diff --git a/cmd/fpkg/install.go b/cmd/fpkg/install.go index 5e4d67a..9bbb34e 100644 --- a/cmd/fpkg/install.go +++ b/cmd/fpkg/install.go @@ -142,7 +142,7 @@ func actionInstall(args []string) { "nix copy --offline --no-check-sigs --all --from file://$BUNDLE/res --to $PWD", // make cache directory world-readable for autoetc "chmod 0755 .", - }, workDir, bundle, pathSet, dropShellInstall, cleanup) + }, workDir, app, pathSet, dropShellInstall, cleanup) /* Activate home-manager generation. @@ -155,7 +155,7 @@ func actionInstall(args []string) { "rm -rf .local/state/{nix,home-manager}", // run activation script bundle.ActivationPackage + "/activate", - }, false, bundle, pathSet, dropShellActivate, cleanup) + }, false, app, pathSet, dropShellActivate, cleanup) /* Installation complete. Write metadata to block re-installs or downgrades. @@ -184,9 +184,9 @@ func actionInstall(args []string) { cleanup() } -func withNixDaemon(action string, command []string, net bool, bundle *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) { +func withNixDaemon(action string, command []string, net bool, app *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) { fortifyAppDropShell(&fst.Config{ - ID: bundle.ID, + ID: app.ID, Command: []string{shell, "-lc", "rm -f /nix/var/nix/daemon-socket/socket && " + // start nix-daemon "nix-daemon --store / & " + @@ -197,13 +197,13 @@ func withNixDaemon(action string, command []string, net bool, bundle *bundleInfo " && pkill nix-daemon", }, Confinement: fst.ConfinementConfig{ - AppID: bundle.AppID, - Groups: bundle.Groups, + AppID: app.AppID, + Groups: app.Groups, Username: "fortify", - Inner: path.Join("/data/data", bundle.ID), + Inner: path.Join("/data/data", app.ID), Outer: pathSet.homeDir, Sandbox: &fst.SandboxConfig{ - Hostname: formatHostname(bundle.Name) + "-" + action, + Hostname: formatHostname(app.Name) + "-" + action, UserNS: true, // nix sandbox requires userns Net: net, NoNewSession: dropShell, @@ -211,7 +211,7 @@ func withNixDaemon(action string, command []string, net bool, bundle *bundleInfo {Src: pathSet.nixPath, Dst: "/nix", Write: true, Must: true}, }, Link: [][2]string{ - {bundle.CurrentSystem, "/run/current-system"}, + {app.CurrentSystem, "/run/current-system"}, {"/run/current-system/sw/bin", "/bin"}, {"/run/current-system/sw/bin", "/usr/bin"}, }, @@ -226,24 +226,24 @@ func withNixDaemon(action string, command []string, net bool, bundle *bundleInfo }, dropShell, beforeFail) } -func withCacheDir(action string, command []string, workDir string, bundle *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) { +func withCacheDir(action string, command []string, workDir string, app *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) { fortifyAppDropShell(&fst.Config{ - ID: bundle.ID, + ID: app.ID, Command: []string{shell, "-lc", strings.Join(command, " && ")}, Confinement: fst.ConfinementConfig{ - AppID: bundle.AppID, + AppID: app.AppID, Username: "nixos", - Inner: path.Join("/data/data", bundle.ID, "cache"), + Inner: path.Join("/data/data", app.ID, "cache"), Outer: pathSet.cacheDir, // this also ensures cacheDir via fshim Sandbox: &fst.SandboxConfig{ - Hostname: formatHostname(bundle.Name) + "-" + action, + Hostname: formatHostname(app.Name) + "-" + action, NoNewSession: dropShell, Filesystem: []*fst.FilesystemConfig{ {Src: path.Join(workDir, "nix"), Dst: "/nix", Must: true}, {Src: workDir, Dst: path.Join(fst.Tmp, "bundle"), Must: true}, }, Link: [][2]string{ - {bundle.CurrentSystem, "/run/current-system"}, + {app.CurrentSystem, "/run/current-system"}, {"/run/current-system/sw/bin", "/bin"}, {"/run/current-system/sw/bin", "/usr/bin"}, },