From 1cfb88964a88ef1911283418de6347d90a929df1 Mon Sep 17 00:00:00 2001
From: Francesco Gazzetta <fgaz@fgaz.me>
Date: Wed, 28 Jun 2023 10:55:48 +0200
Subject: [PATCH] Check for static busybox in configure

A dynamically linked shell will not work in the sandbox

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
---
 configure.ac | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/configure.ac b/configure.ac
index 5c22ed176..abcbbb61b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -419,6 +419,25 @@ if test ${cross_compiling:-no} = no && ! test -z ${sandbox_shell+x}; then
   else
     AC_MSG_RESULT(disabled)
   fi
+
+  # system refers to host platform
+  case $system in
+    *-darwin)
+      # ldd unsupported on darwin *build* platform, and
+      # static linking against system libraries not recommended on darwin,
+      # so we don't check that sandbox-shell is statically linked
+      ;;
+    *)
+      # A dynamically linked shell will not work in the sandbox.
+      AC_MSG_CHECKING([whether sandbox-shell is statically linked])
+      if ldd $sandbox_shell 2>&1 | grep -q "not a dynamic executable"; then
+        AC_MSG_RESULT(yes)
+      else
+        AC_MSG_RESULT(no)
+        AC_MSG_ERROR([Please enable busybox STATIC])
+      fi
+      ;;
+  esac
 fi
 
 AC_ARG_ENABLE(embedded-sandbox-shell, AS_HELP_STRING([--enable-embedded-sandbox-shell],[include the sandbox shell in the Nix binary [default=no]]),