diff options
-rw-r--r-- | pkgs/applications/editors/eclipse/plugins.nix | 3 | ||||
-rw-r--r-- | pkgs/applications/misc/ipmicfg/default.nix | 1 | ||||
-rw-r--r-- | pkgs/applications/office/atlassian-cli/default.nix | 1 | ||||
-rw-r--r-- | pkgs/build-support/fetchzip/default.nix | 9 | ||||
-rw-r--r-- | pkgs/servers/web-apps/engelsystem/default.nix | 2 |
5 files changed, 7 insertions, 9 deletions
diff --git a/pkgs/applications/editors/eclipse/plugins.nix b/pkgs/applications/editors/eclipse/plugins.nix index cdf36bc3c21e2..43ab2a796ebd7 100644 --- a/pkgs/applications/editors/eclipse/plugins.nix +++ b/pkgs/applications/editors/eclipse/plugins.nix @@ -355,9 +355,6 @@ rec { url = "https://download.jboss.org/drools/release/${version}/droolsjbpm-tools-distribution-${version}.zip"; sha512 = "2qzc1iszqfrfnw8xip78n3kp6hlwrvrr708vlmdk7nv525xhs0ssjaxriqdhcr0s6jripmmazxivv3763rnk2bfkh31hmbnckpx4r3m"; extraPostFetch = '' - # work around https://github.com/NixOS/nixpkgs/issues/38649 - chmod go-w $out; - # update site is a couple levels deep, alongside some other irrelevant stuff cd $out; find . -type f -not -path ./binaries/org.drools.updatesite/\* -exec rm {} \; diff --git a/pkgs/applications/misc/ipmicfg/default.nix b/pkgs/applications/misc/ipmicfg/default.nix index f561f15ab3ec3..f3d8d5cbc2059 100644 --- a/pkgs/applications/misc/ipmicfg/default.nix +++ b/pkgs/applications/misc/ipmicfg/default.nix @@ -8,7 +8,6 @@ stdenv.mkDerivation rec { src = fetchzip { url = "https://www.supermicro.com/wftp/utility/IPMICFG/IPMICFG_${version}_build.${buildVersion}.zip"; sha256 = "0srkzivxa4qlf3x9zdkri7xfq7kjj4fsmn978vzmzsvbxkqswd5a"; - extraPostFetch = "chmod u+rwX,go-rwx+X $out/"; }; installPhase = '' diff --git a/pkgs/applications/office/atlassian-cli/default.nix b/pkgs/applications/office/atlassian-cli/default.nix index 1140bb9bee20e..ec8e2b396c589 100644 --- a/pkgs/applications/office/atlassian-cli/default.nix +++ b/pkgs/applications/office/atlassian-cli/default.nix @@ -7,7 +7,6 @@ stdenv.mkDerivation rec { src = fetchzip { url = "https://bobswift.atlassian.net/wiki/download/attachments/16285777/${pname}-${version}-distribution.zip"; sha256 = "091dhjkx7fdn23cj7c4071swncsbmknpvidmmjzhc0355l3p4k2g"; - extraPostFetch = "chmod go-w $out"; }; tools = [ diff --git a/pkgs/build-support/fetchzip/default.nix b/pkgs/build-support/fetchzip/default.nix index c61df8ceb0015..44748f231bc25 100644 --- a/pkgs/build-support/fetchzip/default.nix +++ b/pkgs/build-support/fetchzip/default.nix @@ -44,8 +44,13 @@ mv "$unpackDir/$fn" "$out" '' else '' mv "$unpackDir" "$out" - '') #*/ - + extraPostFetch; + '') + + extraPostFetch + # Remove write permissions for files unpacked with write bits set + # Fixes https://github.com/NixOS/nixpkgs/issues/38649 + + '' + chmod -R a-w "$out" + ''; } // removeAttrs args [ "stripRoot" "extraPostFetch" ])).overrideAttrs (x: { # Hackety-hack: we actually need unzip hooks, too nativeBuildInputs = x.nativeBuildInputs ++ [ unzip ]; diff --git a/pkgs/servers/web-apps/engelsystem/default.nix b/pkgs/servers/web-apps/engelsystem/default.nix index ad3a699580058..92d50ff67c8ea 100644 --- a/pkgs/servers/web-apps/engelsystem/default.nix +++ b/pkgs/servers/web-apps/engelsystem/default.nix @@ -11,8 +11,6 @@ in stdenv.mkDerivation rec { url = "https://github.com/engelsystem/engelsystem/releases/download/v3.1.0/engelsystem-v3.1.0.zip"; sha256 = "01wra7li7n5kn1l6xkrmw4vlvvyqh089zs43qzn98hj0mw8gw7ai"; - # This is needed, because the zip contains a directory with world write access, which is not allowed in nix - extraPostFetch = "chmod -R a-w $out"; }; buildInputs = [ phpExt ]; |