fetchzip: get write permission on unpacked directory
This is a workaround for NixOS/nix#4295, which caused single-user Linux
Nix installations using sandboxed builds to start failing to build
fetchzip derivations after 4a5c49363a
.
In short: removing write permissions for the entire directory is great,
except we then can't rename(2) it to the final Nix store path out of the
sandbox, because we don't have write permission on the directory and
thus cannot update the ".." directory entry.
This commit is contained in:
parent
35a5eb9d2c
commit
1f6d750097
1 changed files with 7 additions and 0 deletions
|
@ -48,8 +48,15 @@
|
|||
+ extraPostFetch
|
||||
# Remove write permissions for files unpacked with write bits set
|
||||
# Fixes https://github.com/NixOS/nixpkgs/issues/38649
|
||||
#
|
||||
# However, we should (for the moment) retain write permission on the directory
|
||||
# itself, to avoid tickling https://github.com/NixOS/nix/issues/4295 in
|
||||
# single-user Nix installations. This is because in sandbox mode we'll try to
|
||||
# move the path, and if we don't have write permissions on the directory,
|
||||
# then we can't update the ".." entry.
|
||||
+ ''
|
||||
chmod -R a-w "$out"
|
||||
chmod u+w "$out"
|
||||
'';
|
||||
} // removeAttrs args [ "stripRoot" "extraPostFetch" ])).overrideAttrs (x: {
|
||||
# Hackety-hack: we actually need unzip hooks, too
|
||||
|
|
Loading…
Reference in a new issue