Skip to content

Symlinks in materialized cause permissions err #650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 4, 2020
Merged

Symlinks in materialized cause permissions err #650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions lib/materialize.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ let
if materialized != null && !__pathExists materialized
then ''
echo "Materialized nix used for ${name} is missing. To fix run :" >> $ERR
echo " cp -r ${calculateNoHash} ${toString materialized}" >> $ERR
echo " cp -Lr ${calculateNoHash} ${toString materialized}" >> $ERR
echo " chmod -R +w ${toString materialized}" >> $ERR
cat $ERR
false
Expand All @@ -91,7 +91,7 @@ let
diff -ru ${materialized} ${calculateNoHash} || true
echo "Materialized nix used for ${name} incorrect. To fix run :" >> $ERR
echo " rm -rf ${toString materialized}" >> $ERR
echo " cp -r ${calculateNoHash} ${toString materialized}" >> $ERR
echo " cp -Lr ${calculateNoHash} ${toString materialized}" >> $ERR
echo " chmod -R +w ${toString materialized}" >> $ERR
fi
'')
Expand All @@ -100,7 +100,7 @@ let
cat $ERR
false
else
cp -r ${unchecked} $out
cp -Lr ${unchecked} $out
# Make sure output files can be removed from the sandbox
chmod -R +w $out
fi
Expand All @@ -114,18 +114,18 @@ let
};
calculateNoHash = derivation;
calculateUseHash =
# Use `cp -r` here to get rid of symlinks so we know the result
# Use `cp -Lr` here to get rid of symlinks so we know the result
# can be safely materialized (no symlinks to the store).
runCommand name hashArgs ''
cp -r ${derivation} $out
cp -Lr ${derivation} $out
# Make sure output files can be removed from the sandbox
chmod -R +w $out
'';
calculateUseMaterialized =
assert materialized != null;
assert __pathExists materialized;
runCommand name (pkgs.lib.optionalAttrs (sha256 == null) hashArgs) ''
cp -r ${materialized} $out
cp -Lr ${materialized} $out
# Make sure output files can be removed from the sandbox
chmod -R +w $out
'';
Expand Down
17 changes: 12 additions & 5 deletions overlays/ghc-packages.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,18 @@ let

# Combines multiple derivations into one to make them
# easier to materialize.
combineFiles = name: ext: files: final.linkFarm name
(final.lib.mapAttrsToList (name: path: {
name = name + ext;
inherit path;
}) files);
# Using `cp -Lr` here follows the symlinks and prevents
# `access to path is forbidden in restricted mode`
# errors on hydra when the materialized files are not present.
combineFiles = name: ext: files:
let links = final.linkFarm name
(final.lib.mapAttrsToList (name: path: {
name = name + ext;
inherit path;
}) files);
in final.evalPackages.runCommand "${name}${ext}" {} ''
cp -Lr ${links} $out
'';

# Combine the all the boot package nix files for a given ghc
# into a single derivation and materialize it.
Expand Down