Projects containing read-only files cannot be built

acaloiaro commented 4 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Describe the bug

When projects being built by nixpacks contain read-only files, nipacks build ... results in a permission error due to Rust's fs::copy retaining file permissions, and nixpacks rewriting all CRLF line endings with LF: https://github.com/railwayapp/nixpacks/blob/2ec70b75709af40db28762a77a3c98aaaebb09ad/src/nixpacks/files.rs#L35

To reproduce

In any project to be built by nixpacks, on a Linux system

touch test
chmod 444 test
nixpacks build .

╔══════ Nixpacks v1.20.0 ══════╗
║ setup      │ go_1_19         ║
║──────────────────────────────║
║ install    │ go mod download ║
║──────────────────────────────║
║ build      │ go build -o out ║
║──────────────────────────────║
║ start      │ ./out           ║
╚══════════════════════════════╝

Error: Writing app

Caused by:
    Permission denied (os error 13)

Here from the strace output, we can see that the permission error occurs opening test as writable

openat(AT_FDCWD, "/run/user/1000/nixpacks.k4jRGy09qM0S/test", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)

And stat shows us that that file retained its original read-only permissions, preventing the writable file handle

stat -c "%a %n" /run/user/1000/nixpacks.k4jRGy09qM0S/test
444 /run/user/1000/nixpacks.k4jRGy09qM0S/test

Expected behavior

Nixpacks builds successfully as long as it can read files from project directories
That nixpacks does not replace all CRLF with LF in project files.

Environment

OS: NixOS Unstable Kernel: Linux version 6.6.17 (nixbld@localhost) (gcc (GCC) 13.2.0, GNU ld (GNU Binutils) 2.40) #1-NixOS SMP PREEMPT_DYNAMIC Fri Feb 16 18:10:57 UTC 2024 Nixpacks version: 1.20.0 / any

acaloiaro commented 4 months ago

This may be related to some instances of #700

vinerz commented 2 weeks ago

Having the exact same issue with node provider. The node_modules folder must be removed in order to nixpacks build to succeed. sudo nixpacks works, but I don’t feel comfortable doing that. Even when the build is running as root, the absolute slowness when trying to copy the entire modules directory to the build context almost halts the entire process. Any way we can ignore files like honouring the .gitignore or even a .nixpacksignore?

acaloiaro commented 2 weeks ago

I should add if you're having this permission problem and you're okay with setting all permissions within a particular directory to read/write, the following will fix permissions, e.g. ./node_modules: find ./node_modules -perm 444 -exec chmod 0600 {} \

vinerz commented 2 weeks ago

@acaloiaro is there a way for this directory to not be copied at all?

railwayapp / nixpacks