daemon: Resolve symlinks in /etc/resolv.conf for slirp4netns chroot.

* nix/libstore/build.cc (prepareSlirpChrootAction): Use
canonPath(i, true) to resolve symlinks when adding /etc/resolv.conf
and /etc/hosts to the slirp4netns chroot, so that bindMount receives
a regular file path instead of a symlink.

On systems using systemd-resolved, /etc/resolv.conf is typically a
symlink:

  /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf

The slirp4netns chroot creates an empty /run/ directory, so when
bindMount copies the symlink verbatim (spawn.cc line 537-542), the
target does not exist and slirp4netns cannot determine the upstream
DNS server.  This causes all DNS resolution to fail for fixed-output
derivations that use the Guile-based git-fetch builder (e.g.
git-fetch/lfs), since they rely on slirp4netns for network access
in the build chroot.

Derivations using builtin:git-download are unaffected because they
run in the daemon process itself, which has full network access.

Change-Id: Ib73e69a8760e74eb8141dd0408c27aa8b3001e37
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #6959

nix/libstore/build.cc

@@ -1972,11 +1972,15 @@ static void prepareSlirpChrootAction(SpawnContext & sctx)
     }
 
     /* Limit /etc to containing just /etc/resolv.conf and /etc/hosts, and
-       read-only at that */
+       read-only at that.  Resolve symlinks in the source path so that
+       bindMount sees a regular file and bind-mounts it, rather than
+       copying a symlink whose target may not exist in the chroot
+       (e.g. /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
+       with /run/ being empty in the chroot). */
     Strings etcFiles = { "/etc/resolv.conf", "/etc/hosts" };
     for(auto & i : etcFiles) {
         if(pathExists(i)) {
-            ctx.filesInChroot[i] = i;
+            ctx.filesInChroot[i] = canonPath(i, true);
             ctx.readOnlyFilesInChroot.insert(i);
         }
     }