Fix nix-build --check -K in sandbox w/o root #2688
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@LnL7 Thanks for the quick follow-up. That's good news. I'll update and force push the rebased version after local testing. |
Temporarily add user-write permission to build directory so that it can be moved out of the sandbox to the store with a .check suffix. This is necessary because the build directory has already had its permissions set read-only, but write permission is required to update the directory's parent link to move it out of the sandbox. Updated the related --check "derivation may not be deterministic" messages to consistently use the real store paths. Added test for non-root sandbox nix-build --check -K to demonstrate issue and help prevent regressions.
tollb
force-pushed
the
fix/build_check_keep_failed_sandbox_perms
branch
from
f654466
to
8132d0a
Compare
|
@tollb you could re-enable the disabled check here to be sure it's now working. |
A test case for correct handling of temporary directory deletion that was added to check.sh as part of PR NixOS#2689 was initially disabled for Darwin because of a directory permission issue in PR NixOS#2688. Now that the issue in PR NixOS#2688 is fixed, this commit enables the test case for Darwin.
|
@domenkozar Thanks for following-up. I re-enabled the disabled Darwin check (in a second commit) and the automated tests now pass. Please let me know if I need to do anything else. |
LnL7
approved these changes
Apr 11, 2020
|
cc @edolstra I'm going to merge this, feel free to revert if you have objections. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Temporarily add user-write permission to build directory so that it
can be moved out of the sandbox to the store with a .check suffix.
This is necessary because the build directory has already had its
permissions set read-only, but write permission is required
to update the directory's parent link to move it out of the sandbox.
Updated the related --check "derivation may not be deterministic"
messages to consistently use the real store paths.
Added test for non-root sandbox nix-build --check -K to demonstrate
issue and help prevent regressions.