diff options
| author | Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> | 2017-12-16 20:21:26 +0200 |
|---|---|---|
| committer | Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> | 2017-12-17 01:19:05 +0200 |
| commit | c9f71974f8b7f277bae859a8c71289e92be7c49b (patch) | |
| tree | 96f01d1988918a302b7eb30891927c783685037b /nixos | |
| parent | e0029419ddd6fd1ed2b67f007738748e21e4e7c8 (diff) | |
| download | nixlib-c9f71974f8b7f277bae859a8c71289e92be7c49b.tar nixlib-c9f71974f8b7f277bae859a8c71289e92be7c49b.tar.gz nixlib-c9f71974f8b7f277bae859a8c71289e92be7c49b.tar.bz2 nixlib-c9f71974f8b7f277bae859a8c71289e92be7c49b.tar.lz nixlib-c9f71974f8b7f277bae859a8c71289e92be7c49b.tar.xz nixlib-c9f71974f8b7f277bae859a8c71289e92be7c49b.tar.zst nixlib-c9f71974f8b7f277bae859a8c71289e92be7c49b.zip | |
make-disk-image.nix: Remove write permissions from /nix/store
Fakeroot seems to always give the owner write bit to any files touched inside it (presumably to easily simulate the fact that root can still modify such files). So do an explicit chmod to remove them. This should finally solve #32242 after the EC2 images are regenerated with this change. https://hydra.nixos.org/build/66143116
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/lib/make-disk-image.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index d67ca0e527ee..b12cf68fd36d 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -129,6 +129,9 @@ let format' = format; in let # TODO: Nix really likes to chown things it creates to its current user... fakeroot nixos-prepare-root $root ${channelSources} ${config.system.build.toplevel} closure + # fakeroot seems to always give the owner write permissions, which we do not want + find $root/nix/store -mindepth 1 -maxdepth 1 -type f -o -type d -exec chmod -R a-w '{}' \; + echo "copying staging root to image..." cptofs ${optionalString partitioned "-P 1"} -t ${fsType} -i $diskImage $root/* / ''; |