From 39e67ed697951db0c75b0ba76269ca54108d9506 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 4 Feb 2021 16:15:21 -0500 Subject: [PATCH] build/gnu: Only make source checkout files writable. This is a followup commit to 6129ebddbd. It was suggested by Ludovic in #guix that it's probably safer to leave files extracted from a tarball alone. While at it, guard against possible exceptions that can happen in the presence of dangling symbolic links, for example. * guix/build/gnu-build-system.scm (unpack): Wrap the make-file-writable call in a false-if-exception handler. Move the for-each loop under the file-is-directory? cond branch. --- guix/build/gnu-build-system.scm | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm index fca77f474c..af64b3b61f 100644 --- a/guix/build/gnu-build-system.scm +++ b/guix/build/gnu-build-system.scm @@ -156,7 +156,11 @@ (define* (unpack #:key source #:allow-other-keys) ;; Preserve timestamps (set to the Epoch) on the copied tree so that ;; things work deterministically. (copy-recursively source "." - #:keep-mtime? #t)) + #:keep-mtime? #t) + ;; Make the source checkout files writable, for convenience. + (for-each (lambda (f) + (false-if-exception (make-file-writable f))) + (find-files "."))) (begin (cond ((string-suffix? ".zip" source) @@ -170,8 +174,7 @@ (define* (unpack #:key source #:allow-other-keys) (when command (invoke command "--decompress" name))))) ;; Attempt to change into child directory. - (and=> (first-subdirectory ".") chdir))) - (for-each make-file-writable (find-files "."))) + (and=> (first-subdirectory ".") chdir)))) (define* (bootstrap #:key bootstrap-scripts #:allow-other-keys)