Skip to content

Comments

Address ifdef problem with macOS/BSD sandboxing#13455

Merged
xokdvium merged 2 commits intoNixOS:masterfrom
DeterminateSystems:gustavderdrache/fix-sandbox-ifdef
Jul 11, 2025
Merged

Address ifdef problem with macOS/BSD sandboxing#13455
xokdvium merged 2 commits intoNixOS:masterfrom
DeterminateSystems:gustavderdrache/fix-sandbox-ifdef

Conversation

@gustavderdrache
Copy link
Contributor

@gustavderdrache gustavderdrache commented Jul 11, 2025
edited
Loading

Motivation

This PR addresses an issue we identified for macOS users. The #ifdef condition seems impossible, and causes some (but not all) builds to fail.

Based on git bisecting, it looks like this was introduced in #13281.

Context

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@cole-h cole-h mentioned this pull request Jul 11, 2025
Merged
@gustavderdrache
CI: Roll nix version to 2.29.1
8e5814d 
This works around the macOS issue that the prior commit addresses.
@gustavderdrache gustavderdrache force-pushed the gustavderdrache/fix-sandbox-ifdef branch from 0f65596 to 8e5814d Compare July 11, 2025 22:46
@gustavderdrache
Copy link
Contributor Author

gustavderdrache commented Jul 11, 2025

I've had to roll the version back in CI to work around the macOS build failures. Once a release includes this fix, it should no longer be necessary.

@xokdvium
Copy link
Contributor

xokdvium commented Jul 11, 2025

This the source of failures in e.g. https://github.com/NixOS/nix/actions/runs/16229846793/job/45831922554, right?

@gustavderdrache
Copy link
Contributor Author

gustavderdrache commented Jul 11, 2025

Yeah. We've had to roll our installer back for the same reason.

@xokdvium xokdvium enabled auto-merge July 11, 2025 23:06
@cole-h cole-h mentioned this pull request Jul 11, 2025
Merged
@xokdvium xokdvium merged commit ab3cd76 into NixOS:master Jul 11, 2025
12 checks passed
@xokdvium xokdvium added the backport 2.30-maintenance Automatically creates a PR against the branch label Jul 11, 2025
@mergify mergify bot mentioned this pull request Jul 11, 2025
Merged
@cole-h cole-h deleted the gustavderdrache/fix-sandbox-ifdef branch July 11, 2025 23:12
@kachick kachick mentioned this pull request Jul 12, 2025
Merged
13 tasks
edolstra added a commit that referenced this pull request Jul 12, 2025
@edolstra
Merge pull request #13458 from NixOS/mergify/bp/2.30-maintenance/pr-1…
857365c 
…3455

Address ifdef problem with macOS/BSD sandboxing (backport #13455)
@nixos-discourse
Copy link

nixos-discourse commented Jul 14, 2025

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/critical-security-issue-in-nix-2-30-on-macos/66506/1

@nixos-discourse
Copy link

nixos-discourse commented Jul 14, 2025

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/critical-security-issue-in-nix-2-30-on-macos/66506/3

@roberth roberth mentioned this pull request Aug 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xokdvium xokdvium xokdvium approved these changes

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 is a code owner

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

Assignees

No one assigned

Labels

backport 2.30-maintenance Automatically creates a PR against the branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gustavderdrache @xokdvium @nixos-discourse