From 3c4c30eadd879f512ac2075a7ba39c37ff77bf5c Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Fri, 19 Jan 2018 14:53:34 +0100
Subject: [PATCH] Rewrite builtin derivation environment

Also add a test.

Fixes #1803.
Closes #1805.
---
 src/libstore/build.cc |  7 ++++++-
 tests/check.nix       |  5 +++++
 tests/check.sh        | 14 ++++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 523d737d9..55066205d 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2933,8 +2933,13 @@ void DerivationGoal::runChild()
         if (drv->isBuiltin()) {
             try {
                 logger = makeJSONLogger(*logger);
+
+                BasicDerivation drv2(*drv);
+                for (auto & e : drv2.env)
+                    e.second = rewriteStrings(e.second, inputRewrites);
+
                 if (drv->builder == "builtin:fetchurl")
-                    builtinFetchurl(*drv, netrcData);
+                    builtinFetchurl(drv2, netrcData);
                 else
                     throw Error(format("unsupported builtin function '%1%'") % string(drv->builder, 8));
                 _exit(0);
diff --git a/tests/check.nix b/tests/check.nix
index b330ab9c9..585d43032 100644
--- a/tests/check.nix
+++ b/tests/check.nix
@@ -9,4 +9,9 @@ with import ./config.nix;
         date +%s.%N > $out/date
       '';
   };
+
+  fetchurl = import <nix/fetchurl.nix> {
+    url = "file://" + toString ./lang/eval-okay-xml.out;
+    sha256 = "426fefcd2430e986551db13fcc2b1e45eeec17e68ffeb6ff155be2f8aaf5407e";
+  };
 }
diff --git a/tests/check.sh b/tests/check.sh
index 3efcef044..a3067e06f 100644
--- a/tests/check.sh
+++ b/tests/check.sh
@@ -16,3 +16,17 @@ nix-build dependencies.nix --no-out-link --repeat 3
 (! nix-build check.nix -A nondeterministic --no-out-link --repeat 1 2> $TEST_ROOT/log)
 grep 'differs from previous round' $TEST_ROOT/log
 
+path=$(nix-build check.nix -A fetchurl --no-out-link)
+
+chmod +w $path
+echo foo > $path
+chmod -w $path
+
+nix-build check.nix -A fetchurl --no-out-link --check
+
+# Note: "check" doesn't repair anything, it just compares to the hash stored in the database.
+[[ $(cat $path) = foo ]]
+
+nix-build check.nix -A fetchurl --no-out-link --repair
+
+[[ $(cat $path) != foo ]]
-- 
GitLab