Ludovic Courtès ff1251de0b daemon: Address shortcoming in previous security fix for CVE-2024-27297. ... This is a followup to 8f4ffb3fae. Commit 8f4ffb3fae fell short in two ways: (1) it didn’t have any effet for fixed-output derivations performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156		2024-03-12 14:07:28 +01:00
..
.gitignore
build.cc	daemon: Address shortcoming in previous security fix for CVE-2024-27297.	2024-03-12 14:07:28 +01:00
builtins.cc	daemon: Add “git-download” built-in builder.	2023-09-26 17:36:58 +02:00
builtins.hh
derivations.cc
derivations.hh
gc.cc
globals.cc	daemon: Change default ‘timeout’ and ‘max-silent-time’ values.	2024-01-05 17:27:21 +01:00
globals.hh
local-store.cc
local-store.hh
misc.cc
misc.hh
optimise-store.cc
pathlocks.cc
pathlocks.hh
references.cc
references.hh
sqlite.cc
sqlite.hh	daemon: Fix build with GCC 13.	2023-09-09 18:47:35 +02:00
store-api.cc
store-api.hh
worker-protocol.hh	daemon: Implement ‘substitute-urls’ RPC.	2023-12-11 23:18:53 +01:00