Projects containing read-only files cannot be built

[acaloiaro]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

When projects being built by nixpacks contain read-only files, nipacks build ... results in a permission error due to Rust's fs::copy retaining file permissions, and nixpacks rewriting all CRLF line endings with LF:

nixpacks/src/nixpacks/files.rs

Line 35 in 2ec70b7

fs::write(&to, data.replace("\r\n", "\n"))?;

To reproduce

In any project to be built by nixpacks, on a Linux system

touch test
chmod 444 test
nixpacks build .

╔══════ Nixpacks v1.20.0 ══════╗
║ setup      │ go_1_19         ║
║──────────────────────────────║
║ install    │ go mod download ║
║──────────────────────────────║
║ build      │ go build -o out ║
║──────────────────────────────║
║ start      │ ./out           ║
╚══════════════════════════════╝

Error: Writing app

Caused by:
    Permission denied (os error 13)

Here from the strace output, we can see that the permission error occurs opening test as writable

openat(AT_FDCWD, "/run/user/1000/nixpacks.k4jRGy09qM0S/test", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)

And stat shows us that that file retained its original read-only permissions, preventing the writable file handle

stat -c "%a %n" /run/user/1000/nixpacks.k4jRGy09qM0S/test
444 /run/user/1000/nixpacks.k4jRGy09qM0S/test

Expected behavior

• Nixpacks builds successfully as long as it can read files from project directories
• That nixpacks does not replace all CRLF with LF in project files.

Environment

OS: NixOS Unstable
Kernel: Linux version 6.6.17 (nixbld@localhost) (gcc (GCC) 13.2.0, GNU ld (GNU Binutils) 2.40) #1-NixOS SMP PREEMPT_DYNAMIC Fri Feb 16 18:10:57 UTC 2024
Nixpacks version: 1.20.0 / any

[acaloiaro]

This may be related to some instances of #700

[vinerz]

Having the exact same issue with node provider. The node_modules folder must be removed in order to nixpacks build to succeed. sudo nixpacks works, but I don’t feel comfortable doing that. Even when the build is running as root, the absolute slowness when trying to copy the entire modules directory to the build context almost halts the entire process. Any way we can ignore files like honouring the .gitignore or even a .nixpacksignore?

[acaloiaro]

I should add if you're having this permission problem and you're okay with setting all permissions within a particular directory to read/write, the following will fix permissions, e.g. ./node_modules: find ./node_modules -perm 444 -exec chmod 0600 {} \

[vinerz]

@acaloiaro is there a way for this directory to not be copied at all?

[iloveitaly]

Struggling with this as well:

/usr/bin/find . -path ./.git -prune -o -type f -perm +444 \! -perm +222

This identifies all of the read only files. I confirmed they are all in dockerignore but nixpacks is still failing...