cmd/fpkg/install: pass app to fortify invocations

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/fpkg/install.go

@@ -142,7 +142,7 @@ func actionInstall(args []string) {
 		"nix copy --offline --no-check-sigs --all --from file://$BUNDLE/res --to $PWD",
 		// make cache directory world-readable for autoetc
 		"chmod 0755 .",
-	}, workDir, bundle, pathSet, dropShellInstall, cleanup)
+	}, workDir, app, pathSet, dropShellInstall, cleanup)
 
 	/*
 		Activate home-manager generation.
@@ -155,7 +155,7 @@ func actionInstall(args []string) {
 		"rm -rf .local/state/{nix,home-manager}",
 		// run activation script
 		bundle.ActivationPackage + "/activate",
-	}, false, bundle, pathSet, dropShellActivate, cleanup)
+	}, false, app, pathSet, dropShellActivate, cleanup)
 
 	/*
 		Installation complete. Write metadata to block re-installs or downgrades.
@@ -184,9 +184,9 @@ func actionInstall(args []string) {
 	cleanup()
 }
 
-func withNixDaemon(action string, command []string, net bool, bundle *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) {
+func withNixDaemon(action string, command []string, net bool, app *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) {
 	fortifyAppDropShell(&fst.Config{
-		ID: bundle.ID,
+		ID: app.ID,
 		Command: []string{shell, "-lc", "rm -f /nix/var/nix/daemon-socket/socket && " +
 			// start nix-daemon
 			"nix-daemon --store / & " +
@@ -197,13 +197,13 @@ func withNixDaemon(action string, command []string, net bool, bundle *bundleInfo
 			" && pkill nix-daemon",
 		},
 		Confinement: fst.ConfinementConfig{
-			AppID:    bundle.AppID,
+			AppID:    app.AppID,
-			Groups:   bundle.Groups,
+			Groups:   app.Groups,
 			Username: "fortify",
-			Inner:    path.Join("/data/data", bundle.ID),
+			Inner:    path.Join("/data/data", app.ID),
 			Outer:    pathSet.homeDir,
 			Sandbox: &fst.SandboxConfig{
-				Hostname:     formatHostname(bundle.Name) + "-" + action,
+				Hostname:     formatHostname(app.Name) + "-" + action,
 				UserNS:       true, // nix sandbox requires userns
 				Net:          net,
 				NoNewSession: dropShell,
@@ -211,7 +211,7 @@ func withNixDaemon(action string, command []string, net bool, bundle *bundleInfo
 					{Src: pathSet.nixPath, Dst: "/nix", Write: true, Must: true},
 				},
 				Link: [][2]string{
-					{bundle.CurrentSystem, "/run/current-system"},
+					{app.CurrentSystem, "/run/current-system"},
 					{"/run/current-system/sw/bin", "/bin"},
 					{"/run/current-system/sw/bin", "/usr/bin"},
 				},
@@ -226,24 +226,24 @@ func withNixDaemon(action string, command []string, net bool, bundle *bundleInfo
 	}, dropShell, beforeFail)
 }
 
-func withCacheDir(action string, command []string, workDir string, bundle *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) {
+func withCacheDir(action string, command []string, workDir string, app *bundleInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) {
 	fortifyAppDropShell(&fst.Config{
-		ID:      bundle.ID,
+		ID:      app.ID,
 		Command: []string{shell, "-lc", strings.Join(command, " && ")},
 		Confinement: fst.ConfinementConfig{
-			AppID:    bundle.AppID,
+			AppID:    app.AppID,
 			Username: "nixos",
-			Inner:    path.Join("/data/data", bundle.ID, "cache"),
+			Inner:    path.Join("/data/data", app.ID, "cache"),
 			Outer:    pathSet.cacheDir, // this also ensures cacheDir via fshim
 			Sandbox: &fst.SandboxConfig{
-				Hostname:     formatHostname(bundle.Name) + "-" + action,
+				Hostname:     formatHostname(app.Name) + "-" + action,
 				NoNewSession: dropShell,
 				Filesystem: []*fst.FilesystemConfig{
 					{Src: path.Join(workDir, "nix"), Dst: "/nix", Must: true},
 					{Src: workDir, Dst: path.Join(fst.Tmp, "bundle"), Must: true},
 				},
 				Link: [][2]string{
-					{bundle.CurrentSystem, "/run/current-system"},
+					{app.CurrentSystem, "/run/current-system"},
 					{"/run/current-system/sw/bin", "/bin"},
 					{"/run/current-system/sw/bin", "/usr/bin"},
 				},