From 467af53b04e457db745c84dd615dfb4143baf71a Mon Sep 17 00:00:00 2001
From: Yuxuan Shui <yshuiv7@gmail.com>
Date: Wed, 30 Nov 2022 19:53:23 +0000
Subject: [PATCH] Warn when building without nix daemon

We need root permission to drop supplementary groups, and if we don't do
that, some builds can fail in user namespace, most notably go.

Related: #3245
---
 src/libstore/build/local-derivation-goal.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index f8530195028b..fe02c7d719d6 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -928,8 +928,13 @@ void LocalDerivationGoal::startBuilder()
             options.cloneFlags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_PARENT | SIGCHLD;
             if (privateNetwork)
                 options.cloneFlags |= CLONE_NEWNET;
-            if (usingUserNamespace)
+            if (usingUserNamespace) {
+                if (getgroups(0, NULL) != 0) {
+                    warn("user namespace enabled, but we weren't able to drop supplementary groups; "
+                        "this can break some builds. consider using the nix daemon.");
+                }
                 options.cloneFlags |= CLONE_NEWUSER;
+            }
 
             pid_t child = startProcess([&]() { runChild(); }, options);