Add --with-sandbox-shell configure flag

And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores.
author: Eelco Dolstra <edolstra@gmail.com> 2017-05-15 17:30:33 +0200
committer: Eelco Dolstra <edolstra@gmail.com> 2017-05-15 17:36:32 +0200
commit: a2d92bb20e82a0957067ede60e91fab256948b41 (patch)
tree: 665a9274c830f73c05a282622d78f6cf8d7c9ec9 /release-common.nix
parent: b30f5784d0184688de964f6239e373b62101ebc4 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/release-common.nix b/release-common.nix
new file mode 100644
index 000000000..8047c75bd
--- /dev/null
+++ b/release-common.nix
@@ -0,0 +1,21 @@
+{ pkgs }:
+
+rec {
+  sh = pkgs.busybox.override {
+    useMusl = true;
+    enableStatic = true;
+    enableMinimal = true;
+    extraConfig = ''
+      CONFIG_ASH y
+      CONFIG_ASH_BUILTIN_ECHO y
+      CONFIG_ASH_BUILTIN_TEST y
+      CONFIG_ASH_OPTIMIZE_FOR_SIZE y
+    '';
+  };
+
+  configureFlags =
+    [ "--disable-init-state"
+      "--enable-gc"
+      "--with-sandbox-shell=${sh}/bin/busybox"
+    ];
+}
author	Eelco Dolstra <edolstra@gmail.com>	2017-05-15 17:30:33 +0200
committer	Eelco Dolstra <edolstra@gmail.com>	2017-05-15 17:36:32 +0200
commit	a2d92bb20e82a0957067ede60e91fab256948b41 (patch)
tree	665a9274c830f73c05a282622d78f6cf8d7c9ec9 /release-common.nix
parent	b30f5784d0184688de964f6239e373b62101ebc4 (diff)