diff options
| author | Jude Taylor <me@jude.bio> | 2015-11-06 17:44:02 -0800 |
|---|---|---|
| committer | Jude Taylor <me@jude.bio> | 2015-11-19 11:31:06 -0800 |
| commit | 914e9baefe9b606ed331ba427af50c41715f973d (patch) | |
| tree | aaf1afe2ffc94e9235330b0af168d0cd7778a351 /pkgs/stdenv/generic/default.nix | |
| parent | c296f64f196bbd69c4fdc336d17b553f3845cb1c (diff) | |
| download | nixpkgs-914e9baefe9b606ed331ba427af50c41715f973d.tar nixpkgs-914e9baefe9b606ed331ba427af50c41715f973d.tar.gz nixpkgs-914e9baefe9b606ed331ba427af50c41715f973d.tar.bz2 nixpkgs-914e9baefe9b606ed331ba427af50c41715f973d.tar.lz nixpkgs-914e9baefe9b606ed331ba427af50c41715f973d.tar.xz nixpkgs-914e9baefe9b606ed331ba427af50c41715f973d.tar.zst nixpkgs-914e9baefe9b606ed331ba427af50c41715f973d.zip | |
start on sandbox stuff
Diffstat (limited to 'pkgs/stdenv/generic/default.nix')
| -rw-r--r-- | pkgs/stdenv/generic/default.nix | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index 246ca3696d5..c2324c86eb5 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -12,6 +12,8 @@ let lib = import ../../../lib; in lib.makeOverridable ( , extraBuildInputs ? [] , __stdenvImpureHostDeps ? [] , __extraImpureHostDeps ? [] +, __stdenvSandboxProfile ? "" +, __extraSandboxProfile ? "" }: let @@ -100,6 +102,8 @@ let , outputs ? [ "out" ] , __impureHostDeps ? [] , __propagatedImpureHostDeps ? [] + , __sandboxProfile ? "" + , __propagatedSandboxProfile ? "" , ... } @ attrs: let pos' = @@ -149,13 +153,14 @@ let lib.addPassthru (derivation ( (removeAttrs attrs ["meta" "passthru" "crossAttrs" "pos" - "__impureHostDeps" "__propagatedImpureHostDeps"]) + "__impureHostDeps" "__propagatedImpureHostDeps" + "__sandboxProfile" "__propagatedSandboxProfile"]) // (let # TODO: remove lib.unique once nix has a list canonicalization primitive - computedImpureHostDeps = - lib.unique (lib.concatMap (input: input.__propagatedImpureHostDeps or []) (extraBuildInputs ++ buildInputs ++ nativeBuildInputs)); - computedPropagatedImpureHostDeps = - lib.unique (lib.concatMap (input: input.__propagatedImpureHostDeps or []) (propagatedBuildInputs ++ propagatedNativeBuildInputs)); + computedSandboxProfile = + lib.concatStrings (lib.unique (builtins.map (input: input.__propagatedSandboxProfile or "") (extraBuildInputs ++ buildInputs ++ nativeBuildInputs))); + computedPropagatedSandboxProfile = + lib.concatStrings (lib.unique (builtins.map (input: input.__propagatedSandboxProfile or "") (propagatedBuildInputs ++ propagatedNativeBuildInputs))); in { builder = attrs.realBuilder or shell; @@ -173,13 +178,8 @@ let propagatedNativeBuildInputs = propagatedNativeBuildInputs ++ (if crossConfig == null then propagatedBuildInputs else []); } // ifDarwin { - __impureHostDeps = computedImpureHostDeps ++ computedPropagatedImpureHostDeps ++ __propagatedImpureHostDeps ++ __impureHostDeps ++ __extraImpureHostDeps ++ [ - "/dev/zero" - "/dev/random" - "/dev/urandom" - "/bin/sh" - ]; - __propagatedImpureHostDeps = computedPropagatedImpureHostDeps ++ __propagatedImpureHostDeps; + __sandboxProfile = computedSandboxProfile + computedPropagatedSandboxProfile + __propagatedSandboxProfile + __sandboxProfile + __extraSandboxProfile; + __propagatedSandboxProfile = computedPropagatedSandboxProfile + __propagatedSandboxProfile; } // (if outputs' != [ "out" ] then { outputs = outputs'; } else { })))) ( @@ -216,7 +216,7 @@ let inherit preHook initialPath shell defaultNativeBuildInputs; } // ifDarwin { - __impureHostDeps = __stdenvImpureHostDeps; + __sandboxProfile = __stdenvSandboxProfile; }) // rec { |