The `packagesWith` function expected an attrSet but `packagesWithUpdateScript`
could be passing it a derivation or a list when the attribute path
supplied by user through the `--argstr path` argument pointed to one.
It only worked because derivations are also attrSets and contain their
outputs as attributes, and did not work for lists at all.
Additionally, the improper handling would cause the `src` attribute
to be built in some rare cases (`mkYarnPackage` seems to trigger this).
Rewriting the `packagesWith` function to be inductive with a derivation
as a base case and attrSets and lists as inductive steps is much cleaner
and also fixes the unnecessary build.
It does not make sense to look for derivations within derivations,
not even when `recurseForDerivations` is true. Nix does not do that either:
ebc024df22/src/libexpr/get-drvs.cc (L346-L355)
The patch to set PREFIX needed updating to apply. Rewrite it in a way
that allows submitting upstream. That means we don't hardcode
PREFIX=$out inside the patch but allow the PREFIX to be passed to make
at build time.
the options should not be set as we already change user with service
file, man mpd.conf says "Do not use this option if you start MPD as an
unprivileged user"
The group option actually is not documented at all anymore and probably
no longer exists.
These options get in the way of setting up confinement for the service,
as it would otherwise be pretty straightforward to setup, but even if
mpd is not root it would check the user exists within the chroot which
is more work (need to get nss working):
systemd.services.mpd = {
serviceConfig.BindPaths = [
# mpd state dir
"/var/lib/mpd"
# notify systemd service started up
"/run/systemd/notify"
];
serviceConfig.BindReadOnlyPaths = [
"/path/to/music:/var/lib/mpd/music"
];
# ProtectSystem is not compatible with confinement
serviceConfig.ProtectSystem = lib.mkForce false;
confinement = {
enable = true;
binSh = null;
mode = "chroot-only";
};
};
Systemd ProtectSystem is incompatible with the chroot we make
for confinement. The options is redundant with what we do anyway
so warn if it had been set and advise to disable it.
Merges: https://github.com/NixOS/nixpkgs/pull/87420
At the moment, runing `deluge` with the deluge package installed returns
"No GSettings schemas are installed on the system".
After this patch, XDG_DATA_DIRS includes the gsettings-desktop-schemas,
which means the program actually manages to launch.
