Propagate the user and group names of the calling user

2021-04-04 14:51:03 +02:00 · 2021-04-04 14:51:03 +02:00 · b796c4336d
parent 5cea3900eb
commit b796c4336d
12 changed files with 44 additions and 3 deletions
--- a/nixproc/backends/bsdrc/build-bsdrc-env.nix
+++ b/nixproc/backends/bsdrc/build-bsdrc-env.nix
@ -9,6 +9,8 @@
 , libDir ? "${stateDir}/lib"
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , exprFile ? null
 , extraParams ? {}
 }@args:
--- a/nixproc/backends/cygrunsrv/build-cygrunsrv-env.nix
+++ b/nixproc/backends/cygrunsrv/build-cygrunsrv-env.nix
@ -9,6 +9,8 @@
 , libDir ? "${stateDir}/lib"
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , extraParams ? {}
 , exprFile ? null
 }@args:
--- a/nixproc/backends/disnix/build-disnix-env.nix
+++ b/nixproc/backends/disnix/build-disnix-env.nix
@ -9,6 +9,8 @@
 , libDir ? "${stateDir}/lib"
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , clientInterface ? (if builtins.getEnv "DISNIX_CLIENT_INTERFACE" == "" then "disnix-run-activity" else builtins.getEnv "DISNIX_CLIENT_INTERFACE")
 , disnixDataDir ? (if builtins.getEnv "DISNIX_DATA_DIR" == "" then throw "Set DISNIX_DATA_DIR to the data directory of Disnix" else builtins.getEnv "DISNIX_DATA_DIR")
 , extraParams ? {}
--- a/nixproc/backends/docker/build-docker-env.nix
+++ b/nixproc/backends/docker/build-docker-env.nix
@ -9,6 +9,8 @@
 , libDir ? "${stateDir}/lib"
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , extraParams ? {}
 , exprFile ? null
 }@args:
--- a/nixproc/backends/launchd/build-launchd-env.nix
+++ b/nixproc/backends/launchd/build-launchd-env.nix
@ -9,6 +9,8 @@
 , lockDir ? "${stateDir}/lock"
 , libDir ? "${stateDir}/lib"
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , extraParams ? {}
 , exprFile ? null
 }@args:
--- a/nixproc/backends/s6-rc/build-s6-rc-env.nix
+++ b/nixproc/backends/s6-rc/build-s6-rc-env.nix
@ -9,6 +9,8 @@
 , libDir ? "${stateDir}/lib"
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , extraParams ? {}
 , exprFile ? null
 , defaultBundleName ? "default"
--- a/nixproc/backends/supervisord/build-supervisord-env.nix
+++ b/nixproc/backends/supervisord/build-supervisord-env.nix
@ -9,6 +9,8 @@
 , libDir ? "${stateDir}/lib"
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , extraParams ? {}
 , exprFile ? null
 }@args:
--- a/nixproc/backends/systemd/build-systemd-env.nix
+++ b/nixproc/backends/systemd/build-systemd-env.nix
@ -9,6 +9,8 @@
 , libDir ? "${stateDir}/lib"
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , extraParams ? {}
 , exprFile ? null
 }@args:
--- a/nixproc/backends/sysvinit/build-sysvinit-env.nix
+++ b/nixproc/backends/sysvinit/build-sysvinit-env.nix
@ -9,6 +9,8 @@
 , libDir ? "${stateDir}/lib"
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
+, callingUser ? null
+, callingGroup ? null
 , extraParams ? {}
 , exprFile ? null
 }@args:
--- a/nixproc/test-driver/agnostic.nix
+++ b/nixproc/test-driver/agnostic.nix
@ -19,9 +19,14 @@ let
        inherit profileSettings exprFile extraParams pkgs system tools;
      };

-      processes = import exprFile ({
+      processesFun = import exprFile;
+      processesFormalArgs = builtins.functionArgs processesFun;
+
+      processesArgs = builtins.intersectAttrs processesFormalArgs ({
        inherit pkgs system processManager;
-      } // extraParams // profileSettings.params);
+      } // profileSettings.params // extraParams);
+
+      processes = processesFun processesArgs;
    in
    with import "${nixpkgs}/nixos/lib/testing-python.nix" { inherit system; };

--- a/nixproc/test-driver/profiles/unprivileged.nix
+++ b/nixproc/test-driver/profiles/unprivileged.nix
@ -3,6 +3,8 @@
    stateDir = "/home/unprivileged/var";
    runtimeDir = "${stateDir}/run";
    forceDisableUserChange = true;
+    callingUser = "unprivileged";
+    callingGroup = "users";
  };

  deployArgs = [ "--state-dir" "/home/unprivileged/var" "--force-disable-user-change" ];
--- a/tools/common/nixproc-build.in
+++ b/tools/common/nixproc-build.in
@ -197,4 +197,20 @@ fi
 NIXPROC=${NIXPROC:-@NIXPROC@}

 # Build the profile
-nix-build $stateDirArg $runtimeDirArg $logDirArg $tmpDirArg $cacheDirArg $spoolDirArg $lockDirArg $libDirArg $forceDisableUserChangeArg $noOutLinkArg $showTraceArg $processManagerArg "${extraParamsArg[@]}" $exprFileArg $NIXPROC/backends/$processManager/build-$processManager-env.nix
+nix-build $stateDirArg \
+  $runtimeDirArg \
+  $logDirArg \
+  $tmpDirArg \
+  $cacheDirArg \
+  $spoolDirArg \
+  $lockDirArg \
+  $libDirArg \
+  $forceDisableUserChangeArg \
+  --argstr callingUser "$(id -un)" \
+  --argstr callingGroup "$(id -gn)" \
+  $noOutLinkArg \
+  $showTraceArg \
+  $processManagerArg \
+  "${extraParamsArg[@]}" \
+  $exprFileArg \
+  $NIXPROC/backends/$processManager/build-$processManager-env.nix