busybox-sandbox-shell: extract basic shell to new attribute

Nix will use this shell if the attribute is present,
avoiding duplicating changes in the future.

3 files changed, 29 insertions, 24 deletions

diff --git a/pkgs/os-specific/linux/busybox/sandbox-shell.nix b/pkgs/os-specific/linux/busybox/sandbox-shell.nix
new file mode 100644
index 000000000000..1755bd4f3f74
--- /dev/null
+++ b/pkgs/os-specific/linux/busybox/sandbox-shell.nix
@@ -0,0 +1,26 @@
+{ busybox }:
+
+# Minimal shell for use as basic /bin/sh in sandbox builds
+busybox.override {
+  useMusl = true;
+  enableStatic = true;
+  enableMinimal = true;
+  extraConfig = ''
+    CONFIG_FEATURE_FANCY_ECHO y
+    CONFIG_FEATURE_SH_MATH y
+    CONFIG_FEATURE_SH_MATH_64 y
+
+    CONFIG_ASH y
+    CONFIG_ASH_OPTIMIZE_FOR_SIZE y
+
+    CONFIG_ASH_ALIAS y
+    CONFIG_ASH_BASH_COMPAT y
+    CONFIG_ASH_CMDCMD y
+    CONFIG_ASH_ECHO y
+    CONFIG_ASH_GETOPTS y
+    CONFIG_ASH_INTERNAL_GLOB y
+    CONFIG_ASH_JOB_CONTROL y
+    CONFIG_ASH_PRINTF y
+    CONFIG_ASH_TEST y
+  '';
+}
diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix
index 1e53f4509645..3f77e47868b8 100644
--- a/pkgs/tools/package-management/nix/default.nix
+++ b/pkgs/tools/package-management/nix/default.nix
@@ -1,7 +1,7 @@
 { lib, stdenv, fetchurl, fetchFromGitHub, perl, curl, bzip2, sqlite, openssl ? null, xz
 , pkgconfig, boehmgc, perlPackages, libsodium, aws-sdk-cpp, brotli
 , autoreconfHook, autoconf-archive, bison, flex, libxml2, libxslt, docbook5, docbook5_xsl
-, libseccomp, busybox
+, libseccomp, busybox-sandbox-shell
 , hostPlatform
 , storeDir ? "/nix/store"
 , stateDir ? "/nix/var"
@@ -10,29 +10,7 @@
 
 let
 
-  sh = busybox.override {
-    useMusl = true;
-    enableStatic = true;
-    enableMinimal = true;
-    extraConfig = ''
-      CONFIG_FEATURE_FANCY_ECHO y
-      CONFIG_FEATURE_SH_MATH y
-      CONFIG_FEATURE_SH_MATH_64 y
-
-      CONFIG_ASH y
-      CONFIG_ASH_OPTIMIZE_FOR_SIZE y
-
-      CONFIG_ASH_ALIAS y
-      CONFIG_ASH_BASH_COMPAT y
-      CONFIG_ASH_CMDCMD y
-      CONFIG_ASH_ECHO y
-      CONFIG_ASH_GETOPTS y
-      CONFIG_ASH_INTERNAL_GLOB y
-      CONFIG_ASH_JOB_CONTROL y
-      CONFIG_ASH_PRINTF y
-      CONFIG_ASH_TEST y
-    '';
-  };
+  sh = busybox-sandbox-shell;
 
   common = { name, suffix ? "", src, fromGit ? false }: stdenv.mkDerivation rec {
     inherit name src;
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 92f81ee28613..f873e682d9d9 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12593,6 +12593,7 @@ with pkgs;
   bridge-utils = callPackage ../os-specific/linux/bridge-utils { };
 
   busybox = callPackage ../os-specific/linux/busybox { };
+  busybox-sandbox-shell = callPackage ../os-specific/linux/busybox/sandbox-shell.nix { };
 
   cachefilesd = callPackage ../os-specific/linux/cachefilesd { };