Open trofi opened 6 months ago
Currently working it around with $ git config --global --add safe.directory /etc/nixos
as current user.
Yes, that's very likely a consequence of https://nvd.nist.gov/vuln/detail/CVE-2022-24765 from the Git side.
We could probably specify the path to the git repo explicitly to disable that check when we know it's safe (and once https://github.com/NixOS/nix/pull/6464 is merged 😒 )
I suspect I hit the same issue after updating. Same nix version (2.20.5) but I am using a flake repo in my home directory to manage my NixOS machine.
sudo nixos-rebuild
failed because of the ownership issue, and being on nixos using a nixos-rebuild switch
command failed for the user. I needed to change the ownership of my flake repo to root to let me update.
sudo
works above because your /etc/nixos
is owned by root.
❯ sudo nixos-rebuild switch --flake .#carbon
error:
… while fetching the input 'git+file:///home/patrick/.dotfiles'
error: opening Git repository '/home/patrick/.dotfiles': repository path '/home/patrick/.dotfiles/' is not owned by current user
❯ nixos-rebuild switch --flake .#carbon
building the system configuration...
error: creating symlink from '/nix/var/nix/profiles/.0_system' to 'system-745-link': Permission denied
❯ sudo chown root /home/patrick/.dotfiles/ -R
❯ sudo nixos-rebuild switch --flake .#carbon
building the system configuration
<----snipped---->
I can think of two workarounds for nixos-rebuild
:
nixos-rebuild switch --use-remote-sudo
instead of sudo nixos-rebuild switch
./etc/nixos
to another path and set owner to you.Still waiting for a proper solution.
Triaged in Nix team meeting:
fetchGit
on a local directory would likely be holding it wrong. If you want to filter for files, use the fileset library, it's just as convenient and scales better.
libgit2
. @trofi would you like to help out resolving the issue?This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/2023-03-27-nix-team-meeting-134/42961/1
Describe the bug
After
NixOS
upgraded tonix-2.20.5
some evals ran as user started failing as:These used to work. Runing a
sudo
works as expected (but I think it's a needless constraint):Permissions and IDs:
nix-env --version
output: nix-env (Nix) 2.20.5Priorities
Add :+1: to issues you find important.