Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

installer: Set files read-only when copying into store #3440

Merged
merged 1 commit into from Mar 23, 2020
Merged

installer: Set files read-only when copying into store #3440

merged 1 commit into from Mar 23, 2020

Conversation

gnprice
Copy link
Contributor

@gnprice gnprice commented Mar 23, 2020

After installing Nix, I found that all the files and directories
initially copied into the store were writable, with mode 644 or 755:

drwxr-xr-x 9 root root 4096 Dec 31 1969 /nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3

The reason is that that's how they were in the unpacked tarball, and
the install-multi-user script used rsync -p without doing anything
else to affect the permissions.

The plain install script for a single-user install takes care to
do a chmod -R a-w on each store path copied. We could do the same
here with one more command; or we can pass --chmod to rsync, to
have it write the files with the desired modes in the first place.

Tested the new rsync command on both a Linux machine with a
reasonably-modern rsync (3.1.3) and a Mac with its default, ancient,
rsync 2.6.9, and it works as expected on both. Thankfully the latter
is just new enough to have --chmod, which dates to rsync 2.6.7.

@gnprice
installer: Set files read-only when copying into store
26851dd 
After installing Nix, I found that all the files and directories
initially copied into the store were writable, with mode 644 or 755:

  drwxr-xr-x 9 root root 4096 Dec 31  1969 /nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3

The reason is that that's how they were in the unpacked tarball, and
the install-multi-user script used `rsync -p` without doing anything
else to affect the permissions.

The plain `install` script for a single-user install takes care to
do a `chmod -R a-w` on each store path copied.  We could do the same
here with one more command; or we can pass `--chmod` to rsync, to
have it write the files with the desired modes in the first place.

Tested the new `rsync` command on both a Linux machine with a
reasonably-modern rsync (3.1.3) and a Mac with its default, ancient,
rsync 2.6.9, and it works as expected on both.  Thankfully the latter
is just new enough to have `--chmod`, which dates to rsync 2.6.7.
@edolstra edolstra merged commit 160edd3 into NixOS:master Mar 23, 2020
@edolstra
Copy link
Member

Thanks!

@gnprice gnprice deleted the pr-install-ro branch March 24, 2020 03:16
@ldesgoui ldesgoui mentioned this pull request Aug 1, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@gnprice @edolstra