|
| 1 | +diff --git a/src/client/opamInitDefaults.ml b/src/client/opamInitDefaults.ml |
| 2 | +index 5e6456023..861b49940 100644 |
| 3 | +--- a/src/client/opamInitDefaults.ml |
| 4 | ++++ b/src/client/opamInitDefaults.ml |
| 5 | +@@ -38,6 +38,9 @@ let eval_variables = |
| 6 | + let os_filter os = |
| 7 | + FOp (FIdent ([], OpamVariable.of_string "os", None), `Eq, FString os) |
| 8 | + |
| 9 | ++let os_distribution_filter distro = |
| 10 | ++ FOp (FIdent ([], OpamVariable.of_string "os-distribution", None), `Eq, FString distro) |
| 11 | ++ |
| 12 | + let linux_filter = os_filter "linux" |
| 13 | + let macos_filter = os_filter "macos" |
| 14 | + let openbsd_filter = os_filter "openbsd" |
| 15 | +@@ -51,6 +54,7 @@ let win32_filter = os_filter "win32" |
| 16 | + let not_win32_filter = |
| 17 | + FOp (FIdent ([], OpamVariable.of_string "os", None), `Neq, FString "win32") |
| 18 | + let sandbox_filter = FOr (linux_filter, macos_filter) |
| 19 | ++let nixos_filter = os_distribution_filter "nixos" |
| 20 | + |
| 21 | + let gtar_filter = openbsd_filter |
| 22 | + let tar_filter = FNot gtar_filter |
| 23 | +@@ -69,6 +73,11 @@ let sandbox_wrappers = |
| 24 | + |
| 25 | + let wrappers ~sandboxing () = |
| 26 | + let w = OpamFile.Wrappers.empty in |
| 27 | ++ let w = { w with |
| 28 | ++ OpamFile.Wrappers. |
| 29 | ++ pre_build = [[CString "%{hooks}%/shebangs.sh", None], Some nixos_filter]; |
| 30 | ++ } |
| 31 | ++ in |
| 32 | + if sandboxing then |
| 33 | + List.fold_left OpamFile.Wrappers.(fun w -> function |
| 34 | + | `build wrap_build -> { w with wrap_build } |
| 35 | +@@ -147,6 +156,7 @@ let required_packages_for_cygwin = |
| 36 | + let init_scripts () = [ |
| 37 | + ("sandbox.sh", OpamScript.bwrap), Some bwrap_filter; |
| 38 | + ("sandbox.sh", OpamScript.sandbox_exec), Some macos_filter; |
| 39 | ++ ("shebangs.sh", OpamScript.patch_shebangs), Some nixos_filter; |
| 40 | + ] |
| 41 | + |
| 42 | + module I = OpamFile.InitConfig |
| 43 | +diff --git a/src/state/opamScript.mli b/src/state/opamScript.mli |
| 44 | +index 8bfe74d0e..84f6b688f 100644 |
| 45 | +--- a/src/state/opamScript.mli |
| 46 | ++++ b/src/state/opamScript.mli |
| 47 | +@@ -20,3 +20,4 @@ val env_hook : string |
| 48 | + val env_hook_zsh : string |
| 49 | + val env_hook_csh : string |
| 50 | + val env_hook_fish : string |
| 51 | ++val patch_shebangs : string |
| 52 | +diff --git a/src/state/shellscripts/patch_shebangs.sh b/src/state/shellscripts/patch_shebangs.sh |
| 53 | +new file mode 100644 |
| 54 | +index 000000000..e74a55970 |
| 55 | +--- /dev/null |
| 56 | ++++ b/src/state/shellscripts/patch_shebangs.sh |
| 57 | +@@ -0,0 +1,73 @@ |
| 58 | ++#!/usr/bin/env bash |
| 59 | ++# This setup hook causes the fixup phase to rewrite all script |
| 60 | ++# interpreter file names (`#! /path') to paths found in $PATH. E.g., |
| 61 | ++# /bin/sh will be rewritten to /nix/store/<hash>-some-bash/bin/sh. |
| 62 | ++# /usr/bin/env gets special treatment so that ".../bin/env python" is |
| 63 | ++# rewritten to /nix/store/<hash>/bin/python. Interpreters that are |
| 64 | ++# already in the store are left untouched. |
| 65 | ++ |
| 66 | ++header() { echo "$1"; } |
| 67 | ++stopNest() { true; } |
| 68 | ++ |
| 69 | ++fixupOutputHooks+=('if [ -z "${dontPatchShebangs-}" -a -e "$prefix" ]; then patchShebangs "$prefix"; fi') |
| 70 | ++ |
| 71 | ++patchShebangs() { |
| 72 | ++ local dir="$1" |
| 73 | ++ header "patching script interpreter paths in $dir" |
| 74 | ++ local f |
| 75 | ++ local oldPath |
| 76 | ++ local newPath |
| 77 | ++ local arg0 |
| 78 | ++ local args |
| 79 | ++ local oldInterpreterLine |
| 80 | ++ local newInterpreterLine |
| 81 | ++ |
| 82 | ++ find "$dir" -type f -perm -0100 | while read f; do |
| 83 | ++ if [ "$(head -1 "$f" | head -c+2)" != '#!' ]; then |
| 84 | ++ # missing shebang => not a script |
| 85 | ++ continue |
| 86 | ++ fi |
| 87 | ++ |
| 88 | ++ oldInterpreterLine=$(head -1 "$f" | tail -c+3) |
| 89 | ++ read -r oldPath arg0 args <<< "$oldInterpreterLine" |
| 90 | ++ |
| 91 | ++ if $(echo "$oldPath" | grep -q "/bin/env$"); then |
| 92 | ++ # Check for unsupported 'env' functionality: |
| 93 | ++ # - options: something starting with a '-' |
| 94 | ++ # - environment variables: foo=bar |
| 95 | ++ if $(echo "$arg0" | grep -q -- "^-.*\|.*=.*"); then |
| 96 | ++ echo "unsupported interpreter directive \"$oldInterpreterLine\" (set dontPatchShebangs=1 and handle shebang patching yourself)" |
| 97 | ++ exit 1 |
| 98 | ++ fi |
| 99 | ++ newPath="$(command -v "$arg0" || true)" |
| 100 | ++ else |
| 101 | ++ if [ "$oldPath" = "" ]; then |
| 102 | ++ # If no interpreter is specified linux will use /bin/sh. Set |
| 103 | ++ # oldpath="/bin/sh" so that we get /nix/store/.../sh. |
| 104 | ++ oldPath="/bin/sh" |
| 105 | ++ fi |
| 106 | ++ newPath="$(command -v "$(basename "$oldPath")" || true)" |
| 107 | ++ args="$arg0 $args" |
| 108 | ++ fi |
| 109 | ++ |
| 110 | ++ # Strip trailing whitespace introduced when no arguments are present |
| 111 | ++ newInterpreterLine="$(echo "$newPath $args" | sed 's/[[:space:]]*$//')" |
| 112 | ++ |
| 113 | ++ if [ -n "$oldPath" -a "${oldPath:0:${#NIX_STORE}}" != "$NIX_STORE" ]; then |
| 114 | ++ if [ -n "$newPath" -a "$newPath" != "$oldPath" ]; then |
| 115 | ++ echo "$f: interpreter directive changed from \"$oldInterpreterLine\" to \"$newInterpreterLine\"" |
| 116 | ++ # escape the escape chars so that sed doesn't interpret them |
| 117 | ++ escapedInterpreterLine=$(echo "$newInterpreterLine" | sed 's|\\|\\\\|g') |
| 118 | ++ # Preserve times, see: https://github.com/NixOS/nixpkgs/pull/33281 |
| 119 | ++ touch -r "$f" "$f.timestamp" |
| 120 | ++ sed -i -e "1 s|.*|#\!$escapedInterpreterLine|" "$f" |
| 121 | ++ touch -r "$f.timestamp" "$f" |
| 122 | ++ rm "$f.timestamp" |
| 123 | ++ fi |
| 124 | ++ fi |
| 125 | ++ done |
| 126 | ++ |
| 127 | ++ stopNest |
| 128 | ++} |
| 129 | ++ |
| 130 | ++patchShebangs . |
0 commit comments