diff options
| author | Jude Taylor <me@jude.bio> | 2015-11-12 18:59:17 -0800 |
|---|---|---|
| committer | Jude Taylor <me@jude.bio> | 2015-11-19 11:31:06 -0800 |
| commit | df80090d092a9dec4393060bb1ab8f278aba11f2 (patch) | |
| tree | 1b2ed9ef2eaf22cebad63c3114ae9282a211349e /pkgs/stdenv/generic | |
| parent | 914e9baefe9b606ed331ba427af50c41715f973d (diff) | |
| download | nixlib-df80090d092a9dec4393060bb1ab8f278aba11f2.tar nixlib-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.gz nixlib-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.bz2 nixlib-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.lz nixlib-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.xz nixlib-df80090d092a9dec4393060bb1ab8f278aba11f2.tar.zst nixlib-df80090d092a9dec4393060bb1ab8f278aba11f2.zip | |
use per-derivation sandbox profiles
Diffstat (limited to 'pkgs/stdenv/generic')
| -rw-r--r-- | pkgs/stdenv/generic/default.nix | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index c2324c86eb5a..196c8618c918 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -156,11 +156,10 @@ let "__impureHostDeps" "__propagatedImpureHostDeps" "__sandboxProfile" "__propagatedSandboxProfile"]) // (let - # TODO: remove lib.unique once nix has a list canonicalization primitive computedSandboxProfile = - lib.concatStrings (lib.unique (builtins.map (input: input.__propagatedSandboxProfile or "") (extraBuildInputs ++ buildInputs ++ nativeBuildInputs))); + lib.concatMap (input: input.__propagatedSandboxProfile or []) (extraBuildInputs ++ buildInputs ++ nativeBuildInputs); computedPropagatedSandboxProfile = - lib.concatStrings (lib.unique (builtins.map (input: input.__propagatedSandboxProfile or "") (propagatedBuildInputs ++ propagatedNativeBuildInputs))); + lib.concatMap (input: input.__propagatedSandboxProfile or []) (propagatedBuildInputs ++ propagatedNativeBuildInputs); in { builder = attrs.realBuilder or shell; @@ -178,8 +177,12 @@ let propagatedNativeBuildInputs = propagatedNativeBuildInputs ++ (if crossConfig == null then propagatedBuildInputs else []); } // ifDarwin { - __sandboxProfile = computedSandboxProfile + computedPropagatedSandboxProfile + __propagatedSandboxProfile + __sandboxProfile + __extraSandboxProfile; - __propagatedSandboxProfile = computedPropagatedSandboxProfile + __propagatedSandboxProfile; + # TODO: remove lib.unique once nix has a list canonicalization primitive + __sandboxProfile = + let profiles = [ __extraSandboxProfile ] ++ computedSandboxProfile ++ computedPropagatedSandboxProfile ++ [ __propagatedSandboxProfile __sandboxProfile ]; + final = lib.concatStringsSep "\n" (lib.filter (x: x != "") (lib.unique profiles)); + in final; + __propagatedSandboxProfile = lib.unique (computedPropagatedSandboxProfile ++ [ __propagatedSandboxProfile ]); } // (if outputs' != [ "out" ] then { outputs = outputs'; } else { })))) ( |