On Wed, Jan 31, 2024 at 01:30:21PM +1100, Tim Cuthbertson wrote:
> I'm not subscribed to the mailing list, please CC me on replies.
>
> Installed symlinks (specifically ld-musl-x86_64.so.1 have permissions 0700
> on MacOS, which means only the owner (typically root) can read them.
>
> Symlink permissions can't be anything but 0777 on Linux, but on Mac they
> can be set, and in this case are being inherited from the 077 umask in
> install.sh:
>
> ```
> $ ls -l
> /nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1
> ls: cannot read symbolic link
> '/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1':
> Permission denied
> lrwx------ 1 root wheel 7 Jan  1  1970
> /nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1
> ```
>
> My fix (attached) is to use `umask 022`, which was already being used to
> make directories. It's not practical to fix this by specifying the intended
> permissions for this symlink, as setting link permissions requires the
> nonstandard `-h` chmod flag, which presumably fails on other platforms.
>
> First discovered when cross-building on MacOS for linux:
> https://github.com/NixOS/nixpkgs/issues/285141
>
> I've tested the fix works in nix. I am fairly confident the same issue
> exists outside of Nix given the fix, but I haven't built musl before and
> ran into unrelated errors.
>
> Thanks,
>  - Tim

Thanks for catching this. Do you think it might be better to put umask
000 inside the symlink case instead of just reusing the 022 from dir?
000 seems like what you actually want to fix the symlink behavior.

Alternatively maybe we should set umask to the complement of the
desired mode?

Rich