Merge pull request #12 from cachix/sandbox

Turn on daemon (multi-user) mode
This commit is contained in:
Domen Kožar 2019-11-19 11:29:33 +01:00 committed by GitHub
commit addc7fa7a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 20 deletions

View File

@ -20,15 +20,11 @@ const core = __importStar(require("@actions/core"));
const exec = __importStar(require("@actions/exec")); const exec = __importStar(require("@actions/exec"));
const tc = __importStar(require("@actions/tool-cache")); const tc = __importStar(require("@actions/tool-cache"));
const os_1 = require("os"); const os_1 = require("os");
const fs_1 = require("fs");
function run() { function run() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
try { try {
const home = os_1.homedir();
const { username } = os_1.userInfo();
const PATH = process.env.PATH; const PATH = process.env.PATH;
const INSTALL_PATH = '/opt/nix'; const INSTALL_PATH = '/opt/nix';
const CERTS_PATH = home + '/.nix-profile/etc/ssl/certs/ca-bundle.crt';
// Workaround a segfault: https://github.com/NixOS/nix/issues/2733 // Workaround a segfault: https://github.com/NixOS/nix/issues/2733
yield exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]); yield exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]);
yield exec.exec("sudo", ["sh", "-c", "echo http2 = false >> /etc/nix/nix.conf"]); yield exec.exec("sudo", ["sh", "-c", "echo http2 = false >> /etc/nix/nix.conf"]);
@ -39,16 +35,22 @@ function run() {
yield exec.exec("sudo", ["sh", "-c", `echo \"nix\t${INSTALL_PATH}\" >> /etc/synthetic.conf`]); yield exec.exec("sudo", ["sh", "-c", `echo \"nix\t${INSTALL_PATH}\" >> /etc/synthetic.conf`]);
yield exec.exec("sudo", ["sh", "-c", `mkdir -m 0755 ${INSTALL_PATH} && chown runner ${INSTALL_PATH}`]); yield exec.exec("sudo", ["sh", "-c", `mkdir -m 0755 ${INSTALL_PATH} && chown runner ${INSTALL_PATH}`]);
yield exec.exec("/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util", ["-B"]); yield exec.exec("/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util", ["-B"]);
// Needed for sudo to pass NIX_IGNORE_SYMLINK_STORE
yield exec.exec("sudo", ["sh", "-c", "echo 'Defaults env_keep += NIX_IGNORE_SYMLINK_STORE' >> /etc/sudoers"]);
core.exportVariable('NIX_IGNORE_SYMLINK_STORE', "1"); core.exportVariable('NIX_IGNORE_SYMLINK_STORE', "1");
// Needed for nix-daemon installation
yield exec.exec("sudo", ["launchctl", "setenv", "NIX_IGNORE_SYMLINK_STORE", "1"]);
} }
// Needed due to multi-user being too defensive
core.exportVariable('ALLOW_PREEXISTING_INSTALLATION', "1");
// TODO: retry due to all the things that go wrong // TODO: retry due to all the things that go wrong
const nixInstall = yield tc.downloadTool('https://nixos.org/nix/install'); const nixInstall = yield tc.downloadTool('https://nixos.org/nix/install');
yield exec.exec("sh", [nixInstall]); yield exec.exec("sh", [nixInstall, "--daemon"]);
core.exportVariable('PATH', `${PATH}:${home}/.nix-profile/bin`); core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin`);
core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/${username}/channels`); core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/root/channels`);
if (os_1.type() == "Darwin") {
// macOS needs certificates hints // macOS needs certificates hints
if (fs_1.existsSync(CERTS_PATH)) { core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt');
core.exportVariable('NIX_SSL_CERT_FILE', CERTS_PATH);
} }
} }
catch (error) { catch (error) {

View File

@ -6,11 +6,8 @@ import {existsSync} from 'fs';
async function run() { async function run() {
try { try {
const home = homedir();
const {username} = userInfo();
const PATH = process.env.PATH; const PATH = process.env.PATH;
const INSTALL_PATH = '/opt/nix'; const INSTALL_PATH = '/opt/nix';
const CERTS_PATH = home + '/.nix-profile/etc/ssl/certs/ca-bundle.crt';
// Workaround a segfault: https://github.com/NixOS/nix/issues/2733 // Workaround a segfault: https://github.com/NixOS/nix/issues/2733
await exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]); await exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]);
@ -24,18 +21,26 @@ async function run() {
await exec.exec("sudo", ["sh", "-c", `echo \"nix\t${INSTALL_PATH}\" >> /etc/synthetic.conf`]); await exec.exec("sudo", ["sh", "-c", `echo \"nix\t${INSTALL_PATH}\" >> /etc/synthetic.conf`]);
await exec.exec("sudo", ["sh", "-c", `mkdir -m 0755 ${INSTALL_PATH} && chown runner ${INSTALL_PATH}`]); await exec.exec("sudo", ["sh", "-c", `mkdir -m 0755 ${INSTALL_PATH} && chown runner ${INSTALL_PATH}`]);
await exec.exec("/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util", ["-B"]); await exec.exec("/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util", ["-B"]);
// Needed for sudo to pass NIX_IGNORE_SYMLINK_STORE
await exec.exec("sudo", ["sh", "-c", "echo 'Defaults env_keep += NIX_IGNORE_SYMLINK_STORE' >> /etc/sudoers"]);
core.exportVariable('NIX_IGNORE_SYMLINK_STORE', "1"); core.exportVariable('NIX_IGNORE_SYMLINK_STORE', "1");
// Needed for nix-daemon installation
await exec.exec("sudo", ["launchctl", "setenv", "NIX_IGNORE_SYMLINK_STORE", "1"]);
} }
// Needed due to multi-user being too defensive
core.exportVariable('ALLOW_PREEXISTING_INSTALLATION', "1");
// TODO: retry due to all the things that go wrong // TODO: retry due to all the things that go wrong
const nixInstall = await tc.downloadTool('https://nixos.org/nix/install'); const nixInstall = await tc.downloadTool('https://nixos.org/nix/install');
await exec.exec("sh", [nixInstall]); await exec.exec("sh", [nixInstall, "--daemon"]);
core.exportVariable('PATH', `${PATH}:${home}/.nix-profile/bin`) core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin`)
core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/${username}/channels`) core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/root/channels`)
if (type() == "Darwin") {
// macOS needs certificates hints // macOS needs certificates hints
if (existsSync(CERTS_PATH)) { core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt');
core.exportVariable('NIX_SSL_CERT_FILE', CERTS_PATH);
} }
} catch (error) { } catch (error) {
core.setFailed(`Action failed with error: ${error}`); core.setFailed(`Action failed with error: ${error}`);