all repos — searchix @ 1d518f42e04712c84dfc168cc7a286aabb56e2ed

Search engine for NixOS, nix-darwin, home-manager and NUR users

feat: limit file operations using os.Root

Alan Pearce
commit

1d518f42e04712c84dfc168cc7a286aabb56e2ed

parent

dec2c516100350a78f0b7116bc6f9d76325e7760

1 file changed, 2 insertions(+), 0 deletions(-)

changed files
M internal/fetcher/channel.gointernal/fetcher/channel.go
@@ -63,6 +63,7 @@ if err != nil {
 		return nil, fault.Wrap(err, fmsg.With("failed to run nix-build (--dry-run)"))
 	}
 
+	//nolint:forbidigo // nix-build only gives the top-level path
 	outPath := path.Join(strings.TrimSpace(string(out)), i.Source.OutputPath, "options.json")
 	i.Logger.Debug(
 		"checking output path",

@@ -75,6 +76,7 @@ sourceMeta.Path = outPath
 		sourceMeta.Updated = time.Now().Truncate(time.Second)
 	}
 
+	//nolint:forbidigo // nix builds the file in the nix store
 	file, err := os.Open(outPath)
 	if err != nil {
 		return nil, fault.Wrap(err, fmsg.With("failed to open options.json"))