid-nssdb-in = substituteAll { - inherit (stdenv) shell; + eid-nssdb-in = replaceVarsWith { isExecutable = true; src = ./eid-nssdb.in; + replacements = { + inherit (stdenv) shell; + }; }; in ''