autoPatchElf: suspicious ownership or permission on '/nix/store/.../thorium1.6.0'; rejecting this build output

hi all, trying to autoPatchElf the .deb binary of epub reader thorium, following instructions (item 4) at https://unix.stackexchange.com/questions/522822/different-methods-to-run-a-non-nixos-executable-on-nixos
I first tried running thorium in a fhs shell (method 5 of above link) and that works.

When I adapted my derivation.nix to method 4, nix-build seems to find the dependencies but then stops with error:
suspicious ownership or permission on ‘/nix/store/c58hxq4vq4xww2i01fyhxzx493zw7piw-thorium1.6.0’; rejecting this build output
error: build of ‘/nix/store/mmblhcqr7chisda8b4y5x5fnwzhk3jhp-thorium1.6.0.drv’ failed

Ran nix-build as root and normal user, both fail the same.

A google/duck search didn’t help. Any ideas?

Here the derivation.nix and default.nix. I’m not sure about the installPhase section of the derivation.nix yet either.

default.nix:

{ pkgs ? import <nixpkgs> {} }:

pkgs.callPackage ./derivation.nix {}

derivation.nix

{ stdenv, dpkg, glibc, gcc-unwrapped, autoPatchelfHook, glib, libudev, nss, nspr, atk, at, libX11, libxcb, dbus, gdk-pixbuf, gtk3-x11, pango, cairo, libXcomposite, libXdamage, libXext, libXfixes, libXrandr, expat, libdrm, libxkbcommon, mesa, alsaLib, cups, at-spi2-core, at-spi2-atk }:
let

  # Please keep the version x.y.0.z and do not update to x.y.76.z because the
  # source of the latter disappears much faster.
  version = "1.6.0";

  src = ./EDRLab.ThoriumReader_1.6.0_amd64.deb;

in stdenv.mkDerivation {
  name = "thorium${version}";

  system = "x86_64-linux";

  inherit src;

  # Required for compilation
  nativeBuildInputs = [
    autoPatchelfHook # Automatically setup the loader, and do the magic
    dpkg
  ];

  # Required at running time
  buildInputs = [
    glibc
    gcc-unwrapped
    glib
    libudev
    nss
    nspr
    atk
    at
    libX11
    libxcb
    dbus
    gdk-pixbuf
    gtk3-x11
    pango
    cairo 
    libXcomposite
    libXdamage
    libXext
    libXfixes
    libXrandr
    expat
    libdrm
    libxkbcommon
    mesa
    alsaLib
    cups
    at-spi2-core
    at-spi2-atk
  ];

  unpackPhase = "true";

  # Extract and copy executable in $out/bin
  installPhase = ''
    mkdir -p $out
    dpkg -x $src $out
    cp -av $out/opt/Thorium/* $out
    rm -rf $out/opt
  '';

  meta = with stdenv.lib; {
    description = "thorium";
    homepage = https://www.later/;
    license = licenses.mit;
    maintainers = with stdenv.lib.maintainers; [ ];
    platforms = [ "x86_64-linux" ];
  };
}

having a quick look at this, your running dpkg -x $src $out , so maybe that is creating file and then doing a chown/chmod in someway.

at the end of install phase try doing a

ls -lahR $out

and see what you get.

1 Like

thanks I found the fix:
just add chmod 755 “$out” after the dpkg extraction, and it works.
Now the binary segfaults, but that is another issue :slight_smile:

1 Like

nix likes source code! Patchelf on binaries and other linker tricks can only do so much. Binaries are not FOSS. It’s plain and simple. It’s just by this property that nix, gentoo guix etc etc, have stronger FOSS properties than the other linux systems out there…

interesting huh!

For segfaults, i find strace and gdb to be of great help. Especially if you can find a binary that has not been stripped of it’s debug symbols.

good luck.

2 Likes