-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CLI symlink fixes #12046
base: master
Are you sure you want to change the base?
CLI symlink fixes #12046
Conversation
@mergify rebase |
✅ Branch has been successfully rebased |
6a91e0f
to
e762825
Compare
e762825
to
8b53c6c
Compare
Tests seem to pass now. @roberth do you want to squash things a bit, so we can backport patches? |
abd9287
to
0c9be56
Compare
|
5b521cf
to
12d4c8d
Compare
src/libutil/posix-source-accessor.hh
Outdated
* callers do not accidentally introduce symlink-related security vulnerabilities. | ||
* Furthermore, `createAtRoot` does not know whether the file pointed to by | ||
* `path` should be resolved if it is itself a symlink. In other words, | ||
* `createAtRoot` can not decide between aforemention `canonical`, `makeParentCanonical`, etc. for its callers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* `createAtRoot` can not decide between aforemention `canonical`, `makeParentCanonical`, etc. for its callers. | |
* `createAtRoot` can not decide between aforementioned `canonical`, `makeParentCanonical`, etc. for its callers. |
src/nix/hash.cc
Outdated
@@ -87,18 +87,35 @@ struct CmdHashBase : Command | |||
return std::make_unique<HashSink>(hashAlgo); | |||
}; | |||
|
|||
auto path2 = PosixSourceAccessor::createAtRoot(path); | |||
auto makeSourcePath = [&]() -> SourcePath { | |||
return PosixSourceAccessor::createAtRoot(std::filesystem::weakly_canonical(path)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return PosixSourceAccessor::createAtRoot(std::filesystem::weakly_canonical(path)); | |
return PosixSourceAccessor::createAtRoot(makeParentCanonical(path)); |
Needs test!
src/nix/hash.cc
Outdated
h = hashSink->finish().first; | ||
break; | ||
} | ||
case FileIngestionMethod::Git: { | ||
auto sourcePath = PosixSourceAccessor::createAtRoot(path); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
auto sourcePath = PosixSourceAccessor::createAtRoot(path); | |
auto sourcePath = makeSourcePath(); |
# nix hash --mode nar does not canonicalize a symlink argument. | ||
# Otherwise it can't generate a NAR whose root is a symlink. | ||
# If you want to follow the symlink, pass $(realpath -s ...) instead. | ||
ln -s /non-existent-48cujwe8ndf4as0bne "$TEST_ROOT/symlink-to-nowhere" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ln -s /non-existent-48cujwe8ndf4as0bne "$TEST_ROOT/symlink-to-nowhere" | |
ln -s /non-existent-48cujwe8ndf4as0bne "$TEST_ROOT/symlink-to-nowhere" | |
[[ -e /bin ]] # assumption | |
ln -s /bin "$TEST_ROOT/symlink-to-bin" |
or something, do both.
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/2024-12-16-nix-team-meeting-minutes-203/57483/1 |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/2024-12-18-nix-team-meeting-minutes-204/57602/1 |
Tested with nix run nix/2.3-maintenance#nix-store -- --add some_symlink nix run nix/2.3-maintenance#nix-store -- --add-fixed sha256 --recursive some_symlink
12d4c8d
to
518538b
Compare
Please undraft, if you need a new review. |
…makeParentCanonical I'd messed up a rebase in my previous iteration, causing `weakly_canonical` to reappear, but not trigger a test failure. These two functions behave similarly when the argument is a path that points to a broken symlink. `weakly_canonical` would not resolve it because the target doesn't exist, and `makeParentCanonical` would not resolve it, because it never resolves the final path element. This new test case now also tests a valid symlink, "differentiating" the two.
Thanks for the reminder. I was still adding a regression test, 73871f2 when I was interrupted (rudely ;) ) by the maintainer meeting today. |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/2024-12-23-nix-team-meeting-minutes-205/57783/1 |
Motivation
PosixSourceAccessor
does not operate on non-canonical paths, yet manycreateAtRoot
calls did not canonicalize their inputs.See commit messages and comments for details.
Probably more
createAtRoot
calls need this kind of treatment, but that's not a prerequisite for reviewing what's probably the bulk of the change, and the ideas behind it.Context
nix-store --add-fixed
no longer accepts symlinks #11941error: path '/dev/fd/63' is a symlink
on Arch Linux #11681Add 👍 to pull requests you find important.
The Nix maintainer team uses a GitHub project board to schedule and track reviews.