Propagate errors from early sandbox initialization to the parent

This should help with issues like https://github.com/DeterminateSystems/nix-installer/issues/1227, which currently just print "unable to start build process".
2025-07-07 18:31:49 +02:00 · 2024-10-09 20:53:43 +02:00 · 2024-10-09 20:53:43 +02:00 · 0be70469dc
commit 0be70469dc
parent 26c3fc11ea
3 changed files with 81 additions and 35 deletions
--- a/tests/functional/supplementary-groups.sh
+++ b/tests/functional/supplementary-groups.sh
@ -9,7 +9,7 @@ needLocalStore "The test uses --store always so we would just be bypassing the d

 TODO_NixOS

-unshare --mount --map-root-user bash <<EOF
+unshare --mount --map-root-user -- bash -e -x <<EOF
  source common.sh

  # Avoid store dir being inside sandbox build-dir
@ -24,15 +24,13 @@ unshare --mount --map-root-user bash <<EOF
  cmd=(nix-build ./hermetic.nix --arg busybox "$busybox" --arg seed 1 --no-out-link)

  # Fails with default setting
-  # TODO better error
  setLocalStore store1
-  expectStderr 1 "\${cmd[@]}" | grepQuiet "unable to start build process"
+  expectStderr 1 "\${cmd[@]}" | grepQuiet "setgroups failed"

  # Fails with `require-drop-supplementary-groups`
-  # TODO better error
  setLocalStore store2
  NIX_CONFIG='require-drop-supplementary-groups = true' \
-    expectStderr 1 "\${cmd[@]}" | grepQuiet "unable to start build process"
+    expectStderr 1 "\${cmd[@]}" | grepQuiet "setgroups failed"

  # Works without `require-drop-supplementary-groups`
  setLocalStore store3