Don’t hardlink disallowed paths in OS X.

Fixes #1443
This commit is contained in:
Matthew Bauer 2017-07-06 13:42:12 -07:00
parent a10951de08
commit 72e80c59b5

View file

@ -9,6 +9,7 @@
#include <unistd.h> #include <unistd.h>
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
#include <regex>
namespace nix { namespace nix {
@ -96,6 +97,19 @@ void LocalStore::optimisePath_(OptimiseStats & stats, const Path & path, InodeHa
if (lstat(path.c_str(), &st)) if (lstat(path.c_str(), &st))
throw SysError(format("getting attributes of path %1%") % path); throw SysError(format("getting attributes of path %1%") % path);
#if __APPLE__
/* HFS/OS X has some undocumented security feature disabling hardlinking for
special files within .app dirs. *.app/Contents/PkgInfo and
*.app/Contents/Resources/\*.lproj seem to be the only paths affected. See
https://github.com/NixOS/nix/issues/1443 for more discussion. */
if (std::regex_search(path, std::regex("\\.app/Contents/PkgInfo$")) ||
std::regex_search(path, std::regex("\\.app/Contents/Resources/.+\\.lproj$"))) {
debug(format("%1% is not allowed to be linked in OS X") % path);
return;
}
#endif
if (S_ISDIR(st.st_mode)) { if (S_ISDIR(st.st_mode)) {
Strings names = readDirectoryIgnoringInodes(path, inodeHash); Strings names = readDirectoryIgnoringInodes(path, inodeHash);
for (auto & i : names) for (auto & i : names)