dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/binfmt: add option addEmulatedSystemsToNixSandbox (#354533)

Browse Source
This commit is contained in:
Sandro 2024-11-26 16:35:42 +01:00 committed by GitHub
commit 8e82ef5df1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -830,6 +830,8 @@
Note that first solution of the [official FAQ answer](https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000&row-id=BQhH-2HSQs68Nq2EW91DBA)
is not allowed by the `services.nginx` module's config-checker.
- The new option `boot.binfmt.addEmulatedSystemsToNixSandbox` allows you to skip adding the emulated systems to `nix.settings.extra-platforms`. Now you can emulate foreign binaries locally while only building them on native remote builders.
- The latest available version of Nextcloud is v30 (available as `pkgs.nextcloud30`). The installation logic is as follows:
- If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**)
- If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud29` will be installed by default.

12
nixos/modules/system/boot/binfmt.nix
View File

@ -279,6 +279,16 @@ in {
type = types.listOf (types.enum (builtins.attrNames magics));
};
addEmulatedSystemsToNixSandbox = mkOption {
type = types.bool;
default = true;
example = false;
description = ''
Whether to add the {option}`boot.binfmt.emulatedSystems` to {option}`nix.settings.extra-platforms`.
Disable this to use remote builders for those platforms, while allowing testing binaries locally.
'';
};
preferStaticEmulators = mkOption {
default = false;
description = ''
@ -325,7 +335,7 @@ in {
interpreterSandboxPath = mkDefault (dirOf (dirOf config.interpreter));
} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}")));
}) cfg.emulatedSystems);
nix.settings = lib.mkIf (cfg.emulatedSystems != []) {
nix.settings = lib.mkIf (cfg.addEmulatedSystemsToNixSandbox && cfg.emulatedSystems != []) {
extra-platforms = cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux";
extra-sandbox-paths = let
ruleFor = system: cfg.registrations.${system};