)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This adds an optional \"embedded-sandbox-shell\" feature that embeds the sandbox"},{"line_number":10,"context_line":"shell binary directly into the build at compile time. This simplifies deployment"},{"line_number":11,"context_line":"by removing the runtime dependency on SNIX_BUILD_SANDBOX_SHELL."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"The implementation:"},{"line_number":14,"context_line":"- Adds embedded-sandbox-shell feature flag in Cargo.toml"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"1e971827_1bbd339b","line":11,"updated":"2025-07-05 15:51:31.000000000","message":"```suggestion\nby removing the runtime dependency on the path specified in SNIX_BUILD_SANDBOX_SHELL.\n```","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This adds an optional \"embedded-sandbox-shell\" feature that embeds the sandbox"},{"line_number":10,"context_line":"shell binary directly into the build at compile time. This simplifies deployment"},{"line_number":11,"context_line":"by removing the runtime dependency on SNIX_BUILD_SANDBOX_SHELL."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"The implementation:"},{"line_number":14,"context_line":"- Adds embedded-sandbox-shell feature flag in Cargo.toml"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"17f5b2c2_db47e7b2","line":11,"in_reply_to":"1e971827_1bbd339b","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"}],"snix/build/src/buildservice/from_addr.rs":[{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":1,"context_line":"use super::{BuildService, DummyBuildService, grpc::GRPCBuildService};"},{"line_number":2,"context_line":"use serde::Deserialize;"},{"line_number":3,"context_line":"use snix_castore::{blobservice::BlobService, directoryservice::DirectoryService};"},{"line_number":4,"context_line":"use std::path::PathBuf;"}],"source_content_type":"text/x-rustsrc","patch_set":5,"id":"c07ece45_8bdd1544","line":1,"updated":"2025-07-05 15:51:31.000000000","message":"We currently only need this feature for the OCI builder, which is already gated on Linux only. Even if we were using it for other builders, we wouldn\u0027t want to have this code land in from_addr.rs, but in a sandbox_shell.rs.\n\nCan you:\n\n - Move oci.rs -\u003e oci/mod.rs\n - Move sandbox shell code from here to oci/sandbox_shell.rs\n - drop the `#[cfg(target_os \u003d \"linux\")]` conditionals in that code (already inherited from the conditional `mod oci;`.\n - run `depotfmt` (CI again complains about formatting)\n\nThat way, the code should be much more readable, and if in the future we reuse sandbox-shell stuff for other builders (like microvms) it\u0027s a simple move of that `sandbox_shell` out to elsewhere, and maybe the introduction of some more target_os conditionals.","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":1,"context_line":"use super::{BuildService, DummyBuildService, grpc::GRPCBuildService};"},{"line_number":2,"context_line":"use serde::Deserialize;"},{"line_number":3,"context_line":"use snix_castore::{blobservice::BlobService, directoryservice::DirectoryService};"},{"line_number":4,"context_line":"use std::path::PathBuf;"}],"source_content_type":"text/x-rustsrc","patch_set":5,"id":"6202455c_c51329d4","line":1,"in_reply_to":"c07ece45_8bdd1544","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"7428cd3ec98dc5192a5da0c5abc2a713256ce7f7","unresolved":true,"context_lines":[{"line_number":20,"context_line":"    static INIT_MUTEX: Mutex\u003c()\u003e \u003d Mutex::new(());"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    // The embedded busybox binary (included at compile time)"},{"line_number":23,"context_line":"    static EMBEDDED_BUSYBOX_BINARY: \u0026[u8] \u003d include_bytes!(env!(\"SNIX_BUILD_SANDBOX_SHELL\"));"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    let result \u003d EXTRACTED_BUSYBOX_PATH.get_or_init(|| {"},{"line_number":26,"context_line":"        let _guard \u003d INIT_MUTEX.lock().unwrap();"}],"source_content_type":"text/x-rustsrc","patch_set":5,"id":"4c30f3d0_0c5588f5","line":23,"updated":"2025-06-28 20:33:04.000000000","message":"call this sandbox shell consistently. It being busybox is just one possible candidate.","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"d48d64224a356999b0358e444bb67f242e1072a2","unresolved":false,"context_lines":[{"line_number":20,"context_line":"    static INIT_MUTEX: Mutex\u003c()\u003e \u003d Mutex::new(());"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    // The embedded busybox binary (included at compile time)"},{"line_number":23,"context_line":"    static EMBEDDED_BUSYBOX_BINARY: \u0026[u8] \u003d include_bytes!(env!(\"SNIX_BUILD_SANDBOX_SHELL\"));"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    let result \u003d EXTRACTED_BUSYBOX_PATH.get_or_init(|| {"},{"line_number":26,"context_line":"        let _guard \u003d INIT_MUTEX.lock().unwrap();"}],"source_content_type":"text/x-rustsrc","patch_set":5,"id":"0fc2807d_fc8df04a","line":23,"in_reply_to":"4c30f3d0_0c5588f5","updated":"2025-07-04 14:32:59.000000000","message":"Done","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"39830dd9e73514c0dbab92791313541dbeeb6600","unresolved":true,"context_lines":[{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    let result \u003d EXTRACTED_BUSYBOX_PATH.get_or_init(|| {"},{"line_number":26,"context_line":"        let _guard \u003d INIT_MUTEX.lock().unwrap();"},{"line_number":27,"context_line":"        "},{"line_number":28,"context_line":"        let temp_dir \u003d std::env::temp_dir();"},{"line_number":29,"context_line":"        let busybox_path \u003d temp_dir.join(format!(\"snix-busybox-{}\", std::process::id()));"},{"line_number":30,"context_line":""}],"source_content_type":"text/x-rustsrc","patch_set":5,"id":"c5f82af1_7db2e610","line":27,"updated":"2025-06-28 20:31:55.000000000","message":"stray newline","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"d48d64224a356999b0358e444bb67f242e1072a2","unresolved":false,"context_lines":[{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    let result \u003d EXTRACTED_BUSYBOX_PATH.get_or_init(|| {"},{"line_number":26,"context_line":"        let _guard \u003d INIT_MUTEX.lock().unwrap();"},{"line_number":27,"context_line":"        "},{"line_number":28,"context_line":"        let temp_dir \u003d std::env::temp_dir();"},{"line_number":29,"context_line":"        let busybox_path \u003d temp_dir.join(format!(\"snix-busybox-{}\", std::process::id()));"},{"line_number":30,"context_line":""}],"source_content_type":"text/x-rustsrc","patch_set":5,"id":"dff561ab_630c1d42","line":27,"in_reply_to":"c5f82af1_7db2e610","updated":"2025-07-04 14:32:59.000000000","message":"Acknowledged","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"39830dd9e73514c0dbab92791313541dbeeb6600","unresolved":true,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"#[cfg(target_os \u003d \"linux\")]"},{"line_number":76,"context_line":"fn default_sandbox_shell() -\u003e PathBuf {"},{"line_number":77,"context_line":"    // Priority: embedded busybox -\u003e SNIX_BUILD_SANDBOX_SHELL env var -\u003e error"},{"line_number":78,"context_line":"    #[cfg(feature \u003d \"embedded-busybox\")]"},{"line_number":79,"context_line":"    {"},{"line_number":80,"context_line":"        if let Ok(path) \u003d get_embedded_busybox_path() {"}],"source_content_type":"text/x-rustsrc","patch_set":5,"id":"781885e2_cc988660","line":77,"updated":"2025-06-28 20:31:55.000000000","message":"The tests currently fail. We don\u0027t build with the embedded-busybox feature, and without that feature enabled, the SNIX_BUILD_SANDBOX_SHELL env var we pass to the build doesn\u0027t get honored at all.\n\nMy proposal would be as follows:\n\n - rename embedded-busybox feature to embedded-sandbox-shell\n - keep existing behaviour of baking path to SNIX_BUILD_SANDBOX_SHELL in (prior to this CL if embedded-sandbox-shell is not active\n - bake contents of binary at path SNIX_BUILD_SANDBOX_SHELL in if embedded-sandbox-shell is active\n - keep sandbox-shell path configurable as in this CL via the URL, but default to either the baked in path or baked-in-binary-extracted-to-path, depending on the configured feature flag.\n \n WDYT?","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"d48d64224a356999b0358e444bb67f242e1072a2","unresolved":false,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"#[cfg(target_os \u003d \"linux\")]"},{"line_number":76,"context_line":"fn default_sandbox_shell() -\u003e PathBuf {"},{"line_number":77,"context_line":"    // Priority: embedded busybox -\u003e SNIX_BUILD_SANDBOX_SHELL env var -\u003e error"},{"line_number":78,"context_line":"    #[cfg(feature \u003d \"embedded-busybox\")]"},{"line_number":79,"context_line":"    {"},{"line_number":80,"context_line":"        if let Ok(path) \u003d get_embedded_busybox_path() {"}],"source_content_type":"text/x-rustsrc","patch_set":5,"id":"cb19c705_b98c4a12","line":77,"in_reply_to":"781885e2_cc988660","updated":"2025-07-04 14:32:59.000000000","message":"Done","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"/// Compile-time path to sandbox shell (when embedded-sandbox-shell feature is disabled)"},{"line_number":13,"context_line":"#[cfg(all(target_os \u003d \"linux\", not(feature \u003d \"embedded-sandbox-shell\")))]"},{"line_number":14,"context_line":"const SNIX_BUILD_SANDBOX_SHELL: Option\u003c\u0026str\u003e \u003d option_env!(\"SNIX_BUILD_SANDBOX_SHELL\");"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"/// Extract the embedded sandbox shell binary to a temporary location and return its path"},{"line_number":17,"context_line":"#[cfg(all(target_os \u003d \"linux\", feature \u003d \"embedded-sandbox-shell\"))]"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"1fe84da4_4fe488a7","line":14,"updated":"2025-07-05 15:51:31.000000000","message":"This can just be an env!, and a \u0026str. If embedded-sandbox-shell is not enabled, a path to the binary must be passed during build time (and we do)","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"/// Compile-time path to sandbox shell (when embedded-sandbox-shell feature is disabled)"},{"line_number":13,"context_line":"#[cfg(all(target_os \u003d \"linux\", not(feature \u003d \"embedded-sandbox-shell\")))]"},{"line_number":14,"context_line":"const SNIX_BUILD_SANDBOX_SHELL: Option\u003c\u0026str\u003e \u003d option_env!(\"SNIX_BUILD_SANDBOX_SHELL\");"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"/// Extract the embedded sandbox shell binary to a temporary location and return its path"},{"line_number":17,"context_line":"#[cfg(all(target_os \u003d \"linux\", feature \u003d \"embedded-sandbox-shell\"))]"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"736ffe39_eaff663a","line":14,"in_reply_to":"1fe84da4_4fe488a7","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":50,"context_line":"        }"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"        tracing::debug!("},{"line_number":53,"context_line":"            ?sandbox_shell_path,"},{"line_number":54,"context_line":"            \"extracted embedded sandbox shell binary\""},{"line_number":55,"context_line":"        );"},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"0a799214_aec3e41c","line":53,"updated":"2025-07-05 15:51:31.000000000","message":"```suggestion\n            sandbox_shell.path\u003d?sandbox_shell_path,\n```","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":50,"context_line":"        }"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"        tracing::debug!("},{"line_number":53,"context_line":"            ?sandbox_shell_path,"},{"line_number":54,"context_line":"            \"extracted embedded sandbox shell binary\""},{"line_number":55,"context_line":"        );"},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"4eccb810_432fe7aa","line":53,"in_reply_to":"0a799214_aec3e41c","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":83,"context_line":"fn default_sandbox_shell() -\u003e PathBuf {"},{"line_number":84,"context_line":"    // When embedded-sandbox-shell is enabled, extract and use the embedded binary"},{"line_number":85,"context_line":"    #[cfg(feature \u003d \"embedded-sandbox-shell\")]"},{"line_number":86,"context_line":"    {"},{"line_number":87,"context_line":"        if let Ok(path) \u003d get_embedded_sandbox_shell_path() {"},{"line_number":88,"context_line":"            return path;"},{"line_number":89,"context_line":"        }"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"217833cc_434c7941","line":86,"updated":"2025-07-05 15:51:31.000000000","message":"you can use `if cfg!` (https://doc.rust-lang.org/rust-by-example/attribute/cfg.html), this makes it more clear it either does this or that, not just two conditional code blocks after each other, which happen to have exactly inverse conditions.","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":83,"context_line":"fn default_sandbox_shell() -\u003e PathBuf {"},{"line_number":84,"context_line":"    // When embedded-sandbox-shell is enabled, extract and use the embedded binary"},{"line_number":85,"context_line":"    #[cfg(feature \u003d \"embedded-sandbox-shell\")]"},{"line_number":86,"context_line":"    {"},{"line_number":87,"context_line":"        if let Ok(path) \u003d get_embedded_sandbox_shell_path() {"},{"line_number":88,"context_line":"            return path;"},{"line_number":89,"context_line":"        }"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"ac6fd400_f3fb0fe6","line":86,"in_reply_to":"217833cc_434c7941","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":90,"context_line":"        tracing::warn!(\"failed to extract embedded sandbox shell\");"},{"line_number":91,"context_line":"    }"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"    // When embedded-sandbox-shell is disabled, use the compile-time path"},{"line_number":94,"context_line":"    #[cfg(not(feature \u003d \"embedded-sandbox-shell\"))]"},{"line_number":95,"context_line":"    {"},{"line_number":96,"context_line":"        if let Some(path) \u003d SNIX_BUILD_SANDBOX_SHELL {"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"1a14737a_b395463f","line":93,"updated":"2025-07-05 15:51:31.000000000","message":"```suggestion\n    // else use the compile-time path\n```\n\n(or better, squash into the comment above after using cfg!)","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":90,"context_line":"        tracing::warn!(\"failed to extract embedded sandbox shell\");"},{"line_number":91,"context_line":"    }"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"    // When embedded-sandbox-shell is disabled, use the compile-time path"},{"line_number":94,"context_line":"    #[cfg(not(feature \u003d \"embedded-sandbox-shell\"))]"},{"line_number":95,"context_line":"    {"},{"line_number":96,"context_line":"        if let Some(path) \u003d SNIX_BUILD_SANDBOX_SHELL {"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"1523cfaf_42fe9703","line":93,"in_reply_to":"1a14737a_b395463f","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":93,"context_line":"    // When embedded-sandbox-shell is disabled, use the compile-time path"},{"line_number":94,"context_line":"    #[cfg(not(feature \u003d \"embedded-sandbox-shell\"))]"},{"line_number":95,"context_line":"    {"},{"line_number":96,"context_line":"        if let Some(path) \u003d SNIX_BUILD_SANDBOX_SHELL {"},{"line_number":97,"context_line":"            return PathBuf::from(path);"},{"line_number":98,"context_line":"        }"},{"line_number":99,"context_line":"    }"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"1bc75dcf_a98c3498","line":96,"updated":"2025-07-05 15:51:31.000000000","message":"See comment on option_env!, this is always a proper path, not an option.","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":93,"context_line":"    // When embedded-sandbox-shell is disabled, use the compile-time path"},{"line_number":94,"context_line":"    #[cfg(not(feature \u003d \"embedded-sandbox-shell\"))]"},{"line_number":95,"context_line":"    {"},{"line_number":96,"context_line":"        if let Some(path) \u003d SNIX_BUILD_SANDBOX_SHELL {"},{"line_number":97,"context_line":"            return PathBuf::from(path);"},{"line_number":98,"context_line":"        }"},{"line_number":99,"context_line":"    }"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"41130c32_1979850e","line":96,"in_reply_to":"1bc75dcf_a98c3498","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":98,"context_line":"        }"},{"line_number":99,"context_line":"    }"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    panic!("},{"line_number":102,"context_line":"        \"No sandbox shell found. The OCI build service requires a statically linked shell binary.\\n\\"},{"line_number":103,"context_line":"        \\n\\"},{"line_number":104,"context_line":"        To build snix with nixpkgs, use one of these methods:\\n\\"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"ac62fed7_96003849","line":101,"updated":"2025-07-05 15:51:31.000000000","message":"How can this happen?\n\nWe have two mutually exclusive branches, depending on whether the feature flag is set or not. We either come up with a path pointing to a binary we just extracted on-the-fly (and can just propagate the error if there was an error doing so), or one that was baked in during build.","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":98,"context_line":"        }"},{"line_number":99,"context_line":"    }"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    panic!("},{"line_number":102,"context_line":"        \"No sandbox shell found. The OCI build service requires a statically linked shell binary.\\n\\"},{"line_number":103,"context_line":"        \\n\\"},{"line_number":104,"context_line":"        To build snix with nixpkgs, use one of these methods:\\n\\"}],"source_content_type":"text/x-rustsrc","patch_set":6,"id":"50fc8dcc_af4edd5b","line":101,"in_reply_to":"ac62fed7_96003849","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"d40332de42b050cb3e14d642342958d2f7c0e778"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"3fa7097eee2ca30c9dcf44efffd600055be89266","unresolved":true,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"/// Configuration for OCIBuildService"},{"line_number":11,"context_line":"#[cfg(target_os \u003d \"linux\")]"},{"line_number":12,"context_line":"#[derive(Debug, Clone, PartialEq, Eq, Deserialize)]"},{"line_number":13,"context_line":"#[serde(deny_unknown_fields)]"},{"line_number":14,"context_line":"pub struct OCIBuildServiceConfig {"},{"line_number":15,"context_line":"    /// Root path in which all bundles are created"}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"5f986f22_8016ce00","line":12,"updated":"2025-07-07 20:19:55.000000000","message":"You derive Deserialize here, but the code below doesn\u0027t use Deserialize.","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"0a7344cdb902bcd0965366bc8b100aa17429d3c7","unresolved":false,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"/// Configuration for OCIBuildService"},{"line_number":11,"context_line":"#[cfg(target_os \u003d \"linux\")]"},{"line_number":12,"context_line":"#[derive(Debug, Clone, PartialEq, Eq, Deserialize)]"},{"line_number":13,"context_line":"#[serde(deny_unknown_fields)]"},{"line_number":14,"context_line":"pub struct OCIBuildServiceConfig {"},{"line_number":15,"context_line":"    /// Root path in which all bundles are created"}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"a8a4869d_a7c2bb0a","line":12,"in_reply_to":"5f986f22_8016ce00","updated":"2025-07-07 22:49:41.000000000","message":"Done","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"3fa7097eee2ca30c9dcf44efffd600055be89266","unresolved":true,"context_lines":[{"line_number":38,"context_line":"        let sandbox_shell \u003d query_pairs"},{"line_number":39,"context_line":"            .get(\"sandbox_shell\")"},{"line_number":40,"context_line":"            .map(|s| PathBuf::from(s.as_ref()))"},{"line_number":41,"context_line":"            .unwrap_or_else(default_sandbox_shell);"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"        Ok(OCIBuildServiceConfig {"},{"line_number":44,"context_line":"            bundle_root: url.path().into(),"}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"521cdb47_981de2f9","line":41,"updated":"2025-07-07 20:19:55.000000000","message":"This manually implements what your `#[serde(default \u003d \"default_sandbox_shell\")]` does up there.","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"0a7344cdb902bcd0965366bc8b100aa17429d3c7","unresolved":false,"context_lines":[{"line_number":38,"context_line":"        let sandbox_shell \u003d query_pairs"},{"line_number":39,"context_line":"            .get(\"sandbox_shell\")"},{"line_number":40,"context_line":"            .map(|s| PathBuf::from(s.as_ref()))"},{"line_number":41,"context_line":"            .unwrap_or_else(default_sandbox_shell);"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"        Ok(OCIBuildServiceConfig {"},{"line_number":44,"context_line":"            bundle_root: url.path().into(),"}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"0ea80287_7741e138","line":41,"in_reply_to":"521cdb47_981de2f9","updated":"2025-07-07 22:49:41.000000000","message":"Done","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"}],"snix/build/src/buildservice/oci/mod.rs":[{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"3fa7097eee2ca30c9dcf44efffd600055be89266","unresolved":true,"context_lines":[{"line_number":1,"context_line":"pub mod sandbox_shell;"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"use anyhow::Context;"},{"line_number":4,"context_line":"use bstr::BStr;"}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"57e01f5c_c97591d0","line":1,"updated":"2025-07-07 20:19:55.000000000","message":"```suggestion\nmod sandbox_shell;\n```\n\nThis is not used anywhere outside the OCI module, and if it would be, we\u0027d move it further out.","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"0a7344cdb902bcd0965366bc8b100aa17429d3c7","unresolved":false,"context_lines":[{"line_number":1,"context_line":"pub mod sandbox_shell;"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"use anyhow::Context;"},{"line_number":4,"context_line":"use bstr::BStr;"}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"562691d8_b835c779","line":1,"in_reply_to":"57e01f5c_c97591d0","updated":"2025-07-07 22:49:41.000000000","message":"Done","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"3fa7097eee2ca30c9dcf44efffd600055be89266","unresolved":true,"context_lines":[{"line_number":76,"context_line":"        let span \u003d Span::current();"},{"line_number":77,"context_line":"        span.record(\"bundle_name\", bundle_name.to_string());"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"        let mut runtime_spec \u003d make_spec(\u0026request, true, \u0026self.sandbox_shell.to_string_lossy())"},{"line_number":80,"context_line":"            .context(\"failed to create spec\")"},{"line_number":81,"context_line":"            .map_err(std::io::Error::other)?;"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"8ef009a1_75161e60","line":79,"updated":"2025-07-07 20:19:55.000000000","message":"No. Please update `make_spec` to accept a `Path`.","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"0a7344cdb902bcd0965366bc8b100aa17429d3c7","unresolved":false,"context_lines":[{"line_number":76,"context_line":"        let span \u003d Span::current();"},{"line_number":77,"context_line":"        span.record(\"bundle_name\", bundle_name.to_string());"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"        let mut runtime_spec \u003d make_spec(\u0026request, true, \u0026self.sandbox_shell.to_string_lossy())"},{"line_number":80,"context_line":"            .context(\"failed to create spec\")"},{"line_number":81,"context_line":"            .map_err(std::io::Error::other)?;"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"eee742f6_6d144fe8","line":79,"in_reply_to":"8ef009a1_75161e60","updated":"2025-07-07 22:49:41.000000000","message":"Done","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"}],"snix/build/src/buildservice/oci/sandbox_shell.rs":[{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"3fa7097eee2ca30c9dcf44efffd600055be89266","unresolved":true,"context_lines":[{"line_number":1,"context_line":"use std::path::PathBuf;"},{"line_number":2,"context_line":"#[cfg(feature \u003d \"embedded-sandbox-shell\")]"},{"line_number":3,"context_line":"use std::sync::OnceLock;"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"/// Compile-time path to sandbox shell (when embedded-sandbox-shell feature is disabled)"},{"line_number":6,"context_line":"#[cfg(not(feature \u003d \"embedded-sandbox-shell\"))]"}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"39ff38d3_9f15401e","line":3,"updated":"2025-07-07 20:19:55.000000000","message":"why is this import up here, and not inside the `get_embedded_sandbox_shell_path` function like all the others?","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"0a7344cdb902bcd0965366bc8b100aa17429d3c7","unresolved":false,"context_lines":[{"line_number":1,"context_line":"use std::path::PathBuf;"},{"line_number":2,"context_line":"#[cfg(feature \u003d \"embedded-sandbox-shell\")]"},{"line_number":3,"context_line":"use std::sync::OnceLock;"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"/// Compile-time path to sandbox shell (when embedded-sandbox-shell feature is disabled)"},{"line_number":6,"context_line":"#[cfg(not(feature \u003d \"embedded-sandbox-shell\"))]"}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"13b10204_26776e10","line":3,"in_reply_to":"39ff38d3_9f15401e","updated":"2025-07-07 22:49:41.000000000","message":"Done","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"3fa7097eee2ca30c9dcf44efffd600055be89266","unresolved":true,"context_lines":[{"line_number":70,"context_line":"pub fn default_sandbox_shell() -\u003e PathBuf {"},{"line_number":71,"context_line":"    if cfg!(feature \u003d \"embedded-sandbox-shell\") {"},{"line_number":72,"context_line":"        // Extract and use the embedded binary"},{"line_number":73,"context_line":"        match get_embedded_sandbox_shell_path() {"},{"line_number":74,"context_line":"            Ok(path) \u003d\u003e path,"},{"line_number":75,"context_line":"            Err(e) \u003d\u003e {"},{"line_number":76,"context_line":"                panic!("}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"d1e37a06_f5be277f","line":73,"updated":"2025-07-07 20:19:55.000000000","message":"This can just be a `get_embedded_sandbox_shell_path().expect(\"error message\")`.","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"0a7344cdb902bcd0965366bc8b100aa17429d3c7","unresolved":false,"context_lines":[{"line_number":70,"context_line":"pub fn default_sandbox_shell() -\u003e PathBuf {"},{"line_number":71,"context_line":"    if cfg!(feature \u003d \"embedded-sandbox-shell\") {"},{"line_number":72,"context_line":"        // Extract and use the embedded binary"},{"line_number":73,"context_line":"        match get_embedded_sandbox_shell_path() {"},{"line_number":74,"context_line":"            Ok(path) \u003d\u003e path,"},{"line_number":75,"context_line":"            Err(e) \u003d\u003e {"},{"line_number":76,"context_line":"                panic!("}],"source_content_type":"text/x-rustsrc","patch_set":8,"id":"fe2d3f61_b9d5734f","line":73,"in_reply_to":"d1e37a06_f5be277f","updated":"2025-07-07 22:49:41.000000000","message":"Done","commit_id":"74ee1d9b052b4aa482b5c22646a330db4c387d71"}],"snix/default.nix":[{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"39830dd9e73514c0dbab92791313541dbeeb6600","unresolved":true,"context_lines":[{"line_number":67,"context_line":"    inherit cargoDeps src;"},{"line_number":68,"context_line":"    name \u003d \"snix-rust-docs\";"},{"line_number":69,"context_line":"    PROTO_ROOT \u003d protos;"},{"line_number":70,"context_line":"    SNIX_BUILD_SANDBOX_SHELL \u003d if pkgs.stdenv.isLinux then pkgs.busybox-sandbox-shell + \"/bin/busybox\" else \"/bin/sh\";"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"    nativeBuildInputs \u003d with pkgs; ["},{"line_number":73,"context_line":"      cargo"}],"source_content_type":"text/x-nix","patch_set":5,"id":"fb16bed5_c9fc79c2","line":70,"updated":"2025-06-28 20:31:55.000000000","message":"why do we set it to this value here?","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"dcc364b676c34316aab2d31f153d748fc29c0c43","unresolved":false,"context_lines":[{"line_number":67,"context_line":"    inherit cargoDeps src;"},{"line_number":68,"context_line":"    name \u003d \"snix-rust-docs\";"},{"line_number":69,"context_line":"    PROTO_ROOT \u003d protos;"},{"line_number":70,"context_line":"    SNIX_BUILD_SANDBOX_SHELL \u003d if pkgs.stdenv.isLinux then pkgs.busybox-sandbox-shell + \"/bin/busybox\" else \"/bin/sh\";"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"    nativeBuildInputs \u003d with pkgs; ["},{"line_number":73,"context_line":"      cargo"}],"source_content_type":"text/x-nix","patch_set":5,"id":"59827428_12301534","line":70,"in_reply_to":"9ad2a2b5_97903b4f","updated":"2025-07-07 19:36:18.000000000","message":"Done","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000004,"name":"Florian Klink","email":"flokli@flokli.de","username":"flokli"},"change_message_id":"06bddb14722b3f639b8320bfaaf050abfa8822df","unresolved":true,"context_lines":[{"line_number":67,"context_line":"    inherit cargoDeps src;"},{"line_number":68,"context_line":"    name \u003d \"snix-rust-docs\";"},{"line_number":69,"context_line":"    PROTO_ROOT \u003d protos;"},{"line_number":70,"context_line":"    SNIX_BUILD_SANDBOX_SHELL \u003d if pkgs.stdenv.isLinux then pkgs.busybox-sandbox-shell + \"/bin/busybox\" else \"/bin/sh\";"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"    nativeBuildInputs \u003d with pkgs; ["},{"line_number":73,"context_line":"      cargo"}],"source_content_type":"text/x-nix","patch_set":5,"id":"9ad2a2b5_97903b4f","line":70,"in_reply_to":"a50eba93_273e9d2f","updated":"2025-07-05 15:51:31.000000000","message":"I don\u0027t think we do, the current code uses option_env!, so it wouldn\u0027t require it to be set. (another comment in this review round proposes to change it back to env!)\n\nBut in any case, to run clippy or build rust docs this can point to any bogus value, so /homeless-shelter from before this CL should be fine.","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"},{"author":{"_account_id":1000010,"name":"Domen Kožar","email":"domen@cachix.org","username":"domenkozar"},"change_message_id":"d48d64224a356999b0358e444bb67f242e1072a2","unresolved":true,"context_lines":[{"line_number":67,"context_line":"    inherit cargoDeps src;"},{"line_number":68,"context_line":"    name \u003d \"snix-rust-docs\";"},{"line_number":69,"context_line":"    PROTO_ROOT \u003d protos;"},{"line_number":70,"context_line":"    SNIX_BUILD_SANDBOX_SHELL \u003d if pkgs.stdenv.isLinux then pkgs.busybox-sandbox-shell + \"/bin/busybox\" else \"/bin/sh\";"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"    nativeBuildInputs \u003d with pkgs; ["},{"line_number":73,"context_line":"      cargo"}],"source_content_type":"text/x-nix","patch_set":5,"id":"a50eba93_273e9d2f","line":70,"in_reply_to":"fb16bed5_c9fc79c2","updated":"2025-07-04 14:32:59.000000000","message":"We do it now because we required the path to exist at compile time.","commit_id":"e78ad762aeeda972f95c6d33349cf07afee26101"}]}