diff options
Diffstat (limited to 'pkgs/os-specific/darwin')
6 files changed, 10 insertions, 77 deletions
diff --git a/pkgs/os-specific/darwin/apple-sdk/default.nix b/pkgs/os-specific/darwin/apple-sdk/default.nix index a422bfa6452a..f1e3556273e5 100644 --- a/pkgs/os-specific/darwin/apple-sdk/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk/default.nix @@ -1,7 +1,6 @@ { stdenv, fetchurl, xar, gzip, cpio, pkgs }: let - generateFrameworkProfile = pkgs.callPackage ./generate-framework-profile.nix {}; # sadly needs to be exported because security_tool needs it sdk = stdenv.mkDerivation rec { version = "10.9"; @@ -97,11 +96,11 @@ let propagatedBuildInputs = deps; # allows building the symlink tree - _sandboxProfile = '' + sandboxProfile = '' (allow file-read* (subpath "/System/Library/Frameworks/${name}.framework")) ''; - _propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile name); + __propagatedImpureHostDeps = "/System/Library/Frameworks/${name}.framework/${name}"; meta = with stdenv.lib; { description = "Apple SDK framework ${name}"; @@ -165,7 +164,7 @@ in rec { }); CoreServices = stdenv.lib.overrideDerivation super.CoreServices (drv: { - _propagatedSandboxProfile = drv._propagatedSandboxProfile ++ ['' + __propagatedSandboxProfile = drv.__propagatedSandboxProfile ++ ['' (allow mach-lookup (global-name "com.apple.CoreServices.coreservicesd")) '']; }); @@ -182,5 +181,5 @@ in rec { frameworks = bareFrameworks // overrides bareFrameworks; - inherit sdk generateFrameworkProfile; + inherit sdk; } diff --git a/pkgs/os-specific/darwin/apple-sdk/generate-framework-profile.nix b/pkgs/os-specific/darwin/apple-sdk/generate-framework-profile.nix deleted file mode 100644 index a0d37c5db384..000000000000 --- a/pkgs/os-specific/darwin/apple-sdk/generate-framework-profile.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ runCommand }: - -# In a normal programming language, one might store a hashmap -# { library name -> runtime dependencies }. -# associative arrays were only recently added to bash, and even then, bash arrays cannot -# be multidimensional. instead, the filesystem is the hash table! -# once every dependency in the tree has been visited, a comprehensive list of libraries -# will exist inside ./build. then `find ./build -type f` will give you the -# dependency tree you need! - -frameworkName: - -let path = "/System/Library/Frameworks/${frameworkName}.framework"; - -in runCommand "${frameworkName}-profile.sb" { - # __noChroot lite - _sandboxProfile = '' - (allow file* (subpath "/")) - ''; - - # inconsistencies may exist between self and hydra - allowSubstitutes = false; -} '' - if [ ! -f "${path}/${frameworkName}" ]; then - touch $out - exit - fi - base=./build - find_deps () { - if [ -f "$base/$1" ]; then - return - fi - dependencies=$(otool -l -arch x86_64 $1 \ - | grep 'LC_\w*_DYLIB' -A 2 \ - | grep name \ - | sed 's/^ *//' \ - | cut -d' ' -f2) - mkdir -p $base/"$(dirname "$1")" - touch $base/"$1" - for dep in $dependencies; do - find_deps "$dep" - done - } - find_deps "${path}/${frameworkName}" "$out" - set -o noglob - profile="(allow file-read*" - for file in $(find $base -type f); do - filename=''${file/$base/} - case $filename in - /usr/lib/system*) ;; - /usr/lib/libSystem.dylib) ;; - /usr/lib/libSystem.B.dylib) ;; - /usr/lib/libobjc.A.dylib) ;; - /usr/lib/libobjc.dylib) ;; - /usr/lib/libauto.dylib) ;; - /usr/lib/libc++abi.dylib) ;; - /usr/lib/libDiagnosticMessagesClient.dylib) ;; - *) profile+=" (literal \"$filename\")" ;; - esac - done - profile+=" (literal \"${path}/${frameworkName}\")" - profile+=" (literal \"${path}/Versions/Current\")" - echo "$profile)" > $out -'' diff --git a/pkgs/os-specific/darwin/apple-source-releases/CF/default.nix b/pkgs/os-specific/darwin/apple-source-releases/CF/default.nix index c02129d2afe8..aededa1a0736 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/CF/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/CF/default.nix @@ -1,4 +1,4 @@ -{ stdenv, appleDerivation, icu, dyld, libdispatch, launchd, libclosure, generateFrameworkProfile }: +{ stdenv, appleDerivation, icu, dyld, libdispatch, launchd, libclosure }: # this project uses blocks, a clang-only extension assert stdenv.cc.isClang; @@ -8,7 +8,7 @@ appleDerivation { patches = [ ./add-cf-initialize.patch ./add-cfmachport.patch ./cf-bridging.patch ]; - _propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile "CoreFoundation"); + __propagatedImpureHostDeps = "/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation"; preBuild = '' substituteInPlace Makefile \ diff --git a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix index 2b2a9148f226..a0261875c102 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix @@ -81,7 +81,7 @@ in appleDerivation { ]; # ps uses this syscall to get process info - _propagatedSandboxProfile = stdenv.lib.sandbox.allow "mach-priv-task-port"; + propagatedSandboxProfile = stdenv.lib.sandbox.allow "mach-priv-task-port"; meta = { platforms = stdenv.lib.platforms.darwin; diff --git a/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix b/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix index 5fcb6a242044..1fbacfb92845 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix @@ -7,7 +7,7 @@ appleDerivation { propagatedBuildInputs = [ Security ]; - _propagatedSandboxProfile = '' + propagatedSandboxProfile = '' (allow mach-lookup (global-name "com.apple.SystemConfiguration.configd")) ''; diff --git a/pkgs/os-specific/darwin/apple-source-releases/default.nix b/pkgs/os-specific/darwin/apple-source-releases/default.nix index 6b7858d374a0..f1b72b4123ff 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/default.nix @@ -54,11 +54,9 @@ let inherit (adv_cmds) ps locale; architecture = applePackage "architecture" "265" "05wz8wmxlqssfp29x203fwfb8pgbdjj1mpz12v508658166yzqj8" {}; bootstrap_cmds = applePackage "bootstrap_cmds" "86" "0xr0296jm1r3q7kbam98h85g23qlfi763z54ahj563n636kyk2wb" {}; - bsdmake = applePackage "bsdmake" "24" "11a9kkhz5bfgi1i8kpdkis78lhc6b5vxmhd598fcdgra1jw4iac2" {}; + bsdmake = applePackage "bsdmake" "24" "11a9kkhz5bfgi1i8kpdkis78lhc6b5vxmhd598fcdgra1jw4iac2" {}; CarbonHeaders = applePackage "CarbonHeaders" "9A581" "1hc0yijlpwq39x5bic6nnywqp2m1wj1f11j33m2q7p505h1h740c" {}; - CF = applePackage "CF" "855.17" "1sadmxi9fsvsmdyxvg2133sdzvkzwil5fvyyidxsyk1iyfzqsvln" { - inherit (pkgs.darwin.apple_sdk) generateFrameworkProfile; - }; + CF = applePackage "CF" "855.17" "1sadmxi9fsvsmdyxvg2133sdzvkzwil5fvyyidxsyk1iyfzqsvln" {}; CommonCrypto = applePackage "CommonCrypto" "60049" "1azin6w7cnzl0iv8kd2qzgwcp6a45zy64y5z1i6jysjcl6xmlw2h" {}; configd = applePackage "configd" "453.19" "1gxakahk8gallf16xmhxhprdxkh3prrmzxnmxfvj0slr0939mmr2" {}; copyfile = applePackage "copyfile" "103.92.1" "15i2hw5aqx0fklvmq6avin5s00adacvzqc740vviwc2y742vrdcd" {}; |