diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2004-10-20 14:40:54 +0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2004-10-20 14:40:54 +0000 |
commit | 88888160d239ed68118ba1d5f94cad0a0ca7521f (patch) | |
tree | 1b628cc912dc589acc5b21554d8d86545be0aad5 | |
parent | 99da51d4debda195d8d264b9c060fe4304359e4f (diff) | |
download | guix-88888160d239ed68118ba1d5f94cad0a0ca7521f.tar.gz |
* Fix nix-prefetch-url in setuid Nix installations.
-rw-r--r-- | scripts/nix-prefetch-url.in | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/scripts/nix-prefetch-url.in b/scripts/nix-prefetch-url.in index 45b3ed7ee7..8fc82c11b8 100644 --- a/scripts/nix-prefetch-url.in +++ b/scripts/nix-prefetch-url.in @@ -7,9 +7,18 @@ if test -z "$url"; then exit 1 fi -# !!! race? should be relatively safe, `svn export' barfs if $tmpPath exists. +# !!! race tmpPath1=@storedir@/nix-prefetch-url-$$ +# Test whether we have write permission in the store. If not, fetch +# to /tmp and don't copy to the store. This is a hack to make this +# script at least work somewhat in setuid installations. +if ! touch $tmpPath1 2> /dev/null; then + echo "(cannot write to the store, result won't be cached)" >&2 + dummyMode=1 + tmpPath1=/tmp/nix-prefetch-url-$$ # !!! security? +fi + # Perform the checkout. @curl@ --fail --location --max-redirs 20 "$url" > $tmpPath1 @@ -17,22 +26,24 @@ tmpPath1=@storedir@/nix-prefetch-url-$$ hash=$(@bindir@/nix-hash --flat $tmpPath1) echo "hash is $hash" >&2 -# Rename it so that the fetchsvn builder can find it. -tmpPath2=@storedir@/nix-prefetch-url-$hash -test -e $tmpPath2 || mv $tmpPath1 $tmpPath2 # !!! race +# Rename it so that the fetchurl builder can find it. +if test "$dummyMode" != 1; then + tmpPath2=@storedir@/nix-prefetch-url-$hash + test -e $tmpPath2 || mv $tmpPath1 $tmpPath2 # !!! race +fi -# Create a Nix expression that does a fetchsvn. +# Create a Nix expression that does a fetchurl. storeExpr=$( \ - echo "(import @datadir@/nix/corepkgs/fetchurl) \ + echo "(import @datadir@/nix/corepkgs/fetchurl) \ {url = $url; md5 = \"$hash\"; system = \"@system@\";}" \ - | @bindir@/nix-instantiate -) + | @bindir@/nix-instantiate -) # Realise it. finalPath=$(@bindir@/nix-store -qnB --force-realise $storeExpr) - + echo "path is $finalPath" >&2 -rm -rf $tmpPath2 || true +rm -rf $tmpPath1 $tmpPath2 || true echo $hash |