Anyone have more understanding of how this is supposed to work , beyond the quick help "If enabled, the build system will sandbox user scripts to disallow undeclared input/output dependencies."? When I turned it on, one of my build scripts failed.
Operation not permitted error: Sandbox: bash(29174) deny(1) file-read-data
In this case, the input path is to a folder (a framework) and the output path is in the build directory. The paths are definitely correct, because the script accesses them as $SCRIPT_INPUT_FILE_0 and $SCRIPT_OUTPUT_FILE_0, so the script wouldn't work at all if I had an error in the paths.
I tried putting a slash at the end of an input path, and then the error was just "operation not permitted", without mentioning the sandbox.
-
—
JWWalker
-
—
JWWalker
Add a CommentIt looks like the error only happens if I make the script build phase run a script file, as opposed to entering the script directly in the build phase. I've reported this as FB10339650.
OK, now I see that if I add the script file as an "input file", the error goes away. I guess that makes a certain amount of sense.