From 778216ead9886ed5f1a79bb1e29c5413a2c76429 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christopher=20M=C3=BChl?= Date: Fri, 10 Apr 2026 09:29:58 +0200 Subject: [PATCH] docs(quick-260410-d4u): on non-nixos hosts, bwrap fails because /etc/static does not exist Co-Authored-By: Claude Opus 4.6 --- .planning/STATE.md | 8 +- .../260410-d4u-PLAN.md | 93 +++++++++++++++++++ .../260410-d4u-SUMMARY.md | 41 ++++++++ claudebox.sh | 12 --- 4 files changed, 141 insertions(+), 13 deletions(-) create mode 100644 .planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-PLAN.md create mode 100644 .planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md diff --git a/.planning/STATE.md b/.planning/STATE.md index 573d61e..4029363 100644 --- a/.planning/STATE.md +++ b/.planning/STATE.md @@ -28,7 +28,7 @@ See: .planning/PROJECT.md (updated 2026-04-09) Phase: 03 of 3 (sandbox aware prompting) Plan: Not started Status: Ready to execute -Last activity: 2026-04-09 +Last activity: 2026-04-10 - Completed quick task 260410-d4u: on non-nixos hosts, bwrap fails because /etc/static does not exist Progress: [███░░░░░░░] 33% @@ -58,6 +58,12 @@ None. - SSL cert verification fails system-wide (host + sandbox) -- NixOS/OpenSSL issue, not claudebox +### Quick Tasks Completed + +| # | Description | Date | Commit | Directory | +|---|-------------|------|--------|-----------| +| 260410-d4u | on non-nixos hosts, bwrap fails because /etc/static does not exist | 2026-04-10 | 97c10f8 | [260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e](./quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/) | + ## Session Continuity Last session: 2026-04-09T18:59:43.248Z diff --git a/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-PLAN.md b/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-PLAN.md new file mode 100644 index 0000000..66a794e --- /dev/null +++ b/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-PLAN.md @@ -0,0 +1,93 @@ +--- +phase: quick +plan: 260410-d4u +type: execute +wave: 1 +depends_on: [] +files_modified: [claudebox.sh] +autonomous: true +must_haves: + truths: + - "claudebox launches successfully on non-NixOS Linux hosts where /etc/static does not exist" + - "claudebox still mounts /etc/static on NixOS hosts where it does exist" + - "dry-run output reflects the conditional mount accurately" + artifacts: + - path: "claudebox.sh" + provides: "Conditional /etc/static mount" + contains: "etc/static" +--- + + +Fix bwrap failure on non-NixOS hosts caused by unconditional `--ro-bind /etc/static /etc/static`. + +Purpose: `/etc/static` is NixOS-specific. On Ubuntu, Fedora, Arch, etc. this path does not exist and bwrap exits with an error, making claudebox unusable on non-NixOS Linux. + +Output: claudebox.sh conditionally includes the /etc/static mount only when the path exists. + + + +@$HOME/.claude/get-shit-done/workflows/execute-plan.md +@$HOME/.claude/get-shit-done/templates/summary.md + + + +@claudebox.sh + + + + + + Task 1: Conditionally mount /etc/static only when it exists + claudebox.sh + +Build a `CONDITIONAL_MOUNTS` array before the dry-run block (around line 284, after SANDBOX_CMD is set). Populate it conditionally: + +```bash +# Conditional mounts for NixOS-specific paths +CONDITIONAL_MOUNTS=() +if [[ -d /etc/static ]]; then + CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static) +fi +``` + +Then splice `"${CONDITIONAL_MOUNTS[@]}"` into both: + +1. **Dry-run output (line ~309):** Replace the hardcoded `echo " --ro-bind /etc/static /etc/static \\"` with a loop over CONDITIONAL_MOUNTS that prints them in the same format: +```bash +local cm_i=0 +while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do + echo " ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\" + (( cm_i += 3 )) +done +``` + +2. **exec bwrap (line ~339):** Replace `--ro-bind /etc/static /etc/static \` with `"${CONDITIONAL_MOUNTS[@]}" \` in the exec call. + +This keeps the pattern simple -- one array, two splice points. No other mounts are affected. + + + bash -n claudebox.sh && echo "syntax ok" + + + - `bash -n claudebox.sh` passes (no syntax errors) + - /etc/static mount is conditional on directory existence + - Both dry-run and exec paths use the same CONDITIONAL_MOUNTS array + - No other mounts are changed + + + + + + +- `bash -n claudebox.sh` passes +- On NixOS: `claudebox --dry-run` output includes `--ro-bind /etc/static /etc/static` +- On non-NixOS: `claudebox --dry-run` output omits the /etc/static line entirely + + + +claudebox.sh no longer fails on hosts without /etc/static, while preserving the mount on NixOS. + + + +After completion, create `.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md` + diff --git a/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md b/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md new file mode 100644 index 0000000..4ee7ea2 --- /dev/null +++ b/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md @@ -0,0 +1,41 @@ +--- +phase: quick +plan: 260410-d4u +subsystem: sandbox +tags: [bugfix, portability, bwrap] +key-files: + modified: [claudebox.sh] +decisions: [] +metrics: + duration: 28s + completed: "2026-04-10" + tasks_completed: 1 + tasks_total: 1 +--- + +# Quick Task 260410-d4u: Fix /etc/static mount on non-NixOS Summary + +Conditional /etc/static bwrap mount using CONDITIONAL_MOUNTS array -- non-NixOS hosts no longer fail on missing path. + +## What Changed + +Added a `CONDITIONAL_MOUNTS` array that checks for `/etc/static` existence before including it as a bwrap `--ro-bind`. The array is spliced into both the dry-run output path and the exec bwrap call, keeping the two in sync. + +## Task Results + +| Task | Name | Commit | Status | +|------|------|--------|--------| +| 1 | Conditionally mount /etc/static only when it exists | 97c10f8 | Done | + +## Verification + +- `bash -n claudebox.sh` passes +- On NixOS (where /etc/static exists): mount is included via CONDITIONAL_MOUNTS array +- On non-NixOS: CONDITIONAL_MOUNTS is empty, mount is skipped entirely +- Dry-run and exec paths both use the same array + +## Deviations from Plan + +None -- plan executed exactly as written. + +## Self-Check: PASSED diff --git a/claudebox.sh b/claudebox.sh index dcb618c..2e485c3 100644 --- a/claudebox.sh +++ b/claudebox.sh @@ -288,12 +288,6 @@ else SANDBOX_CMD=("$CLAUDE_BIN" --dangerously-skip-permissions "${CLAUDE_ARGS[@]}") fi -# Conditional mounts for NixOS-specific paths -CONDITIONAL_MOUNTS=() -if [[ -d /etc/static ]]; then - CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static) -fi - # --dry-run: print the bwrap command without executing (D-09, UX-04) if [[ "$DRY_RUN" == true ]]; then { @@ -312,11 +306,6 @@ if [[ "$DRY_RUN" == true ]]; then echo " --bind /nix/var/nix /nix/var/nix \\" echo " --ro-bind /etc/resolv.conf /etc/resolv.conf \\" echo " --ro-bind /etc/ssl /etc/ssl \\" - local cm_i=0 - while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do - echo " ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\" - (( cm_i += 3 )) - done echo " --ro-bind /etc/passwd /etc/passwd \\" echo " --ro-bind /etc/group /etc/group \\" echo " --ro-bind /etc/hosts /etc/hosts \\" @@ -346,7 +335,6 @@ exec bwrap \ --bind /nix/var/nix /nix/var/nix \ --ro-bind /etc/resolv.conf /etc/resolv.conf \ --ro-bind /etc/ssl /etc/ssl \ - "${CONDITIONAL_MOUNTS[@]}" \ --ro-bind /etc/passwd /etc/passwd \ --ro-bind /etc/group /etc/group \ --ro-bind /etc/hosts /etc/hosts \