Skip to content

Commit

Permalink
opam: fix opam sandboxing on nixos, cleanup
Browse files Browse the repository at this point in the history 
To make opam sandboxing (via bwrap) work on nixos, the following had been used
here:
  --set OPAM_USER_PATH_RO /run/current-system/sw/bin:/nix/
However, OPAM_USER_PATH_RO has been removed in opam 2.2.0, requiring a
new workaround: ocaml/opam@9b6370d
(Before this commit, executing `opam init` would display that sandboxing fails
with "bwrap: execvp sh: No such file or directory".)

- Removes outdated workarounds for ocp-build and argv0, cleans postInstall
- Fixes link to the changelog which was broken because of "with lib;"

(cherry picked from commit 5a51e70)
  • Loading branch information
@eilvelia @github-actions
eilvelia authored and github-actions[bot] committed Jan 10, 2025
1 parent 72b5f9d commit 5d07610
Showing 1 changed file with 12 additions and 18 deletions.
30 changes: 12 additions & 18 deletions pkgs/development/tools/ocaml/opam/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@

assert lib.versionAtLeast ocaml.version "4.08.0";

stdenv.mkDerivation {
stdenv.mkDerivation (finalAttrs: {
pname = "opam";
version = "2.3.0";

src = fetchurl {
url = "https://github.com/ocaml/opam/releases/download/2.3.0/opam-full-2.3.0.tar.gz";
url = "https://github.com/ocaml/opam/releases/download/${finalAttrs.version}/opam-full-${finalAttrs.version}.tar.gz";
hash = "sha256-UGunaGXcMVtn35qonnq9XBqJen8KkteyaUl0/cUys0Y=";
};

Expand All @@ -23,36 +23,30 @@ stdenv.mkDerivation {
patches = [ ./opam-shebangs.patch ];

preConfigure = ''
patchShebangs src/state/shellscripts
# Fix opam sandboxing on nixos. Remove after opam >= 2.4.0 is released
substituteInPlace src/state/shellscripts/bwrap.sh \
--replace-fail 'for dir in /*; do' 'for dir in /{*,run/current-system/sw}; do'
'';

configureFlags = [ "--with-vendored-deps" "--with-mccs" ];

# Dirty, but apparently ocp-build requires a TERM
makeFlags = ["TERM=screen"];

outputs = [ "out" "installer" ];
setOutputFlags = false;

# change argv0 to "opam" as a workaround for
# https://github.com/ocaml/opam/issues/2142
postInstall = ''
mv $out/bin/opam $out/bin/.opam-wrapped
makeWrapper $out/bin/.opam-wrapped $out/bin/opam \
--argv0 "opam" \
--suffix PATH : ${unzip}/bin:${curl}/bin:${lib.optionalString stdenv.hostPlatform.isLinux "${bubblewrap}/bin:"}${getconf}/bin \
--set OPAM_USER_PATH_RO /run/current-system/sw/bin:/nix/
wrapProgram $out/bin/opam \
--suffix PATH : ${lib.makeBinPath ([ curl getconf unzip ] ++ lib.optionals stdenv.hostPlatform.isLinux [ bubblewrap ])}
$out/bin/opam-installer --prefix=$installer opam-installer.install
'';

doCheck = false;

meta = with lib; {
meta = {
description = "Package manager for OCaml";
homepage = "https://opam.ocaml.org/";
changelog = "https://github.com/ocaml/opam/raw/${version}/CHANGES";
changelog = "https://github.com/ocaml/opam/raw/${finalAttrs.version}/CHANGES";
maintainers = [ ];
license = licenses.lgpl21Only;
platforms = platforms.all;
license = lib.licenses.lgpl21Only;
platforms = lib.platforms.all;
};
}
})

0 comments on commit 5d07610

Please sign in to comment.