kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

fetchzip: remove write permissions for unpacked files

Browse Source 
Fixes https://github.com/NixOS/nixpkgs/issues/38649
wip/yesman
MetaDark 4 years ago committed by Kira Bruneau
parent ea84f9d409
commit 4a5c49363a
5 changed files with 7 additions and 9 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      pkgs/applications/editors/eclipse/plugins.nix
  2. 1
      pkgs/applications/misc/ipmicfg/default.nix
  3. 1
      pkgs/applications/office/atlassian-cli/default.nix
  4. 9
      pkgs/build-support/fetchzip/default.nix
  5. 2
      pkgs/servers/web-apps/engelsystem/default.nix

3
pkgs/applications/editors/eclipse/plugins.nix
Unescape View File

@ -355,9 +355,6 @@ rec {
url = "https://download.jboss.org/drools/release/${version}/droolsjbpm-tools-distribution-${version}.zip";
sha512 = "2qzc1iszqfrfnw8xip78n3kp6hlwrvrr708vlmdk7nv525xhs0ssjaxriqdhcr0s6jripmmazxivv3763rnk2bfkh31hmbnckpx4r3m";
extraPostFetch = ''
# work around https://github.com/NixOS/nixpkgs/issues/38649
chmod go-w $out;
# update site is a couple levels deep, alongside some other irrelevant stuff
cd $out;
find . -type f -not -path ./binaries/org.drools.updatesite/\* -exec rm {} \;

1
pkgs/applications/misc/ipmicfg/default.nix
Unescape View File

@ -8,7 +8,6 @@ stdenv.mkDerivation rec {
src = fetchzip {
url = "https://www.supermicro.com/wftp/utility/IPMICFG/IPMICFG_${version}_build.${buildVersion}.zip";
sha256 = "0srkzivxa4qlf3x9zdkri7xfq7kjj4fsmn978vzmzsvbxkqswd5a";
extraPostFetch = "chmod u+rwX,go-rwx+X $out/";
};
installPhase = ''

1
pkgs/applications/office/atlassian-cli/default.nix
Unescape View File

@ -7,7 +7,6 @@ stdenv.mkDerivation rec {
src = fetchzip {
url = "https://bobswift.atlassian.net/wiki/download/attachments/16285777/${pname}-${version}-distribution.zip";
sha256 = "091dhjkx7fdn23cj7c4071swncsbmknpvidmmjzhc0355l3p4k2g";
extraPostFetch = "chmod go-w $out";
};
tools = [

9
pkgs/build-support/fetchzip/default.nix
Unescape View File

@ -44,8 +44,13 @@
mv "$unpackDir/$fn" "$out"
'' else ''
mv "$unpackDir" "$out"
'') #*/
+ extraPostFetch;
'')
+ extraPostFetch
# Remove write permissions for files unpacked with write bits set
# Fixes https://github.com/NixOS/nixpkgs/issues/38649
+ ''
chmod -R a-w "$out"
'';
} // removeAttrs args [ "stripRoot" "extraPostFetch" ])).overrideAttrs (x: {
# Hackety-hack: we actually need unzip hooks, too
nativeBuildInputs = x.nativeBuildInputs ++ [ unzip ];

2
pkgs/servers/web-apps/engelsystem/default.nix
Unescape View File

@ -11,8 +11,6 @@ in stdenv.mkDerivation rec {
url =
"https://github.com/engelsystem/engelsystem/releases/download/v3.1.0/engelsystem-v3.1.0.zip";
sha256 = "01wra7li7n5kn1l6xkrmw4vlvvyqh089zs43qzn98hj0mw8gw7ai";
# This is needed, because the zip contains a directory with world write access, which is not allowed in nix
extraPostFetch = "chmod -R a-w $out";
};
buildInputs = [ phpExt ];

Write Preview
Loading…
Cancel
Save