https://github.com/mazurel/nix-cleaned-path-issue
This repository demonstrates issue with restricted mode and cleaned paths in Nix/Nixpkgs with flakes
https://github.com/mazurel/nix-cleaned-path-issue
Last synced: about 2 months ago
JSON representation
This repository demonstrates issue with restricted mode and cleaned paths in Nix/Nixpkgs with flakes
- Host: GitHub
- URL: https://github.com/mazurel/nix-cleaned-path-issue
- Owner: Mazurel
- Created: 2021-08-27T12:42:28.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2021-08-28T11:25:58.000Z (almost 5 years ago)
- Last Synced: 2025-12-26T09:58:14.837Z (6 months ago)
- Language: Nix
- Size: 6.84 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Test of cleaned paths and restricted mode in Nix
This is a small experiment that demonstrates an issue with flake's restricted mode.
## Related issues
- https://github.com/NixOS/nix/issues/3732
- https://github.com/NixOS/nix/issues/3234
## Structure and usage
This project contains legacy and flake implementation of building simple hello project.
To run flake build, use `nix build .#` and to run legacy build, use `nix build -f ./default.nix --argstr type ""`.
There is also `test.sh` script which runs all builds automatically.
## Available `Type`s of builds
There are 4 types, of builds:
- `hello-passed-src` - Simply passes `./.` folder into `hello.nix` which uses it to build derivation. Works for flake and legacy.
- `hello-passed-cleaned-src` - Passes `./.` folder cleaned with `cleanSource` and uses it to build derivation. Works for legacy, fails for flake due to restricted mode.
- `hello-not-passed-src` - Loads `./.` folder by itself and uses it to build derivation. Works for flake and legacy.
- `hello-not-passed-cleaned-src` - Loads `./.` folder by itself, cleans it with `cleanSource` and uses it to build derivation. Works for legacy, fails for flake due to restricted mode.
## Dump of `test.sh` which shows above statements
```
Current type: hello-passed-src
Legacy:
Hello World !
Flake:
Hello World !
Current type: hello-passed-cleaned-src
Legacy:
Hello World !
Flake:
error: access to path '/nix/store/4p7vhys75r7bv8dl9lhfcvgxk01jh704-source/test.txt' is forbidden in restricted mode
(use '--show-trace' to show detailed location information)
Current type: hello-not-passed-src
Legacy:
Hello World !
Flake:
Hello World !
Current type: hello-not-passed-cleaned-src
Legacy:
Hello World !
Flake:
error: access to path '/nix/store/4p7vhys75r7bv8dl9lhfcvgxk01jh704-source/test.txt' is forbidden in restricted mode
(use '--show-trace' to show detailed location information)
```
## Fixing PR
It seems like [Tomberek's PR](https://github.com/NixOS/nix/pull/5163) fixes this issue.
```
$ nix shell "github:tomberek/nix/flakes_filterSource"
$ sh test.sh
```
Does not produce any errors.