Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 5d357d87ad3dc14bedbfd9e012eae5b8ff85f772^! / . / shell.nix
commit5d357d87ad3dc14bedbfd9e012eae5b8ff85f772[log] [tgz]
authorTim Windelschmidt <tim@monogon.tech>Thu Jul 10 18:47:15 2025 +0200
committerTim Windelschmidt <tim@monogon.tech>Wed Jul 16 21:14:12 2025 +0000
tree1791af9ca36aabd988b8db1c81516debbf9036da
parent2b480f6eb860b94cf96f133f3700e08f18c76c40 [diff] [blame]
treewide: remove FHSEnv

To remove the FHSenv, we have to patch rules_python to use
/usr/bin/env to resolve the path to bash instead of hardcoding it.
Additionally, we now bring a Nix-compatible Bazel 8.

Change-Id: Id51e7748eea6dd77185f43a52fe45b5110ba4a2b
Reviewed-on: https://review.monogon.dev/c/monogon/+/4427
Tested-by: Jenkins CI
Reviewed-by: Jan Schär <jan@monogon.tech>
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Reviewed-by: Leopold Schabel <leo@monogon.tech>

diff --git a/shell.nix b/shell.nix
index 155726c..d57734f 100644
--- a/shell.nix
+++ b/shell.nix

@@ -1,56 +1,16 @@
 # If you're on NixOS, use me! `nix-shell --pure`.
-{ pkgs ? (import ./third_party/nix { }), extraConf ? "" }:
-let
-  wrapper = pkgs.writeScript "wrapper.sh"
-    ''
-      # Fancy colorful PS1 to make people notice easily they're in the Monogon Nix shell.
-      PS1='\[\033]0;\u/monogon:\w\007\]'
-      if type -P dircolors >/dev/null ; then
-        PS1+='\[\033[01;35m\]\u/monogon\[\033[01;36m\] \w \$\[\033[00m\] '
-      fi
-      export PS1
+{ pkgs ? (import ./third_party/nix { }) }:
+pkgs.mkShell {
+  # Let some downstream machinery know we're on NixOS. This is used mostly to
+  # work around Bazel/NixOS interactions.
+  env.MONOGON_NIXOS="yep";
 
-      # Use Nix-provided cert store.
-      export NIX_SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
-      export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
-
-      # Let some downstream machinery know we're on NixOS. This is used mostly to
-      # work around Bazel/NixOS interactions.
-      export MONOGON_NIXOS=yep
-
-      # Convince rules_go to use /bin/bash and not a NixOS store bash which has
-      # no idea how to resolve other things in the nix store once PATH is
-      # stripped by (host_)action_env.
-      export BAZEL_SH=/bin/bash
-
-      # buildFHSEnv makes /etc a tmpfs and symlinks some files from host /etc.
-      # Create some additional symlinks for files we want from host /etc.
-      for i in bazel.bazelrc gitconfig; do
-          if [[ -e "/.host-etc/$i" ]] && [[ ! -e "/etc/$i" ]]; then
-              ln -s "/.host-etc/$i" "/etc/$i"
-          fi
-      done
-
-      ${extraConf}
-
-      # Allow passing a custom command via env since nix-shell doesn't support
-      # this yet: https://github.com/NixOS/nix/issues/534
-      if [ ! -n "$COMMAND" ]; then
-          COMMAND="bash --noprofile --norc"
-      fi
-      exec $COMMAND
-    '';
-in
-(pkgs.buildFHSEnv {
-  name = "monogon-nix";
-  targetPkgs = targetPkgs: with targetPkgs; [
-    bazel-unwrapped # Our custom bazel package based on upstream
-    zlib # Bazel dependency
+  buildInputs = with pkgs; [
+    bazel_8 # Our custom bazel package
     python3 # Workspace status script
     git # Bazel expects git to be available
     gnupg # our gopass integration requires gpg in the PATH
     niv # For updating third_party/nix
     google-cloud-sdk # Pushing containers to GCR
   ];
-  runScript = wrapper;
-}).env
+}