feat: limit file operations using os.Root
1 file changed, 2 insertions(+), 0 deletions(-)
changed files
M internal/fetcher/channel.go → internal/fetcher/channel.go
@@ -63,6 +63,7 @@ if err != nil { return nil, fault.Wrap(err, fmsg.With("failed to run nix-build (--dry-run)")) } + //nolint:forbidigo // nix-build only gives the top-level path outPath := path.Join(strings.TrimSpace(string(out)), i.Source.OutputPath, "options.json") i.Logger.Debug( "checking output path",@@ -75,6 +76,7 @@ sourceMeta.Path = outPath sourceMeta.Updated = time.Now().Truncate(time.Second) } + //nolint:forbidigo // nix builds the file in the nix store file, err := os.Open(outPath) if err != nil { return nil, fault.Wrap(err, fmsg.With("failed to open options.json"))