* Support for doing builds in a chroot under Linux. The builder is

executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2025-06-27 04:21:16 +02:00 · 2007-10-27 00:46:59 +00:00 · 2007-10-27 00:46:59 +00:00 · 9397cd30c8
commit 9397cd30c8
parent 0b4ed64d29
3 changed files with 162 additions and 16 deletions
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@ -350,13 +350,16 @@ Path createTempDir(const Path & tmpRoot)
 }


-void createDirs(const Path & path)
+Paths createDirs(const Path & path)
 {
-    if (path == "/") return;
-    createDirs(dirOf(path));
-    if (!pathExists(path))
+    if (path == "/") return Paths();
+    Paths created = createDirs(dirOf(path));
+    if (!pathExists(path)) {
        if (mkdir(path.c_str(), 0777) == -1)
            throw SysError(format("creating directory `%1%'") % path);
+        created.push_back(path);
+    }
+    return created;
 }


@ -509,14 +512,25 @@ string drainFD(int fd)
 //////////////////////////////////////////////////////////////////////


-AutoDelete::AutoDelete(const string & p) : path(p)
+AutoDelete::AutoDelete(const string & p, bool recursive) : path(p)
 {
    del = true;
+    this->recursive = recursive;
 }

 AutoDelete::~AutoDelete()
 {
-    if (del) deletePath(path);
+    try {
+        if (del)
+            if (recursive)
+                deletePath(path);
+            else {
+                if (remove(path.c_str()) == -1)
+                    throw SysError(format("cannot unlink `%1%'") % path);
+            }
+    } catch (...) {
+        ignoreException();
+    }
 }

 void AutoDelete::cancel()
@ -752,10 +766,10 @@ void killUser(uid_t uid)
 		if (errno != EINTR)
 		    throw SysError(format("cannot kill processes for uid `%1%'") % uid);
 	    }
-        
+
        } catch (std::exception & e) {
-            std::cerr << format("killing processes beloging to uid `%1%': %1%\n")
-                % uid % e.what();
+            std::cerr << format("killing processes beloging to uid `%1%': %1%")
+                % uid % e.what() << std::endl;
            quickExit(1);
        }
        quickExit(0);