From 4e84b532ed5317ec836c54689c73a1fddab0c892 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Thu, 5 Jan 2023 04:58:55 -0800
Subject: [PATCH] On macOS with auto-uid-allocation and sandboxing, use the
 correct gid

macOS doesn't have user namespacing, so the gid of the builder needs
to be nixbld. The logic got "has sandboxing enabled" confused with
"has user namespaces".

Fixes #7529.
---
 src/libstore/lock.cc | 12 ++++++++----
 src/libstore/lock.hh |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/libstore/lock.cc b/src/libstore/lock.cc
index d02d20b4c..4fe1fcf56 100644
--- a/src/libstore/lock.cc
+++ b/src/libstore/lock.cc
@@ -123,8 +123,12 @@ struct AutoUserLock : UserLock
 
     std::vector<gid_t> getSupplementaryGIDs() override { return {}; }
 
-    static std::unique_ptr<UserLock> acquire(uid_t nrIds, bool useChroot)
+    static std::unique_ptr<UserLock> acquire(uid_t nrIds, bool useUserNamespace)
     {
+        #if !defined(__linux__)
+        useUserNamespace = false;
+        #endif
+
         settings.requireExperimentalFeature(Xp::AutoAllocateUids);
         assert(settings.startId > 0);
         assert(settings.uidCount % maxIdsPerBuild == 0);
@@ -157,7 +161,7 @@ struct AutoUserLock : UserLock
                 auto lock = std::make_unique<AutoUserLock>();
                 lock->fdUserLock = std::move(fd);
                 lock->firstUid = firstUid;
-                if (useChroot)
+                if (useUserNamespace)
                     lock->firstGid = firstUid;
                 else {
                     struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
@@ -174,10 +178,10 @@ struct AutoUserLock : UserLock
     }
 };
 
-std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot)
+std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace)
 {
     if (settings.autoAllocateUids)
-        return AutoUserLock::acquire(nrIds, useChroot);
+        return AutoUserLock::acquire(nrIds, useUserNamespace);
     else
         return SimpleUserLock::acquire();
 }
diff --git a/src/libstore/lock.hh b/src/libstore/lock.hh
index 49ad86de7..7f1934510 100644
--- a/src/libstore/lock.hh
+++ b/src/libstore/lock.hh
@@ -31,7 +31,7 @@ struct UserLock
 
 /* Acquire a user lock for a UID range of size `nrIds`. Note that this
    may return nullptr if no user is available. */
-std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot);
+std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace);
 
 bool useBuildUsers();