maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Darwin sandbox: Use sandbox-defaults.sb

Browse source 
Issue #759.

Also, remove nix.conf from the sandbox since I don't really see a
legitimate reason for builders to access the Nix configuration.
This commit is contained in:
Eelco Dolstra 2017-05-30 17:40:12 +02:00
parent 53a1644187
commit acc889c821
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
5 changed files with 19 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/libstore/local.mk
View file

@ -34,12 +34,16 @@ libstore_CXXFLAGS = \
-DSANDBOX_SHELL="\"$(sandbox_shell)\"" \
-DLSOF=\"$(lsof)\"
$(d)/local-store.cc: $(d)/schema.sql.hh
$(d)/local-store.cc: $(d)/schema.sql.gen.hh
%.sql.hh: %.sql
$(trace-gen) sed -e 's/"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $< > $@ || (rm $@ && exit 1)
$(d)/build.cc: $(d)/sandbox-defaults.sb.gen.hh
clean-files += $(d)/schema.sql.hh
%.gen.hh: %
echo 'R"foo(' >> $@.tmp
cat $< >> $@.tmp
echo ')foo"' >> $@.tmp
mv $@.tmp $@
clean-files += $(d)/schema.sql.gen.hh $(d)/sandbox-defaults.sb.gen.hh
$(eval $(call install-file-in, $(d)/nix-store.pc, $(prefix)/lib/pkgconfig, 0644))
$(eval $(call install-file-in, $(d)/sandbox-defaults.sb, $(datadir)/nix, 0644))