OS X sandbox: Store .sb file in $TMPDIR rather than the Nix store

The filename used was not unique and owned by the build user, so
builds could fail with

error: while setting up the build environment: cannot unlink ‘/nix/store/99i210ihnsjacajaw8r33fmgjvzpg6nr-bison-3.0.4.drv.sb’: Permission denied
This commit is contained in:
Eelco Dolstra 2017-05-31 13:39:27 +02:00
parent 683a499ebb
commit c740c3ce50

View file

@ -778,7 +778,6 @@ private:
#if __APPLE__ #if __APPLE__
typedef string SandboxProfile; typedef string SandboxProfile;
SandboxProfile additionalSandboxProfile; SandboxProfile additionalSandboxProfile;
AutoDelete autoDelSandbox;
#endif #endif
/* Hash rewriting. */ /* Hash rewriting. */
@ -2711,9 +2710,7 @@ void DerivationGoal::runChild()
debug("Generated sandbox profile:"); debug("Generated sandbox profile:");
debug(sandboxProfile); debug(sandboxProfile);
Path sandboxFile = drvPath + ".sb"; Path sandboxFile = tmpDir + "/.sandbox.sb";
deletePath(sandboxFile);
autoDelSandbox.reset(sandboxFile, false);
writeFile(sandboxFile, sandboxProfile); writeFile(sandboxFile, sandboxProfile);