mirror of
https://github.com/NixOS/nix.git
synced 2024-11-28 17:52:25 +00:00
libstore: clean up the build directory properly
After the fix for CVE-2024-38531, this was only removing the nested build directory, rather than the top‐level temporary directory. Fixes:1d3696f0fb
(cherry picked from commit76e4adfaac
) (cherry picked from commit0d68b40dda
)
This commit is contained in:
parent
1e896c1738
commit
98a7d3b0a4
@ -498,12 +498,12 @@ void LocalDerivationGoal::startBuilder()
|
|||||||
|
|
||||||
/* Create a temporary directory where the build will take
|
/* Create a temporary directory where the build will take
|
||||||
place. */
|
place. */
|
||||||
tmpDir = createTempDir("", "nix-build-" + std::string(drvPath.name()), false, false, 0700);
|
topTmpDir = createTempDir("", "nix-build-" + std::string(drvPath.name()), false, false, 0700);
|
||||||
if (useChroot) {
|
if (useChroot) {
|
||||||
/* If sandboxing is enabled, put the actual TMPDIR underneath
|
/* If sandboxing is enabled, put the actual TMPDIR underneath
|
||||||
an inaccessible root-owned directory, to prevent outside
|
an inaccessible root-owned directory, to prevent outside
|
||||||
access. */
|
access. */
|
||||||
tmpDir = tmpDir + "/build";
|
tmpDir = topTmpDir + "/build";
|
||||||
createDir(tmpDir, 0700);
|
createDir(tmpDir, 0700);
|
||||||
}
|
}
|
||||||
chownToBuilder(tmpDir);
|
chownToBuilder(tmpDir);
|
||||||
@ -2930,7 +2930,7 @@ void LocalDerivationGoal::checkOutputs(const std::map<std::string, ValidPathInfo
|
|||||||
|
|
||||||
void LocalDerivationGoal::deleteTmpDir(bool force)
|
void LocalDerivationGoal::deleteTmpDir(bool force)
|
||||||
{
|
{
|
||||||
if (tmpDir != "") {
|
if (topTmpDir != "") {
|
||||||
/* Don't keep temporary directories for builtins because they
|
/* Don't keep temporary directories for builtins because they
|
||||||
might have privileged stuff (like a copy of netrc). */
|
might have privileged stuff (like a copy of netrc). */
|
||||||
if (settings.keepFailed && !force && !drv->isBuiltin()) {
|
if (settings.keepFailed && !force && !drv->isBuiltin()) {
|
||||||
@ -2938,7 +2938,8 @@ void LocalDerivationGoal::deleteTmpDir(bool force)
|
|||||||
chmod(tmpDir.c_str(), 0755);
|
chmod(tmpDir.c_str(), 0755);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
deletePath(tmpDir);
|
deletePath(topTmpDir);
|
||||||
|
topTmpDir = "";
|
||||||
tmpDir = "";
|
tmpDir = "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -27,10 +27,16 @@ struct LocalDerivationGoal : public DerivationGoal
|
|||||||
std::optional<Path> cgroup;
|
std::optional<Path> cgroup;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The temporary directory.
|
* The temporary directory used for the build.
|
||||||
*/
|
*/
|
||||||
Path tmpDir;
|
Path tmpDir;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The top-level temporary directory. `tmpDir` is either equal to
|
||||||
|
* or a child of this directory.
|
||||||
|
*/
|
||||||
|
Path topTmpDir;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The path of the temporary directory in the sandbox.
|
* The path of the temporary directory in the sandbox.
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user