nar: add note for permissions logic on macos

sandydoo · sandydoo · commit b6ab60c0e8e0 · 2024-07-29T17:27:17.000Z
diff --git a/hnix-store-nar/src/System/Nix/Nar/Effects.hs b/hnix-store-nar/src/System/Nix/Nar/Effects.hs
@@ -123,12 +123,20 @@ streamStringOutIO f executable getChunk =
       "Failed to stream string to " <> f <> ": " <> show e
 
 -- | Check whether the file is executable by the owner.
+--
+--   Matches the logic used by Nix.
+--
+--   access() should not be used for this purpose on macOS.
+--   It returns false for executables when placed in certain directories.
+--   For example, when in an app bundle: App.app/Contents/Resources/en.lproj/myexecutable.strings
 isExecutable :: FileStatus -> Bool
 isExecutable st =
   isRegularFile st
     && fileMode st `intersectFileModes` ownerExecuteMode /= nullFileMode
 
 -- | Set the file to be executable by the owner, group, and others.
+--
+--   Matches the logic used by Nix.
 setExecutable :: FilePath -> IO ()
 setExecutable f = do
   st <- getSymbolicLinkStatus f
diff --git a/hnix-store-nar/tests/NarFormat.hs b/hnix-store-nar/tests/NarFormat.hs
@@ -145,6 +145,8 @@ unit_nixStoreDirectory' :: HU.Assertion
 unit_nixStoreDirectory' = filesystemNixStore "directory'" (Nar sampleDirectory')
 
 -- | Test that the executable permissions are handled correctly in app bundles on macOS.
+--   In this case, access() returns false for a file under this specific path, even when the executable bit is set.
+--   NAR implementations should avoid this syscall on macOS.
 test_nixStoreMacOSAppBundle :: TestTree
 test_nixStoreMacOSAppBundle = packThenExtract "App.app" $ \ baseDir -> do
   let testDir = baseDir </> "App.app" </> "Resources" </> "en.lproj"
