nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-15 15:02:42 +01:00
Code Activity

Don’t hardlink disallowed paths in OS X.

Browse source 
Fixes #1443

(cherry picked from commit 72e80c59b5)
This commit is contained in:
Matthew Bauer 2017-07-06 13:42:12 -07:00 committed by Eelco Dolstra
parent 9943f98c35
commit 5a7d00ced8
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/libstore/optimise-store.cc
View file

@ -10,6 +10,7 @@
#include <unistd.h> #include <unistd.h>
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
#include <regex>
namespace nix { namespace nix {
@ -97,6 +98,19 @@ void LocalStore::optimisePath_(OptimiseStats & stats, const Path & path, InodeHa
if (lstat(path.c_str(), &st)) if (lstat(path.c_str(), &st))
throw SysError(format("getting attributes of path %1%") % path); throw SysError(format("getting attributes of path %1%") % path);
#if __APPLE__
/* HFS/OS X has some undocumented security feature disabling hardlinking for
special files within .app dirs. *.app/Contents/PkgInfo and
*.app/Contents/Resources/\*.lproj seem to be the only paths affected. See
https://github.com/NixOS/nix/issues/1443 for more discussion. */
if (std::regex_search(path, std::regex("\\.app/Contents/PkgInfo$")) ||
std::regex_search(path, std::regex("\\.app/Contents/Resources/.+\\.lproj$"))) {
debug(format("%1% is not allowed to be linked in OS X") % path);
return;
}
#endif
if (S_ISDIR(st.st_mode)) { if (S_ISDIR(st.st_mode)) {
Strings names = readDirectoryIgnoringInodes(path, inodeHash); Strings names = readDirectoryIgnoringInodes(path, inodeHash);
for (auto & i : names) for (auto & i : names)