Nix-user-chroot: rust-rewrite


#1

Since the original author was unresponsive and the project was missing a license, we re-wrote nix-user-chroot in Rust.

The project now also features statically-linked binaries and also nix can be now used in sandbox mode.


#2

If somebody wants to get their hands on Rust. There is now also a wishlist for features:


#3

It remembers me the nix.rs project…


#4

Could this be accomplished without a special tool by installing Nix to a custom location and using Nix’s builtin chroot --store?


#5

The idea is that you cannot create /nix/ without root permissions therefore you also do not have nix installed. You could maybe compile nix yourself and install it to a different prefix. However nix-user-chroot is easier to install.


#6

FWIW, I actually have a project based on some of the code from nix-user-chroot, which can package arbitrary Nix closures into makeself packages that can be deployed anywhere.

I originally asked Luca what license I could release it under, because at the time there was no license and even a verbal grant would have been nice, although to my memory he didn’t really give me an explicit agreement, just said “whatever you think is fine”. I never released this project because for something like a Linux distribution (and tooling by contributors, even 3rd parties) flying fast and loose here didn’t seem appropriate; the code was also a complete mess, on top of that.

nix-user-chroot might be a better starting point for re-releasing this, since the C code involved in mine is essentially a cleaned up version of Luca’s, but should otherwise be very replaceable without impacting much else. (I think one nice feature would be if a crate could be exposed for library consumption, for this case – in particular I need a little extra code surrounding things to make it all work.)

In any case, much appreciated for releasing this, it’s a useful tool – perhaps I can restart work on nix-makeself


#7

I also thought about the library use case to make it easier to integrate it into other systems, let’s say CI.
At the moment the project is just a raw translation of the old implementation + sandbox support.
I plan to change the interface to the user a bit and automate the installation of nix itself.
For a library also need to convert the current error handling with a proper Result type.
That would be the second iteration of the project. However I think it already has some value to users as it is, which is why I released it.