mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-25 04:12:44 +03:00
use single underscore for sandboxProfile
This commit is contained in:
parent
db995a95ee
commit
a63346e33c
@ -43,7 +43,7 @@ stdenv.mkDerivation rec {
|
||||
];
|
||||
};
|
||||
|
||||
__sandboxProfile = stdenv.lib.sandbox.allowFileRead "/dev/ptmx";
|
||||
_sandboxProfile = stdenv.lib.sandbox.allowFileRead "/dev/ptmx";
|
||||
|
||||
# To fix the trouble in vim73, that it cannot cross-build with this patch
|
||||
# to bypass a configure script check that cannot be done cross-building.
|
||||
|
@ -37,7 +37,7 @@ stdenv.mkDerivation {
|
||||
NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.isDarwin) "-lgcc_s";
|
||||
|
||||
# without this, git fails when trying to check for /etc/gitconfig existence
|
||||
__propagatedSandboxProfile = stdenv.lib.sandbox.allowDirectoryList "/etc";
|
||||
_propagatedSandboxProfile = stdenv.lib.sandbox.allowDirectoryList "/etc";
|
||||
|
||||
makeFlags = "prefix=\${out} sysconfdir=/etc/ PERL_PATH=${perl}/bin/perl SHELL_PATH=${stdenv.shell} "
|
||||
+ (if pythonSupport then "PYTHON_PATH=${python}/bin/python" else "NO_PYTHON=1")
|
||||
|
@ -50,7 +50,7 @@ stdenv.mkDerivation rec {
|
||||
--replace "/bin/pwd" "$pwd"
|
||||
'';
|
||||
|
||||
__sandboxProfile = stdenv.lib.sandbox.allow "ipc-sysv-sem";
|
||||
_sandboxProfile = stdenv.lib.sandbox.allow "ipc-sysv-sem";
|
||||
|
||||
# Build a thread-safe Perl with a dynamic libperls.o. We need the
|
||||
# "installstyle" option to ensure that modules are put under
|
||||
|
@ -97,11 +97,11 @@ let
|
||||
propagatedBuildInputs = deps;
|
||||
|
||||
# allows building the symlink tree
|
||||
__sandboxProfile = ''
|
||||
_sandboxProfile = ''
|
||||
(allow file-read* (subpath "/System/Library/Frameworks/${name}.framework"))
|
||||
'';
|
||||
|
||||
__propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile name);
|
||||
_propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile name);
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Apple SDK framework ${name}";
|
||||
@ -165,7 +165,7 @@ in rec {
|
||||
});
|
||||
|
||||
CoreServices = stdenv.lib.overrideDerivation super.CoreServices (drv: {
|
||||
__propagatedSandboxProfile = drv.__propagatedSandboxProfile ++ [''
|
||||
_propagatedSandboxProfile = drv._propagatedSandboxProfile ++ [''
|
||||
(allow mach-lookup (global-name "com.apple.CoreServices.coreservicesd"))
|
||||
''];
|
||||
});
|
||||
|
@ -14,7 +14,7 @@ let path = "/System/Library/Frameworks/${frameworkName}.framework";
|
||||
|
||||
in runCommand "${frameworkName}-profile.sb" {
|
||||
# __noChroot lite
|
||||
__sandboxProfile = ''
|
||||
_sandboxProfile = ''
|
||||
(allow file* (subpath "/"))
|
||||
'';
|
||||
|
||||
|
@ -8,7 +8,7 @@ appleDerivation {
|
||||
|
||||
patches = [ ./add-cf-initialize.patch ./add-cfmachport.patch ./cf-bridging.patch ];
|
||||
|
||||
__propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile "CoreFoundation");
|
||||
_propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile "CoreFoundation");
|
||||
|
||||
preBuild = ''
|
||||
substituteInPlace Makefile \
|
||||
|
@ -81,7 +81,7 @@ in appleDerivation {
|
||||
];
|
||||
|
||||
# ps uses this syscall to get process info
|
||||
__propagatedSandboxProfile = stdenv.lib.sandbox.allow "mach-priv-task-port";
|
||||
_propagatedSandboxProfile = stdenv.lib.sandbox.allow "mach-priv-task-port";
|
||||
|
||||
meta = {
|
||||
platforms = stdenv.lib.platforms.darwin;
|
||||
|
@ -7,7 +7,7 @@ appleDerivation {
|
||||
|
||||
propagatedBuildInputs = [ Security ];
|
||||
|
||||
__propagatedSandboxProfile = ''
|
||||
_propagatedSandboxProfile = ''
|
||||
(allow mach-lookup (global-name "com.apple.SystemConfiguration.configd"))
|
||||
'';
|
||||
|
||||
|
@ -12,8 +12,8 @@ let lib = import ../../../lib; in lib.makeOverridable (
|
||||
, extraBuildInputs ? []
|
||||
, __stdenvImpureHostDeps ? []
|
||||
, __extraImpureHostDeps ? []
|
||||
, __stdenvSandboxProfile ? ""
|
||||
, __extraSandboxProfile ? ""
|
||||
, _stdenvSandboxProfile ? ""
|
||||
, _extraSandboxProfile ? ""
|
||||
}:
|
||||
|
||||
let
|
||||
@ -102,8 +102,8 @@ let
|
||||
, outputs ? [ "out" ]
|
||||
, __impureHostDeps ? []
|
||||
, __propagatedImpureHostDeps ? []
|
||||
, __sandboxProfile ? ""
|
||||
, __propagatedSandboxProfile ? ""
|
||||
, _sandboxProfile ? ""
|
||||
, _propagatedSandboxProfile ? ""
|
||||
, ... } @ attrs:
|
||||
let
|
||||
pos' =
|
||||
@ -154,12 +154,12 @@ let
|
||||
(removeAttrs attrs
|
||||
["meta" "passthru" "crossAttrs" "pos"
|
||||
"__impureHostDeps" "__propagatedImpureHostDeps"
|
||||
"__sandboxProfile" "__propagatedSandboxProfile"])
|
||||
"_sandboxProfile" "_propagatedSandboxProfile"])
|
||||
// (let
|
||||
computedSandboxProfile =
|
||||
lib.concatMap (input: input.__propagatedSandboxProfile or []) (extraBuildInputs ++ buildInputs ++ nativeBuildInputs);
|
||||
lib.concatMap (input: input._propagatedSandboxProfile or []) (extraBuildInputs ++ buildInputs ++ nativeBuildInputs);
|
||||
computedPropagatedSandboxProfile =
|
||||
lib.concatMap (input: input.__propagatedSandboxProfile or []) (propagatedBuildInputs ++ propagatedNativeBuildInputs);
|
||||
lib.concatMap (input: input._propagatedSandboxProfile or []) (propagatedBuildInputs ++ propagatedNativeBuildInputs);
|
||||
in
|
||||
{
|
||||
builder = attrs.realBuilder or shell;
|
||||
@ -178,11 +178,11 @@ let
|
||||
(if crossConfig == null then propagatedBuildInputs else []);
|
||||
} // ifDarwin {
|
||||
# TODO: remove lib.unique once nix has a list canonicalization primitive
|
||||
__sandboxProfile =
|
||||
let profiles = [ __extraSandboxProfile ] ++ computedSandboxProfile ++ computedPropagatedSandboxProfile ++ [ __propagatedSandboxProfile __sandboxProfile ];
|
||||
_sandboxProfile =
|
||||
let profiles = [ _extraSandboxProfile ] ++ computedSandboxProfile ++ computedPropagatedSandboxProfile ++ [ _propagatedSandboxProfile _sandboxProfile ];
|
||||
final = lib.concatStringsSep "\n" (lib.filter (x: x != "") (lib.unique profiles));
|
||||
in final;
|
||||
__propagatedSandboxProfile = lib.unique (computedPropagatedSandboxProfile ++ [ __propagatedSandboxProfile ]);
|
||||
_propagatedSandboxProfile = lib.unique (computedPropagatedSandboxProfile ++ [ _propagatedSandboxProfile ]);
|
||||
} // (if outputs' != [ "out" ] then {
|
||||
outputs = outputs';
|
||||
} else { })))) (
|
||||
@ -219,7 +219,7 @@ let
|
||||
inherit preHook initialPath shell defaultNativeBuildInputs;
|
||||
}
|
||||
// ifDarwin {
|
||||
__sandboxProfile = __stdenvSandboxProfile;
|
||||
_sandboxProfile = _stdenvSandboxProfile;
|
||||
})
|
||||
|
||||
// rec {
|
||||
|
@ -50,7 +50,7 @@ in rec {
|
||||
|
||||
inherit (bootstrapFiles) mkdir bzip2 cpio;
|
||||
|
||||
__sandboxProfile = binShClosure + libSystemProfile;
|
||||
_sandboxProfile = binShClosure + libSystemProfile;
|
||||
};
|
||||
|
||||
stageFun = step: last: {shell ? "${bootstrapTools}/bin/sh",
|
||||
@ -93,8 +93,8 @@ in rec {
|
||||
};
|
||||
|
||||
# The stdenvs themselves don't use mkDerivation, so I need to specify this here
|
||||
__stdenvSandboxProfile = binShClosure + libSystemProfile;
|
||||
__extraSandboxProfile = binShClosure + libSystemProfile;
|
||||
_stdenvSandboxProfile = binShClosure + libSystemProfile;
|
||||
_extraSandboxProfile = binShClosure + libSystemProfile;
|
||||
|
||||
extraAttrs = { inherit platform; };
|
||||
overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; };
|
||||
@ -269,8 +269,8 @@ in rec {
|
||||
export PATH_LOCALE=${pkgs.darwin.locale}/share/locale
|
||||
'';
|
||||
|
||||
__stdenvSandboxProfile = binShClosure + libSystemProfile;
|
||||
__extraSandboxProfile = binShClosure + libSystemProfile;
|
||||
_stdenvSandboxProfile = binShClosure + libSystemProfile;
|
||||
_extraSandboxProfile = binShClosure + libSystemProfile;
|
||||
|
||||
initialPath = import ../common-path.nix { inherit pkgs; };
|
||||
shell = "${pkgs.bash}/bin/bash";
|
||||
|
Loading…
Reference in New Issue
Block a user