aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
diff options
context:
space:
mode:
authorMatthew Bauer <mjbauer95@gmail.com>2017-07-06 13:42:12 -0700
committerMatthew Bauer <mjbauer95@gmail.com>2017-07-06 19:30:19 -0700
commit72e80c59b5176eb08986247ec0f1978d32993364 (patch)
tree3dd9c178b862ed43184e68b6a3ebcb62f30d9b34 /src/libstore
parenta10951de08117dd2f9e7117fdd6fa61a7b4e2b72 (diff)
Don’t hardlink disallowed paths in OS X.
Fixes #1443
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/optimise-store.cc14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/libstore/optimise-store.cc b/src/libstore/optimise-store.cc
index 56167c4df..9e651ebea 100644
--- a/src/libstore/optimise-store.cc
+++ b/src/libstore/optimise-store.cc
@@ -9,6 +9,7 @@
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
+#include <regex>
namespace nix {
@@ -96,6 +97,19 @@ void LocalStore::optimisePath_(OptimiseStats & stats, const Path & path, InodeHa
if (lstat(path.c_str(), &st))
throw SysError(format("getting attributes of path ‘%1%’") % path);
+#if __APPLE__
+ /* HFS/OS X has some undocumented security feature disabling hardlinking for
+ special files within .app dirs. *.app/Contents/PkgInfo and
+ *.app/Contents/Resources/\*.lproj seem to be the only paths affected. See
+ https://github.com/NixOS/nix/issues/1443 for more discussion. */
+
+ if (std::regex_search(path, std::regex("\\.app/Contents/PkgInfo$")) ||
+ std::regex_search(path, std::regex("\\.app/Contents/Resources/.+\\.lproj$"))) {
+ debug(format("‘%1%’ is not allowed to be linked in OS X") % path);
+ return;
+ }
+#endif
+
if (S_ISDIR(st.st_mode)) {
Strings names = readDirectoryIgnoringInodes(path, inodeHash);
for (auto & i : names)