!UNVBThoJtlIiVwiDjU:nixos.org

Staging

401 Members
Staging merges | Running staging cycles: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+head%3Astaging-next+head%3Astaging-next-25.11 | Review Reports: https://malob.github.io/nix-review-tools-reports/129 Servers

Load older messages


SenderMessageTime
4 Jul 2026
@k900:0upti.meK900 Is it just 11:00:06
@k900:0upti.meK900 Literally parsing bzip2 output 11:00:12
@hexa:lossy.networkhexawell, now I'm not sure I want to know11:01:25
@hexa:lossy.networkhexahttps://github.com/file/file/blob/7fdb7bf98852d2357b473bd6d786a2e77dba3e48/src/compress.c#L275-L29011:02:47
@tom:pub.solartom

if it helps, after reverting the file 48 bump (https://github.com/NixOS/nixpkgs/commit/d76fd9e7e88c3f5e4bb74c0f2d1f79edb5903cf6) on top of staging-next, i'm getting

$ /nix/store/hzq6fkah4gpzsfxp0ppfl9hbjssk739f-file-5.47/bin/file --brief --mime --uncompress t.tar.bz2
application/x-tar; charset=binary compressed-encoding=application/x-bzip2; charset=binary
11:22:38
@tom:pub.solartom *

if it helps, after reverting the file 48 bump (https://github.com/NixOS/nixpkgs/commit/d76fd9e7e88c3f5e4bb74c0f2d1f79edb5903cf6) on top of staging-next, i'm getting

$ /nix/store/hzq6fkah4gpzsfxp0ppfl9hbjssk739f-file-5.47/bin/file --brief --mime --uncompress t.tar.bz2
application/x-tar; charset=binary compressed-encoding=application/x-bzip2; charset=binary

so it is the file update, apparently

11:23:21
@hexa:lossy.networkhexathis is a stdenv rebuild iirc11:25:19
@hexa:lossy.networkhexapermission denied smells like seccomp11:27:46
@hexa:lossy.networkhexahttps://github.com/file/file/commit/d1253f68dd075fe063117f2f15caedf835e0132811:29:07
@hexa:lossy.networkhexaor landlock11:29:38
@hexa:lossy.networkhexahttps://github.com/file/file/commit/c18098f7590027dccb8efac534d73650c767836211:29:38
@tom:pub.solartom

FWIW, passing --no-sandbox also doesn't help / still outputs application/x-decompression-error-bzip2-Cannot-posix-spawn--bzip2---Permission-denied

-S, --no-sandbox           disable system call sandboxing
11:38:52
@hexa:lossy.networkhexa works after building with --disable-landlock 12:01:26
@tom:pub.solartomcan confirm12:02:33
@tom:pub.solartom* can confirm, I also had a build running12:02:58
@hexa:lossy.networkhexahttps://github.com/file/file/commit/c18098f7590027dccb8efac534d73650c7678362#diff-e6998db1fa15e1051e40b63c686f2f0c83b81a865694def06dc9ef111764cfc3R121-R12312:06:43
@hexa:lossy.networkhexaI think this smells12:06:46
@hexa:lossy.networkhexa

/* Landlock sandbox: read anywhere, write only in $TMPDIR. */

12:07:37
@hexa:lossy.networkhexathat's fair, but executee?12:07:45
@hexa:lossy.networkhexaRedacted or Malformed Event12:07:47
@tom:pub.solartom yeah, I'm not seeing any LANDLOCK_ACCESS_FS_EXECUTE 12:10:13
@tom:pub.solartom yup, that's it. works after adding a | LANDLOCK_ACCESS_FS_EXECUTE in the landlock_allow_path call. 12:19:06
@hexa:lossy.networkhexawhat kind of machine are you building on? :D12:19:35
@hexa:lossy.networkhexagnutar ain't cheap to build12:19:48
@k900:0upti.meK900 We're not scrapping the cycle for this, are we 12:20:08
@hexa:lossy.networkhexaI hope not12:20:17
@hexa:lossy.networkhexa
diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix
index da9968755584..ed03fc9f892b 100644
--- a/pkgs/tools/misc/file/default.nix
+++ b/pkgs/tools/misc/file/default.nix
@@ -26,6 +26,12 @@ stdenv.mkDerivation (finalAttrs: {
     hash = "sha256-7RRlaIOyOjZLQFfAVZXZMlLam8Rz0wEGUZUZ0NoUEoM=";
   };
 
+  postPatch = ''
+    substituteInPlace src/landlock.c --replace-fail \
+      "LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_READ_DIR" \
+      "LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_READ_DIR | LANDLOCK_ACCESS_FS_EXECUTE"
+  '';
+
   outputs = [
     "out"
     "dev"
12:20:25
@hexa:lossy.networkhexafwiw12:20:26
@tom:pub.solartomgnutar takes like 5m40 for me ^^ CPU is a i7-13700K12:20:49
@hexa:lossy.networkhexa

⏵ gnutar-1.35 on 1cd ⏱ 8m4s (∅ 11m22s)

12:21:09

Show newer messages


Back to Room ListRoom Version: 6