From 7a01374bf324cd979559fcebe49b71fe8e948da5 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 22 Apr 2015 15:46:49 +0300
Subject: [PATCH] fhs-chrootenv-env: refactor /etc build and add ssl certs

---
 .../build-support/build-fhs-chrootenv/env.nix | 102 +++++++++---------
 1 file changed, 50 insertions(+), 52 deletions(-)

diff --git a/pkgs/build-support/build-fhs-chrootenv/env.nix b/pkgs/build-support/build-fhs-chrootenv/env.nix
index d80e2869e5e6..f28f68b7a073 100644
--- a/pkgs/build-support/build-fhs-chrootenv/env.nix
+++ b/pkgs/build-support/build-fhs-chrootenv/env.nix
@@ -65,25 +65,56 @@ let
       gnutar gzip bzip2 xz glibcLocales
     ];
 
-  # Compose a global profile for the chroot environment
-  profilePkg = nixpkgs.stdenv.mkDerivation {
-    name         = "${name}-chrootenv-profile";
+  # Compose /etc for the chroot environment
+  etcPkg = nixpkgs.stdenv.mkDerivation {
+    name         = "${name}-chrootenv-etc";
     buildCommand = ''
       mkdir -p $out/etc
-      cat >> $out/etc/profile << "EOF"
+      cd $out/etc
+
+      # environment variables
+      cat >> profile << "EOF"
       export PS1='${name}-chrootenv:\u@\h:\w\$ '
       export LOCALE_ARCHIVE='/usr/lib${if is64Bit then "64" else ""}/locale/locale-archive'
       export LD_LIBRARY_PATH=/run/opengl-driver/lib:/run/opengl-driver-32/lib:/lib:/lib32:/lib64
       export PATH='/bin:/sbin'
       ${profile}
       EOF
+
+      # compatibility with NixOS
+      ln -s /host-etc/static static
+
+      # symlink some NSS stuff
+      ln -s /host-etc/passwd passwd
+      ln -s /host-etc/group group
+      ln -s /host-etc/shadow shadow
+      ln -s /host-etc/hosts hosts
+      ln -s /host-etc/resolv.conf resolv.conf
+      ln -s /host-etc/nsswitch.conf nsswitch.conf
+
+      # symlink other core stuff
+      ln -s /host-etc/localtime localtime
+      ln -s /host-etc/machine-id machine-id
+
+      # symlink PAM stuff
+      ln -s /host-etc/pam.d pam.d
+
+      # symlink fonts stuff
+      ln -s /host-etc/fonts fonts
+
+      # symlink ALSA stuff
+      ln -s /host-etc/asound.conf asound.conf
+
+      # symlink SSL certs
+      mkdir -p ssl
+      ln -s /host-etc/ssl/certs ssl/certs
     '';
   };
 
   # Composes a /usr like directory structure
   staticUsrProfileTarget = nixpkgs.buildEnv {
-    name = "system-profile-target";
-    paths = basePkgs ++ [ profilePkg ] ++ targetPaths;
+    name = "${name}-usr-target";
+    paths = [ etcPkg ] ++ basePkgs ++ targetPaths;
     ignoreCollisions = true;
   };
 
@@ -94,7 +125,7 @@ let
   };
 
   linkProfile = profile: ''
-    for i in ${profile}/{bin,sbin,share,var}; do
+    for i in ${profile}/{bin,sbin,share,var,etc}; do
         if [ -x "$i" ]
         then
             ln -s "$i"
@@ -102,18 +133,6 @@ let
     done
   '';
 
-  # the target profile is the actual profile that will be used for the chroot
-  setupTargetProfile = ''
-    ${linkProfile staticUsrProfileTarget}
-    ${setupLibDirs}
-
-    mkdir -m0755 usr
-    cd usr
-    ${linkProfile staticUsrProfileTarget}
-    ${setupLibDirs}
-    cd ..
-  '';
-
   # this will happen on x86_64 host:
   # /x86         -> links to the whole profile defined by multiPaths
   # /lib, /lib32 -> links to 32bit binaries
@@ -126,9 +145,6 @@ let
     cd ..
   '';
 
-  setupLibDirs = if isTargetBuild then setupLibDirs_target
-                                  else setupLibDirs_multi;
-
   # setup library paths only for the targeted architecture
   setupLibDirs_target = ''
     mkdir -m0755 lib
@@ -163,38 +179,21 @@ let
     cp -rsf ${chosenGcc.cc}/lib64/* lib64/
   '';
 
-  setupEtc = ''
-    mkdir -m0755 etc
+  setupLibDirs = if isTargetBuild then setupLibDirs_target
+                                  else setupLibDirs_multi;
 
-    # copy profile content
-    cp -rsf ${staticUsrProfileTarget}/etc/* etc/ && chmod u+w -R etc/
-    [ -d ${staticUsrProfileMulti}/etc ] && cp -rsf ${staticUsrProfileMulti}/etc/* etc/ && chmod u+w -R etc/
 
-    # compatibility with NixOS
-    ln -s /host-etc/static etc/static
+  # the target profile is the actual profile that will be used for the chroot
+  setupTargetProfile = ''
+    ${linkProfile staticUsrProfileTarget}
+    ${setupLibDirs}
 
-    # symlink some NSS stuff
-    ln -s /host-etc/passwd etc/passwd
-    ln -s /host-etc/group etc/group
-    ln -s /host-etc/shadow etc/shadow
-    ln -s /host-etc/hosts etc/hosts
-    ln -s /host-etc/resolv.conf etc/resolv.conf
-    ln -s /host-etc/nsswitch.conf etc/nsswitch.conf
-
-    # symlink other core stuff
-    ln -s /host-etc/localtime etc/localtime
-    ln -s /host-etc/machine-id etc/machine-id
-
-    # symlink PAM stuff
-    rm -rf etc/pam.d
-    ln -s /host-etc/pam.d etc/pam.d
-
-    # symlink fonts stuff
-    rm -rf etc/fonts
-    ln -s /host-etc/fonts etc/fonts
-
-    # symlink ALSA stuff
-    ln -s /host-etc/asound.conf etc/asound.conf
+    mkdir -m0755 usr
+    cd usr
+    ${linkProfile staticUsrProfileTarget}
+    ${setupLibDirs}
+    cd ..
+    rm -rf usr/etc usr/var
   '';
 
 in nixpkgs.stdenv.mkDerivation {
@@ -204,7 +203,6 @@ in nixpkgs.stdenv.mkDerivation {
     cd $out
     ${setupTargetProfile}
     ${setupMultiProfile}
-    ${setupEtc}
     cd $out
     ${extraBuildCommands}
     cd $out