From 4652345ac3ca3a804fe6176df8a429d518e58ee5 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Sun, 7 Dec 2025 11:30:46 -0500 Subject: [PATCH] Fix Non-virtual interface pattern for `RestrictedStore::addDependency` I didn't do things quite right in 496e43ec72643ad4fc48ce15e6b7220763e823a8: - Forgot to remove the now-redundant `isAllowed` check. - Called the non-virtual, not the superclass's impl, in `addDependencyPrep`, causing bad recursion / UB. Doing this fixes a crash I encountered with manual testing an Nix Ninja --- hopefully we will get Nix Ninja or similar in a NixOS test longer term to defend against this thing happening again. --- src/libstore/unix/build/chroot-derivation-builder.cc | 2 +- src/libstore/unix/build/linux-derivation-builder.cc | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/src/libstore/unix/build/chroot-derivation-builder.cc b/src/libstore/unix/build/chroot-derivation-builder.cc index 2e5299972..354a604f5 100644 --- a/src/libstore/unix/build/chroot-derivation-builder.cc +++ b/src/libstore/unix/build/chroot-derivation-builder.cc @@ -181,7 +181,7 @@ struct ChrootDerivationBuilder : virtual DerivationBuilderImpl std::pair addDependencyPrep(const StorePath & path) { - DerivationBuilderImpl::addDependency(path); + DerivationBuilderImpl::addDependencyImpl(path); debug("materialising '%s' in the sandbox", store.printStorePath(path)); diff --git a/src/libstore/unix/build/linux-derivation-builder.cc b/src/libstore/unix/build/linux-derivation-builder.cc index 95ef7eafe..d15e6e1ae 100644 --- a/src/libstore/unix/build/linux-derivation-builder.cc +++ b/src/libstore/unix/build/linux-derivation-builder.cc @@ -711,9 +711,6 @@ struct ChrootLinuxDerivationBuilder : ChrootDerivationBuilder, LinuxDerivationBu void addDependencyImpl(const StorePath & path) override { - if (isAllowed(path)) - return; - auto [source, target] = ChrootDerivationBuilder::addDependencyPrep(path); /* Bind-mount the path into the sandbox. This requires