philiptaron/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

libstore: check additionalSandboxProfile

Browse source 
Currently LocalDerivationGoal allows setting `__sandboxProfile`
to add sandbox parameters on Darwin when `sandbox=true`.
This was only supposed to have an effect when `sandbox=relaxed`

Change-Id: Ide44ee82d7e4d6b545285eab26547e7014817d3f
This commit is contained in:
Artemis Tosini 2024-05-03 00:56:30 +00:00
parent 076dfd30c6
commit ecdbc3b207
1 changed files with 1 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/libstore/build/local-derivation-goal.cc
View file

@ -192,6 +192,7 @@ void LocalDerivationGoal::tryLocalBuild()
throw Error("derivation '%s' has '__noChroot' set, " throw Error("derivation '%s' has '__noChroot' set, "
"but that's not allowed when 'sandbox' is 'true'", worker.store.printStorePath(drvPath)); "but that's not allowed when 'sandbox' is 'true'", worker.store.printStorePath(drvPath));
#if __APPLE__ #if __APPLE__
additionalSandboxProfile = parsedDrv->getStringAttr("__sandboxProfile").value_or("");
if (additionalSandboxProfile != "") if (additionalSandboxProfile != "")
throw Error("derivation '%s' specifies a sandbox profile, " throw Error("derivation '%s' specifies a sandbox profile, "
"but this is only allowed when 'sandbox' is 'relaxed'", worker.store.printStorePath(drvPath)); "but this is only allowed when 'sandbox' is 'relaxed'", worker.store.printStorePath(drvPath));
@ -492,10 +493,6 @@ void LocalDerivationGoal::startBuilder()
settings.thisSystem, settings.thisSystem,
concatStringsSep<StringSet>(", ", worker.store.systemFeatures)); concatStringsSep<StringSet>(", ", worker.store.systemFeatures));
#if __APPLE__
additionalSandboxProfile = parsedDrv->getStringAttr("__sandboxProfile").value_or("");
#endif
/* Create a temporary directory where the build will take /* Create a temporary directory where the build will take
place. */ place. */
tmpDir = createTempDir("", "nix-build-" + std::string(drvPath.name()), false, false, 0700); tmpDir = createTempDir("", "nix-build-" + std::string(drvPath.name()), false, false, 0700);