Symlinks in materialized cause permissions err (#650)

2024-09-20 03:18:00 +03:00 · 2020-06-04 23:57:50 +12:00 · 2020-06-04 23:57:50 +12:00 · 3356114206
commit 3356114206
parent f4b12728ef
2 changed files with 18 additions and 11 deletions
--- a/lib/materialize.nix
+++ b/lib/materialize.nix
@ -77,7 +77,7 @@ let
      if materialized != null && !__pathExists materialized
        then ''
          echo "Materialized nix used for ${name} is missing. To fix run :" >> $ERR
-          echo "    cp -r ${calculateNoHash} ${toString materialized}"      >> $ERR
+          echo "    cp -Lr ${calculateNoHash} ${toString materialized}"     >> $ERR
          echo "    chmod -R +w ${toString materialized}"                   >> $ERR
          cat $ERR
          false
@ -91,7 +91,7 @@ let
              diff -ru ${materialized} ${calculateNoHash} || true
              echo "Materialized nix used for ${name} incorrect. To fix run :" >> $ERR
              echo "    rm -rf ${toString materialized}"                       >> $ERR
-              echo "    cp -r ${calculateNoHash} ${toString materialized}"     >> $ERR
+              echo "    cp -Lr ${calculateNoHash} ${toString materialized}"    >> $ERR
              echo "    chmod -R +w ${toString materialized}"                  >> $ERR
            fi
          '')
@ -100,7 +100,7 @@ let
              cat $ERR
              false
            else
-              cp -r ${unchecked} $out
+              cp -Lr ${unchecked} $out
              # Make sure output files can be removed from the sandbox
              chmod -R +w $out
            fi
@ -114,10 +114,10 @@ let
  };
  calculateNoHash = derivation;
  calculateUseHash =
-    # Use `cp -r` here to get rid of symlinks so we know the result
+    # Use `cp -Lr` here to get rid of symlinks so we know the result
    # can be safely materialized (no symlinks to the store).
    runCommand name hashArgs ''
-      cp -r ${derivation} $out
+      cp -Lr ${derivation} $out
      # Make sure output files can be removed from the sandbox
      chmod -R +w $out
    '';
@ -125,7 +125,7 @@ let
    assert materialized != null;
    assert __pathExists materialized;
    runCommand name (pkgs.lib.optionalAttrs (sha256 == null) hashArgs) ''
-      cp -r ${materialized} $out
+      cp -Lr ${materialized} $out
      # Make sure output files can be removed from the sandbox
      chmod -R +w $out
    '';
--- a/overlays/ghc-packages.nix
+++ b/overlays/ghc-packages.nix
@ -22,11 +22,18 @@ let

  # Combines multiple derivations into one to make them
  # easier to materialize.
-  combineFiles = name: ext: files: final.linkFarm name
-    (final.lib.mapAttrsToList (name: path: {
-      name = name + ext;
-      inherit path;
-    }) files);
+  # Using `cp -Lr` here follows the symlinks and prevents
+  # `access to path is forbidden in restricted mode`
+  # errors on hydra when the materialized files are not present.
+  combineFiles = name: ext: files:
+    let links = final.linkFarm name
+      (final.lib.mapAttrsToList (name: path: {
+        name = name + ext;
+        inherit path;
+      }) files);
+    in final.evalPackages.runCommand "${name}${ext}" {} ''
+      cp -Lr ${links} $out
+    '';

  # Combine the all the boot package nix files for a given ghc
  # into a single derivation and materialize it.