nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 16:33:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Backport staging-24.05] stdenv: make sure the env-vars file created is not world readable (#332347)

Browse Source
This commit is contained in:
Sebastián Mancilla 2024-08-28 20:35:41 -04:00 committed by GitHub
commit 2487134aaf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkgs/stdenv/generic/setup.sh
View File

@ -981,7 +981,13 @@ substituteAllInPlace() {
# the environment used for building.
dumpVars() {
if [ "${noDumpEnvVars:-0}" != 1 ]; then
export 2>/dev/null >| "$NIX_BUILD_TOP/env-vars" || true
# On darwin, install(1) cannot be called with /dev/stdin or fd from process substitution
# so first we create the file and then write to it
# See https://github.com/NixOS/nixpkgs/issues/335016
{
install -m 0600 /dev/null "$NIX_BUILD_TOP/env-vars" &&
export 2>/dev/null >| "$NIX_BUILD_TOP/env-vars"
} || true
fi
}