Fix sandbox escape patch

src/libstore/build/local-derivation-goal.cc

@@ -2546,8 +2546,8 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
                 // Replace the output by a fresh copy of itself to make sure
                 // that there's no stale file descriptor pointing to it
                 Path tmpOutput = actualPath + ".tmp";
-                renameFile(actualPath, tmpOutput);
-                copyFile(tmpOutput, actualPath, true);
+                copyFile(actualPath, tmpOutput, true);
+                renameFile(tmpOutput, actualPath);
 
                 auto newInfo0 = newInfoFromCA(DerivationOutput::CAFloating {
                     .method = dof.ca.method,