make-disk-image.nix: Remove write permissions from /nix/store

Fakeroot seems to always give the owner write bit to any files touched inside it (presumably to easily simulate the fact that root can still modify such files). So do an explicit chmod to remove them. This should finally solve #32242 after the EC2 images are regenerated with this change. https://hydra.nixos.org/build/66143116
7 years ago · c9f71974f8
parent e0029419dd
commit c9f71974f8
1 changed files with 3 additions and 0 deletions
--- a/nixos/lib/make-disk-image.nix
+++ b/nixos/lib/make-disk-image.nix
@ -129,6 +129,9 @@ let format' = format; in let
    # TODO: Nix really likes to chown things it creates to its current user...
    fakeroot nixos-prepare-root $root ${channelSources} ${config.system.build.toplevel} closure

+    # fakeroot seems to always give the owner write permissions, which we do not want
+    find $root/nix/store -mindepth 1 -maxdepth 1 -type f -o -type d -exec chmod -R a-w '{}' \;
+
    echo "copying staging root to image..."
    cptofs ${optionalString partitioned "-P 1"} -t ${fsType} -i $diskImage $root/* /
  '';