Remove sandbox=false

The sandbox was (probably) enabled due to the .stack/shell.nix files: it made use of buildStackProject, which requires to run outside of the sandbox for some reason ( https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/generic-stack-builder.nix#L25 ). Now that this file is not used anymore, we can reenable the sandbox.

It should help fix in particular this recent issue we’re facing in the CI: https://github.com/jfischoff/tmp-postgres/issues/251

diff --git a/alpine/Dockerfile b/alpine/Dockerfile
index db794af285bbbf9fc247343fffc5f58e51145fbb..8d6431f53f336635c1bc3b9d4e5079a9146b9713 100644 (file)
--- a/alpine/Dockerfile
+++ b/alpine/Dockerfile
@@ -12,8 +12,7 @@ RUN addgroup -g 30000 -S nixbld \
     && mkdir -m 0755 /nix && chown nixuser /nix \
     && apk add --no-cache bash xz \
     && rm -rf /var/cache/apk/* \
-    # sandboxing enabled by default since 2.2
-    && mkdir -p /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf
+    && mkdir -p /etc/nix && touch /etc/nix/nix.conf
 
 USER nixuser
 ENV USER=nixuser

diff --git a/debian/Dockerfile b/debian/Dockerfile
index 632a7412ce191a89fe8f74e98d7c3d5e4ed4905c..336cd0d781e050ecd4016a4460db3296797059e8 100644 (file)
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -12,8 +12,7 @@ RUN addgroup --gid 30000 --system nixbld \
     && mkdir -m 0755 /nix && chown nixuser /nix \
     && apt update && apt install -y wget xz-utils \
     && apt clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
-    # sandboxing enabled by default since 2.2
-    && mkdir -p /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf
+    && mkdir -p /etc/nix && touch /etc/nix/nix.conf
 
 USER nixuser
 ENV USER=nixuser