pass XAUTHORITY to builds for SDL display in X11 sessions

Copy Xauthority to a world-readable temp file so nix build users (nixbld*) can authenticate to X11. Add --option sandbox relaxed so __noChroot derivations can access the X11 socket and xauth file. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-31 04:51:53 -03:00 · 2026-05-31 04:51:53 -03:00 · 5fbdd36107
commit 5fbdd36107
parent 7dd67bc893
3 changed files with 13 additions and 7 deletions
--- a/cli.nix
+++ b/cli.nix
@ -168,16 +168,20 @@ pkgs.writeShellScriptBin "vmix" ''
  [[ -n "$TO_REMOTE_DISK" ]] && echo "To remote:  $TO_REMOTE_DISK"
  echo ""

-  # pass DISPLAY to nix builds via temp file (daemon sanitizes env vars)
+  # pass DISPLAY+XAUTHORITY to nix builds via temp file (daemon sanitizes env vars)
+  # copy Xauthority world-readable so nix build users (nixbld*) can authenticate to X11
  VMIX_DISPLAY_FILE="/tmp/.vmix-display-$$"
+  VMIX_XAUTH_FILE="/tmp/.vmix-xauth-$$"
  if [[ -n "''${DISPLAY:-}" ]]; then
-    echo "$DISPLAY" > "$VMIX_DISPLAY_FILE"
-    chmod 666 "$VMIX_DISPLAY_FILE"
+    cp "''${XAUTHORITY:-''${HOME}/.Xauthority}" "$VMIX_XAUTH_FILE"
+    chmod 644 "$VMIX_XAUTH_FILE"
+    printf '%s\n' "''${DISPLAY}" "$VMIX_XAUTH_FILE" > "$VMIX_DISPLAY_FILE"
+    chmod 644 "$VMIX_DISPLAY_FILE"
  fi
-  trap 'rm -f "$VMIX_DISPLAY_FILE"' EXIT
+  trap 'rm -f "$VMIX_DISPLAY_FILE" "$VMIX_XAUTH_FILE"' EXIT

  echo "Building image..."
-  ${pkgs.nix}/bin/nix build --out-link "$OUT_LINK" --print-build-logs --impure --expr "
+  ${pkgs.nix}/bin/nix build --out-link "$OUT_LINK" --print-build-logs --impure --option sandbox relaxed --expr "
    let
      vmixLib = (builtins.getFlake \"$FLAKE_DIR\").lib.${system};
      image = vmixLib.$IMAGE_NAME;
--- a/lib/images/windows/helpers/customizeImage.nix
+++ b/lib/images/windows/helpers/customizeImage.nix
@ -85,7 +85,8 @@
      ${lib.optionalString (vncDisplay == null) ''
        VMIX_DF=$(ls -t /tmp/.vmix-display-* 2>/dev/null | head -1)
        if [ -n "$VMIX_DF" ]; then
-          export DISPLAY=$(cat "$VMIX_DF")
+          export DISPLAY=$(sed -n '1p' "$VMIX_DF")
+          export XAUTHORITY=$(sed -n '2p' "$VMIX_DF")
          export HOME=$(mktemp -d)
          export XDG_RUNTIME_DIR=$HOME
          export SDL_VIDEODRIVER=x11
--- a/lib/images/windows/helpers/makeImage.nix
+++ b/lib/images/windows/helpers/makeImage.nix
@ -51,7 +51,8 @@ let
    ${lib.optionalString (displayArg == null) ''
      VMIX_DF=$(ls -t /tmp/.vmix-display-* 2>/dev/null | head -1)
      if [ -n "$VMIX_DF" ]; then
-        export DISPLAY=$(cat "$VMIX_DF")
+        export DISPLAY=$(sed -n '1p' "$VMIX_DF")
+        export XAUTHORITY=$(sed -n '2p' "$VMIX_DF")
        export HOME=$(mktemp -d)
        export XDG_RUNTIME_DIR=$HOME
        export SDL_VIDEODRIVER=x11