daemon: Restore post-canonicalization permissions after moving.

At this point the value of 'st.st_mode' is from before canonicalization, so
restoring to that will undo the permissions aspect of the canonicalization for
a top-level directory store item.

Fixes #1104, introduced in
ae18b3d9e6 (https://codeberg.org/guix/guix/commit/ae18b3d9e6bd0c184505a094851448d08555e23e).

* nix/libstore/build.cc (DerivationGoal::registerOutputs): update 'st' with
  post-canonicalization permissions before making actualPath
  temporarily-writable.
* tests/store.scm ("build outputs aren't writable"): new test.

Change-Id: I5e5eaa79fa6b7f81e1d12fd285883c762a22ce5a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

1 files changed, 11 insertions, 0 deletions

diff --git a/tests/store.scm b/tests/store.scm
index 112ea7e2fcb..16dcbf2396d 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -417,6 +417,17 @@
                      get-string-all)
                    a))))
 
+;; https://codeberg.org/guix/guix/issues/1104
+(test-equal "build outputs aren't writable"
+  #o555
+  (let ((drv (build-expression->derivation %store "writable-output"
+                                           `(begin
+                                              ,(random-text)
+                                              (mkdir %output)
+                                              (chmod %output #o755)))))
+    (build-derivations %store (list drv))
+    (stat:perms (stat (derivation->output-path drv "out")))))
+
 (unless (unprivileged-user-namespace-supported?)
   (test-skip 1))
 (test-equal "isolated environment"