From cdade8e6c5ef4e02f9eaf7047248d00fae7fd805 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 17 Feb 2022 14:08:29 +0100
Subject: vidhar: ...
---
hosts/vidhar/borg/copy.py | 13 +++++++++----
hosts/vidhar/borg/default.nix | 9 ++++++---
hosts/vidhar/borg/pyprctl-packages.nix | 21 +++++++++++++++++++++
3 files changed, 36 insertions(+), 7 deletions(-)
create mode 100644 hosts/vidhar/borg/pyprctl-packages.nix
(limited to 'hosts/vidhar/borg')
diff --git a/hosts/vidhar/borg/copy.py b/hosts/vidhar/borg/copy.py
index 4bfae1cb..9dac86ae 100755
--- a/hosts/vidhar/borg/copy.py
+++ b/hosts/vidhar/borg/copy.py
@@ -21,6 +21,7 @@ from xdg import xdg_runtime_dir
import pathlib
import unshare
+import pyprctl
import signal
from time import sleep
@@ -93,15 +94,19 @@ def copy_archive(src_repo_path, dst_repo_path, entry):
child = os.fork()
if child == 0:
# print('unshare/chroot', file=stderr)
- uid_map_content = f'0 {os.getuid()} 1\n0 0 1'
- gid_map_content = f'0 {os.getgid()} 1\n0 0 1'
+ uid, gid = os.getuid(), os.getgid()
unshare.unshare(unshare.CLONE_NEWNS | unshare.CLONE_NEWUSER)
with open('/proc/self/setgroups', 'w') as setgroups:
setgroups.write('deny')
with open('/proc/self/uid_map', 'w') as uid_map:
- uid_map.write(uid_map_content)
+ uid_map.write(f'0 {uid} 1')
with open('/proc/self/gid_map', 'w') as gid_map:
- gid_map.write(gid_map_content)
+ gid_map.write(f'0 {gid} 1')
+ pyprctl.cap_ambient_raise(pyprctl.Cap.SYS_ADMIN)
+ with open('/proc/self/uid_map', 'w') as uid_map:
+ uid_map.write(f'{uid} {uid} 1')
+ with open('/proc/self/gid_map', 'w') as gid_map:
+ gid_map.write(f'{gid} {gid} 1')
subprocess.run(['mount', '--make-rprivate', '/'], check=True)
chroot = pathlib.Path(tmpdir) / 'chroot'
upper = pathlib.Path(tmpdir) / 'upper'
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 170ef65d..71c0da26 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -43,7 +43,10 @@ let
};
};
- copyBorg = pkgs.stdenv.mkDerivation rec {
+ copyBorg = pkgs.stdenv.mkDerivation (let
+ packageOverrides = pkgs.callPackage ./pyprctl-packages.nix {};
+ inpPython = pkgs.python39.override { inherit packageOverrides; };
+ in rec {
name = "copy";
src = ./copy.py;
@@ -51,7 +54,7 @@ let
buildInputs = with pkgs; [makeWrapper];
- python = pkgs.python39.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare halo]);
+ python = pkgs.python39.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]);
buildPhase = ''
substitute $src copy \
@@ -70,7 +73,7 @@ let
wrapProgram $out/bin/copy \
--prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}
'';
- };
+ });
in {
config = {
services.borgbackup.repos.jotnar = {
diff --git a/hosts/vidhar/borg/pyprctl-packages.nix b/hosts/vidhar/borg/pyprctl-packages.nix
new file mode 100644
index 00000000..d3b4256a
--- /dev/null
+++ b/hosts/vidhar/borg/pyprctl-packages.nix
@@ -0,0 +1,21 @@
+# Generated by pip2nix 0.8.0.dev1
+# See https://github.com/nix-community/pip2nix
+
+{ pkgs, fetchurl, fetchgit, fetchhg }:
+
+self: super: {
+ "pyprctl" = super.buildPythonPackage rec {
+ pname = "pyprctl";
+ version = "0.1.3";
+ src = fetchurl {
+ url = "https://files.pythonhosted.org/packages/bf/5e/62765de39bbce8111fb1f4453a4a804913bf49179fa265fb713ed66c9d15/pyprctl-0.1.3-py3-none-any.whl";
+ sha256 = "1pgif990r92za5rx12mjnq5iiz72d455v0wrawzb73q79w8ya0k3";
+ };
+ format = "wheel";
+ doCheck = false;
+ buildInputs = [];
+ checkInputs = [];
+ nativeBuildInputs = [];
+ propagatedBuildInputs = [];
+ };
+}
--
cgit v1.2.3