[bug#75810,v5,09/14] daemon: Move comments where they belong.

Message ID 86a4ed49616acee6bf2767470f76d459000f4ca3.1741973869.git.ludo@gnu.org
State New
Headers
Series Rootless guix-daemon |

Commit Message

Ludovic Courtès March 14, 2025, 5:48 p.m. UTC
  * nix/libstore/build.cc (DerivationGoal::startBuilder): Shuffle
comments for clarity.

Change-Id: I6557c103ade4a3ab046354548ea193c68f8c9c05
---
 nix/libstore/build.cc | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)
  

Patch

diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 07c8ad7e1d..37c3d3bf1e 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1870,18 +1870,19 @@  void DerivationGoal::startBuilder()
         }
         dirsInChroot[tmpDirInSandbox] = tmpDir;
 
-        /* Make the closure of the inputs available in the chroot,
-           rather than the whole store.  This prevents any access
-           to undeclared dependencies.  !!! As an extra security
-           precaution, make the fake store only writable by the
-           build user. */
+	/* Create the fake store.  */
         Path chrootStoreDir = chrootRootDir + settings.nixStore;
         createDirs(chrootStoreDir);
         chmod_(chrootStoreDir, 01775);
 
         if (buildUser.enabled() && chown(chrootStoreDir.c_str(), 0, buildUser.getGID()) == -1)
-            throw SysError(format("cannot change ownership of ‘%1%’") % chrootStoreDir);
+	     /* As an extra security precaution, make the fake store only
+		writable by the build user.  */
+	     throw SysError(format("cannot change ownership of ‘%1%’") % chrootStoreDir);
 
+        /* Make the closure of the inputs available in the chroot, rather than
+           the whole store.  This prevents any access to undeclared
+           dependencies. */
         foreach (PathSet::iterator, i, inputPaths) {
 	    struct stat st;
             if (lstat(i->c_str(), &st))