From 1b575dbd79682cb347140ac9b45996d1f3abe501 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 5 Oct 2019 18:32:22 +0200 Subject: [PATCH] nixos/firejail: use local runCommand Also: - use `runtimeShell`; and - remove unused `makeWrapper` input; and - `exec()` to shed wrapping shell --- nixos/modules/programs/firejail.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/nixos/modules/programs/firejail.nix b/nixos/modules/programs/firejail.nix index 5e53f733794..484f9eb4440 100644 --- a/nixos/modules/programs/firejail.nix +++ b/nixos/modules/programs/firejail.nix @@ -5,20 +5,20 @@ with lib; let cfg = config.programs.firejail; - wrappedBins = pkgs.stdenv.mkDerivation { - name = "firejail-wrapped-binaries"; - nativeBuildInputs = with pkgs; [ makeWrapper ]; - buildCommand = '' + wrappedBins = pkgs.runCommand "firejail-wrapped-binaries" + { preferLocalBuild = true; + allowSubstitutes = false; + } + '' mkdir -p $out/bin ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: '' - cat <<_EOF >$out/bin/${command} - #!${pkgs.stdenv.shell} -e - /run/wrappers/bin/firejail ${binary} "\$@" - _EOF - chmod 0755 $out/bin/${command} + cat <<_EOF >$out/bin/${command} + #! ${pkgs.runtimeShell} -e + exec /run/wrappers/bin/firejail ${binary} "\$@" + _EOF + chmod 0755 $out/bin/${command} '') cfg.wrappedBinaries)} ''; - }; in { options.programs.firejail = {