Created
February 2, 2022 19:35
-
-
Save jonringer/a78af81a1491349c0bd272df8f99cd8d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/nix/store/2kh3c4v2vf6d6xg6c9n8zvfpwf3zzwca-bash-5.1-p12/bin/bash | |
| blacklist=(/nix /dev /proc /etc) | |
| ro_mounts=() | |
| symlinks=() | |
| for i in /nix/store/94lx3q3xcb259dajk07faj5hpg8rs8jq-steam-fhs/*; do | |
| path="/${i##*/}" | |
| if [[ $path == '/etc' ]]; then | |
| : | |
| elif [[ -L $i ]]; then | |
| symlinks+=(--symlink "$(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink "$i")" "$path") | |
| blacklist+=("$path") | |
| else | |
| ro_mounts+=(--ro-bind "$i" "$path") | |
| blacklist+=("$path") | |
| fi | |
| done | |
| if [[ -d /nix/store/94lx3q3xcb259dajk07faj5hpg8rs8jq-steam-fhs/etc ]]; then | |
| for i in /nix/store/94lx3q3xcb259dajk07faj5hpg8rs8jq-steam-fhs/etc/*; do | |
| path="/${i##*/}" | |
| # NOTE: we're binding /etc/fonts and /etc/ssl/certs from the host so we | |
| # don't want to override it with a path from the FHS environment. | |
| if [[ $path == '/fonts' || $path == '/ssl' ]]; then | |
| continue | |
| fi | |
| ro_mounts+=(--ro-bind "$i" "/etc$path") | |
| done | |
| fi | |
| declare -a auto_mounts | |
| # loop through all directories in the root | |
| for dir in /*; do | |
| # if it is a directory and it is not in the blacklist | |
| if [[ -d "$dir" ]] && [[ ! "${blacklist[@]}" =~ "$dir" ]]; then | |
| # add it to the mount list | |
| auto_mounts+=(--bind "$dir" "$dir") | |
| fi | |
| done | |
| cmd=( | |
| /nix/store/fajfg4v447m6w7rppah64afbpxknrbwj-bubblewrap-0.5.0/bin/bwrap | |
| --dev-bind /dev /dev | |
| --proc /proc | |
| --chdir "$(pwd)" | |
| --unshare-user | |
| --unshare-uts | |
| --unshare-cgroup | |
| --die-with-parent | |
| --ro-bind /nix /nix | |
| # Our glibc will look for the cache in its own path in `/nix/store`. | |
| # As such, we need a cache to exist there, because pressure-vessel | |
| # depends on the existence of an ld cache. However, adding one | |
| # globally proved to be a bad idea (see #100655), the solution we | |
| # settled on being mounting one via bwrap. | |
| # Also, the cache needs to go to both 32 and 64 bit glibcs, for games | |
| # of both architectures to work. | |
| --tmpfs /nix/store/saw6nkqqqfx5xm1h5cpk7gxnxmw9wk47-glibc-2.33-62/etc \ | |
| --symlink /etc/ld.so.conf /nix/store/saw6nkqqqfx5xm1h5cpk7gxnxmw9wk47-glibc-2.33-62/etc/ld.so.conf \ | |
| --symlink /etc/ld.so.cache /nix/store/saw6nkqqqfx5xm1h5cpk7gxnxmw9wk47-glibc-2.33-62/etc/ld.so.cache \ | |
| --ro-bind /nix/store/saw6nkqqqfx5xm1h5cpk7gxnxmw9wk47-glibc-2.33-62/etc/rpc /nix/store/saw6nkqqqfx5xm1h5cpk7gxnxmw9wk47-glibc-2.33-62/etc/rpc \ | |
| --remount-ro /nix/store/saw6nkqqqfx5xm1h5cpk7gxnxmw9wk47-glibc-2.33-62/etc \ | |
| --tmpfs /nix/store/s5m2qfxli9qqfw844ga91vvkb2xzqz6b-glibc-2.33-62/etc \ | |
| --symlink /etc/ld.so.conf /nix/store/s5m2qfxli9qqfw844ga91vvkb2xzqz6b-glibc-2.33-62/etc/ld.so.conf \ | |
| --symlink /etc/ld.so.cache /nix/store/s5m2qfxli9qqfw844ga91vvkb2xzqz6b-glibc-2.33-62/etc/ld.so.cache \ | |
| --ro-bind /nix/store/s5m2qfxli9qqfw844ga91vvkb2xzqz6b-glibc-2.33-62/etc/rpc /nix/store/s5m2qfxli9qqfw844ga91vvkb2xzqz6b-glibc-2.33-62/etc/rpc \ | |
| --remount-ro /nix/store/s5m2qfxli9qqfw844ga91vvkb2xzqz6b-glibc-2.33-62/etc \ | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/static) /etc/static | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/nix) /etc/nix | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/bashrc) /etc/bashrc | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/zshenv) /etc/zshenv | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/zshrc) /etc/zshrc | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/zinputrc) /etc/zinputrc | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/zprofile) /etc/zprofile | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/passwd) /etc/passwd | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/group) /etc/group | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/shadow) /etc/shadow | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/hosts) /etc/hosts | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/resolv.conf) /etc/resolv.conf | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/nsswitch.conf) /etc/nsswitch.conf | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/profiles) /etc/profiles | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/login.defs) /etc/login.defs | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/sudoers) /etc/sudoers | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/sudoers.d) /etc/sudoers.d | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/localtime) /etc/localtime | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/zoneinfo) /etc/zoneinfo | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/machine-id) /etc/machine-id | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/os-release) /etc/os-release | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/pam.d) /etc/pam.d | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/fonts) /etc/fonts | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/alsa) /etc/alsa | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/asound.conf) /etc/asound.conf | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/ssl/certs) /etc/ssl/certs | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/ca-certificates) /etc/ca-certificates | |
| --ro-bind-try $(/nix/store/vizjhz04x6xl57x2vrpqa52j8q6rkjfh-coreutils-9.0/bin/readlink -f /etc/pki) /etc/pki | |
| "${ro_mounts[@]}" | |
| "${symlinks[@]}" | |
| "${auto_mounts[@]}" | |
| /nix/store/gdhi4ykspmv5zmp6kg1j0x88i1g9n2dd-steam-init/bin/steam-init "$@" | |
| ) | |
| exec "${cmd[@]}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment