Unpack phase: Permission denied

Help
1

Hi everyone,

I am trying to make a simple derivation working but getting permission denied error. I believe this is a recommended way to do so and I have done the same for plenty of the other npm packages and it worked. However, the same approach doesn’t work for this particular npm package: char-regex-1.0.2. Please refer to the below.

{ nixpkgs }:

with nixpkgs;

let
  charRegex = stdenv.mkDerivation rec {
    pname = "char-regex";
    version = "1.0.2";
    src = fetchurl {
      url = "https://registry.yarnpkg.com/${pname}/-/${pname}-${version}.tgz";
      sha1 = "d744358226217f981ed58f479b1d6bcc29545dcf";
    };
    installPhase = ''
      runHook preInstall

      mkdir -p "$out/lib/node_modules/${pname}"
      cp -r . "$out/lib/node_modules/${pname}"

      runHook postInstall
    '';
  };

in stdenv.mkDerivation {
  name = "example-env";
  buildInputs = [ nodejs ];
  NODE_PATH = "${charRegex}/lib/node_modules";
}

And then getting an error:

$ nix-shell --pure ./example.nix
these derivations will be built:
  /nix/store/1hyfs1z08lwircjsd8lzlf9rfak0zy3m-char-regex-1.0.2.drv
building '/nix/store/1hyfs1z08lwircjsd8lzlf9rfak0zy3m-char-regex-1.0.2.drv'...
unpacking sources
unpacking source archive /nix/store/v9p98kqplf4kflmy91p0687xlvr6klb1-char-regex-1.0.2.tgz
source root is package
chmod: cannot access 'package/LICENSE': Permission denied
chmod: cannot access 'package/index.js': Permission denied
chmod: cannot access 'package/README.md': Permission denied
chmod: cannot access 'package/package.json': Permission denied
chmod: cannot access 'package/index.d.ts': Permission denied
builder for '/nix/store/1hyfs1z08lwircjsd8lzlf9rfak0zy3m-char-regex-1.0.2.drv' failed with exit code 1
error: build of '/nix/store/1hyfs1z08lwircjsd8lzlf9rfak0zy3m-char-regex-1.0.2.drv' failed

Can you please help to understand the issue and work out a way to fix that?

Cheers,
Oleg

2

You can’t write to the nix store.

charRegex is a separate derivation, so when you go to run your other package build, the charRegex will be read-only. This is why you are getting permission issues, node is trying to change the permissions of something in the nix store. To solve this, you should probably copy charRegex into a write-able directory, then point NODE_PATH to it.

3

Yeah, I know that the nix store is read-only when you have a derivation built and operational. The error is happening during the derivation build cycle. In particular, nix tries to unpack the source and throwing an error, I think, during unpackPhase execution.

So I am wondering if there is a hook/hack to make this kind of thing work? Like, override unpackPhase with sudo or something. Any suggestions are appreciated.

Please note, I have built a number of npm modules in exactly the same way and they seem to be working fine but not the charRegex :man_shrugging:

4

I apologize, you’re correct. GitHub - Richienb/char-regex: A regex to match any full character, considering weird character ranges. did not cut a release correctly, as the unpacked directory doesn’t have execute permission, so you can’t inspect it.

$ nix-shell tmp.nix
this derivation will be built:
  /nix/store/k9g0cavgrxz1c8x7nzm3zkrcmwm5qcfv-char-regex-1.0.2.tgz.drv
building '/nix/store/k9g0cavgrxz1c8x7nzm3zkrcmwm5qcfv-char-regex-1.0.2.tgz.drv'...

trying https://registry.yarnpkg.com/char-regex/-/char-regex-1.0.2.tgz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2476  100  2476    0     0   8065      0 --:--:-- --:--:-- --:--:--  8065

[nix-shell:/home/jon/projects/nixpkgs]$ unpackPhase
unpacking source archive /nix/store/v9p98kqplf4kflmy91p0687xlvr6klb1-char-regex-1.0.2.tgz
source root is package
chmod: cannot access 'package/README.md': Permission denied
chmod: cannot access 'package/index.js': Permission denied
chmod: cannot access 'package/LICENSE': Permission denied
chmod: cannot access 'package/index.d.ts': Permission denied
chmod: cannot access 'package/package.json': Permission denied
find: ‘package/README.md’: Permission denied
find: ‘package/index.js’: Permission denied
find: ‘package/LICENSE’: Permission denied
find: ‘package/index.d.ts’: Permission denied
find: ‘package/package.json’: Permission denied

[nix-shell:/home/jon/projects/nixpkgs]$ mkdir tmp

[nix-shell:/home/jon/projects/nixpkgs]$ cd tmp/

[nix-shell:/home/jon/projects/nixpkgs/tmp]$ tar xf /nix/store/v9p98kqplf4kflmy91p0687xlvr6klb1-char-regex-1.0.2.tgz

[nix-shell:/home/jon/projects/nixpkgs/tmp]$ ls
package

[nix-shell:/home/jon/projects/nixpkgs/tmp]$ cd package/
bash: cd: package/: Permission denied

[nix-shell:/home/jon/projects/nixpkgs/tmp]$ ls -l
drw-r--r-- - jon 18 Feb  2020 package

[nix-shell:/home/jon/projects/nixpkgs/tmp]$ chmod +x package/

[nix-shell:/home/jon/projects/nixpkgs/tmp]$ ls
package

[nix-shell:/home/jon/projects/nixpkgs/tmp]$ cd package/
index.d.ts  index.js  LICENSE  package.json  README.md
5

Yeah, the package directory lacks the execution permission bit in the archive:

$ lesspipe /nix/store/v9p98kqplf4kflmy91p0687xlvr6klb1-char-regex-1.0.2.tgz
drw-rw-rw- 0/0               0 2020-02-18 10:50 package
-rw-rw-rw- 0/0             297 2020-02-18 10:50 package/index.d.ts
-rw-rw-rw- 0/0            1920 2020-02-18 10:50 package/index.js
-rw-rw-rw- 0/0            1092 2020-01-31 11:31 package/LICENSE
-rw-rw-rw- 0/0             937 2020-02-18 10:51 package/package.json
-rw-rw-rw- 0/0             713 2020-02-18 10:50 package/README.md

For now, you can work around it using

    dontMakeSourcesWritable = true;

    postUnpack = ''
      chmod +x package
    '';
3 Likes