diff options
| author | sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> | 2021-03-23 15:11:33 +0100 |
|---|---|---|
| committer | sterni <sternenseemann@systemli.org> | 2022-03-24 11:13:38 +0100 |
| commit | b5cad4d4a4055d9aa3c19660122ff5541de9706f (patch) | |
| tree | b9983331d16bedc6682531b298e8e56b7c181d18 /pkgs/stdenv | |
| parent | dcdad213dcde083fdb6df41accc36100aef7c21c (diff) | |
| download | nixpkgs-b5cad4d4a4055d9aa3c19660122ff5541de9706f.tar nixpkgs-b5cad4d4a4055d9aa3c19660122ff5541de9706f.tar.gz nixpkgs-b5cad4d4a4055d9aa3c19660122ff5541de9706f.tar.bz2 nixpkgs-b5cad4d4a4055d9aa3c19660122ff5541de9706f.tar.lz nixpkgs-b5cad4d4a4055d9aa3c19660122ff5541de9706f.tar.xz nixpkgs-b5cad4d4a4055d9aa3c19660122ff5541de9706f.tar.zst nixpkgs-b5cad4d4a4055d9aa3c19660122ff5541de9706f.zip | |
stdenv/setup.sh: make sure $sourceRoot has +x before cd-ing
This change is prompted by the following, admittedly cursed tarball:
```
> curl https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz 2>/dev/null \
| tar -ztv
drw-rw-rw- 0/0 0 2020-02-18 10:50 package
-rw-rw-rw- 0/0 297 2020-02-18 10:50 package/index.d.ts
-rw-rw-rw- 0/0 1920 2020-02-18 10:50 package/index.js
-rw-rw-rw- 0/0 1092 2020-01-31 11:31 package/LICENSE
-rw-rw-rw- 0/0 937 2020-02-18 10:51 package/package.json
-rw-rw-rw- 0/0 713 2020-02-18 10:50 package/README.md
```
The minimal reproducer for the issue is the following derivation trying
to work around the uid 0 issue with `dontMakeSourcesWritable = true`:
```nix
{ stdenv, fetchurl }:
stdenv.mkDerivation {
name = "test";
src = fetchurl {
sha1 = "d744358226217f981ed58f479b1d6bcc29545dcf";
url = "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz";
};
dontMakeSourcesWritable = true;
installPhase = ''
cp -R . $out
'';
}
```
This currently fails in the following way:
```
these derivations will be built:
/nix/store/pc3jbydl0xcc8nrndf5xkf7hdhpgpb41-test.drv
building '/nix/store/pc3jbydl0xcc8nrndf5xkf7hdhpgpb41-test.drv'...
unpacking sources
unpacking source archive /nix/store/v9p98kqplf4kflmy91p0687xlvr6klb1-char-regex-1.0.2.tgz
source root is package
find: 'package/index.d.ts': Permission denied
find: 'package/index.js': Permission denied
find: 'package/LICENSE': Permission denied
find: 'package/package.json': Permission denied
find: 'package/README.md': Permission denied
/nix/store/6c47azxacncswc1pllzj28zfzqw40d7c-stdenv-linux/setup: line 1311: cd: package: Permission denied
builder for '/nix/store/pc3jbydl0xcc8nrndf5xkf7hdhpgpb41-test.drv' failed with exit code 1
error: build of '/nix/store/pc3jbydl0xcc8nrndf5xkf7hdhpgpb41-test.drv' failed
```
As you can see, the issue is that `$sourceRoot` isn't executable,
prohibiting the call to `cd`. This can be fixed by running
`chmod +x "${sourceRoot}"` before `cd` regardless of
`dontMakeSourcesWritable` in `unpackPhase` since if `chmod` fails, `cd`
would fail as well and we are out of options.
Verified that the workaround works locally.
Another thing to investigate is investigating if we should use
`--no-same-owner` for `tar` and if it helps in this case as well.
See also <https://github.com/Profpatsch/yarn2nix/issues/56>.
Diffstat (limited to 'pkgs/stdenv')
| -rw-r--r-- | pkgs/stdenv/generic/setup.sh | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 350fff48252..620244d6e10 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -1345,6 +1345,9 @@ genericBuild() { eval "${!curPhase:-$curPhase}" if [ "$curPhase" = unpackPhase ]; then + # make sure we can cd into the directory + [ -z "${sourceRoot}" ] || chmod +x "${sourceRoot}" + cd "${sourceRoot:-.}" fi done |