Closed
Description
Describe the bug
Git >= 2.35.2 (in nixos-24.05) introduced the safe.directory config, whose default does not include /nix/store which breaks the current way haskell.nix builds a plan from a cabal.project containing any source-repository-package.
Steps To Reproduce
cabal.project:
packages: ./
with-compiler: ghc-9.4.7
source-repository-package
type: git
location: https://github.com/fpco/safe-decimal
tag: 50c037b8e76fa153cdfe642c280b444fcf72ac21
flake.nix:
{
inputs = {
haskell-nix.url = "github:input-output-hk/haskell.nix/8a3730d8ea6f051b5ff1cb74c68ebbab2f51fbd7";
nixpkgs.url = "github:NixOS/nixpkgs/67a8b308bae9c26be660ccceff3e53a65e01afe1";
haskell-nix.inputs.nixpkgs.follows = "nixpkgs";
flake-utils.url = "github:numtide/flake-utils";
safe-decimal = { url = "github:fpco/safe-decimal/50c037b8e76fa153cdfe642c280b444fcf72ac21"; flake = false; };
};
outputs = inputs:
inputs.flake-utils.lib.eachSystem
(with inputs.flake-utils.lib.system; [ x86_64-linux ])
(system:
let
pkgs = import inputs.nixpkgs {
inherit system;
config = inputs.haskell-nix.config;
overlays = [ inputs.haskell-nix.overlay ];
};
project = pkgs.haskell-nix.cabalProject' {
name = "hello";
src = ./.;
inputMap = {
"https://github.com/fpco/safe-decimal" = inputs.safe-decimal;
};
compiler-nix-name = "ghc947";
compilerSelection = pkgs: pkgs.haskell.compiler;
modules = [ { reinstallableLibGhc = false; } ];
};
in project.flake'
);
nixConfig = {
allow-import-from-derivation = "true";
};
}$ nix -L develop
warning: Git tree '/home/julm/src/haskell/test' is dirty
hello-plan-to-nix-pkgs> Cloning into '/build/tmp.TxdNINpb2z/dist-newstyle/src/ha5dggbjg_-7741b382fc456db6'...
hello-plan-to-nix-pkgs> fatal: detected dubious ownership in repository at '/nix/store/ha5dggbjg5xpv7czx6z5mbbyfib2fzzr-source-repository-package/.git'
hello-plan-to-nix-pkgs> To add an exception for this directory, call:
hello-plan-to-nix-pkgs> git config --global --add safe.directory /nix/store/ha5dggbjg5xpv7czx6z5mbbyfib2fzzr-source-repository-package/.git
hello-plan-to-nix-pkgs> fatal: Could not read from remote repository.
hello-plan-to-nix-pkgs> Please make sure you have the correct access rights
hello-plan-to-nix-pkgs> and the repository exists.
error:
… while evaluating the attribute 'packages'
at /nix/store/3zp53n4295fv7l09518szwhma2wsxan1-source/lib/default.nix:396:7:
395| inherit name;
396| value =
| ^
397| # This favours the first item (`a`) in the case of duplicates
… in the left operand of the update (//) operator
at /nix/store/3zp53n4295fv7l09518szwhma2wsxan1-source/lib/default.nix:403:29:
402| else
403| (b.${name} or {}) // (a.${name} or {});
| ^
404| }) (__attrNames (a // b)));
(stack trace truncated; use '--show-trace' to show the full trace)
error: builder for '/nix/store/15bh9y7wbwl5hz71xp34wxbqjgfssfyv-hello-plan-to-nix-pkgs.drv' failed with exit code 128;
last 9 log lines:
> Cloning into '/build/tmp.TxdNINpb2z/dist-newstyle/src/ha5dggbjg_-7741b382fc456db6'...
> fatal: detected dubious ownership in repository at '/nix/store/ha5dggbjg5xpv7czx6z5mbbyfib2fzzr-source-repository-package/.git'
> To add an exception for this directory, call:
>
> git config --global --add safe.directory /nix/store/ha5dggbjg5xpv7czx6z5mbbyfib2fzzr-source-repository-package/.git
> fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights
> and the repository exists.
For full logs, run 'nix log /nix/store/15bh9y7wbwl5hz71xp34wxbqjgfssfyv-hello-plan-to-nix-pkgs.drv'.Bonus points if it is in a PR to add a test case.
Expected behavior
Plan builds as well as it did with git < 2.35.2 without globally adding the whole /nix/store as a safe.directory.
Additional context