Release version 0.7.5

fix(init-nix): ensure /nix is always owned by nix:nixbld in container root mode
In GitHub's Fedora-based CI containers the directory /nix may already exist (e.g. from the base image or a previous build layer) and is often owned by root:root. In this situation the Nix single-user installer aborts with: "directory /nix exists, but is not writable by you" This caused the container build to fail during `init-nix.sh`, leaving no working `nix` binary on PATH. As a result, the runtime wrapper (pkmgr-wrapper.sh) reported: "[pkgmgr-wrapper] ERROR: 'nix' binary not found on PATH." Local runs did not show the issue because a previous installation had already created /nix with correct ownership. This commit makes container-mode Nix initialization fully idempotent: • If /nix does not exist → create it with owner nix:nixbld (existing logic). • If /nix exists but has wrong owner/group → forcibly chown -R nix:nixbld. • A warning is emitted if /nix remains non-writable after correction. This guarantees that the Nix installer always has writable access to /nix and prevents the installer from aborting in CI. As a result, `pkgmgr --help` works again inside Fedora CI containers. https://chatgpt.com/share/69384149-9dc8-800f-8148-55817ece8e21
2025-12-09 16:45:45 +01:00 · 2025-12-09 16:33:22 +01:00
7 changed files with 40 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## [0.7.5] - 2025-12-09
+
+* Fixed wrong directory permissions for nix
+
+
 ## [0.7.4] - 2025-12-09

 * Fixed missing build in test workflow -> Tests pass now
--- a/2
+++ b/2
@@ -1,7 +1,7 @@
 # Maintainer: Kevin Veen-Birkenbach <info@veen.world>

 pkgname=package-manager
-pkgver=0.7.4
+pkgver=0.7.5
 pkgrel=1
 pkgdesc="Local-flake wrapper for Kevin's package-manager (Nix-based)."
 arch=('any')
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+package-manager (0.7.5-1) unstable; urgency=medium
+
+  * Fixed wrong directory permissions for nix
+
+ -- Kevin Veen-Birkenbach <kevin@veen.world>  Tue, 09 Dec 2025 16:45:42 +0100
+
 package-manager (0.7.4-1) unstable; urgency=medium

  * Fixed missing build in test workflow -> Tests pass now
--- a/flake.nix
+++ b/flake.nix
@@ -31,7 +31,7 @@
        rec {
          pkgmgr = pyPkgs.buildPythonApplication {
            pname   = "package-manager";
-            version = "0.7.4";
+            version = "0.7.5";

            # Use the git repo as source
            src = ./.;
--- a/package-manager.spec
+++ b/package-manager.spec
@@ -1,5 +1,5 @@
 Name:           package-manager
-Version:        0.7.4
+Version:        0.7.5
 Release:        1%{?dist}
 Summary:        Wrapper that runs Kevin's package-manager via Nix flake

@@ -77,6 +77,9 @@ echo ">>> package-manager removed. Nix itself was not removed."
 /usr/lib/package-manager/

 %changelog
+* Tue Dec 09 2025 Kevin Veen-Birkenbach <kevin@veen.world> - 0.7.5-1
+- Fixed wrong directory permissions for nix
+
 * Tue Dec 09 2025 Kevin Veen-Birkenbach <kevin@veen.world> - 0.7.4-1
 - Fixed missing build in test workflow -> Tests pass now

--- a/pyproject.toml
+++ b/pyproject.toml
@@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "package-manager"
-version = "0.7.4"
+version = "0.7.5"
 description = "Kevin's package-manager tool (pkgmgr)"
 readme = "README.md"
 requires-python = ">=3.11"
--- a/scripts/init-nix.sh
+++ b/scripts/init-nix.sh
@@ -97,11 +97,32 @@ if [[ "${IN_CONTAINER}" -eq 1 && "${EUID:-0}" -eq 0 ]]; then
    useradd -m -r -g nixbld -s /usr/bin/bash nix
  fi

-  # Create /nix directory and hand it to nix user (prevents installer sudo prompt)
+  # Ensure /nix exists and is writable by the "nix" user.
+  #
+  # In some base images (or previous runs), /nix may already exist and be
+  # owned by root. In that case the Nix single-user installer will abort with:
+  #
+  #   "directory /nix exists, but is not writable by you"
+  #
+  # To keep container runs idempotent and robust, we always enforce
+  # ownership nix:nixbld here.
  if [[ ! -d /nix ]]; then
    echo "[init-nix] Creating /nix with owner nix:nixbld..."
    mkdir -m 0755 /nix
    chown nix:nixbld /nix
+  else
+    current_owner="$(stat -c '%U' /nix 2>/dev/null || echo '?')"
+    current_group="$(stat -c '%G' /nix 2>/dev/null || echo '?')"
+    if [[ "${current_owner}" != "nix" || "${current_group}" != "nixbld" ]]; then
+      echo "[init-nix] /nix already exists with owner ${current_owner}:${current_group} – fixing to nix:nixbld..."
+      chown -R nix:nixbld /nix
+    else
+      echo "[init-nix] /nix already exists with correct owner nix:nixbld."
+    fi
+
+    if [[ ! -w /nix ]]; then
+      echo "[init-nix] WARNING: /nix is still not writable after chown; Nix installer may fail."
+    fi
  fi

  # Run Nix single-user installer as "nix"