about summary refs log tree commit diff
path: root/corepkgs/buildenv.nix
blob: 5e7b40eaa0cbc8d053172b725df7c1a20e28f129 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
with import <nix/config.nix>;

{ derivations, manifest }:

derivation {
  name = "user-environment";
  system = builtins.currentSystem;
  builder = nixLibexecDir + "/nix/buildenv";

  inherit manifest;

  # !!! grmbl, need structured data for passing this in a clean way.
  derivations =
    map (d:
      [ (d.meta.active or "true")
        (d.meta.priority or 5)
        (builtins.length d.outputs)
      ] ++ map (output: builtins.getAttr output d) d.outputs)
      derivations;

  # Building user environments remotely just causes huge amounts of
  # network traffic, so don't do that.
  preferLocalBuild = true;

  # Also don't bother substituting.
  allowSubstitutes = false;

  __sandboxProfile = ''
    (allow sysctl-read)
    (allow file-read*
           (literal "/usr/lib/libSystem.dylib")
           (literal "/usr/lib/libSystem.B.dylib")
           (literal "/usr/lib/libobjc.A.dylib")
           (literal "/usr/lib/libobjc.dylib")
           (literal "/usr/lib/libauto.dylib")
           (literal "/usr/lib/libc++abi.dylib")
           (literal "/usr/lib/libc++.1.dylib")
           (literal "/usr/lib/libDiagnosticMessagesClient.dylib")
           (subpath "/usr/lib/system")
           (subpath "/dev"))
  '';

  inherit chrootDeps;
}