From 0be5f5d8d09296bc2c1573854824ae9571155cf4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Mon, 27 Jul 2020 22:57:41 +0200
Subject: [PATCH] nix: enable build-use-sandbox for Android
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 nix/nix.conf               | 2 ++
 scripts/release-android.sh | 1 +
 2 files changed, 3 insertions(+)

diff --git a/nix/nix.conf b/nix/nix.conf
index db5ecee04c..2cf0d6ad7a 100644
--- a/nix/nix.conf
+++ b/nix/nix.conf
@@ -9,3 +9,5 @@ max-jobs = auto
 # Helps avoid removing currently used dependencies via garbage collection
 keep-derivations = true
 keep-outputs = true
+# Extra isolation for network and filesystem, doesn't work on MacOS
+build-use-sandbox = false
diff --git a/scripts/release-android.sh b/scripts/release-android.sh
index 76961f2ae1..28e747294b 100755
--- a/scripts/release-android.sh
+++ b/scripts/release-android.sh
@@ -63,6 +63,7 @@ if [[ "$(uname -s)" =~ Darwin ]]; then
   )
 else
   nixOpts+=(
+    "--option" "build-use-sandbox" "true"
     "--option" "extra-sandbox-paths" "${KEYSTORE_PATH} ${SECRETS_FILE_PATH}"
   )
 fi