Last active
January 14, 2019 19:47
-
-
Save ciderale/3a796ff0711c68d4997b013e4e8d0c3d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { user ? "$(whoami)" # or 1234 | |
| }: | |
| with import <nixpkgs> { | |
| config = { | |
| packageOverrides = pkgs: { | |
| nix = pkgs.nix.overrideAttrs(oldAttrs: { | |
| prePatch = '' | |
| substituteInPlace src/libstore/local-store.cc \ | |
| --replace '(eaName == "security.selinux")' \ | |
| '(eaName == "security.selinux" || eaName == "system.nfs4_acl")' | |
| ''; | |
| }); | |
| }; | |
| }; | |
| }; | |
| let | |
| buildWithAcl = runCommand "buildWithAcl" { buildInputs = [ acl ]; } '' | |
| mkdir $out | |
| date > $out/x; | |
| setfacl -m u:${user}:rwx $out/x; | |
| getfacl $out/x; | |
| ''; | |
| expected = writeText "expected" '' | |
| # owner: root | |
| # group: root | |
| user::r-- | |
| group::r-- | |
| other::r-- | |
| ''; | |
| in { | |
| inherit nix buildWithAcl expected; | |
| shell = mkShell { | |
| buildInputs = [nix acl]; | |
| shellHook = '' | |
| function testacl() { | |
| # nix-shell ./fix-fs-attrs.nix -A shell --command 'testacl' | |
| nix-build --option filter-syscalls false ./fix-fs-attrs.nix -A buildWithAcl \ | |
| && getfacl ./result/x | sed -e 1d > actual \ | |
| && cat actual \ | |
| && echo "ACL Removal:" \ | |
| && diff ${expected} actual && echo "successful" || echo "failed" | |
| } | |
| ''; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment