Add --with-sandbox-shell configure flag

And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores.
author: Eelco Dolstra <edolstra@gmail.com> 2017-05-15T15·30+0200
committer: Eelco Dolstra <edolstra@gmail.com> 2017-05-15T15·36+0200
commit: a2d92bb20e82a0957067ede60e91fab256948b41 (patch)
tree: 665a9274c830f73c05a282622d78f6cf8d7c9ec9 /src
parent: b30f5784d0184688de964f6239e373b62101ebc4 (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index 4bdbde989ab2..3dd2508a26d3 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -47,8 +47,8 @@ Settings::Settings()
     auto s = getEnv("NIX_REMOTE_SYSTEMS");
     if (s != "") builderFiles = tokenizeString<Strings>(s, ":");
 
-#if __linux__
-    sandboxPaths = tokenizeString<StringSet>("/bin/sh=" BASH_PATH);
+#if defined(__linux__) && defined(SANDBOX_SHELL)
+    sandboxPaths = tokenizeString<StringSet>("/bin/sh=" SANDBOX_SHELL);
 #endif
 
     allowedImpureHostPrefixes = tokenizeString<StringSet>(DEFAULT_ALLOWED_IMPURE_PREFIXES);
diff --git a/src/libstore/local.mk b/src/libstore/local.mk
index 4da20330cf3f..e06002587f94 100644
--- a/src/libstore/local.mk
+++ b/src/libstore/local.mk
@@ -27,7 +27,7 @@ libstore_CXXFLAGS = \
  -DNIX_CONF_DIR=\"$(sysconfdir)/nix\" \
  -DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
  -DNIX_BIN_DIR=\"$(bindir)\" \
- -DBASH_PATH="\"$(bash)\"" \
+ -DSANDBOX_SHELL="\"$(sandbox_shell)\"" \
  -DLSOF=\"$(lsof)\"
 
 $(d)/local-store.cc: $(d)/schema.sql.hh
author	Eelco Dolstra <edolstra@gmail.com>	2017-05-15T15·30+0200
committer	Eelco Dolstra <edolstra@gmail.com>	2017-05-15T15·36+0200
commit	a2d92bb20e82a0957067ede60e91fab256948b41 (patch)
tree	665a9274c830f73c05a282622d78f6cf8d7c9ec9 /src
parent	b30f5784d0184688de964f6239e373b62101ebc4 (diff)