4 files changed, 145 insertions, 0 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index 89b8aac7834f..329d2e485e07 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -562,6 +562,39 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
   </varlistentry>
 
 
+  <varlistentry xml:id="conf-pre-build-hook"><term><literal>pre-build-hook</literal></term>
+
+    <listitem>
+
+      <para>If set, the path to a program that can set extra
+      derivation-specific settings for this system. This is used for settings
+      that can't be captured by the derivation model itself and are too
+      variable between different versions of the same system to be hard-coded
+      into nix.</para>
+
+      <para>The hook listens on <literal>stdin</literal> for a derivation path.
+      It can then send a series of commands to modify various settings, followed
+      by an empty line to indicate completion. The currently recognized commands
+      are:</para>
+
+      <variablelist>
+        <varlistentry xml:id="extra-chroot-dirs"><term><literal>extra-chroot-dirs</literal></term>
+
+          <listitem>
+
+            <para>Pass a list of files and directories to be included in the
+            chroot for this build. One entry per line, terminated by an empty
+            line.</para>
+
+          </listitem>
+
+        </varlistentry>
+      </variablelist>
+    </listitem>
+
+  </varlistentry>
+
+
 </variablelist>
 
 </para>
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 1fc5d4181d57..de33e115412a 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -89,6 +89,7 @@ static string pathNullDevice = "/dev/null";
 /* Forward definition. */
 class Worker;
 struct HookInstance;
+struct PreBuildHookInstance;
 
 
 /* A pointer to a goal. */
@@ -269,6 +270,8 @@ public:
 
     std::shared_ptr<HookInstance> hook;
 
+    std::shared_ptr<PreBuildHookInstance> preBuildHook;
+
     Worker(LocalStore & store);
     ~Worker();
 
@@ -649,6 +652,72 @@ HookInstance::~HookInstance()
 //////////////////////////////////////////////////////////////////////
 
 
+struct PreBuildHookInstance
+{
+    /* Pipes for talking to the build hook. */
+    Pipe toHook;
+
+    /* Pipe for the hook's standard output/error. */
+    Pipe fromHook;
+
+    /* The process ID of the hook. */
+    Pid pid;
+
+    PreBuildHookInstance();
+
+    ~PreBuildHookInstance();
+};
+
+
+PreBuildHookInstance::PreBuildHookInstance()
+{
+    debug("starting pre-build hook");
+
+    /* Create a pipe to get the output of the child. */
+    fromHook.create();
+
+    /* Create the communication pipes. */
+    toHook.create();
+
+    /* Fork the hook. */
+    pid = startProcess([&]() {
+
+        commonChildInit(fromHook);
+
+        if (chdir("/") == -1) throw SysError("changing into /");
+
+        /* Dup the communication pipes. */
+        if (dup2(toHook.readSide, STDIN_FILENO) == -1)
+            throw SysError("dupping to-hook read side");
+
+        setenv("_NIX_OPTIONS", settings.pack().c_str(), 1);
+
+        execl(settings.preBuildHook.c_str(), settings.preBuildHook.c_str(),
+            NULL);
+
+        throw SysError(format("executing ‘%1%’") % settings.preBuildHook);
+    });
+
+    pid.setSeparatePG(true);
+    fromHook.writeSide.close();
+    toHook.readSide.close();
+}
+
+
+PreBuildHookInstance::~PreBuildHookInstance()
+{
+    try {
+        toHook.writeSide.close();
+        pid.kill(true);
+    } catch (...) {
+        ignoreException();
+    }
+}
+
+
+//////////////////////////////////////////////////////////////////////
+
+
 typedef map<string, string> HashRewrites;
 
 
@@ -813,6 +882,13 @@ private:
     /* Is the build hook willing to perform the build? */
     HookReply tryBuildHook();
 
+    /* Run the pre-build hook, which can set system-specific
+       per-derivation settings too complex/volatile to hard-code
+       in nix itself */
+    void runPreBuildHook();
+
+    PathSet extraChrootDirs;
+
     /* Start building a derivation. */
     void startBuilder();
 
@@ -1178,6 +1254,9 @@ void DerivationGoal::inputsRealised()
     foreach (DerivationOutputs::iterator, i, drv.outputs)
         if (i->second.hash == "") fixedOutput = false;
 
+    /* Ask the pre-build hook for any required settings */
+    runPreBuildHook();
+
     /* Okay, try to build.  Note that here we don't wait for a build
        slot to become available, since we don't need one if there is a
        build hook. */
@@ -1794,6 +1873,7 @@ void DerivationGoal::startBuilder()
         PathSet dirs = tokenizeString<StringSet>(settings.get("build-chroot-dirs", defaultChrootDirs));
         PathSet dirs2 = tokenizeString<StringSet>(settings.get("build-extra-chroot-dirs", string("")));
         dirs.insert(dirs2.begin(), dirs2.end());
+        dirs.insert(extraChrootDirs.begin(), extraChrootDirs.end());
 
         for (auto & i : dirs) {
             size_t p = i.find('=');
@@ -2794,6 +2874,33 @@ Path DerivationGoal::addHashRewrite(const Path & path)
 }
 
 
+void DerivationGoal::runPreBuildHook()
+{
+    if (settings.preBuildHook == "")
+        return;
+
+    if (!worker.preBuildHook)
+        worker.preBuildHook = std::make_shared<PreBuildHookInstance>();
+
+    writeLine(worker.preBuildHook->toHook.writeSide, drvPath);
+    while (true) {
+        string s = readLine(worker.preBuildHook->fromHook.readSide);
+        if (s == "extra-chroot-dirs") {
+            while (true) {
+                string s = readLine(worker.preBuildHook->fromHook.readSide);
+                if (s == "")
+                    break;
+                extraChrootDirs.emplace(std::move(s));
+            }
+        } else if (s == "") {
+            break;
+        } else {
+            throw Error(format("unknown pre-build hook command ‘%1%’") % s);
+        }
+    }
+}
+
+
 //////////////////////////////////////////////////////////////////////
 
 
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index f900fb290bdb..143260674d8c 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -181,6 +181,7 @@ void Settings::update()
     _get(logServers, "log-servers");
     _get(enableImportNative, "allow-unsafe-native-code-during-evaluation");
     _get(useCaseHack, "use-case-hack");
+    _get(preBuildHook, "pre-build-hook");
 
     string subs = getEnv("NIX_SUBSTITUTERS", "default");
     if (subs == "default") {
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 0a1072e36999..7add7cf7c523 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -204,6 +204,10 @@ struct Settings {
     /* Whether the importNative primop should be enabled */
     bool enableImportNative;
 
+    /* The hook to run just before a build to set derivation-specific
+       build settings */
+    Path preBuildHook;
+
 private:
     SettingsMap settings, overrides;