search

milahu / nixpkgs

Nix Packages collection
MIT License
0 stars 0 forks source link

apt: fix runtime state paths #18

Open milahu opened 6 months ago

milahu commented 6 months ago

currently, apt uses /nix/store paths as default runtime state paths

$ sudo apt update 
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
W: chmod 0700 of directory /nix/store/zrypwimnzv5y7j8bdbsnp6fq2an26b6x-apt-2.7.3/var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (30: Read-only file system)
W: Not using locking for read only lock file /nix/store/zrypwimnzv5y7j8bdbsnp6fq2an26b6x-apt-2.7.3/var/lib/apt/lists/lock
W: No sandbox user '_apt' on the system, can not drop privileges

expected: apt should use FHS paths as default runtime state paths

for example

- /nix/store/zrypwimnzv5y7j8bdbsnp6fq2an26b6x-apt-2.7.3/var/lib/apt
+ /var/lib/apt

running apt on nixos will usually use custom runtime state paths but anyway, the default paths should be fixed

APT_CONFIG=$HOME/.config/apt/apt.conf

$HOME/.config/apt/apt.conf

Dir "/home/user";
Dir::Etc ".config/apt";
Dir::State ".lib/apt";
Dir::Cache ".cache/apt";
APT::Default-Release "unstable";
APT::Sandbox::User "nobody";

the patchPhase could be shorter... this whole block is removed from CMakeLists.txt so this could be done with a regex (perl regex for multiline)

# Create our directories.
install_empty_directories(
  ${CONF_DIR}/apt.conf.d
  ${CONF_DIR}/auth.conf.d
  ${CONF_DIR}/preferences.d
  ${CONF_DIR}/sources.list.d
  ${CONF_DIR}/trusted.gpg.d
  ${CACHE_DIR}/archives/partial
  ${STATE_DIR}/lists/partial
  ${STATE_DIR}/mirrors/partial
  ${STATE_DIR}/periodic
  ${LOG_DIR}
)

https://github.com/milahu/nur-packages/commit/86e6f89b307c4f79b2a3d672affacee9c2b29632

commit 86e6f89b307c4f79b2a3d672affacee9c2b29632
Author: Milan Hauth <milahu@gmail.com>
Date:   Fri Dec 22 15:40:45 2023 +0100

    apt: fix runtime state paths

diff --git a/pkgs/tools/package-management/apt/apt.nix b/pkgs/tools/package-management/apt/apt.nix
index 6991a5a..fd8b53a 100644
--- a/pkgs/tools/package-management/apt/apt.nix
+++ b/pkgs/tools/package-management/apt/apt.nix
@@ -76,6 +76,36 @@ stdenv.mkDerivation rec {
     "-DWITH_DOC=${if withDocs then "ON" else "OFF"}"
   ];

+  # dont use /nix/store for these paths
+  # dont create these paths: /etc/apt/apt.conf.d ...
+  # TODO substituteInPlace with regex? or perl regex?
+  # TODO allow to pass multiple paths instead of $out/libexec/apt
+  # so we can use more handlers than /libexec/apt/methods/http etc
+  postPatch = ''
+    substituteInPlace CMakeLists.txt \
+      --replace '"''${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/apt"' '"/var/lib/apt"' \
+      --replace '"''${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/cache/apt"' '/var/cache/apt' \
+      --replace '"''${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/log/apt"' '/var/log/apt' \
+      --replace '"''${CMAKE_INSTALL_FULL_SYSCONFDIR}/apt"' '/etc/apt' \
+      --replace '"''${CMAKE_INSTALL_FULL_LIBEXECDIR}/apt"' "$out/libexec/apt" \
+      --replace $'  ''${CONF_DIR}/apt.conf.d\n' "" \
+      --replace $'  ''${CONF_DIR}/auth.conf.d\n' "" \
+      --replace $'  ''${CONF_DIR}/preferences.d\n' "" \
+      --replace $'  ''${CONF_DIR}/sources.list.d\n' "" \
+      --replace $'  ''${CONF_DIR}/trusted.gpg.d\n' "" \
+      --replace $'  ''${CACHE_DIR}/archives/partial\n' "" \
+      --replace $'  ''${STATE_DIR}/lists/partial\n' "" \
+      --replace $'  ''${STATE_DIR}/mirrors/partial\n' "" \
+      --replace $'  ''${STATE_DIR}/periodic\n' "" \
+      --replace $'  ''${LOG_DIR}\n' "" \
+      --replace $'\n# Create our directories.\ninstall_empty_directories(\n)\n' ""
+
+    substituteInPlace apt-pkg/init.cc \
+      --replace \
+        'Cnf.CndSet("APT::Sandbox::User", "_apt");' \
+        'Cnf.CndSet("APT::Sandbox::User", "nobody");'
+  '';
+
   meta = with lib; {
     homepage = "https://salsa.debian.org/apt-team/apt";
     description = "Command-line package management tools used on Debian-based systems";