diff --git a/src/lib/Hydra/Controller/Build.pm b/src/lib/Hydra/Controller/Build.pm index 8f90af43..4670e05b 100644 --- a/src/lib/Hydra/Controller/Build.pm +++ b/src/lib/Hydra/Controller/Build.pm @@ -173,6 +173,7 @@ sub checkPath { my $storeDir = $Nix::Config::storeDir . "/"; error($c, "Invalid path in build product.") if substr($path, 0, length($storeDir)) ne $storeDir || $path =~ /\/\.\./; + error($c, "Path ‘$path’ is a symbolic link.") if -l $path; } diff --git a/src/lib/Hydra/Helper/AddBuilds.pm b/src/lib/Hydra/Helper/AddBuilds.pm index 6c108574..69cdbb46 100644 --- a/src/lib/Hydra/Helper/AddBuilds.pm +++ b/src/lib/Hydra/Helper/AddBuilds.pm @@ -788,16 +788,15 @@ sub addBuildProducts { # Ensure that the path exists and points into the Nix store. next unless File::Spec->file_name_is_absolute($path); next if $path =~ /\/\.\./; # don't go up - next unless -e $path; next unless substr($path, 0, length($storeDir)) eq $storeDir; + next unless -e $path; + next if -l $path; # FIXME: check that the path is in the input closure # of the build? my $fileSize, my $sha1, my $sha256; - # !!! validate $path, $defaultPath - if (-f $path) { my $st = stat($path) or die "cannot stat $path: $!"; $fileSize = $st->size;