| ▲ | throw0101c 5 hours ago | |
Do any of the third-party package managers (Brew, MacPorts) perhaps use this for things like builds (or even installs, if things are restricted to (e.g.) /opt)? | ||
| ▲ | pingiun 4 hours ago | parent | next [-] | |
Nix uses the underlying libsandbox function for builds: https://github.com/NixOS/nix/blob/614072adcb56202f0a09532971... | ||
| ▲ | woodruffw 4 hours ago | parent | prev | next [-] | |
Homebrew uses sandbox-exec during builds and installs, yeah. To my memory we’ve used it for at least 6 or 7 years, probably longer. | ||
| ▲ | cwicklein 5 hours ago | parent | prev [-] | |
I’ve written a personal system in Common Lisp for building third-party software on macOS (coincidentally somewhat similar to GUIX), and I use sandbox-exec to isolate execution so that only intended requisites affect the build process and so that installation is strictly confined to the configured destination directory, no scribbling outside the lines. I think Bazel uses sandbox-exec on macOS. | ||