use single underscore for sandboxProfile

pkgs/applications/editors/vim/default.nix

@@ -43,7 +43,7 @@ stdenv.mkDerivation rec {
     ];
   };
 
-  __sandboxProfile = stdenv.lib.sandbox.allowFileRead "/dev/ptmx";
+  _sandboxProfile = stdenv.lib.sandbox.allowFileRead "/dev/ptmx";
 
   # To fix the trouble in vim73, that it cannot cross-build with this patch
   # to bypass a configure script check that cannot be done cross-building.

pkgs/applications/version-management/git-and-tools/git/default.nix

@@ -37,7 +37,7 @@ stdenv.mkDerivation {
   NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.isDarwin) "-lgcc_s";
 
   # without this, git fails when trying to check for /etc/gitconfig existence
-  __propagatedSandboxProfile = stdenv.lib.sandbox.allowDirectoryList "/etc";
+  _propagatedSandboxProfile = stdenv.lib.sandbox.allowDirectoryList "/etc";
 
   makeFlags = "prefix=\${out} sysconfdir=/etc/ PERL_PATH=${perl}/bin/perl SHELL_PATH=${stdenv.shell} "
       + (if pythonSupport then "PYTHON_PATH=${python}/bin/python" else "NO_PYTHON=1")

pkgs/development/interpreters/perl/5.20/default.nix

@@ -50,7 +50,7 @@ stdenv.mkDerivation rec {
       --replace "/bin/pwd" "$pwd"
   '';
 
-  __sandboxProfile = stdenv.lib.sandbox.allow "ipc-sysv-sem";
+  _sandboxProfile = stdenv.lib.sandbox.allow "ipc-sysv-sem";
 
   # Build a thread-safe Perl with a dynamic libperls.o.  We need the
   # "installstyle" option to ensure that modules are put under

pkgs/os-specific/darwin/apple-sdk/default.nix

@@ -97,11 +97,11 @@ let
     propagatedBuildInputs = deps;
 
     # allows building the symlink tree
-    __sandboxProfile = ''
+    _sandboxProfile = ''
       (allow file-read* (subpath "/System/Library/Frameworks/${name}.framework"))
     '';
 
-    __propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile name);
+    _propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile name);
 
     meta = with stdenv.lib; {
       description = "Apple SDK framework ${name}";
@@ -165,7 +165,7 @@ in rec {
     });
 
     CoreServices = stdenv.lib.overrideDerivation super.CoreServices (drv: {
-      __propagatedSandboxProfile = drv.__propagatedSandboxProfile ++ [''
+      _propagatedSandboxProfile = drv._propagatedSandboxProfile ++ [''
         (allow mach-lookup (global-name "com.apple.CoreServices.coreservicesd"))
       ''];
     });

pkgs/os-specific/darwin/apple-sdk/generate-framework-profile.nix

@@ -14,7 +14,7 @@ let path = "/System/Library/Frameworks/${frameworkName}.framework";
 
 in runCommand "${frameworkName}-profile.sb" {
   # __noChroot lite
-  __sandboxProfile = ''
+  _sandboxProfile = ''
     (allow file* (subpath "/"))
   '';
 

pkgs/os-specific/darwin/apple-source-releases/CF/default.nix

@@ -8,7 +8,7 @@ appleDerivation {
 
   patches = [ ./add-cf-initialize.patch ./add-cfmachport.patch ./cf-bridging.patch ];
 
-  __propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile "CoreFoundation");
+  _propagatedSandboxProfile = stdenv.lib.sandbox.importProfile (generateFrameworkProfile "CoreFoundation");
 
   preBuild = ''
     substituteInPlace Makefile \

pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix

@@ -81,7 +81,7 @@ in appleDerivation {
   ];
 
   # ps uses this syscall to get process info
-  __propagatedSandboxProfile = stdenv.lib.sandbox.allow "mach-priv-task-port";
+  _propagatedSandboxProfile = stdenv.lib.sandbox.allow "mach-priv-task-port";
 
   meta = {
     platforms = stdenv.lib.platforms.darwin;

pkgs/os-specific/darwin/apple-source-releases/configd/default.nix

@@ -7,7 +7,7 @@ appleDerivation {
 
   propagatedBuildInputs = [ Security ];
 
-  __propagatedSandboxProfile = ''
+  _propagatedSandboxProfile = ''
     (allow mach-lookup (global-name "com.apple.SystemConfiguration.configd"))
   '';
 

pkgs/stdenv/generic/default.nix

@@ -12,8 +12,8 @@ let lib = import ../../../lib; in lib.makeOverridable (
 , extraBuildInputs ? []
 , __stdenvImpureHostDeps ? []
 , __extraImpureHostDeps ? []
-, __stdenvSandboxProfile ? ""
+, _stdenvSandboxProfile ? ""
-, __extraSandboxProfile ? ""
+, _extraSandboxProfile ? ""
 }:
 
 let
@@ -102,8 +102,8 @@ let
     , outputs ? [ "out" ]
     , __impureHostDeps ? []
     , __propagatedImpureHostDeps ? []
-    , __sandboxProfile ? ""
+    , _sandboxProfile ? ""
-    , __propagatedSandboxProfile ? ""
+    , _propagatedSandboxProfile ? ""
     , ... } @ attrs:
     let
       pos' =
@@ -154,12 +154,12 @@ let
         (removeAttrs attrs
           ["meta" "passthru" "crossAttrs" "pos"
            "__impureHostDeps" "__propagatedImpureHostDeps"
-           "__sandboxProfile" "__propagatedSandboxProfile"])
+           "_sandboxProfile" "_propagatedSandboxProfile"])
         // (let
           computedSandboxProfile =
-            lib.concatMap (input: input.__propagatedSandboxProfile or []) (extraBuildInputs ++ buildInputs ++ nativeBuildInputs);
+            lib.concatMap (input: input._propagatedSandboxProfile or []) (extraBuildInputs ++ buildInputs ++ nativeBuildInputs);
           computedPropagatedSandboxProfile =
-            lib.concatMap (input: input.__propagatedSandboxProfile or []) (propagatedBuildInputs ++ propagatedNativeBuildInputs);
+            lib.concatMap (input: input._propagatedSandboxProfile or []) (propagatedBuildInputs ++ propagatedNativeBuildInputs);
         in
         {
           builder = attrs.realBuilder or shell;
@@ -178,11 +178,11 @@ let
             (if crossConfig == null then propagatedBuildInputs else []);
         } // ifDarwin {
           # TODO: remove lib.unique once nix has a list canonicalization primitive
-          __sandboxProfile =
+          _sandboxProfile =
-          let profiles = [ __extraSandboxProfile ] ++ computedSandboxProfile ++ computedPropagatedSandboxProfile ++ [ __propagatedSandboxProfile __sandboxProfile ];
+          let profiles = [ _extraSandboxProfile ] ++ computedSandboxProfile ++ computedPropagatedSandboxProfile ++ [ _propagatedSandboxProfile _sandboxProfile ];
               final = lib.concatStringsSep "\n" (lib.filter (x: x != "") (lib.unique profiles));
           in final;
-          __propagatedSandboxProfile = lib.unique (computedPropagatedSandboxProfile ++ [ __propagatedSandboxProfile ]);
+          _propagatedSandboxProfile = lib.unique (computedPropagatedSandboxProfile ++ [ _propagatedSandboxProfile ]);
         } // (if outputs' != [ "out" ] then {
           outputs = outputs';
         } else { })))) (
@@ -219,7 +219,7 @@ let
       inherit preHook initialPath shell defaultNativeBuildInputs;
     }
     // ifDarwin {
-      __sandboxProfile = __stdenvSandboxProfile;
+      _sandboxProfile = _stdenvSandboxProfile;
     })
 
     // rec {

pkgs/stdenv/pure-darwin/default.nix

@@ -50,7 +50,7 @@ in rec {
 
     inherit (bootstrapFiles) mkdir bzip2 cpio;
 
-    __sandboxProfile = binShClosure + libSystemProfile;
+    _sandboxProfile = binShClosure + libSystemProfile;
   };
 
   stageFun = step: last: {shell             ? "${bootstrapTools}/bin/sh",
@@ -93,8 +93,8 @@ in rec {
         };
 
         # The stdenvs themselves don't use mkDerivation, so I need to specify this here
-        __stdenvSandboxProfile = binShClosure + libSystemProfile;
+        _stdenvSandboxProfile = binShClosure + libSystemProfile;
-        __extraSandboxProfile  = binShClosure + libSystemProfile;
+        _extraSandboxProfile  = binShClosure + libSystemProfile;
 
         extraAttrs = { inherit platform; };
         overrides  = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; };
@@ -269,8 +269,8 @@ in rec {
       export PATH_LOCALE=${pkgs.darwin.locale}/share/locale
     '';
 
-    __stdenvSandboxProfile = binShClosure + libSystemProfile;
+    _stdenvSandboxProfile = binShClosure + libSystemProfile;
-    __extraSandboxProfile  = binShClosure + libSystemProfile;
+    _extraSandboxProfile  = binShClosure + libSystemProfile;
 
     initialPath = import ../common-path.nix { inherit pkgs; };
     shell       = "${pkgs.bash}/bin/bash";