nixpkgs_local_repository strips executable bit of nix files

[guibou]

Describe the bug

nixpkgs_local_repository copies the content of all the files listed in its nix_file_deps attribute in order to ensure that the build is reproducible.

However, it uses the function repository_ctx.template(dest, src, executable = False) or (repository_ctx.file in PR #159) which forces the executable bit of the copied file to False.

A nix process depending on a file with the executable bit set to True will fail.

Setting unconditionally the bit to True or False leads to different behaviors :

• If it is set to False (the current behavior), it will change the bit of the (usually few) executable files, making them not executable, which will break the build. I'm having this issue right now.
• If it is set to True, the build may fail if a process explicitly checks for the absence of the executable bit, but it is less obvious if this will happen in a real context.

In both cases, changing unconditionally the bit will lead to different nix hash whether if nix is called through rules_nixpkgs or directly. This leads to a duplication of builds.

I don't know how to fix that with the current repository_ctx API which does not provide a way to get file information. Perhaps a combination of execute and read.

Another option may be to rollback to the former implementation of nix_file_deps which was comparing the output of nix-build -v with the content of nix_file_deps.