daemon: Flush the sink upon 'exportPath' errors.

Prior to this change, errors such as wrong permissions on
/etc/guix/signing-key.sec would give:

  guix-daemon: nix/libutil/serialise.cc:15: virtual nix::BufferedSink::~BufferedSink(): Assertion `!bufPos' failed.

This patch correctly propagates the error to the client and thus changes
that to:

  error: build failed: file `/etc/guix/signing-key.sec' should be secret (inaccessible to everybody else)!

* nix/nix-daemon/nix-daemon.cc (performOp): Wrap 'exportPath' call in
'try' block.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>

1 files changed, 9 insertions, 1 deletions

diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 7d26b61354..deb7003d7e 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -436,7 +436,15 @@ static void performOp(bool trusted, unsigned int clientVersion,
         bool sign = readInt(from) == 1;
         startWork();
         TunnelSink sink(to);
-        store->exportPath(path, sign, sink);
+	try {
+	    store->exportPath(path, sign, sink);
+	}
+	catch (Error &e) {
+	    /* Flush SINK beforehand or its destructor will rightfully trigger
+	       an assertion failure.  */
+	    sink.flush();
+	    throw e;
+	}
         sink.flush();
         stopWork();
         writeInt(1, to);