From 7794354a982449927ee7401cdeb573ddd16c4688 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Thu, 7 Mar 2024 13:16:15 +0100
Subject: [PATCH] Fix sandbox escape patch

---
 src/libstore/build/local-derivation-goal.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index 3958b9d8f..d83c47d00 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -2546,8 +2546,8 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
                 // Replace the output by a fresh copy of itself to make sure
                 // that there's no stale file descriptor pointing to it
                 Path tmpOutput = actualPath + ".tmp";
-                renameFile(actualPath, tmpOutput);
-                copyFile(tmpOutput, actualPath, true);
+                copyFile(actualPath, tmpOutput, true);
+                renameFile(tmpOutput, actualPath);
 
                 auto newInfo0 = newInfoFromCA(DerivationOutput::CAFloating {
                     .method = dof.ca.method,