third_party/nix/pkgs/bazel_8: fix linux-sandbox Looks like this never actually worked on NixOS due to a hardcoded /bin/true. Change-Id: I6a6a6964bf6951592e92bfcd16b309a8d46e123d Reviewed-on: https://review.monogon.dev/c/monogon/+/4448 Tested-by: Jenkins CI Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

commit: 5a4037ccda447a1346c905287499bd069a408f8b [log] [tgz]
author: Leopold Schabel <leo@monogon.tech> Mon Jul 21 18:27:05 2025 +0200
committer: Leopold Schabel <leo@monogon.tech> Tue Jul 22 15:50:31 2025 +0000
tree: 22948091ba54cfad137587abef794930d03aa25a
parent: 9e964888dbac4ba94a1925deb1765d478b3258ff [diff] [blame]
diff --git a/third_party/nix/pkgs/bazel_8/package.nix b/third_party/nix/pkgs/bazel_8/package.nix
index 7a27697..ab05384 100644
--- a/third_party/nix/pkgs/bazel_8/package.nix
+++ b/third_party/nix/pkgs/bazel_8/package.nix

@@ -221,6 +221,12 @@
       usrBinEnv = "${coreutils}/bin/env";
     })
 
+    # TODO: upstream to nixpkgs
+    # Bazel tries to run "/bin/true" to test if linux-sandbox works.
+    (replaceVars ./patches/linux_sandbox.patch {
+      binTrue = "${coreutils}/bin/true";
+    })
+
     # Provide default JRE for Bazel process by setting --server_javabase=
     # in a new default system bazelrc file
     (replaceVars ./patches/bazel_rc.patch {
commit	5a4037ccda447a1346c905287499bd069a408f8b	[log] [tgz]
author	Leopold Schabel <leo@monogon.tech>	Mon Jul 21 18:27:05 2025 +0200
committer	Leopold Schabel <leo@monogon.tech>	Tue Jul 22 15:50:31 2025 +0000
tree	22948091ba54cfad137587abef794930d03aa25a
parent	9e964888dbac4ba94a1925deb1765d478b3258ff [diff] [blame]