civodul pushed a commit to branch master
in repository guix.
commit bdd7b9a45d650ed45a1569cbc4ed971b52728104
Author: Ludovic Courtès <[email protected]>
AuthorDate: Fri Feb 14 17:29:56 2025 +0100
daemon: Move comments where they belong.
* nix/libstore/build.cc (DerivationGoal::startBuilder): Shuffle
comments for clarity.
Change-Id: I6557c103ade4a3ab046354548ea193c68f8c9c05
---
nix/libstore/build.cc | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index e6a139eb0d..d0fcc99854 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1870,18 +1870,19 @@ void DerivationGoal::startBuilder()
}
dirsInChroot[tmpDirInSandbox] = tmpDir;
- /* Make the closure of the inputs available in the chroot,
- rather than the whole store. This prevents any access
- to undeclared dependencies. !!! As an extra security
- precaution, make the fake store only writable by the
- build user. */
+ /* Create the fake store. */
Path chrootStoreDir = chrootRootDir + settings.nixStore;
createDirs(chrootStoreDir);
chmod_(chrootStoreDir, 01775);
if (buildUser.enabled() && chown(chrootStoreDir.c_str(), 0,
buildUser.getGID()) == -1)
- throw SysError(format("cannot change ownership of ‘%1%’") %
chrootStoreDir);
+ /* As an extra security precaution, make the fake store only
+ writable by the build user. */
+ throw SysError(format("cannot change ownership of ‘%1%’") %
chrootStoreDir);
+ /* Make the closure of the inputs available in the chroot, rather than
+ the whole store. This prevents any access to undeclared
+ dependencies. */
foreach (PathSet::iterator, i, inputPaths) {
struct stat st;
if (lstat(i->c_str(), &st))
