bin/bwrap: update from original script
This commit is contained in:
parent
99969f1b8a
commit
c05405abd8
SSH key fingerprint:
SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
1 changed files with 55 additions and 31 deletions
|
|
@ -1,49 +1,60 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
# Modified from https://git.sr.ht/~fd/nix-configs/tree/19a4ffaa09b8bf65eae2962b1efead86c19ea54f/item/ssh-wrap.sh
|
||||||
|
|
||||||
if [ "$(uname)" != "Linux" ]; then
|
DEFAULT_COMMAND=zsh
|
||||||
exit 0
|
FALLBACK_COMMAND=bash
|
||||||
fi
|
SAFEWORD=nonix
|
||||||
|
NIXDIR=${NIXDIR-$HOME/scratch/nix}
|
||||||
if [ -z ${NIXDIR+x} ]; then
|
|
||||||
echo "NIXDIR is unset! It needs to be set in the code. Edit this shell file and read the instructions."
|
|
||||||
echo "Executing bash without Bubblewrap…"
|
|
||||||
exec bash
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -e $NIXDIR ]; then
|
|
||||||
echo "NIXDIR doesn't point to a valid location! Falling back to Bash"
|
|
||||||
exec bash
|
|
||||||
fi
|
|
||||||
|
|
||||||
_bind() {
|
_bind() {
|
||||||
_bind_arg=$1
|
_bind_arg=$1
|
||||||
shift
|
shift
|
||||||
for _path in "$@"; do
|
for _path in "$@"; do
|
||||||
args+=("$_bind_arg" "$_path" "$_path")
|
args+=("$_bind_arg" "$_path" "$_path")
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
bind() {
|
bind() {
|
||||||
_bind --bind-try "$@"
|
_bind --bind-try "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
robind() {
|
robind() {
|
||||||
_bind --ro-bind-try "$@"
|
_bind --ro-bind-try "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
devbind() {
|
devbind() {
|
||||||
_bind --dev-bind-try "$@"
|
_bind --dev-bind-try "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
args=(
|
if [[ "$SSH_ORIGINAL_COMMAND" == "" ]]; then
|
||||||
--bind $NIXDIR /nix
|
SSH_ORIGINAL_COMMAND=$DEFAULT_COMMAND
|
||||||
--chdir $HOME
|
fi
|
||||||
)
|
|
||||||
|
|
||||||
bind \
|
if [[ "$SSH_ORIGINAL_COMMAND" == "$SAFEWORD" ]]; then
|
||||||
$HOME
|
exec $FALLBACK_COMMAND
|
||||||
|
fi
|
||||||
|
|
||||||
devbind \
|
if type bwrap &>/dev/null; then
|
||||||
|
if [ -z ${NIXDIR+x} ]; then
|
||||||
|
echo "NIXDIR is unset! It needs to be set in the code. Edit this shell file and read the instructions."
|
||||||
|
echo "Executing fallback without Bubblewrap…"
|
||||||
|
exec $FALLBACK_COMMAND
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -e "$NIXDIR" ]; then
|
||||||
|
echo "NIXDIR doesn't point to a valid location! Falling back"
|
||||||
|
exec $FALLBACK_COMMAND
|
||||||
|
fi
|
||||||
|
|
||||||
|
args=(
|
||||||
|
--bind "$NIXDIR" /nix
|
||||||
|
# --chdir $HOME
|
||||||
|
)
|
||||||
|
|
||||||
|
bind \
|
||||||
|
"$HOME"
|
||||||
|
|
||||||
|
devbind \
|
||||||
/dev \
|
/dev \
|
||||||
/proc \
|
/proc \
|
||||||
/tmp \
|
/tmp \
|
||||||
|
|
@ -54,6 +65,7 @@ devbind \
|
||||||
/boot \
|
/boot \
|
||||||
/etc \
|
/etc \
|
||||||
/home \
|
/home \
|
||||||
|
/homes \
|
||||||
/lib \
|
/lib \
|
||||||
/lib32 \
|
/lib32 \
|
||||||
/lib64 \
|
/lib64 \
|
||||||
|
|
@ -62,6 +74,18 @@ devbind \
|
||||||
/usr \
|
/usr \
|
||||||
/var
|
/var
|
||||||
|
|
||||||
[[ -f "$HOME/.bwrap-extra.bash" ]] && source "$HOME/.bwrap-extra.bash"
|
[[ -f "$HOME/.bwrap-extra.bash" ]] && source "$HOME/.bwrap-extra.bash"
|
||||||
|
|
||||||
exec bwrap "${args[@]}" "$@"
|
bwrap "${args[@]}" $FALLBACK_COMMAND -c "
|
||||||
|
. ${XDG_STATE_HOME-$HOME/.local/state}/nix/profile/etc/profile.d/nix.sh
|
||||||
|
exec ${SSH_ORIGINAL_COMMAND}
|
||||||
|
"
|
||||||
|
|
||||||
|
status=$?
|
||||||
|
if [[ $status != 0 ]]; then
|
||||||
|
echo "bwrap exited uncleanly, falling back"
|
||||||
|
exec ${FALLBACK_COMMAND}
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
exec ${SSH_ORIGINAL_COMMAND}
|
||||||
|
fi
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue