Hello, this is my first post here.
As a nix newbie I made a mistake involving $src and $sourceRoot because I did not understand what I was doing. It looked like this:
sourceRoot = "${src}/someSubFolder";
patches = [ ... ];
I know, this is outrageous…
However, in retrospect, I’m surprised that this did not cause my build to fail with some permission error. It failed when I built it again with slight changes (same src, sourceRoot and patches), though, because the patch had already been applied. It means that nix-build has modified the content of an already existing output. In doing so, it has even modified the access rights of some of the directories in that output.
Note: Since I am on Linux and did not configure anything, I believe my builds are sandboxed.
I though that nix was taking care of only giving write access to the outputs, am I wrong? I can’t find any reference about that, though and could only find the following in the nix 1.2 release notes:
Nix no longer sets the immutable bit on files in the Nix store. Instead, the recommended way to guard the Nix store against accidental modification on Linux is to make it a read-only bind mount, like this:
$ mount --bind /nix/store /nix/store
$ mount -o remount,ro,bind /nix/storeNix will automatically make
/nix/store
writable as needed (using a private mount namespace) to allow modifications.
It seems that the advice above would not have prevented my mistake to mutate the store, though. Am I missing something? Should I make a bug report or is this “undefined behaviour”?
PS: it is an instance of the “odd uses of $src” listed in Odd uses of $src in packages but seemed more “plain wrong” that “odd”, so I settled for creating a new thread.