Fix macOS build

This commit is contained in:
Eelco Dolstra 2020-05-20 11:24:21 +02:00
parent ba50c3efa3
commit 8c4cce553c
3 changed files with 16 additions and 10 deletions

View file

@ -1420,11 +1420,7 @@ void DerivationGoal::tryToBuild()
void DerivationGoal::tryLocalBuild() { void DerivationGoal::tryLocalBuild() {
/* If `build-users-group' is not empty, then we have to build as if (useBuildUsers()) {
one of the members of that group. */
static bool useBuildUsers = (settings.buildUsersGroup != "" || settings.startId.get() != 0) && getuid() == 0;
if (useBuildUsers) {
#if defined(__linux__) || defined(__APPLE__)
if (!buildUser) if (!buildUser)
buildUser = acquireUserLock(); buildUser = acquireUserLock();
@ -1439,11 +1435,6 @@ void DerivationGoal::tryLocalBuild() {
/* Make sure that no other processes are executing under this /* Make sure that no other processes are executing under this
uid. */ uid. */
buildUser->kill(); buildUser->kill();
#else
/* Don't know how to block the creation of setuid/setgid
binaries on this platform. */
throw Error("build users are not supported on this platform for security reasons");
#endif
} }
actLock.reset(); actLock.reset();

View file

@ -209,4 +209,17 @@ std::unique_ptr<UserLock> acquireUserLock()
return SimpleUserLock::acquire(); return SimpleUserLock::acquire();
} }
bool useBuildUsers()
{
#if __linux__
static bool b = (settings.buildUsersGroup != "" || settings.startId.get() != 0) && getuid() == 0;
return b;
#elif __APPLE__
static bool b = settings.buildUsersGroup != "" && getuid() == 0;
return b;
#else
return false;
#endif
}
} }

View file

@ -36,4 +36,6 @@ struct UserLock
is available. */ is available. */
std::unique_ptr<UserLock> acquireUserLock(); std::unique_ptr<UserLock> acquireUserLock();
bool useBuildUsers();
} }