Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 5883c59f76c0
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 586208204ece
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Sep 27, 2019

  1. macvim: Add sandboxProfile 

    This allows full filesystem access except for Homebrew. This is because
we don't know where Xcode will be installed so we can't just whitelist
it and its dependencies.
    @lilyball
    lilyball committed Sep 27, 2019

    Unverified

    The email in this signature doesn’t match the committer email.
    GPG key ID: 063CCCAD04182D32
    Expired
    Learn about vigilant mode
    Copy the full SHA
    cf6fd91 View commit details

Commits on Oct 9, 2019

  1. Merge pull request #69576 from lilyball/macvim-no-chroot 

    macvim: Add sandboxProfile
    @worldofpeace
    worldofpeace authored Oct 9, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    dtzWill Will Dietz
    GPG key ID: EBB0EA4124809D02
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5862082 View commit details
Showing with 9 additions and 0 deletions.
  1. +9 −0 pkgs/applications/editors/vim/macvim.nix
9 changes: 9 additions & 0 deletions pkgs/applications/editors/vim/macvim.nix
View file
Original file line number Diff line number Diff line change
@@ -136,6 +136,15 @@ stdenv.mkDerivation {
find $out/share/man \( -name eVim.1 -or -name xxd.1 \) -delete
'';

# We rely on the user's Xcode install to build. It may be located in an arbitrary place, and
# it's not clear what system-level components it may require, so for now we'll just allow full
# filesystem access. This way the package still can't access the network.
sandboxProfile = ''
(allow file-read* file-write* process-exec mach-lookup)
; block homebrew dependencies
(deny file-read* file-write* process-exec mach-lookup (subpath "/usr/local") (with no-log))
'';

meta = with stdenv.lib; {
description = "Vim - the text editor - for macOS";
homepage = https://github.com/macvim-dev/macvim;