From c7a84b9160b81a8594a2f235faf77d5e9e47a323 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Thu, 1 May 2025 17:49:58 +0200
Subject: [PATCH] Pass tmpDirInSandbox to the builtin builders

---
 src/libstore/include/nix/store/builtins.hh    | 1 +
 src/libstore/unix/build/derivation-builder.cc | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libstore/include/nix/store/builtins.hh b/src/libstore/include/nix/store/builtins.hh
index 7d9863e00..3385fd9fc 100644
--- a/src/libstore/include/nix/store/builtins.hh
+++ b/src/libstore/include/nix/store/builtins.hh
@@ -11,6 +11,7 @@ struct BuiltinBuilderContext
     std::map<std::string, Path> outputs;
     std::string netrcData;
     std::string caFileData;
+    Path tmpDirInSandbox;
 };
 
 using BuiltinBuilder = std::function<void(const BuiltinBuilderContext &)>;
diff --git a/src/libstore/unix/build/derivation-builder.cc b/src/libstore/unix/build/derivation-builder.cc
index 4288f0367..dd08ff8bd 100644
--- a/src/libstore/unix/build/derivation-builder.cc
+++ b/src/libstore/unix/build/derivation-builder.cc
@@ -1860,7 +1860,10 @@ void DerivationBuilderImpl::runChild()
         /* Make the contents of netrc and the CA certificate bundle
            available to builtin:fetchurl (which may run under a
            different uid and/or in a sandbox). */
-        BuiltinBuilderContext ctx{.drv = drv};
+        BuiltinBuilderContext ctx{
+            .drv = drv,
+            .tmpDirInSandbox = tmpDirInSandbox,
+        };
 
         if (drv.isBuiltin() && drv.builder == "builtin:fetchurl") {
            try {