646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
22 lines
896 B
Diff
22 lines
896 B
Diff
Nix may already sandbox the build, in which case sandbox_apply will fail.
|
|
|
|
--- a/Sources/Basics/Sandbox.swift
|
|
+++ b/Sources/Basics/Sandbox.swift
|
|
@@ -33,12 +33,14 @@ public enum Sandbox {
|
|
readOnlyDirectories: [AbsolutePath] = []
|
|
) throws -> [String] {
|
|
#if os(macOS)
|
|
+ let env = ProcessInfo.processInfo.environment
|
|
+ if env["NIX_BUILD_TOP"] == nil || env["IN_NIX_SHELL"] != nil {
|
|
let profile = try macOSSandboxProfile(strictness: strictness, writableDirectories: writableDirectories, readOnlyDirectories: readOnlyDirectories)
|
|
return ["/usr/bin/sandbox-exec", "-p", profile] + command
|
|
- #else
|
|
+ }
|
|
+ #endif
|
|
// rdar://40235432, rdar://75636874 tracks implementing sandboxes for other platforms.
|
|
return command
|
|
- #endif
|
|
}
|
|
|
|
/// Basic strictness level of a sandbox applied to a command line.
|