Fix macOS build

NixOS · May 20, 2020 · ff44f7e · ff44f7e
1 parent 8e0bdc0
commit ff44f7e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 10 deletions.
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
@@ -1395,11 +1395,7 @@ void DerivationGoal::tryToBuild()
 
 void DerivationGoal::tryLocalBuild() {
 
-    /* If `build-users-group' is not empty, then we have to build as
-       one of the members of that group. */
-    static bool useBuildUsers = (settings.buildUsersGroup != "" || settings.startId.get() != 0) && getuid() == 0;
-    if (useBuildUsers) {
-#if defined(__linux__) || defined(__APPLE__)
+    if (useBuildUsers()) {
         if (!buildUser)
             buildUser = acquireUserLock();
 
@@ -1412,11 +1408,6 @@ void DerivationGoal::tryLocalBuild() {
         /* Make sure that no other processes are executing under this
            uid. */
         buildUser->kill();
-#else
-        /* Don't know how to block the creation of setuid/setgid
-           binaries on this platform. */
-        throw Error("build users are not supported on this platform for security reasons");
-#endif
     }
 
     try {

diff --git a/src/libstore/user-lock.cc b/src/libstore/user-lock.cc
@@ -209,4 +209,17 @@ std::unique_ptr<UserLock> acquireUserLock()
         return SimpleUserLock::acquire();
 }
 
+bool useBuildUsers()
+{
+    #if __linux__
+    static bool b = (settings.buildUsersGroup != "" || settings.startId.get() != 0) && getuid() == 0;
+    return b;
+    #elif __APPLE__
+    static bool b = settings.buildUsersGroup != "" && getuid() == 0;
+    return b;
+    #else
+    return false;
+    #endif
+}
+
 }
diff --git a/src/libstore/user-lock.hh b/src/libstore/user-lock.hh
@@ -36,4 +36,6 @@ struct UserLock
    is available. */
 std::unique_ptr<UserLock> acquireUserLock();
 
+bool useBuildUsers();
+
 }