stdenv: noBrokenSymlinks hook exits silently if readlink fails (e.g. Darwin symlink permissions)

[Rhys-T]

Nixpkgs version

• Unstable (25.05)

Describe the bug

As mentioned in #380436, if a symbolic link in $out can't be read for some reason, the noBrokenSymlinks hook will just silently exit with a non-zero status, without any indication of why it's exiting. The main thing I know of right now that can cause this is not having read permission for the symlink (Linux doesn't track symlink permissions, but Darwin and FreeBSD do; possibly other BSDs as well?), but I don't know for sure whether or not there are any non-Darwin-specific ways to trigger this as well.

Steps to reproduce

On a Darwin/macOS machine:

1. Save this code as test.nix:

{stdenvNoCC}: stdenvNoCC.mkDerivation {
    name = "unreadable-symlink-test";
    dontUnpack = true;
    installPhase = ''
        mkdir "$out"
        ln -s . "$out"/testLink
        chmod -h 0000 "$out"/testLink
    '';
}

2. NIX_PATH='nixpkgs=https://github.com/NixOS/nixpkgs/archive/refs/heads/nixpkgs-unstable.tar.gz' nix-build -E 'with import <nixpkgs> {}; callPackage ./test.nix {}'

Expected behaviour

The hook should clearly report that it couldn't read the symlink.

Screenshots

No response

Relevant log output

this derivation will be built:
  /nix/store/444dpnla46cb3kx7sg9ps7wqyx8x3rv4-unreadable-symlink-test.drv
building '/nix/store/444dpnla46cb3kx7sg9ps7wqyx8x3rv4-unreadable-symlink-test.drv'...
Running phase: patchPhase
Running phase: configurePhase
no configure script, doing nothing
Running phase: buildPhase
no Makefile or custom buildPhase, doing nothing
Running phase: installPhase
Running phase: fixupPhase
checking for references to /private/tmp/nix-build-unreadable-symlink-test.drv-0/ in /nix/store/2rjxbl8bpb7aga41xz23iar473vdgy2a-unreadable-symlink-test...
patching script interpreter paths in /nix/store/2rjxbl8bpb7aga41xz23iar473vdgy2a-unreadable-symlink-test
error: builder for '/nix/store/444dpnla46cb3kx7sg9ps7wqyx8x3rv4-unreadable-symlink-test.drv' failed with exit code 1;
       last 9 log lines:
       > Running phase: patchPhase
       > Running phase: configurePhase
       > no configure script, doing nothing
       > Running phase: buildPhase
       > no Makefile or custom buildPhase, doing nothing
       > Running phase: installPhase
       > Running phase: fixupPhase
       > checking for references to /private/tmp/nix-build-unreadable-symlink-test.drv-0/ in /nix/store/2rjxbl8bpb7aga41xz23iar473vdgy2a-unreadable-symlink-test...
       > patching script interpreter paths in /nix/store/2rjxbl8bpb7aga41xz23iar473vdgy2a-unreadable-symlink-test
       For full logs, run 'nix-store -l /nix/store/444dpnla46cb3kx7sg9ps7wqyx8x3rv4-unreadable-symlink-test.drv'.

Additional context

I have the start of a patch to fix this, but I haven't tested it yet because it wants to Rebuild The Everything (well, it is a stdenv change) and I don't have that much free space.

System metadata

• system: "x86_64-darwin"
• host os: Darwin 19.6.0, macOS 10.15.7
• multi-user?: yes
• sandbox: no
• version: nix-env (Nix) 2.24.10
• channels(root): "nixpkgs"
• nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixpkgs

Notify maintainers

@ConnorBaker (for noBrokenSymlinks hook)

---

Note for maintainers: Please tag this issue in your pull request description. (i.e. Resolves #ISSUE.)

I assert that this issue is relevant for Nixpkgs

• I assert that this is a bug and not a support request.
• I assert that this is not a duplicate of an existing issue.
• I assert that I have read the NixOS Code of Conduct and agree to abide by it.

Is this issue important to you?

Add a 👍 reaction to issues you find important.

[ConnorBaker]

Should be closed by #380683.