From aff80b6b00a5a1f595f12156797bb4fffebab5f1 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Sun, 29 Dec 2024 18:32:44 +0900 Subject: [PATCH] cmd/fpkg: optional network access when invoking with nix daemon This is useful for building nixGL. Signed-off-by: Ophestra --- cmd/fpkg/install.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cmd/fpkg/install.go b/cmd/fpkg/install.go index 988f4a8..0b7ce7a 100644 --- a/cmd/fpkg/install.go +++ b/cmd/fpkg/install.go @@ -154,7 +154,7 @@ func actionInstall(args []string) { "rm -rf .local/state/{nix,home-manager}", // run activation script bundle.ActivationPackage + "/activate", - }, workDir, bundle, pathSet, dropShellActivate, cleanup) + }, false, workDir, bundle, pathSet, dropShellActivate, cleanup) /* Installation complete. Write metadata to block re-installs or downgrades. @@ -183,7 +183,7 @@ func actionInstall(args []string) { cleanup() } -func withNixDaemon(action string, command []string, workDir string, bundle *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) { +func withNixDaemon(action string, command []string, net bool, workDir string, bundle *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) { fortifyAppDropShell(&fst.Config{ ID: bundle.ID, Command: []string{shell, "-lc", "rm -f /nix/var/nix/daemon-socket/socket && " + @@ -204,6 +204,7 @@ func withNixDaemon(action string, command []string, workDir string, bundle *bund Sandbox: &fst.SandboxConfig{ Hostname: formatHostname(bundle.Name) + "-" + action, UserNS: true, // nix sandbox requires userns + Net: net, NoNewSession: dropShell, Filesystem: []*fst.FilesystemConfig{ {Src: pathSet.nixPath, Dst: "/nix", Write: true, Must: true},