fix(3p/nix): Properly configure SANDBOX_SHELL r/1575

point the SANDBOX_SHELL macro at the actual path to busybox on the build
machine, or allow it to be configured at build-time with a cmake option.

Change-Id: I044a1315ba9baa3bc9ceddf29f36d14f9f9ccd96
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1632
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>

1 files changed, 12 insertions, 1 deletions

diff --git a/third_party/nix/default.nix b/third_party/nix/default.nix
index 96c5c250e4..1056a3cbb4 100644
--- a/third_party/nix/default.nix
+++ b/third_party/nix/default.nix
@@ -30,6 +30,14 @@ let
       --plugin=protoc-gen-grpc=${pkgs.grpc}/bin/grpc_cpp_plugin --grpc_out=$out/libproto \
       $PROTO_SRCS/*.proto
   '';
+
+  # Derivation for busybox that just has the `busybox` binary in bin/, not all
+  # the symlinks, so cmake can find it
+  busybox = pkgs.runCommand "busybox" {} ''
+    mkdir -p $out/bin
+    cp ${pkgs.busybox}/bin/busybox $out/bin
+  '';
+
 in lib.fix (self: pkgs.llvmPackages.libcxxStdenv.mkDerivation {
   pname = "tvix";
   version = "2.3.4";
@@ -87,7 +95,8 @@ in lib.fix (self: pkgs.llvmPackages.libcxxStdenv.mkDerivation {
       -DCMAKE_BUILD_TYPE=RelWithDebInfo \
       -DCMAKE_FIND_USE_SYSTEM_PACKAGE_REGISTRY=OFF \
       -DCMAKE_FIND_USE_PACKAGE_REGISTRY=OFF \
-      -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON
+      -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON \
+      -DSANDBOX_SHELL=${pkgs.busybox}/bin/busybox
   '';
 
   installCheckPhase = ''
@@ -114,6 +123,8 @@ in lib.fix (self: pkgs.llvmPackages.libcxxStdenv.mkDerivation {
   # Work around broken system header include flags in the cxx toolchain.
   LIBCXX_INCLUDE = "${pkgs.llvmPackages.libcxx}/include/c++/v1";
 
+  SANDBOX_SHELL="${pkgs.busybox}/bin/busybox";
+
   # Install the various symlinks to the Nix binary which users expect
   # to exist.
   postInstall = ''