From fd8c0454f722dedf1979df4f3f00d2b9ad421af6 Mon Sep 17 00:00:00 2001
From: Slendi <slendi@socopon.com>
Date: Tue, 16 Sep 2025 17:03:30 +0300
Subject: [PATCH] a

Signed-off-by: Slendi <slendi@socopon.com>
---
 flake.nix | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/flake.nix b/flake.nix
index 8ae5afd..f2d8e3f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -62,7 +62,7 @@
                 PAY="$PWD/payload"
                 mkdir -p "$PAY/nix/store"
 
-                # 1) copy closure (no nix calls; uses closureInfo)
+                # 1) copy closure
                 while IFS= read -r p; do
                   cp -a --no-preserve=ownership "$p" "$PAY/nix/store/"
                 done < ${ci}/store-paths
@@ -91,26 +91,17 @@
                 #!/bin/sh
                 set -euf
                 umask 077
-      
-                # harden env
                 unset LD_PRELOAD LD_LIBRARY_PATH LD_AUDIT LD_DEBUG LD_PROFILE LD_USE_LOAD_BIAS LD_ORIGIN_PATH LD_ASSUME_KERNEL
-      
                 : "''${TMPDIR:=/tmp}"
                 EXTRACT_DIR="$(mktemp -d "''${TMPDIR%/}/nxbdl.XXXXXX")"
                 cleanup() { [ -n "''${KEEP_BUNDLE:-}" ] || rm -rf "$EXTRACT_DIR"; }
                 trap cleanup EXIT INT TERM
-      
                 ARCHIVE_LINE=$(awk '/^__ARCHIVE_BELOW__/ {print NR+1; exit 0}' "$0")
-                # portable vs tail -n +N
                 sed -n "''${ARCHIVE_LINE},\$p" "$0" | tar -xzf - -C "$EXTRACT_DIR"
-      
                 BUNDLE_PWD="''${BUNDLE_PWD:-$PWD}"
-      
                 cd "$EXTRACT_DIR"
                 APP_REL='__APP_REL__'
                 PROOT_REL='__PROOT_REL__'
-      
-                # choose proot: env -> host -> bundled
                 if [ -n "''${BUNDLE_PROOT:-}" ] && command -v "''${BUNDLE_PROOT}" >/dev/null 2>&1; then
                   PROOT_BIN="''${BUNDLE_PROOT}"
                 elif command -v proot >/dev/null 2>&1; then
@@ -119,11 +110,8 @@
                   PROOT_BIN="$EXTRACT_DIR${PROOT_REL}"
                 fi
                 [ "''${BUNDLE_FORCE_BUNDLED_PROOT:-0}" = 1 ] && PROOT_BIN="$EXTRACT_DIR${PROOT_REL}"
-      
-                # sanity
                 [ -x "$PROOT_BIN" ] || { echo "proot not found/executable: $PROOT_BIN" >&2; exit 127; }
                 [ -x "$EXTRACT_DIR''${APP_REL}" ] || { echo "app not found/executable: $EXTRACT_DIR''${APP_REL}" >&2; exit 127; }
-      
                 mkdir -p "$EXTRACT_DIR/etc"
                 cat > "$EXTRACT_DIR/etc/resolv.conf" <<'EOF'
                 nameserver 9.9.9.9
@@ -131,7 +119,6 @@
                 nameserver 1.1.1.1
                 nameserver 1.0.0.1
                 EOF
-      
                 "''${PROOT_BIN}" \
                   -R / \
                   -b "$EXTRACT_DIR/nix:/nix" \
@@ -140,7 +127,6 @@
                   -w "$BUNDLE_PWD" \
                   "$EXTRACT_DIR''${APP_REL}" "$@"
                 exit $?
-      
                 __ARCHIVE_BELOW__
                 SH
 
@@ -149,8 +135,8 @@
                   -e "s|__APP_REL__|$APP_REL|g" \
                   -e "s|__PROOT_REL__|${PROOT_REL}|g" \
                   "$out"
-                chmod +x "$out"
                 cat "$_TMP/payload.tar.gz" >> "$out"
+                chmod +x "$out"
               '';
             };