[Backport release-24.11] opam: fix opam sandboxing on nixos (#372586)

NixOS · Jan 10, 2025 · 01738ef · 01738ef
2 parents 72b5f9d + 5d07610
commit 01738ef
Showing 1 changed file with 12 additions and 18 deletions.
diff --git a/pkgs/development/tools/ocaml/opam/default.nix b/pkgs/development/tools/ocaml/opam/default.nix
@@ -4,12 +4,12 @@
 
 assert lib.versionAtLeast ocaml.version "4.08.0";
 
-stdenv.mkDerivation {
+stdenv.mkDerivation (finalAttrs: {
   pname = "opam";
   version = "2.3.0";
 
   src = fetchurl {
-    url = "https://github.com/ocaml/opam/releases/download/2.3.0/opam-full-2.3.0.tar.gz";
+    url = "https://github.com/ocaml/opam/releases/download/${finalAttrs.version}/opam-full-${finalAttrs.version}.tar.gz";
     hash = "sha256-UGunaGXcMVtn35qonnq9XBqJen8KkteyaUl0/cUys0Y=";
   };
 
@@ -23,36 +23,30 @@ stdenv.mkDerivation {
   patches = [ ./opam-shebangs.patch ];
 
   preConfigure = ''
-    patchShebangs src/state/shellscripts
+    # Fix opam sandboxing on nixos. Remove after opam >= 2.4.0 is released
+    substituteInPlace src/state/shellscripts/bwrap.sh \
+      --replace-fail 'for dir in /*; do' 'for dir in /{*,run/current-system/sw}; do'
   '';
 
   configureFlags = [ "--with-vendored-deps" "--with-mccs" ];
 
-  # Dirty, but apparently ocp-build requires a TERM
-  makeFlags = ["TERM=screen"];
-
   outputs = [ "out" "installer" ];
   setOutputFlags = false;
 
-  # change argv0 to "opam" as a workaround for
-  # https://github.com/ocaml/opam/issues/2142
   postInstall = ''
-    mv $out/bin/opam $out/bin/.opam-wrapped
-    makeWrapper $out/bin/.opam-wrapped $out/bin/opam \
-      --argv0 "opam" \
-      --suffix PATH : ${unzip}/bin:${curl}/bin:${lib.optionalString stdenv.hostPlatform.isLinux "${bubblewrap}/bin:"}${getconf}/bin \
-      --set OPAM_USER_PATH_RO /run/current-system/sw/bin:/nix/
+    wrapProgram $out/bin/opam \
+      --suffix PATH : ${lib.makeBinPath ([ curl getconf unzip ] ++ lib.optionals stdenv.hostPlatform.isLinux [ bubblewrap ])}
     $out/bin/opam-installer --prefix=$installer opam-installer.install
   '';
 
   doCheck = false;
 
-  meta = with lib; {
+  meta = {
     description = "Package manager for OCaml";
     homepage = "https://opam.ocaml.org/";
-    changelog = "https://github.com/ocaml/opam/raw/${version}/CHANGES";
+    changelog = "https://github.com/ocaml/opam/raw/${finalAttrs.version}/CHANGES";
     maintainers = [ ];
-    license = licenses.lgpl21Only;
-    platforms = platforms.all;
+    license = lib.licenses.lgpl21Only;
+    platforms = lib.platforms.all;
   };
-}
+})