From e2ef2cfcbc83ea01308ee64c38a58707ab23dec3 Mon Sep 17 00:00:00 2001
From: gustavderdrache <alex.ford@determinate.systems>
Date: Fri, 11 Jul 2025 18:00:26 -0400
Subject: [PATCH 1/2] Address ifdef problem with macOS/BSD sandboxing

---
 src/libstore/unix/user-lock.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libstore/unix/user-lock.cc b/src/libstore/unix/user-lock.cc
index 6a07cb7cc..f5d164e5b 100644
--- a/src/libstore/unix/user-lock.cc
+++ b/src/libstore/unix/user-lock.cc
@@ -197,7 +197,7 @@ bool useBuildUsers()
     #ifdef __linux__
     static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && isRootUser();
     return b;
-    #elif defined(__APPLE__) && defined(__FreeBSD__)
+    #elif defined(__APPLE__) || defined(__FreeBSD__)
     static bool b = settings.buildUsersGroup != "" && isRootUser();
     return b;
     #else

From 8e5814d972642def9842fba3f8a6116f6b9e5c96 Mon Sep 17 00:00:00 2001
From: gustavderdrache <alex.ford@determinate.systems>
Date: Fri, 11 Jul 2025 18:38:51 -0400
Subject: [PATCH 2/2] CI: Roll nix version to 2.29.1

This works around the macOS issue that the prior commit addresses.
---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 29cb33f56..ac749bc3f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,6 +14,8 @@ jobs:
       with:
         fetch-depth: 0
     - uses: cachix/install-nix-action@v31
+      with:
+        install_url: "https://releases.nixos.org/nix/nix-2.29.1/install"
     - run: nix --experimental-features 'nix-command flakes' flake show --all-systems --json
 
   tests:
@@ -36,6 +38,7 @@ jobs:
         fetch-depth: 0
     - uses: cachix/install-nix-action@v31
       with:
+        install_url: "https://releases.nixos.org/nix/nix-2.29.1/install"
         # The sandbox would otherwise be disabled by default on Darwin
         extra_nix_config: |
           sandbox = true