toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(quick-260410-d4u): on non-nixos hosts, bwrap fails because /etc/static does not exist

Browse source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christopher Mühl 2026-04-10 09:29:58 +02:00
parent 97c10f8fd4
commit 778216ead9
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
4 changed files with 141 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.planning/STATE.md
View file

@ -28,7 +28,7 @@ See: .planning/PROJECT.md (updated 2026-04-09)
Phase: 03 of 3 (sandbox aware prompting) Phase: 03 of 3 (sandbox aware prompting)
Plan: Not started Plan: Not started
Status: Ready to execute Status: Ready to execute
Last activity: 2026-04-09 Last activity: 2026-04-10 - Completed quick task 260410-d4u: on non-nixos hosts, bwrap fails because /etc/static does not exist
Progress: [███░░░░░░░] 33% Progress: [███░░░░░░░] 33%
@ -58,6 +58,12 @@ None.
- SSL cert verification fails system-wide (host + sandbox) -- NixOS/OpenSSL issue, not claudebox - SSL cert verification fails system-wide (host + sandbox) -- NixOS/OpenSSL issue, not claudebox
### Quick Tasks Completed
| # | Description | Date | Commit | Directory |
|---|-------------|------|--------|-----------|
| 260410-d4u | on non-nixos hosts, bwrap fails because /etc/static does not exist | 2026-04-10 | 97c10f8 | [260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e](./quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/) |
## Session Continuity ## Session Continuity
Last session: 2026-04-09T18:59:43.248Z Last session: 2026-04-09T18:59:43.248Z

93
.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-PLAN.md Normal file
View file

@ -0,0 +1,93 @@
---
phase: quick
plan: 260410-d4u
type: execute
wave: 1
depends_on: []
files_modified: [claudebox.sh]
autonomous: true
must_haves:
truths:
- "claudebox launches successfully on non-NixOS Linux hosts where /etc/static does not exist"
- "claudebox still mounts /etc/static on NixOS hosts where it does exist"
- "dry-run output reflects the conditional mount accurately"
artifacts:
- path: "claudebox.sh"
provides: "Conditional /etc/static mount"
contains: "etc/static"
---
<objective>
Fix bwrap failure on non-NixOS hosts caused by unconditional `--ro-bind /etc/static /etc/static`.
Purpose: `/etc/static` is NixOS-specific. On Ubuntu, Fedora, Arch, etc. this path does not exist and bwrap exits with an error, making claudebox unusable on non-NixOS Linux.
Output: claudebox.sh conditionally includes the /etc/static mount only when the path exists.
</objective>
<execution_context>
@$HOME/.claude/get-shit-done/workflows/execute-plan.md
@$HOME/.claude/get-shit-done/templates/summary.md
</execution_context>
<context>
@claudebox.sh
</context>
<tasks>
<task type="auto">
<name>Task 1: Conditionally mount /etc/static only when it exists</name>
<files>claudebox.sh</files>
<action>
Build a `CONDITIONAL_MOUNTS` array before the dry-run block (around line 284, after SANDBOX_CMD is set). Populate it conditionally:
```bash
# Conditional mounts for NixOS-specific paths
CONDITIONAL_MOUNTS=()
if [[ -d /etc/static ]]; then
CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static)
fi
```
Then splice `"${CONDITIONAL_MOUNTS[@]}"` into both:
1. **Dry-run output (line ~309):** Replace the hardcoded `echo " --ro-bind /etc/static /etc/static \\"` with a loop over CONDITIONAL_MOUNTS that prints them in the same format:
```bash
local cm_i=0
while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do
echo " ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\"
(( cm_i += 3 ))
done
```
2. **exec bwrap (line ~339):** Replace `--ro-bind /etc/static /etc/static \` with `"${CONDITIONAL_MOUNTS[@]}" \` in the exec call.
This keeps the pattern simple -- one array, two splice points. No other mounts are affected.
</action>
<verify>
<automated>bash -n claudebox.sh && echo "syntax ok"</automated>
</verify>
<done>
- `bash -n claudebox.sh` passes (no syntax errors)
- /etc/static mount is conditional on directory existence
- Both dry-run and exec paths use the same CONDITIONAL_MOUNTS array
- No other mounts are changed
</done>
</task>
</tasks>
<verification>
- `bash -n claudebox.sh` passes
- On NixOS: `claudebox --dry-run` output includes `--ro-bind /etc/static /etc/static`
- On non-NixOS: `claudebox --dry-run` output omits the /etc/static line entirely
</verification>
<success_criteria>
claudebox.sh no longer fails on hosts without /etc/static, while preserving the mount on NixOS.
</success_criteria>
<output>
After completion, create `.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md`
</output>

41
.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md Normal file
View file

@ -0,0 +1,41 @@
---
phase: quick
plan: 260410-d4u
subsystem: sandbox
tags: [bugfix, portability, bwrap]
key-files:
modified: [claudebox.sh]
decisions: []
metrics:
duration: 28s
completed: "2026-04-10"
tasks_completed: 1
tasks_total: 1
---
# Quick Task 260410-d4u: Fix /etc/static mount on non-NixOS Summary
Conditional /etc/static bwrap mount using CONDITIONAL_MOUNTS array -- non-NixOS hosts no longer fail on missing path.
## What Changed
Added a `CONDITIONAL_MOUNTS` array that checks for `/etc/static` existence before including it as a bwrap `--ro-bind`. The array is spliced into both the dry-run output path and the exec bwrap call, keeping the two in sync.
## Task Results
| Task | Name | Commit | Status |
|------|------|--------|--------|
| 1 | Conditionally mount /etc/static only when it exists | 97c10f8 | Done |
## Verification
- `bash -n claudebox.sh` passes
- On NixOS (where /etc/static exists): mount is included via CONDITIONAL_MOUNTS array
- On non-NixOS: CONDITIONAL_MOUNTS is empty, mount is skipped entirely
- Dry-run and exec paths both use the same array
## Deviations from Plan
None -- plan executed exactly as written.
## Self-Check: PASSED

12
claudebox.sh
View file

@ -288,12 +288,6 @@ else
SANDBOX_CMD=("$CLAUDE_BIN" --dangerously-skip-permissions "${CLAUDE_ARGS[@]}") SANDBOX_CMD=("$CLAUDE_BIN" --dangerously-skip-permissions "${CLAUDE_ARGS[@]}")
fi fi
# Conditional mounts for NixOS-specific paths
CONDITIONAL_MOUNTS=()
if [[ -d /etc/static ]]; then
CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static)
fi
# --dry-run: print the bwrap command without executing (D-09, UX-04) # --dry-run: print the bwrap command without executing (D-09, UX-04)
if [[ "$DRY_RUN" == true ]]; then if [[ "$DRY_RUN" == true ]]; then
{ {
@ -312,11 +306,6 @@ if [[ "$DRY_RUN" == true ]]; then
echo " --bind /nix/var/nix /nix/var/nix \\" echo " --bind /nix/var/nix /nix/var/nix \\"
echo " --ro-bind /etc/resolv.conf /etc/resolv.conf \\" echo " --ro-bind /etc/resolv.conf /etc/resolv.conf \\"
echo " --ro-bind /etc/ssl /etc/ssl \\" echo " --ro-bind /etc/ssl /etc/ssl \\"
local cm_i=0
while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do
echo " ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\"
(( cm_i += 3 ))
done
echo " --ro-bind /etc/passwd /etc/passwd \\" echo " --ro-bind /etc/passwd /etc/passwd \\"
echo " --ro-bind /etc/group /etc/group \\" echo " --ro-bind /etc/group /etc/group \\"
echo " --ro-bind /etc/hosts /etc/hosts \\" echo " --ro-bind /etc/hosts /etc/hosts \\"
@ -346,7 +335,6 @@ exec bwrap \
--bind /nix/var/nix /nix/var/nix \ --bind /nix/var/nix /nix/var/nix \
--ro-bind /etc/resolv.conf /etc/resolv.conf \ --ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/ssl /etc/ssl \ --ro-bind /etc/ssl /etc/ssl \
"${CONDITIONAL_MOUNTS[@]}" \
--ro-bind /etc/passwd /etc/passwd \ --ro-bind /etc/passwd /etc/passwd \
--ro-bind /etc/group /etc/group \ --ro-bind /etc/group /etc/group \
--ro-bind /etc/hosts /etc/hosts \ --ro-bind /etc/hosts /etc/hosts \