diff options
Diffstat (limited to 'corepkgs')
| -rw-r--r-- | corepkgs/buildenv.nix | 20 | ||||
| -rw-r--r-- | corepkgs/buildenv.pl | 2 | ||||
| -rw-r--r-- | corepkgs/config.nix.in | 1 | ||||
| -rw-r--r-- | corepkgs/fetchurl.nix | 30 | ||||
| -rw-r--r-- | corepkgs/imported-drv-to-derivation.nix | 4 |
5 files changed, 34 insertions, 23 deletions
diff --git a/corepkgs/buildenv.nix b/corepkgs/buildenv.nix index 5bf7b4e56042..70981a752c3c 100644 --- a/corepkgs/buildenv.nix +++ b/corepkgs/buildenv.nix @@ -8,7 +8,7 @@ derivation { builder = perl; args = [ "-w" ./buildenv.pl ]; - manifest = manifest; + inherit manifest; # !!! grmbl, need structured data for passing this in a clean way. derivations = @@ -23,5 +23,23 @@ derivation { # network traffic, so don't do that. preferLocalBuild = true; + # Also don't bother substituting. + allowSubstitutes = false; + + __sandboxProfile = '' + (allow sysctl-read) + (allow file-read* + (literal "/usr/lib/libSystem.dylib") + (literal "/usr/lib/libSystem.B.dylib") + (literal "/usr/lib/libobjc.A.dylib") + (literal "/usr/lib/libobjc.dylib") + (literal "/usr/lib/libauto.dylib") + (literal "/usr/lib/libc++abi.dylib") + (literal "/usr/lib/libc++.1.dylib") + (literal "/usr/lib/libDiagnosticMessagesClient.dylib") + (subpath "/usr/lib/system") + (subpath "/dev")) + ''; + inherit chrootDeps; } diff --git a/corepkgs/buildenv.pl b/corepkgs/buildenv.pl index 264442104320..dacc53701a01 100644 --- a/corepkgs/buildenv.pl +++ b/corepkgs/buildenv.pl @@ -149,7 +149,7 @@ foreach my $pkg (@pkgs) { # Symlink to the packages that have been "propagated" by packages -# installed by the user (i.e., package X declares that it want Y +# installed by the user (i.e., package X declares that it wants Y # installed as well). We do these later because they have a lower # priority in case of collisions. my $priorityCounter = 1000; # don't care about collisions diff --git a/corepkgs/config.nix.in b/corepkgs/config.nix.in index 8918f4ddde8d..90e8edbea833 100644 --- a/corepkgs/config.nix.in +++ b/corepkgs/config.nix.in @@ -12,7 +12,6 @@ in rec { tar = "@tar@"; tarFlags = "@tarFlags@"; tr = "@tr@"; - curl = "@curl@"; nixBinDir = fromEnv "NIX_BIN_DIR" "@bindir@"; nixPrefix = "@prefix@"; diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index 1ce88593cff2..5e0ad9da3c68 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -1,33 +1,29 @@ with import <nix/config.nix>; -{system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? "", executable ? false}: +{ system ? builtins.currentSystem +, url +, outputHash ? "" +, outputHashAlgo ? "" +, md5 ? "", sha1 ? "", sha256 ? "" +, executable ? false +, unpack ? false +, name ? baseNameOf (toString url) +}: assert (outputHash != "" && outputHashAlgo != "") || md5 != "" || sha1 != "" || sha256 != ""; -let - - builder = builtins.toFile "fetchurl.sh" - ('' - echo "downloading $url into $out" - ${curl} --fail --location --max-redirs 20 --insecure "$url" > "$out" - '' + (if executable then "${coreutils}/chmod +x $out" else "")); - -in - derivation { - name = baseNameOf (toString url); - builder = shell; - args = [ "-e" builder ]; + builder = "builtin:fetchurl"; # New-style output content requirements. outputHashAlgo = if outputHashAlgo != "" then outputHashAlgo else if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5"; outputHash = if outputHash != "" then outputHash else if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5; - outputHashMode = if executable then "recursive" else "flat"; + outputHashMode = if unpack || executable then "recursive" else "flat"; - inherit system url; + inherit name system url executable unpack; # No need to double the amount of network traffic preferLocalBuild = true; @@ -39,6 +35,4 @@ derivation { # by definition pure. "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" ]; - - inherit chrootDeps; } diff --git a/corepkgs/imported-drv-to-derivation.nix b/corepkgs/imported-drv-to-derivation.nix index bdb60169860a..eab8b050e8ff 100644 --- a/corepkgs/imported-drv-to-derivation.nix +++ b/corepkgs/imported-drv-to-derivation.nix @@ -1,10 +1,10 @@ -attrs @ { drvPath, outputs, ... }: +attrs @ { drvPath, outputs, name, ... }: let commonAttrs = (builtins.listToAttrs outputsList) // { all = map (x: x.value) outputsList; - inherit drvPath; + inherit drvPath name; type = "derivation"; }; |