From 492b684b9ecd08259703f30596e28ece975db191 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Mon, 26 May 2025 22:29:08 +0200
Subject: [PATCH] Get rid of tmpDirInSandbox variable

---
 src/libstore/unix/build/derivation-builder.cc | 38 ++++++++++---------
 .../unix/build/linux-derivation-builder.cc    |  5 ++-
 2 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/src/libstore/unix/build/derivation-builder.cc b/src/libstore/unix/build/derivation-builder.cc
index 459b294f5..b8fc9b178 100644
--- a/src/libstore/unix/build/derivation-builder.cc
+++ b/src/libstore/unix/build/derivation-builder.cc
@@ -112,11 +112,6 @@ protected:
      */
     Path topTmpDir;
 
-    /**
-     * The path of the temporary directory in the sandbox.
-     */
-    Path tmpDirInSandbox;
-
     /**
      * The sort of derivation we are building.
      *
@@ -237,7 +232,15 @@ protected:
     virtual void setBuildTmpDir()
     {
         tmpDir = topTmpDir;
-        tmpDirInSandbox = topTmpDir;
+    }
+
+    /**
+     * Return the path of the temporary directory in the sandbox.
+     */
+    virtual Path tmpDirInSandbox()
+    {
+        assert(!topTmpDir.empty());
+        return topTmpDir;
     }
 
     /**
@@ -772,7 +775,6 @@ void DerivationBuilderImpl::startBuilder()
     topTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
     setBuildTmpDir();
     assert(!tmpDir.empty());
-    assert(!tmpDirInSandbox.empty());
     chownToBuilder(tmpDir);
 
     for (auto & [outputName, status] : initialOutputs) {
@@ -936,11 +938,11 @@ DerivationBuilderImpl::PathsInChroot DerivationBuilderImpl::getPathsInSandbox()
 
         pathsInChroot[inside] = {outside, optional};
     }
-    if (hasPrefix(store.storeDir, tmpDirInSandbox))
+    if (hasPrefix(store.storeDir, tmpDirInSandbox()))
     {
         throw Error("`sandbox-build-dir` must not contain the storeDir");
     }
-    pathsInChroot[tmpDirInSandbox] = tmpDir;
+    pathsInChroot[tmpDirInSandbox()] = tmpDir;
 
     /* Add the closure of store paths to the chroot. */
     StorePathSet closure;
@@ -1103,7 +1105,7 @@ void DerivationBuilderImpl::initTmpDir()
                 Path p = tmpDir + "/" + fn;
                 writeFile(p, rewriteStrings(i.second, inputRewrites));
                 chownToBuilder(p);
-                env[i.first + "Path"] = tmpDirInSandbox + "/" + fn;
+                env[i.first + "Path"] = tmpDirInSandbox() + "/" + fn;
             }
         }
 
@@ -1111,16 +1113,16 @@ void DerivationBuilderImpl::initTmpDir()
 
     /* For convenience, set an environment pointing to the top build
        directory. */
-    env["NIX_BUILD_TOP"] = tmpDirInSandbox;
+    env["NIX_BUILD_TOP"] = tmpDirInSandbox();
 
     /* Also set TMPDIR and variants to point to this directory. */
-    env["TMPDIR"] = env["TEMPDIR"] = env["TMP"] = env["TEMP"] = tmpDirInSandbox;
+    env["TMPDIR"] = env["TEMPDIR"] = env["TMP"] = env["TEMP"] = tmpDirInSandbox();
 
     /* Explicitly set PWD to prevent problems with chroot builds.  In
        particular, dietlibc cannot figure out the cwd because the
        inode of the current directory doesn't appear in .. (because
        getdents returns the inode of the mount point). */
-    env["PWD"] = tmpDirInSandbox;
+    env["PWD"] = tmpDirInSandbox();
 }
 
 
@@ -1213,10 +1215,10 @@ void DerivationBuilderImpl::writeStructuredAttrs()
 
         writeFile(tmpDir + "/.attrs.sh", rewriteStrings(jsonSh, inputRewrites));
         chownToBuilder(tmpDir + "/.attrs.sh");
-        env["NIX_ATTRS_SH_FILE"] = tmpDirInSandbox + "/.attrs.sh";
+        env["NIX_ATTRS_SH_FILE"] = tmpDirInSandbox() + "/.attrs.sh";
         writeFile(tmpDir + "/.attrs.json", rewriteStrings(json.dump(), inputRewrites));
         chownToBuilder(tmpDir + "/.attrs.json");
-        env["NIX_ATTRS_JSON_FILE"] = tmpDirInSandbox + "/.attrs.json";
+        env["NIX_ATTRS_JSON_FILE"] = tmpDirInSandbox() + "/.attrs.json";
     }
 }
 
@@ -1240,7 +1242,7 @@ void DerivationBuilderImpl::startDaemon()
 
     auto socketName = ".nix-socket";
     Path socketPath = tmpDir + "/" + socketName;
-    env["NIX_REMOTE"] = "unix://" + tmpDirInSandbox + "/" + socketName;
+    env["NIX_REMOTE"] = "unix://" + tmpDirInSandbox() + "/" + socketName;
 
     daemonSocket = createUnixDomainSocket(socketPath, 0600);
 
@@ -1352,7 +1354,7 @@ void DerivationBuilderImpl::runChild()
            different uid and/or in a sandbox). */
         BuiltinBuilderContext ctx{
             .drv = drv,
-            .tmpDirInSandbox = tmpDirInSandbox,
+            .tmpDirInSandbox = tmpDirInSandbox(),
         };
 
         if (drv.isBuiltin() && drv.builder == "builtin:fetchurl") {
@@ -1367,7 +1369,7 @@ void DerivationBuilderImpl::runChild()
 
         enterChroot();
 
-        if (chdir(tmpDirInSandbox.c_str()) == -1)
+        if (chdir(tmpDirInSandbox().c_str()) == -1)
             throw SysError("changing into '%1%'", tmpDir);
 
         /* Close all other file descriptors. */
diff --git a/src/libstore/unix/build/linux-derivation-builder.cc b/src/libstore/unix/build/linux-derivation-builder.cc
index 48c605ca3..57298c91f 100644
--- a/src/libstore/unix/build/linux-derivation-builder.cc
+++ b/src/libstore/unix/build/linux-derivation-builder.cc
@@ -226,10 +226,13 @@ struct LinuxDerivationBuilder : DerivationBuilderImpl
            done directly in the sandbox profile. */
         tmpDir = topTmpDir + "/build";
         createDir(tmpDir, 0700);
+    }
 
+    Path tmpDirInSandbox() override
+    {
         /* In a sandbox, for determinism, always use the same temporary
            directory. */
-        tmpDirInSandbox = settings.sandboxBuildDir;
+        return settings.sandboxBuildDir;
     }
 
     void prepareSandbox() override