Make <nix/buildenv.nix> a builtin builder

This avoids sandbox annoyances.
author: Eelco Dolstra <edolstra@gmail.com> 2018-03-20T16·28+0100
committer: Eelco Dolstra <edolstra@gmail.com> 2018-03-20T16·28+0100
commit: 668ac3ea2c4c7390761dfbc5738c2aa85fda9751 (patch)
tree: 74a492a409f981a885df3facd92a63fa54624199 /corepkgs/buildenv.nix
parent: 9d40787938f38d19edbabad03586d0948236aefd (diff)
1 files changed, 2 insertions, 21 deletions
diff --git a/corepkgs/buildenv.nix b/corepkgs/buildenv.nix
index 5e7b40eaa0cb..0bac4c44b48a 100644
--- a/corepkgs/buildenv.nix
+++ b/corepkgs/buildenv.nix
@@ -1,11 +1,9 @@
-with import <nix/config.nix>;
-
 { derivations, manifest }:
 
 derivation {
   name = "user-environment";
-  system = builtins.currentSystem;
-  builder = nixLibexecDir + "/nix/buildenv";
+  system = "builtin";
+  builder = "builtin:buildenv";
 
   inherit manifest;
 
@@ -24,21 +22,4 @@ derivation {
 
   # Also don't bother substituting.
   allowSubstitutes = false;
-
-  __sandboxProfile = ''
-    (allow sysctl-read)
-    (allow file-read*
-           (literal "/usr/lib/libSystem.dylib")
-           (literal "/usr/lib/libSystem.B.dylib")
-           (literal "/usr/lib/libobjc.A.dylib")
-           (literal "/usr/lib/libobjc.dylib")
-           (literal "/usr/lib/libauto.dylib")
-           (literal "/usr/lib/libc++abi.dylib")
-           (literal "/usr/lib/libc++.1.dylib")
-           (literal "/usr/lib/libDiagnosticMessagesClient.dylib")
-           (subpath "/usr/lib/system")
-           (subpath "/dev"))
-  '';
-
-  inherit chrootDeps;
 }
author	Eelco Dolstra <edolstra@gmail.com>	2018-03-20T16·28+0100
committer	Eelco Dolstra <edolstra@gmail.com>	2018-03-20T16·28+0100
commit	668ac3ea2c4c7390761dfbc5738c2aa85fda9751 (patch)
tree	74a492a409f981a885df3facd92a63fa54624199 /corepkgs/buildenv.nix
parent	9d40787938f38d19edbabad03586d0948236aefd (diff)