-
-
Notifications
You must be signed in to change notification settings - Fork 14.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fetchgitLocal uses an incorrect way to get the git directory #10873
Comments
ping @Ericson2314 |
Ah! So I forgot that the git repo I tested it with is on an NTFS partition, and the FUSE NTFS driver doesn't support/enforce permissions. That means we either need to copy the whole git repo (or at least Good catch and good solution re submodules. I wish that command returned an absolute path, but that is not necessary by any means. Perhaps we should also take an optional arguments for specifying the git directory and working directory, as git allows those to be independently located. [Finally I'd like to get some code reuse going between the second derivation and fetchgit, as once the Sorry again for this inconvenience. |
@pchiusano ^ bad news. I think I'm going to need revert to the old behavior. Still note needs just updating the index, not a full commit. |
@Ericson2314 I would prefer to go with only what's in the index, actually. |
Ok, I'll make a PR. |
I got to go, if you could test this that would be great |
Unfortunately, it didn't work:
|
Ah, I forgot about the git inside the |
OK see master...Ericson2314:fetchgitLocal and the division of labor of each commits. Though I don't think this will actually fix your problem as the Furthermore, even the original fetchgitlocal (before any of my changes) breaks if the build user doesn't have read access. This makes me think we really should be running the first derivation under the current user. Not sure how to do this, maybe https://github.com/shlevy/nix-exec ? It's do that, or copy the entire repo into the store and then prune the junk. |
Another temporary fix is to give the nixbld group (the build users) group permission on your repo:
This is obviously an unsatisfactory long term solution. On a multi user system with mutually untrusted users with the power to use nix, this is unsafe as other users could write malicious derivations to mess with your repo. |
hit on current master
|
I think a better and more functional way of doing it is to put a Also, the current method of using Diffing against |
fetchgitLocal would be useful in so many cases but it's not usable now because of the permission problem |
Wouldn't it be possible to copy the .git folder in/tmp and export $GIT_DIR before the rest of the operations ? |
based on #31363 (comment) can we remove fetchGitLocal in preference of builtins.fetchGit? |
@srghma |
|
Thank you for your contributions. This has been automatically marked as stale because it has had no activity for 180 days. If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity. Here are suggestions that might help resolve this more quickly:
|
7266040#diff-c7bec12494f11831828500ff286831d8R13
The
ROOT=...
logic should work for most of the repos, but not for submodules, which have.git
as a file with agitdir
parameter pointing somewhere else.I propose to change the above logic to something like:
The other problem is that it's still not enough to make
nix-build -A my-subpackage
work again, for example:Until this is fixed I have to put an old version of
fetchgitLocal
into my projects with submodules as Nix packages.The text was updated successfully, but these errors were encountered: