From dcb6103bf2d6bcb9bac2b86aef3a9a4a39e37f6d Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Thu, 4 Feb 2021 14:48:47 +0000 Subject: [PATCH 1/2] fetchzip: fix `extraPostFetch` concatenation 4a5c49363a58e711c2016b9ebb6f642e3c9c1be5 added some more commands after `extraPostFetch` but concatenated them without a separating newline. Which means, that since that commit fetchzip { ..., extraPostFetch = ''rm -f "$out"/some-file''; } now actually runs the following shell command rm -f "$out"/some-file"chmod -R a-w "$out" thus deleting "$out". Which is very unfortunate. Especially since this actually happens on master for all `fetchFromBitbucket` derivations. But since the results are fixed-output users bulding with hydra cache enabled are not hitting this for not recently updated derivations yet. --- pkgs/build-support/fetchzip/default.nix | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/pkgs/build-support/fetchzip/default.nix b/pkgs/build-support/fetchzip/default.nix index a1744b48deb..d2f3bb48bbc 100644 --- a/pkgs/build-support/fetchzip/default.nix +++ b/pkgs/build-support/fetchzip/default.nix @@ -45,16 +45,17 @@ '' else '' mv "$unpackDir" "$out" '') - + extraPostFetch - # Remove write permissions for files unpacked with write bits set - # Fixes https://github.com/NixOS/nixpkgs/issues/38649 - # - # However, we should (for the moment) retain write permission on the directory - # itself, to avoid tickling https://github.com/NixOS/nix/issues/4295 in - # single-user Nix installations. This is because in sandbox mode we'll try to - # move the path, and if we don't have write permissions on the directory, - # then we can't update the ".." entry. + '' + ${extraPostFetch} + + # Remove write permissions for files unpacked with write bits set + # Fixes https://github.com/NixOS/nixpkgs/issues/38649 + # + # However, we should (for the moment) retain write permission on the directory + # itself, to avoid tickling https://github.com/NixOS/nix/issues/4295 in + # single-user Nix installations. This is because in sandbox mode we'll try to + # move the path, and if we don't have write permissions on the directory, + # then we can't update the ".." entry. chmod -R a-w "$out" chmod u+w "$out" ''; From 2b94e5d934bb945d1d657be23a6201dd56980c64 Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Fri, 5 Feb 2021 13:08:57 +0000 Subject: [PATCH 2/2] fetchzip: simplify `postFetch` as per suggestions of @veprbl, @adisbladis, and @MetaDark --- pkgs/build-support/fetchzip/default.nix | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/pkgs/build-support/fetchzip/default.nix b/pkgs/build-support/fetchzip/default.nix index d2f3bb48bbc..b00983772e4 100644 --- a/pkgs/build-support/fetchzip/default.nix +++ b/pkgs/build-support/fetchzip/default.nix @@ -47,17 +47,11 @@ '') + '' ${extraPostFetch} - - # Remove write permissions for files unpacked with write bits set - # Fixes https://github.com/NixOS/nixpkgs/issues/38649 - # - # However, we should (for the moment) retain write permission on the directory - # itself, to avoid tickling https://github.com/NixOS/nix/issues/4295 in - # single-user Nix installations. This is because in sandbox mode we'll try to - # move the path, and if we don't have write permissions on the directory, - # then we can't update the ".." entry. - chmod -R a-w "$out" - chmod u+w "$out" + '' + # Remove non-owner write permissions + # Fixes https://github.com/NixOS/nixpkgs/issues/38649 + + '' + chmod 755 "$out" ''; } // removeAttrs args [ "stripRoot" "extraPostFetch" ])).overrideAttrs (x: { # Hackety-hack: we actually need unzip hooks, too