Unverified Commit 0f83f3f8 authored by Alex James's avatar Alex James
Browse files

sendme: fix `checkPhase` with `sandbox=relaxed` on Darwin 

sendme's tests run the binary, which requires local network access.
sendme also ends up invoking CoreFoundation APIs which require access
to system ICU data. [CoreFoundation will segfault if it cannot access the
system ICU data][1], so add these paths to the sandbox.

[1]: https://gist.github.com/al3xtjames/0897f0d21196276c21d15f5a103f03a0
parent c8c26430

pkgs/by-name/se/sendme/package.nix

+9 −0
Original line number Diff line number Diff line
@@ -18,6 +18,15 @@ rustPlatform.buildRustPackage rec { 
  useFetchCargoVendor = true;

  cargoHash = "sha256-8Ry3rpGTNcvMIA3Q10Cb3uJHOBQin9AhlLNRekaKw/0=";



  __darwinAllowLocalNetworking = true;



  # On Darwin, sendme invokes CoreFoundation APIs that read ICU data from the

  # system. Ensure these paths are accessible in the sandbox to avoid segfaults

  # during checkPhase.

  sandboxProfile = ''

    (allow file-read* (subpath "/usr/share/icu"))

  '';



  meta = with lib; {

    description = "Tool to send files and directories, based on iroh";

    homepage = "https://iroh.computer/sendme";