Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nix
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d1bcbb63b37c^
Choose a base ref
...
head repository: NixOS/nix
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 714d0f3e3ef6
Choose a head ref
  • 2 commits
  • 4 files changed
  • 1 contributor

Commits on May 31, 2019

  1. Bindings: Add convenience method for requiring an attribute

    @edolstra
    edolstra committed May 31, 2019
    Copy the full SHA
    d1bcbb6 View commit details

  2. Add 'nix app' command 

    This is like 'nix run', except that the command to execute is defined
in a flake output, e.g.

  defaultApp = {
    type = "app";
    program = "${packages.blender_2_80}/bin/blender";
  };

Thus you can do

  $ nix app blender-bin

to start Blender from the 'blender-bin' flake.

In the future, we can extend this with sandboxing. (For example we
would want to be able to specify that Blender should not have network
access by default and should only have access to certain paths in the
user's home directory.)
    @edolstra
    edolstra committed May 31, 2019

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    714d0f3 View commit details
Showing with 117 additions and 23 deletions.
  1. +8 −0 src/libexpr/attr-set.hh
  2. +9 −0 src/nix/command.hh
  3. +22 −0 src/nix/installables.cc
  4. +78 −23 src/nix/run.cc
8 changes: 8 additions & 0 deletions src/libexpr/attr-set.hh
View file
Original file line number Diff line number Diff line change
@@ -72,6 +72,14 @@ public:
return {};
}

Attr & need(const Symbol & name, const Pos & pos = noPos)
{
auto a = get(name);
if (!a)
throw Error("attribute '%s' missing, at %s", name, pos);
return **a;
}

iterator begin() { return &attrs[0]; }
iterator end() { return &attrs[size_]; }

9 changes: 9 additions & 0 deletions src/nix/command.hh
View file
Original file line number Diff line number Diff line change
@@ -38,6 +38,13 @@ struct Buildable

typedef std::vector<Buildable> Buildables;

struct App
{
PathSet context;
Path program;
// FIXME: add args, sandbox settings, metadata, ...
};

struct Installable
{
virtual std::string what() = 0;
@@ -49,6 +56,8 @@ struct Installable

Buildable toBuildable();

App toApp(EvalState & state);

virtual Value * toValue(EvalState & state)
{
throw Error("argument '%s' cannot be evaluated", what());
22 changes: 22 additions & 0 deletions src/nix/installables.cc
View file
Original file line number Diff line number Diff line change
@@ -68,6 +68,28 @@ Buildable Installable::toBuildable()
return std::move(buildables[0]);
}

App Installable::toApp(EvalState & state)
{
auto v = toValue(state);

state.forceAttrs(*v);

auto aType = v->attrs->need(state.sType);
if (state.forceStringNoCtx(*aType.value, *aType.pos) != "app")
throw Error("value does not have type 'app', at %s", *aType.pos);

App app;

auto aProgram = v->attrs->need(state.symbols.create("program"));
app.program = state.forceString(*aProgram.value, app.context, *aProgram.pos);

// FIXME: check that 'program' is in the closure of 'context'.
if (!state.store->isInStore(app.program))
throw Error("app program '%s' is not in the Nix store", app.program);

return app;
}

struct InstallableStorePath : Installable
{
Path storePath;
101 changes: 78 additions & 23 deletions src/nix/run.cc
View file
Original file line number Diff line number Diff line change
@@ -8,6 +8,7 @@
#include "fs-accessor.hh"
#include "progress-bar.hh"
#include "affinity.hh"
#include "eval.hh"

#if __linux__
#include <sys/mount.h>
@@ -19,7 +20,44 @@ using namespace nix;

std::string chrootHelperName = "__run_in_chroot";

struct CmdRun : InstallablesCommand
struct RunCommon : virtual Command
{
void runProgram(ref<Store> store,
const std::string & program,
const Strings & args)
{
stopProgressBar();

restoreSignals();

restoreAffinity();

/* If this is a diverted store (i.e. its "logical" location
(typically /nix/store) differs from its "physical" location
(e.g. /home/eelco/nix/store), then run the command in a
chroot. For non-root users, this requires running it in new
mount and user namespaces. Unfortunately,
unshare(CLONE_NEWUSER) doesn't work in a multithreaded
program (which "nix" is), so we exec() a single-threaded
helper program (chrootHelper() below) to do the work. */
auto store2 = store.dynamic_pointer_cast<LocalStore>();

if (store2 && store->storeDir != store2->realStoreDir) {
Strings helperArgs = { chrootHelperName, store->storeDir, store2->realStoreDir, program };
for (auto & arg : args) helperArgs.push_back(arg);

execv(readLink("/proc/self/exe").c_str(), stringsToCharPtrs(helperArgs).data());

throw SysError("could not execute chroot helper");
}

execvp(program.c_str(), stringsToCharPtrs(args).data());

throw SysError("unable to execute '%s'", program);
}
};

struct CmdRun : InstallablesCommand, RunCommon
{
std::vector<std::string> command = { "bash" };
StringSet keep, unset;
@@ -147,42 +185,59 @@ struct CmdRun : InstallablesCommand

setenv("PATH", concatStringsSep(":", unixPath).c_str(), 1);

std::string cmd = *command.begin();
Strings args;
for (auto & arg : command) args.push_back(arg);

stopProgressBar();
runProgram(store, *command.begin(), args);
}
};

restoreSignals();
static RegisterCommand r1(make_ref<CmdRun>());

restoreAffinity();
struct CmdApp : InstallableCommand, RunCommon
{
CmdApp()
{
}

/* If this is a diverted store (i.e. its "logical" location
(typically /nix/store) differs from its "physical" location
(e.g. /home/eelco/nix/store), then run the command in a
chroot. For non-root users, this requires running it in new
mount and user namespaces. Unfortunately,
unshare(CLONE_NEWUSER) doesn't work in a multithreaded
program (which "nix" is), so we exec() a single-threaded
helper program (chrootHelper() below) to do the work. */
auto store2 = store.dynamic_pointer_cast<LocalStore>();
std::string name() override
{
return "app";
}

if (store2 && store->storeDir != store2->realStoreDir) {
Strings helperArgs = { chrootHelperName, store->storeDir, store2->realStoreDir, cmd };
for (auto & arg : args) helperArgs.push_back(arg);
std::string description() override
{
return "run a Nix application";
}

execv(readLink("/proc/self/exe").c_str(), stringsToCharPtrs(helperArgs).data());
Examples examples() override
{
return {
Example{
"To run Blender:",
"nix app blender-bin"
},
};
}

throw SysError("could not execute chroot helper");
}
Strings getDefaultFlakeAttrPaths() override
{
return {"defaultApp"};
}

execvp(cmd.c_str(), stringsToCharPtrs(args).data());
void run(ref<Store> store) override
{
auto state = getEvalState();

auto app = installable->toApp(*state);

throw SysError("unable to exec '%s'", cmd);
state->realiseContext(app.context);

runProgram(store, app.program, {app.program});
}
};

static RegisterCommand r1(make_ref<CmdRun>());
static RegisterCommand r2(make_ref<CmdApp>());

void chrootHelper(int argc, char * * argv)
{