nixpacks icon indicating copy to clipboard operation
nixpacks copied to clipboard

Published 20 hours ago verified publisher icon railwayapp

Projects containing read-only files cannot be built

Open acaloiaro opened this issue 1 year ago • 5 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Describe the bug

When projects being built by nixpacks contain read-only files, nipacks build ... results in a permission error due to Rust's fs::copy retaining file permissions, and nixpacks rewriting all CRLF line endings with LF: https://github.com/railwayapp/nixpacks/blob/2ec70b75709af40db28762a77a3c98aaaebb09ad/src/nixpacks/files.rs#L35

To reproduce

In any project to be built by nixpacks, on a Linux system

touch test
chmod 444 test
nixpacks build .

╔══════ Nixpacks v1.20.0 ══════╗
║ setup      │ go_1_19         ║
║──────────────────────────────║
║ install    │ go mod download ║
║──────────────────────────────║
║ build      │ go build -o out ║
║──────────────────────────────║
║ start      │ ./out           ║
╚══════════════════════════════╝

Error: Writing app

Caused by:
    Permission denied (os error 13)

Here from the strace output, we can see that the permission error occurs opening test as writable

openat(AT_FDCWD, "/run/user/1000/nixpacks.k4jRGy09qM0S/test", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)

And stat shows us that that file retained its original read-only permissions, preventing the writable file handle

stat -c "%a %n" /run/user/1000/nixpacks.k4jRGy09qM0S/test
444 /run/user/1000/nixpacks.k4jRGy09qM0S/test

Expected behavior

  • Nixpacks builds successfully as long as it can read files from project directories
  • That nixpacks does not replace all CRLF with LF in project files.

Environment

OS: NixOS Unstable Kernel: Linux version 6.6.17 (nixbld@localhost) (gcc (GCC) 13.2.0, GNU ld (GNU Binutils) 2.40) #1-NixOS SMP PREEMPT_DYNAMIC Fri Feb 16 18:10:57 UTC 2024 Nixpacks version: 1.20.0 / any

acaloiaro avatar Feb 22 '24 18:02 acaloiaro

This may be related to some instances of #700

acaloiaro avatar Feb 22 '24 18:02 acaloiaro

Having the exact same issue with node provider. The node_modules folder must be removed in order to nixpacks build to succeed. sudo nixpacks works, but I don’t feel comfortable doing that. Even when the build is running as root, the absolute slowness when trying to copy the entire modules directory to the build context almost halts the entire process. Any way we can ignore files like honouring the .gitignore or even a .nixpacksignore?

vinerz avatar Jun 24 '24 16:06 vinerz

I should add if you're having this permission problem and you're okay with setting all permissions within a particular directory to read/write, the following will fix permissions, e.g. ./node_modules: find ./node_modules -perm 444 -exec chmod 0600 {} \

acaloiaro avatar Jun 25 '24 00:06 acaloiaro

@acaloiaro is there a way for this directory to not be copied at all?

vinerz avatar Jun 25 '24 00:06 vinerz

Struggling with this as well:

/usr/bin/find . -path ./.git -prune -o -type f -perm +444 \! -perm +222

This identifies all of the read only files. I confirmed they are all in dockerignore but nixpacks is still failing...

iloveitaly avatar Aug 02 '24 18:08 iloveitaly