From 0c3d16a7d5ae010a7e76723ee578dd9df9205333 Mon Sep 17 00:00:00 2001 From: Jonathan del Strother Date: Sun, 24 Nov 2024 11:32:46 +0000 Subject: [PATCH 1/2] build-support: fix nix-prefetch-* on macOS Since nix 2.20, `nix-store --add-fixed` doesn't accept paths where the parent directory is a symlink. On macOS, /tmp is a symlink to /private/tmp, which causes a "'/tmp' is a symlink" error: ``` $ nix run github:nixos/nixpkgs/24.11-beta#nix-prefetch-git -- --url https://github.com/IFTTT/polo.git --rev 316aa2ac210a45a7fc400ab921831493d5dd21b8 --hash sha256 Initialized empty Git repository in /private/tmp/git-checkout-tmp-1Bf9bIv7/polo-316aa2a/.git/ remote: Enumerating objects: 51, done. remote: Counting objects: 100% (51/51), done. remote: Compressing objects: 100% (42/42), done. remote: Total 51 (delta 8), reused 19 (delta 5), pack-reused 0 (from 0) Unpacking objects: 100% (51/51), 19.57 KiB | 541.00 KiB/s, done. From https://github.com/IFTTT/polo * branch HEAD -> FETCH_HEAD Switched to a new branch 'fetchgit' removing `.git'... error: path '/tmp' is a symlink ``` Avoid this by resolving /tmp to a real directory in all the prefetch scripts --- pkgs/build-support/docker/nix-prefetch-docker | 4 +++- pkgs/build-support/fetchbzr/nix-prefetch-bzr | 4 +++- pkgs/build-support/fetchcvs/nix-prefetch-cvs | 4 +++- pkgs/build-support/fetchgit/nix-prefetch-git | 4 +++- pkgs/build-support/fetchhg/nix-prefetch-hg | 4 +++- pkgs/build-support/fetchsvn/nix-prefetch-svn | 4 +++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/pkgs/build-support/docker/nix-prefetch-docker b/pkgs/build-support/docker/nix-prefetch-docker index f551d37cda96f..7104e155e0ec7 100755 --- a/pkgs/build-support/docker/nix-prefetch-docker +++ b/pkgs/build-support/docker/nix-prefetch-docker @@ -121,7 +121,9 @@ fi sourceUrl="docker://$imageName@$imageDigest" -tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/skopeo-copy-tmp-XXXXXXXX")" +# nix>=2.20 rejects adding symlinked paths to the store, so use realpath +# to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 +tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/skopeo-copy-tmp-XXXXXXXX")")" trap "rm -rf \"$tmpPath\"" EXIT tmpFile="$tmpPath/$(get_name $finalImageName $finalImageTag)" diff --git a/pkgs/build-support/fetchbzr/nix-prefetch-bzr b/pkgs/build-support/fetchbzr/nix-prefetch-bzr index 184f2485ce57b..2b7a4ccfb39ad 100755 --- a/pkgs/build-support/fetchbzr/nix-prefetch-bzr +++ b/pkgs/build-support/fetchbzr/nix-prefetch-bzr @@ -42,7 +42,9 @@ fi # If we don't know the hash or a path with that hash doesn't exist, # download the file and add it to the store. if test -z "$finalPath"; then - tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/bzr-checkout-tmp-XXXXXXXX")" + # nix>=2.20 rejects adding symlinked paths to the store, so use realpath + # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 + tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/bzr-checkout-tmp-XXXXXXXX")")" trap "rm -rf \"$tmpPath\"" EXIT tmpFile="$tmpPath/$dstFile" diff --git a/pkgs/build-support/fetchcvs/nix-prefetch-cvs b/pkgs/build-support/fetchcvs/nix-prefetch-cvs index 4438f44026f2a..1b47daa77db3d 100755 --- a/pkgs/build-support/fetchcvs/nix-prefetch-cvs +++ b/pkgs/build-support/fetchcvs/nix-prefetch-cvs @@ -20,7 +20,9 @@ fi mkTempDir() { - tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-cvs-XXXXXXXX")" + # nix>=2.20 rejects adding symlinked paths to the store, so use realpath + # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 + tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-cvs-XXXXXXXX")")" trap removeTempDir EXIT } diff --git a/pkgs/build-support/fetchgit/nix-prefetch-git b/pkgs/build-support/fetchgit/nix-prefetch-git index 1e8ac0ec66ef9..bcb7b434d948b 100755 --- a/pkgs/build-support/fetchgit/nix-prefetch-git +++ b/pkgs/build-support/fetchgit/nix-prefetch-git @@ -454,7 +454,9 @@ else # download the file and add it to the store. if test -z "$finalPath"; then - tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/git-checkout-tmp-XXXXXXXX")" + # nix>=2.20 rejects adding symlinked paths to the store, so use realpath + # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 + tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/git-checkout-tmp-XXXXXXXX")")" exit_handlers+=(remove_tmpPath) tmpFile="$tmpPath/$(url_to_name "$url" "$rev")" diff --git a/pkgs/build-support/fetchhg/nix-prefetch-hg b/pkgs/build-support/fetchhg/nix-prefetch-hg index 94c6b1ec6945c..bd40a609f5dd2 100755 --- a/pkgs/build-support/fetchhg/nix-prefetch-hg +++ b/pkgs/build-support/fetchhg/nix-prefetch-hg @@ -43,7 +43,9 @@ fi # download the file and add it to the store. if [[ -z "$finalPath" ]]; then - tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/hg-checkout-tmp-XXXXXXXX")" + # nix>=2.20 rejects adding symlinked paths to the store, so use realpath + # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 + tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/hg-checkout-tmp-XXXXXXXX")")" cleanup() { x=$?; rm -rf "$tmpPath"; exit $x; }; trap cleanup EXIT tmpArchive="$tmpPath/hg-archive" diff --git a/pkgs/build-support/fetchsvn/nix-prefetch-svn b/pkgs/build-support/fetchsvn/nix-prefetch-svn index 03b9eb9a03dfd..8adbe803f2ec2 100755 --- a/pkgs/build-support/fetchsvn/nix-prefetch-svn +++ b/pkgs/build-support/fetchsvn/nix-prefetch-svn @@ -41,7 +41,9 @@ fi # If we don't know the hash or a path with that hash doesn't exist, # download the file and add it to the store. if test -z "$finalPath"; then - tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/svn-checkout-tmp-XXXXXXXX")" + # nix>=2.20 rejects adding symlinked paths to the store, so use realpath + # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 + tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/svn-checkout-tmp-XXXXXXXX")")" trap "rm -rf \"$tmpPath\"" EXIT tmpFile="$tmpPath/$dstFile" From 6cb8c5ec01dbd02c75a6fe396bfaea22405f99ab Mon Sep 17 00:00:00 2001 From: Jonathan del Strother Date: Mon, 25 Nov 2024 09:22:09 +0000 Subject: [PATCH 2/2] build-support: Simplify tmpdir creation with coreutils macOS 10.12 doesn't have a usable --tmpdir flag on the builtin mktemp, but we can make use of coreutil's mktemp instead. --- pkgs/build-support/docker/nix-prefetch-docker | 2 +- pkgs/build-support/docker/nix-prefetch-docker.nix | 4 ++-- pkgs/build-support/fetchbzr/nix-prefetch-bzr | 2 +- pkgs/build-support/fetchcvs/nix-prefetch-cvs | 2 +- pkgs/build-support/fetchgit/nix-prefetch-git | 3 +-- pkgs/build-support/fetchhg/nix-prefetch-hg | 3 +-- pkgs/build-support/fetchsvn/nix-prefetch-svn | 2 +- .../tools/package-management/nix-prefetch-scripts/default.nix | 4 ++-- 8 files changed, 10 insertions(+), 12 deletions(-) diff --git a/pkgs/build-support/docker/nix-prefetch-docker b/pkgs/build-support/docker/nix-prefetch-docker index 7104e155e0ec7..20c2190cc9c90 100755 --- a/pkgs/build-support/docker/nix-prefetch-docker +++ b/pkgs/build-support/docker/nix-prefetch-docker @@ -123,7 +123,7 @@ sourceUrl="docker://$imageName@$imageDigest" # nix>=2.20 rejects adding symlinked paths to the store, so use realpath # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 -tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/skopeo-copy-tmp-XXXXXXXX")")" +tmpPath="$(realpath "$(mktemp -d --tmpdir skopeo-copy-tmp-XXXXXXXX)")" trap "rm -rf \"$tmpPath\"" EXIT tmpFile="$tmpPath/$(get_name $finalImageName $finalImageTag)" diff --git a/pkgs/build-support/docker/nix-prefetch-docker.nix b/pkgs/build-support/docker/nix-prefetch-docker.nix index 18accd135c04e..fac192e7eef9a 100644 --- a/pkgs/build-support/docker/nix-prefetch-docker.nix +++ b/pkgs/build-support/docker/nix-prefetch-docker.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, makeWrapper, nix, skopeo, jq }: +{ lib, stdenv, makeWrapper, nix, skopeo, jq, coreutils }: stdenv.mkDerivation { name = "nix-prefetch-docker"; @@ -10,7 +10,7 @@ stdenv.mkDerivation { installPhase = '' install -vD ${./nix-prefetch-docker} $out/bin/$name; wrapProgram $out/bin/$name \ - --prefix PATH : ${lib.makeBinPath [ nix skopeo jq ]} \ + --prefix PATH : ${lib.makeBinPath [ nix skopeo jq coreutils ]} \ --set HOME /homeless-shelter ''; diff --git a/pkgs/build-support/fetchbzr/nix-prefetch-bzr b/pkgs/build-support/fetchbzr/nix-prefetch-bzr index 2b7a4ccfb39ad..2e6b0f24d05d4 100755 --- a/pkgs/build-support/fetchbzr/nix-prefetch-bzr +++ b/pkgs/build-support/fetchbzr/nix-prefetch-bzr @@ -44,7 +44,7 @@ fi if test -z "$finalPath"; then # nix>=2.20 rejects adding symlinked paths to the store, so use realpath # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 - tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/bzr-checkout-tmp-XXXXXXXX")")" + tmpPath="$(realpath "$(mktemp -d --tmpdir bzr-checkout-tmp-XXXXXXXX)")" trap "rm -rf \"$tmpPath\"" EXIT tmpFile="$tmpPath/$dstFile" diff --git a/pkgs/build-support/fetchcvs/nix-prefetch-cvs b/pkgs/build-support/fetchcvs/nix-prefetch-cvs index 1b47daa77db3d..6b8fcf5f82c67 100755 --- a/pkgs/build-support/fetchcvs/nix-prefetch-cvs +++ b/pkgs/build-support/fetchcvs/nix-prefetch-cvs @@ -22,7 +22,7 @@ fi mkTempDir() { # nix>=2.20 rejects adding symlinked paths to the store, so use realpath # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 - tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-cvs-XXXXXXXX")")" + tmpPath="$(realpath "$(mktemp -d --tmpdir nix-prefetch-csv-XXXXXXXX)")" trap removeTempDir EXIT } diff --git a/pkgs/build-support/fetchgit/nix-prefetch-git b/pkgs/build-support/fetchgit/nix-prefetch-git index bcb7b434d948b..69f35dc3bea0e 100755 --- a/pkgs/build-support/fetchgit/nix-prefetch-git +++ b/pkgs/build-support/fetchgit/nix-prefetch-git @@ -453,10 +453,9 @@ else # If we don't know the hash or a path with that hash doesn't exist, # download the file and add it to the store. if test -z "$finalPath"; then - # nix>=2.20 rejects adding symlinked paths to the store, so use realpath # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 - tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/git-checkout-tmp-XXXXXXXX")")" + tmpPath="$(realpath "$(mktemp -d --tmpdir git-checkout-tmp-XXXXXXXX)")" exit_handlers+=(remove_tmpPath) tmpFile="$tmpPath/$(url_to_name "$url" "$rev")" diff --git a/pkgs/build-support/fetchhg/nix-prefetch-hg b/pkgs/build-support/fetchhg/nix-prefetch-hg index bd40a609f5dd2..2199ccdbf4afb 100755 --- a/pkgs/build-support/fetchhg/nix-prefetch-hg +++ b/pkgs/build-support/fetchhg/nix-prefetch-hg @@ -42,10 +42,9 @@ fi # If we don't know the hash or a path with that hash doesn't exist, # download the file and add it to the store. if [[ -z "$finalPath" ]]; then - # nix>=2.20 rejects adding symlinked paths to the store, so use realpath # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 - tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/hg-checkout-tmp-XXXXXXXX")")" + tmpPath="$(realpath "$(mktemp -d --tmpdir hg-checkout-tmp-XXXXXXXX)")" cleanup() { x=$?; rm -rf "$tmpPath"; exit $x; }; trap cleanup EXIT tmpArchive="$tmpPath/hg-archive" diff --git a/pkgs/build-support/fetchsvn/nix-prefetch-svn b/pkgs/build-support/fetchsvn/nix-prefetch-svn index 8adbe803f2ec2..1164b484373ab 100755 --- a/pkgs/build-support/fetchsvn/nix-prefetch-svn +++ b/pkgs/build-support/fetchsvn/nix-prefetch-svn @@ -43,7 +43,7 @@ fi if test -z "$finalPath"; then # nix>=2.20 rejects adding symlinked paths to the store, so use realpath # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941 - tmpPath="$(realpath "$(mktemp -d "${TMPDIR:-/tmp}/svn-checkout-tmp-XXXXXXXX")")" + tmpPath="$(realpath "$(mktemp -d --tmpdir svn-checkout-tmp-XXXXXXXX)")" trap "rm -rf \"$tmpPath\"" EXIT tmpFile="$tmpPath/$dstFile" diff --git a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix index aca8c2fbb4de8..47f4e5d07d089 100644 --- a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix +++ b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix @@ -13,7 +13,7 @@ let mkPrefetchScript = tool: src: deps: installPhase = '' install -vD ${src} $out/bin/$name; wrapProgram $out/bin/$name \ - --prefix PATH : ${lib.makeBinPath (deps ++ [ gnused nix ])} \ + --prefix PATH : ${lib.makeBinPath (deps ++ [ coreutils gnused nix ])} \ --set HOME /homeless-shelter ''; @@ -28,7 +28,7 @@ let mkPrefetchScript = tool: src: deps: in rec { nix-prefetch-bzr = mkPrefetchScript "bzr" ../../../build-support/fetchbzr/nix-prefetch-bzr [ breezy ]; nix-prefetch-cvs = mkPrefetchScript "cvs" ../../../build-support/fetchcvs/nix-prefetch-cvs [ cvs ]; - nix-prefetch-git = mkPrefetchScript "git" ../../../build-support/fetchgit/nix-prefetch-git [ coreutils findutils gawk git git-lfs ]; + nix-prefetch-git = mkPrefetchScript "git" ../../../build-support/fetchgit/nix-prefetch-git [ findutils gawk git git-lfs ]; nix-prefetch-hg = mkPrefetchScript "hg" ../../../build-support/fetchhg/nix-prefetch-hg [ mercurial ]; nix-prefetch-svn = mkPrefetchScript "svn" ../../../build-support/fetchsvn/nix-prefetch-svn [ subversion ];