Skip to content

libstore: always canonicalize directory permissions #13526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

libstore: always canonicalize directory permissions #13526

wants to merge 1 commit into from

Conversation

philiptaron
Copy link
Contributor

@philiptaron philiptaron commented Jul 23, 2025
edited
Loading

Motivation

Prior to this patch, mode 0444 is not updated to 0555 for directories. That means for instance 0554 is canonicalized, but not 0444.

I don't believe this has any implications for backwards compatibility, because directories do not have permissions in NAR format and so are always 0555 after de-serialization, and store paths with wrong permissions can’t be copied to another host.

This patch was proposed by @roberth in #12786.

I'd love to add a unit test for this, but I saw no existing examples for code in this file.

Context

Fixes #12786.

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@philiptaron @roberth
libstore: always canonicalize directory permissions
32f9a5f 
Prior to this patch, mode 0444 is not updated to 0555 for directories.
That means for instance 0554 is canonicalized, but not 0444.

We don't believe this has any implications for backwards compatibility,
because directories do not have permissions in NAR format and so are
always 0555 after deserialization, and store paths with wrong
permissions can’t be copied to another host.

Co-authored-by: Robert Hensing <[email protected]>
@philiptaron philiptaron requested a review from tomberek July 23, 2025 18:33
@philiptaron philiptaron marked this pull request as ready for review July 23, 2025 20:03
@philiptaron philiptaron requested a review from Ericson2314 as a code owner July 23, 2025 20:03
@philiptaron philiptaron mentioned this pull request Jul 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomberek tomberek Awaiting requested review from tomberek

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Directory permissions not always canonicalized
1 participant
@philiptaron