Skip to content

Instantly share code, notes, and snippets.

@Kreyren

Kreyren/gist:308b0a4b99ac998192f30da52623162c

Created November 8, 2021 10:31
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Kreyren/308b0a4b99ac998192f30da52623162c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Kreyren/308b0a4b99ac998192f30da52623162c to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Kreyren created this gist Nov 8, 2021.
    105 changes: 105 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,105 @@
    λ nix shell nixpkgs#steam-run-native nixpkgs#bashInteractive -c bash

    [~]$ cat "$(command -v steam-run)"
    #!/nix/store/phqa311klldrcbwid1i22dwnpfc9dnma-bash-5.1-p8/bin/bash
    blacklist=(/nix /dev /proc /etc)
    ro_mounts=()
    symlinks=()
    for i in /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/*; do
    path="/${i##*/}"
    if [[ $path == '/etc' ]]; then
    :
    elif [[ -L $i ]]; then
    symlinks+=(--symlink "$(/nix/store/qmn7m3wk8b1v1ljhb2dzyjh41d6ingp6-coreutils-9.0/bin/readlink "$i")" "$path")
    blacklist+=("$path")
    else
    ro_mounts+=(--ro-bind "$i" "$path")
    blacklist+=("$path")
    fi
    done

    if [[ -d /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/etc ]]; then
    for i in /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/etc/*; do
    path="/${i##*/}"
    # NOTE: we're binding /etc/fonts and /etc/ssl/certs from the host so we
    # don't want to override it with a path from the FHS environment.
    if [[ $path == '/fonts' || $path == '/ssl' ]]; then
    continue
    fi
    ro_mounts+=(--ro-bind "$i" "/etc$path")
    done
    fi

    declare -a auto_mounts
    # loop through all directories in the root
    for dir in /*; do
    # if it is a directory and it is not in the blacklist
    if [[ -d "$dir" ]] && [[ ! "${blacklist[@]}" =~ "$dir" ]]; then
    # add it to the mount list
    auto_mounts+=(--bind "$dir" "$dir")
    fi
    done

    cmd=(
    /nix/store/qyypaxg1yawp42jljl3jrhv0f37vp3gk-bubblewrap-0.5.0/bin/bwrap
    --dev-bind /dev /dev
    --proc /proc
    --chdir "$(pwd)"
    --unshare-user



    --unshare-uts
    --unshare-cgroup
    --die-with-parent
    --ro-bind /nix /nix
    # Our glibc will look for the cache in its own path in `/nix/store`.
    # As such, we need a cache to exist there, because pressure-vessel
    # depends on the existence of an ld cache. However, adding one
    # globally proved to be a bad idea (see #100655), the solution we
    # settled on being mounting one via bwrap.
    # Also, the cache needs to go to both 32 and 64 bit glibcs, for games
    # of both architectures to work.
    --tmpfs /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc \
    --symlink /etc/ld.so.conf /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/ld.so.conf \
    --symlink /etc/ld.so.cache /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/ld.so.cache \
    --ro-bind /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/rpc /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/rpc \
    --remount-ro /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc \
    --tmpfs /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc \
    --symlink /etc/ld.so.conf /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/ld.so.conf \
    --symlink /etc/ld.so.cache /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/ld.so.cache \
    --ro-bind /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/rpc /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/rpc \
    --remount-ro /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc \
    --ro-bind-try /etc/static /etc/static
    --ro-bind-try /etc/nix /etc/nix
    --ro-bind-try /etc/bashrc /etc/bashrc
    --ro-bind-try /etc/zshenv /etc/zshenv
    --ro-bind-try /etc/zshrc /etc/zshrc
    --ro-bind-try /etc/zinputrc /etc/zinputrc
    --ro-bind-try /etc/zprofile /etc/zprofile
    --ro-bind-try /etc/passwd /etc/passwd
    --ro-bind-try /etc/group /etc/group
    --ro-bind-try /etc/shadow /etc/shadow
    --ro-bind-try /etc/hosts /etc/hosts
    --ro-bind-try /etc/resolv.conf /etc/resolv.conf
    --ro-bind-try /etc/nsswitch.conf /etc/nsswitch.conf
    --ro-bind-try /etc/profiles /etc/profiles
    --ro-bind-try /etc/login.defs /etc/login.defs
    --ro-bind-try /etc/sudoers /etc/sudoers
    --ro-bind-try /etc/sudoers.d /etc/sudoers.d
    --ro-bind-try /etc/localtime /etc/localtime
    --ro-bind-try /etc/zoneinfo /etc/zoneinfo
    --ro-bind-try /etc/machine-id /etc/machine-id
    --ro-bind-try /etc/os-release /etc/os-release
    --ro-bind-try /etc/pam.d /etc/pam.d
    --ro-bind-try /etc/fonts /etc/fonts
    --ro-bind-try /etc/alsa /etc/alsa
    --ro-bind-try /etc/asound.conf /etc/asound.conf
    --ro-bind-try /etc/ssl/certs /etc/ssl/certs
    --ro-bind-try /etc/pki /etc/pki
    "${ro_mounts[@]}"
    "${symlinks[@]}"
    "${auto_mounts[@]}"
    /nix/store/chj84h84j2wcf3a0b4lrys31bm28zhym-steam-run-init/bin/steam-run-init "$@"
    )
    exec "${cmd[@]}"