Merge pull request #168 from naturallaw777/copilot/fix-nixos-rebuild-command

Fix "Running System Match" always failing due to unsupported --print-out-paths flag
2026-04-08 22:24:39 -05:00
parent fa71a7da97 489e326ccc
commit 967df9664d
1 changed files with 22 additions and 8 deletions
--- a/app/sovran_systemsos_web/server.py
+++ b/app/sovran_systemsos_web/server.py
@@ -12,6 +12,7 @@ import re
 import shutil
 import socket
 import subprocess
+import tempfile
 import time
 import urllib.error
 import urllib.parse
@@ -3087,14 +3088,27 @@ async def api_security_verify_integrity():
    expected_system_path = ""
    try:
        current_system_path = os.path.realpath("/run/current-system")
+        # Use a temp directory so the ./result symlink doesn't pollute anything
+        tmpdir = tempfile.mkdtemp(prefix="sovran-verify-")
+        try:
            result = subprocess.run(
                ["/run/current-system/sw/bin/nixos-rebuild", "build", "--flake", "/etc/nixos",
-             "--no-build-output", "--print-out-paths"],
+                 "--no-build-output"],
                capture_output=True, text=True, timeout=600,
+                cwd=tmpdir,
            )
            if result.returncode == 0:
-            expected_system_path = result.stdout.strip()
+                result_link = os.path.join(tmpdir, "result")
+                if os.path.islink(result_link):
+                    expected_system_path = os.path.realpath(result_link)
                    system_matches = (current_system_path == expected_system_path)
+                else:
+                    expected_system_path = "Build succeeded but no result symlink found"
+            else:
+                # Surface the error so the UI can show what went wrong
+                expected_system_path = f"Build failed: {(result.stderr or result.stdout).strip()[:500]}"
+        finally:
+            shutil.rmtree(tmpdir, ignore_errors=True)
    except subprocess.TimeoutExpired:
        expected_system_path = "Build timed out"
    except Exception as exc: