diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/editors/vim/macvim.nix')
| -rw-r--r-- | nixpkgs/pkgs/applications/editors/vim/macvim.nix | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/editors/vim/macvim.nix b/nixpkgs/pkgs/applications/editors/vim/macvim.nix index 3df964361cc..073cd84890e 100644 --- a/nixpkgs/pkgs/applications/editors/vim/macvim.nix +++ b/nixpkgs/pkgs/applications/editors/vim/macvim.nix @@ -106,6 +106,9 @@ stdenv.mkDerivation { substituteInPlace src/auto/config.mk --replace "PERL_CFLAGS =" "PERL_CFLAGS = -I${darwin.libutil}/include" substituteInPlace src/MacVim/vimrc --subst-var-by CSCOPE ${cscope}/bin/cscope + + # Work around weird code-signing issue + substituteInPlace src/auto/config.mk --replace "XCODEFLAGS''\t=" "XCODEFLAGS''\t= CODE_SIGN_IDENTITY=" ''; postInstall = '' @@ -133,6 +136,15 @@ stdenv.mkDerivation { find $out/share/man \( -name eVim.1 -or -name xxd.1 \) -delete ''; + # We rely on the user's Xcode install to build. It may be located in an arbitrary place, and + # it's not clear what system-level components it may require, so for now we'll just allow full + # filesystem access. This way the package still can't access the network. + sandboxProfile = '' + (allow file-read* file-write* process-exec mach-lookup) + ; block homebrew dependencies + (deny file-read* file-write* process-exec mach-lookup (subpath "/usr/local") (with no-log)) + ''; + meta = with stdenv.lib; { description = "Vim - the text editor - for macOS"; homepage = https://github.com/macvim-dev/macvim; |