From 0fffb47a244cf3f79b3e7e77d2ea974193702f78 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Thu, 18 Jun 2026 10:23:20 +0200 Subject: [PATCH] fix(nix): make flake checks hermetic Signed-off-by: Evan Lezar --- crates/openshell-driver-vm/src/runtime.rs | 33 +++++++++++++++-------- nix/crate.nix | 1 + 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/crates/openshell-driver-vm/src/runtime.rs b/crates/openshell-driver-vm/src/runtime.rs index a6ddfe011..784552c0d 100644 --- a/crates/openshell-driver-vm/src/runtime.rs +++ b/crates/openshell-driver-vm/src/runtime.rs @@ -1247,17 +1247,7 @@ fn hash_path_id(path: &Path) -> String { } fn secure_socket_base(subdir: &str) -> Result { - let base = std::env::var_os("XDG_RUNTIME_DIR").map_or_else( - || { - let fallback = PathBuf::from("/tmp"); - if fallback.is_dir() { - fallback - } else { - std::env::temp_dir() - } - }, - PathBuf::from, - ); + let base = std::env::var_os("XDG_RUNTIME_DIR").map_or_else(socket_fallback_base, PathBuf::from); let dir = base.join(subdir); if dir.exists() { @@ -1296,6 +1286,27 @@ fn secure_socket_base(subdir: &str) -> Result { Ok(dir) } +fn socket_fallback_base() -> PathBuf { + let temp_dir = { + let fallback = PathBuf::from("/tmp"); + if fallback.is_dir() { + fallback + } else { + std::env::temp_dir() + } + }; + + #[cfg(unix)] + { + temp_dir.join(format!("openshell-{}", unsafe { libc::getuid() })) + } + + #[cfg(not(unix))] + { + temp_dir.join("openshell") + } +} + fn gvproxy_socket_base(overlay_disk: &Path) -> Result { Ok(secure_socket_base("osd-gv")?.join(hash_path_id(overlay_disk))) } diff --git a/nix/crate.nix b/nix/crate.nix index 8b4b22128..392b17770 100644 --- a/nix/crate.nix +++ b/nix/crate.nix @@ -39,6 +39,7 @@ openshell-core = { dir = "openshell-core"; nativeBuildInputs = [ pkgs.protobuf ]; + nativeCheckInputs = [ pkgs.lsof ]; assets = [ (root + "/proto") ]; }; openshell-driver-docker = {