pyrox.dev / nixpkgs
lol
fork atom

no-broken-symlinks: fail on links to /build (#411775)

Connor Baker c02c4a43 414e246a

options
unified split
Changed files
+9 -1
doc
stdenv
stdenv.chapter.md
nixos
doc
manual
release-notes
rl-2511.section.md
pkgs
build-support
setup-hooks
no-broken-symlinks.sh
+1 -1
doc/stdenv/stdenv.chapter.md 
···

       
1415

       
1415

       
 

       
This hook can be disabled by setting `dontCheckForBrokenSymlinks`.


     

       
1416

       
1416

       
 

       



     

       
1417

       
1417

       
 

       
::: {.note}


     

       
1418

       

       
-

       
The hook only considers symlinks with targets inside the Nix store.


     

       

       
1418

       
+

       
The hook only considers symlinks with targets inside the Nix store or $TMPDIR directory (typically /nix/store and /build in the builder environment, the later being where build is executed).


     

       
1419

       
1419

       
 

       
:::


     

       
1420

       
1420

       
 

       



     

       
1421

       
1421

       
 

       
::: {.note}
+2
nixos/doc/manual/release-notes/rl-2511.section.md 
···

       
38

       
38

       
 

       



     

       
39

       
39

       
 

       
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->


     

       
40

       
40

       
 

       



     

       

       
41

       
+

       
- The `no-broken-symlink` build hook now also fails builds whose output derivation contains links to $TMPDIR (typically /build, which contains the build directory).


     

       

       
42

       
+

       



     

       
41

       
43

       
 

       
- The `services.polipo` module has been removed as `polipo` is unmaintained and archived upstream.


     

       
42

       
44

       
 

       



     

       
43

       
45

       
 

       
- The Pocket ID module ([`services.pocket-id`][#opt-services.pocket-id.enable]) and package (`pocket-id`) has been updated to 1.0.0. Some environment variables have been changed or removed, see the [migration guide](https://pocket-id.org/docs/setup/migrate-to-v1/).
+6
pkgs/build-support/setup-hooks/no-broken-symlinks.sh 
···

       
51

       
51

       
 

       
      symlinkTarget="$(realpath --no-symlinks --canonicalize-missing "$pathParent/$symlinkTarget")"


     

       
52

       
52

       
 

       
    fi


     

       
53

       
53

       
 

       



     

       

       
54

       
+

       
    # use $TMPDIR like audit-tmpdir.sh


     

       

       
55

       
+

       
    if [[ $symlinkTarget = "$TMPDIR"/* ]]; then


     

       

       
56

       
+

       
      nixErrorLog "the symlink $path points to $TMPDIR directory: $symlinkTarget"


     

       

       
57

       
+

       
      numDanglingSymlinks+=1


     

       

       
58

       
+

       
      continue


     

       

       
59

       
+

       
    fi


     

       
54

       
60

       
 

       
    if [[ $symlinkTarget != "$NIX_STORE"/* ]]; then


     

       
55

       
61

       
 

       
      nixInfoLog "symlink $path points outside the Nix store; ignoring"


     

       
56

       
62

       
 

       
      continue