diff --git a/pkgs/tools/typesetting/lowdown/default.nix b/pkgs/tools/typesetting/lowdown/default.nix index e898d7326964..7449be94e12c 100644 --- a/pkgs/tools/typesetting/lowdown/default.nix +++ b/pkgs/tools/typesetting/lowdown/default.nix @@ -2,12 +2,13 @@ , fetchpatch , enableShared ? !stdenv.hostPlatform.isStatic , enableStatic ? stdenv.hostPlatform.isStatic +, enableDarwinSandbox ? true # for passthru.tests , nix }: stdenv.mkDerivation rec { - pname = "lowdown"; + pname = "lowdown${lib.optionalString (stdenv.hostPlatform.isDarwin && !enableDarwinSandbox) "-unsandboxed"}"; version = "1.1.0"; outputs = [ "out" "lib" "dev" "man" ]; @@ -54,7 +55,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ which dieHook ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ fixDarwinDylibNames ]; - preConfigure = lib.optionalString (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) '' + # The Darwin sandbox calls fail inside Nix builds, presumably due to + # being nested inside another sandbox. + preConfigure = lib.optionalString (stdenv.hostPlatform.isDarwin && !enableDarwinSandbox) '' echo 'HAVE_SANDBOX_INIT=0' > configure.local ''; @@ -103,7 +106,8 @@ stdenv.mkDerivation rec { ''; doInstallCheck = true; - installCheckPhase = '' + + installCheckPhase = lib.optionalString (!stdenv.hostPlatform.isDarwin || !enableDarwinSandbox) '' runHook preInstallCheck echo '# TEST' > test.md $out/bin/lowdown test.md diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f8cd809caae6..2ba0aea070f2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5434,6 +5434,11 @@ with pkgs; lowdown = callPackage ../tools/typesetting/lowdown { }; + # Less secure variant of lowdown for use inside Nix builds. + lowdown-unsandboxed = lowdown.override { + enableDarwinSandbox = false; + }; + numatop = callPackage ../os-specific/linux/numatop { }; numworks-udev-rules = callPackage ../os-specific/linux/numworks-udev-rules { };