about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkgs/applications/editors/eclipse/plugins.nix3
-rw-r--r--pkgs/applications/misc/ipmicfg/default.nix1
-rw-r--r--pkgs/applications/office/atlassian-cli/default.nix1
-rw-r--r--pkgs/build-support/fetchzip/default.nix9
-rw-r--r--pkgs/servers/web-apps/engelsystem/default.nix2
5 files changed, 7 insertions, 9 deletions
diff --git a/pkgs/applications/editors/eclipse/plugins.nix b/pkgs/applications/editors/eclipse/plugins.nix
index cdf36bc3c21e2..43ab2a796ebd7 100644
--- a/pkgs/applications/editors/eclipse/plugins.nix
+++ b/pkgs/applications/editors/eclipse/plugins.nix
@@ -355,9 +355,6 @@ rec {
       url = "https://download.jboss.org/drools/release/${version}/droolsjbpm-tools-distribution-${version}.zip";
       sha512 = "2qzc1iszqfrfnw8xip78n3kp6hlwrvrr708vlmdk7nv525xhs0ssjaxriqdhcr0s6jripmmazxivv3763rnk2bfkh31hmbnckpx4r3m";
       extraPostFetch = ''
-        # work around https://github.com/NixOS/nixpkgs/issues/38649
-        chmod go-w $out;
-
         # update site is a couple levels deep, alongside some other irrelevant stuff
         cd $out;
         find . -type f -not -path ./binaries/org.drools.updatesite/\* -exec rm {} \;
diff --git a/pkgs/applications/misc/ipmicfg/default.nix b/pkgs/applications/misc/ipmicfg/default.nix
index f561f15ab3ec3..f3d8d5cbc2059 100644
--- a/pkgs/applications/misc/ipmicfg/default.nix
+++ b/pkgs/applications/misc/ipmicfg/default.nix
@@ -8,7 +8,6 @@ stdenv.mkDerivation rec {
   src = fetchzip {
     url = "https://www.supermicro.com/wftp/utility/IPMICFG/IPMICFG_${version}_build.${buildVersion}.zip";
     sha256 = "0srkzivxa4qlf3x9zdkri7xfq7kjj4fsmn978vzmzsvbxkqswd5a";
-    extraPostFetch = "chmod u+rwX,go-rwx+X $out/";
   };
 
   installPhase = ''
diff --git a/pkgs/applications/office/atlassian-cli/default.nix b/pkgs/applications/office/atlassian-cli/default.nix
index 1140bb9bee20e..ec8e2b396c589 100644
--- a/pkgs/applications/office/atlassian-cli/default.nix
+++ b/pkgs/applications/office/atlassian-cli/default.nix
@@ -7,7 +7,6 @@ stdenv.mkDerivation rec {
   src = fetchzip {
     url  = "https://bobswift.atlassian.net/wiki/download/attachments/16285777/${pname}-${version}-distribution.zip";
     sha256  = "091dhjkx7fdn23cj7c4071swncsbmknpvidmmjzhc0355l3p4k2g";
-    extraPostFetch = "chmod go-w $out";
   };
 
   tools = [
diff --git a/pkgs/build-support/fetchzip/default.nix b/pkgs/build-support/fetchzip/default.nix
index c61df8ceb0015..44748f231bc25 100644
--- a/pkgs/build-support/fetchzip/default.nix
+++ b/pkgs/build-support/fetchzip/default.nix
@@ -44,8 +44,13 @@
       mv "$unpackDir/$fn" "$out"
     '' else ''
       mv "$unpackDir" "$out"
-    '') #*/
-    + extraPostFetch;
+    '')
+    + extraPostFetch
+    # Remove write permissions for files unpacked with write bits set
+    # Fixes https://github.com/NixOS/nixpkgs/issues/38649
+    + ''
+      chmod -R a-w "$out"
+    '';
 } // removeAttrs args [ "stripRoot" "extraPostFetch" ])).overrideAttrs (x: {
   # Hackety-hack: we actually need unzip hooks, too
   nativeBuildInputs = x.nativeBuildInputs ++ [ unzip ];
diff --git a/pkgs/servers/web-apps/engelsystem/default.nix b/pkgs/servers/web-apps/engelsystem/default.nix
index ad3a699580058..92d50ff67c8ea 100644
--- a/pkgs/servers/web-apps/engelsystem/default.nix
+++ b/pkgs/servers/web-apps/engelsystem/default.nix
@@ -11,8 +11,6 @@ in stdenv.mkDerivation rec {
     url =
       "https://github.com/engelsystem/engelsystem/releases/download/v3.1.0/engelsystem-v3.1.0.zip";
     sha256 = "01wra7li7n5kn1l6xkrmw4vlvvyqh089zs43qzn98hj0mw8gw7ai";
-    # This is needed, because the zip contains a directory with world write access, which is not allowed in nix
-    extraPostFetch = "chmod -R a-w $out";
   };
 
   buildInputs = [ phpExt ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-01 03:55:28 +0000