home: Add buildEnvWithNoChroot to help avoid darwin sandbox failures

Allows setting `__noChroot = true` on select derivations that assemble
large numbers of paths. This may be used to avoid sandbox failures on
darwin, see https://github.com/NixOS/nix/issues/4119 and the `sandbox`
option in `man nix.conf`.

I wish there was a way to do something akin to overlays for config, alas
there is not afaik, so the only way is to add an option. Since this is
opt-in, anyone enabling it thus understands the “risks” of disabling the
sandbox, however the risk for these derivations should be fairly low,
and this allows enabling the sandbox more generally on Darwin, which is
beneficial.

I have only added to the derivations that started giving me problems,
others may suffer from others but these are definitely likely to have
huge dependency lists therefore exposing the problem.

Despite this being intended only for use on Darwin, it is left somewhat
generic and thus up to the user to do set it to e.g.
`stdenv.hostPlatform.isDarwin`.
This commit is contained in:
Andrew Marshall 2023-03-01 21:26:39 -05:00
parent b787726a84
commit 8b196b54cb
3 changed files with 25 additions and 10 deletions

View file

@ -474,6 +474,14 @@ in
'';
};
home.buildEnvWithNoChroot = mkEnableOption ''
Sets <code>__noChroot = true</code> on select <code>buildEnv</code>
derivations that assemble large numbers of paths, as well the activation
script derivations. This may be used to avoid sandbox failures on Darwin,
see https://github.com/NixOS/nix/issues/4119 and the <code>sandbox</code>
option in <command>man nix.conf</command>.
'';
home.preferXdgDirectories = mkEnableOption "" // {
description = ''
Whether to make programs use XDG directories whenever supported.
@ -701,7 +709,7 @@ in
)
+ optionalString (!cfg.emptyActivationPath) "\${PATH:+:}$PATH";
activationScript = pkgs.writeShellScript "activation-script" ''
activationScript = (pkgs.writeShellScript "activation-script" ''
set -eu
set -o pipefail
@ -718,9 +726,11 @@ in
fi
${activationCmds}
'';
'').overrideAttrs (old: {
__noChroot = cfg.buildEnvWithNoChroot;
});
in
pkgs.runCommand
(pkgs.runCommand
"home-manager-generation"
{
preferLocalBuild = true;
@ -742,9 +752,11 @@ in
ln -s ${cfg.path} $out/home-path
${cfg.extraBuilderCommands}
'';
'').overrideAttrs (old: {
__noChroot = cfg.buildEnvWithNoChroot;
});
home.path = pkgs.buildEnv {
home.path = (pkgs.buildEnv {
name = "home-manager-path";
paths = cfg.packages;
@ -755,6 +767,8 @@ in
meta = {
description = "Environment of packages installed through home-manager";
};
};
}).overrideAttrs (old: {
__noChroot = cfg.buildEnvWithNoChroot;
});
};
}

View file

@ -4,11 +4,11 @@ with lib;
let
homeDir = config.home.homeDirectory;
fontsEnv = pkgs.buildEnv {
fontsEnv = (pkgs.buildEnv {
name = "home-manager-fonts";
paths = config.home.packages;
pathsToLink = "/share/fonts";
};
}).overrideAttrs (old: { __noChroot = config.home.buildEnvWithNoChroot; });
fonts = "${fontsEnv}/share/fonts";
installDir = "${homeDir}/Library/Fonts/HomeManager";
in {

View file

@ -4,11 +4,12 @@
config = lib.mkIf pkgs.stdenv.hostPlatform.isDarwin {
# Install MacOS applications to the user environment.
home.file."Applications/Home Manager Apps".source = let
apps = pkgs.buildEnv {
apps = (pkgs.buildEnv {
name = "home-manager-applications";
paths = config.home.packages;
pathsToLink = "/Applications";
};
}).overrideAttrs
(old: { __noChroot = config.home.buildEnvWithNoChroot; });
in "${apps}/Applications";
};
}