diff options
| author | Jude Taylor <me@jude.bio> | 2015-11-12 18:59:17 -0800 |
|---|---|---|
| committer | Jude Taylor <me@jude.bio> | 2015-11-19 11:31:06 -0800 |
| commit | df80090d092a9dec4393060bb1ab8f278aba11f2 (patch) | |
| tree | 1b2ed9ef2eaf22cebad63c3114ae9282a211349e /pkgs/os-specific/darwin/apple-sdk/default.nix | |
| parent | 914e9baefe9b606ed331ba427af50c41715f973d (diff) | |
| download | nixpkgs-df80090d092a9dec4393060bb1ab8f278aba11f2.tar nixpkgs-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.gz nixpkgs-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.bz2 nixpkgs-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.lz nixpkgs-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.xz nixpkgs-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.zst nixpkgs-df80090d092a9dec4393060bb1ab8f278aba11f2.zip | |
use per-derivation sandbox profiles
Diffstat (limited to 'pkgs/os-specific/darwin/apple-sdk/default.nix')
| -rw-r--r-- | pkgs/os-specific/darwin/apple-sdk/default.nix | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/pkgs/os-specific/darwin/apple-sdk/default.nix b/pkgs/os-specific/darwin/apple-sdk/default.nix index 24083060e54..b31e5d043ef 100644 --- a/pkgs/os-specific/darwin/apple-sdk/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk/default.nix @@ -1,6 +1,7 @@ { stdenv, fetchurl, xar, gzip, cpio, pkgs }: let + generateFrameworkProfile = pkgs.callPackage ./generate-framework-profile.nix {}; # sadly needs to be exported because security_tool needs it sdk = stdenv.mkDerivation rec { version = "10.9"; @@ -95,8 +96,12 @@ let propagatedBuildInputs = deps; - # Not going to bother being more precise than this... - __propagatedImpureHostDeps = (import ./impure-deps.nix).${name}; + # allows building the symlink tree + __sandboxProfile = '' + (allow file-read* (subpath "/System/Library/Frameworks/${name}.framework")) + ''; + + __propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile name); meta = with stdenv.lib; { description = "Apple SDK framework ${name}"; @@ -159,6 +164,12 @@ in rec { ''; }); + CoreServices = stdenv.lib.overrideDerivation super.CoreServices (drv: { + __propagatedSandboxProfile = drv.__propagatedSandboxProfile ++ ['' + (allow mach-lookup (global-name "com.apple.CoreServices.coreservicesd")) + '']; + }); + Security = stdenv.lib.overrideDerivation super.Security (drv: { setupHook = ./security-setup-hook.sh; }); @@ -171,5 +182,5 @@ in rec { frameworks = bareFrameworks // overrides bareFrameworks; - inherit sdk; + inherit sdk generateFrameworkProfile; } |