Skip to content

New git config safe.directory's default breaks support for source-repository-package #2214

Closed
@ju1m

Description

@ju1m

Describe the bug

Git >= 2.35.2 (in nixos-24.05) introduced the safe.directory config, whose default does not include /nix/store which breaks the current way haskell.nix builds a plan from a cabal.project containing any source-repository-package.

Steps To Reproduce

cabal.project:

packages: ./
with-compiler: ghc-9.4.7

source-repository-package
    type: git
    location: https://github.com/fpco/safe-decimal
    tag: 50c037b8e76fa153cdfe642c280b444fcf72ac21

flake.nix:

{
  inputs = {
    haskell-nix.url = "github:input-output-hk/haskell.nix/8a3730d8ea6f051b5ff1cb74c68ebbab2f51fbd7";
    nixpkgs.url = "github:NixOS/nixpkgs/67a8b308bae9c26be660ccceff3e53a65e01afe1";
    haskell-nix.inputs.nixpkgs.follows = "nixpkgs";
    flake-utils.url = "github:numtide/flake-utils";
    safe-decimal = { url = "github:fpco/safe-decimal/50c037b8e76fa153cdfe642c280b444fcf72ac21"; flake = false; };
  };

  outputs = inputs:
    inputs.flake-utils.lib.eachSystem
      (with inputs.flake-utils.lib.system; [ x86_64-linux ])
      (system:
        let
          pkgs = import inputs.nixpkgs {
            inherit system;
            config = inputs.haskell-nix.config;
            overlays = [ inputs.haskell-nix.overlay ];
          };
          project = pkgs.haskell-nix.cabalProject' {
            name = "hello";
            src = ./.;
            inputMap = {
              "https://github.com/fpco/safe-decimal" = inputs.safe-decimal;
            };
            compiler-nix-name = "ghc947";
            compilerSelection = pkgs: pkgs.haskell.compiler;
            modules = [ { reinstallableLibGhc = false; } ];
          };
        in project.flake'
      );

  nixConfig = {
    allow-import-from-derivation = "true";
  };
}
$ nix -L develop
warning: Git tree '/home/julm/src/haskell/test' is dirty
hello-plan-to-nix-pkgs> Cloning into '/build/tmp.TxdNINpb2z/dist-newstyle/src/ha5dggbjg_-7741b382fc456db6'...
hello-plan-to-nix-pkgs> fatal: detected dubious ownership in repository at '/nix/store/ha5dggbjg5xpv7czx6z5mbbyfib2fzzr-source-repository-package/.git'
hello-plan-to-nix-pkgs> To add an exception for this directory, call:
hello-plan-to-nix-pkgs>         git config --global --add safe.directory /nix/store/ha5dggbjg5xpv7czx6z5mbbyfib2fzzr-source-repository-package/.git
hello-plan-to-nix-pkgs> fatal: Could not read from remote repository.
hello-plan-to-nix-pkgs> Please make sure you have the correct access rights
hello-plan-to-nix-pkgs> and the repository exists.
error:
       … while evaluating the attribute 'packages'

         at /nix/store/3zp53n4295fv7l09518szwhma2wsxan1-source/lib/default.nix:396:7:

          395|       inherit name;
          396|       value =
             |       ^
          397|         # This favours the first item (`a`) in the case of duplicates

       … in the left operand of the update (//) operator

         at /nix/store/3zp53n4295fv7l09518szwhma2wsxan1-source/lib/default.nix:403:29:

          402|         else
          403|           (b.${name} or {}) // (a.${name} or {});
             |                             ^
          404|     }) (__attrNames (a // b)));

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: builder for '/nix/store/15bh9y7wbwl5hz71xp34wxbqjgfssfyv-hello-plan-to-nix-pkgs.drv' failed with exit code 128;
       last 9 log lines:
       > Cloning into '/build/tmp.TxdNINpb2z/dist-newstyle/src/ha5dggbjg_-7741b382fc456db6'...
       > fatal: detected dubious ownership in repository at '/nix/store/ha5dggbjg5xpv7czx6z5mbbyfib2fzzr-source-repository-package/.git'
       > To add an exception for this directory, call:
       >
       >        git config --global --add safe.directory /nix/store/ha5dggbjg5xpv7czx6z5mbbyfib2fzzr-source-repository-package/.git
       > fatal: Could not read from remote repository.
       >
       > Please make sure you have the correct access rights
       > and the repository exists.
       For full logs, run 'nix log /nix/store/15bh9y7wbwl5hz71xp34wxbqjgfssfyv-hello-plan-to-nix-pkgs.drv'.

Bonus points if it is in a PR to add a test case.

Expected behavior

Plan builds as well as it did with git < 2.35.2 without globally adding the whole /nix/store as a safe.directory.

Additional context

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions