make-disk-image.nix: Remove write permissions from /nix/store

Fakeroot seems to always give the owner write bit to any files touched inside it (presumably to easily simulate the fact that root can still modify such files). So do an explicit chmod to remove them. This should finally solve #32242 after the EC2 images are regenerated with this change. https://hydra.nixos.org/build/66143116 (cherry picked from commit c9f7197)
NixOS · Dec 16, 2017 · a8cbb19 · a8cbb19
1 parent bd9512f
commit a8cbb19
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix
@@ -124,6 +124,9 @@ let
     # TODO: Nix really likes to chown things it creates to its current user...
     fakeroot nixos-prepare-root $root ${channelSources} ${config.system.build.toplevel} closure
 
+    # fakeroot seems to always give the owner write permissions, which we do not want
+    find $root/nix/store -mindepth 1 -maxdepth 1 -type f -o -type d -exec chmod -R a-w '{}' \;
+
     echo "copying staging root to image..."
     cptofs ${pkgs.lib.optionalString partitioned "-P 1"} -t ${fsType} -i $diskImage $root/* /
   '';