diff options
author | Benjamin Hipple <bhipple@protonmail.com> | 2020-11-28 19:18:14 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-28 19:18:14 -0500 |
commit | 9426084feca373bbc8b2316af4e4863cd42e86a5 (patch) | |
tree | cd9a54e901bebdcb961ef0492b3e02914462265c /pkgs/build-support | |
parent | b83e5dbc3cd164481cb556e6a5d1c0451d8bd950 (diff) | |
parent | 4a5c49363a58e711c2016b9ebb6f642e3c9c1be5 (diff) |
Merge pull request #102114 from MetaDark/fetchzip
fetchzip: remove write permissions for unpacked files
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/fetchzip/default.nix | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/pkgs/build-support/fetchzip/default.nix b/pkgs/build-support/fetchzip/default.nix index c61df8ceb001..44748f231bc2 100644 --- a/pkgs/build-support/fetchzip/default.nix +++ b/pkgs/build-support/fetchzip/default.nix @@ -44,8 +44,13 @@ mv "$unpackDir/$fn" "$out" '' else '' mv "$unpackDir" "$out" - '') #*/ - + extraPostFetch; + '') + + extraPostFetch + # Remove write permissions for files unpacked with write bits set + # Fixes https://github.com/NixOS/nixpkgs/issues/38649 + + '' + chmod -R a-w "$out" + ''; } // removeAttrs args [ "stripRoot" "extraPostFetch" ])).overrideAttrs (x: { # Hackety-hack: we actually need unzip hooks, too nativeBuildInputs = x.nativeBuildInputs ++ [ unzip ]; |