From 90e08314c21877989a3aba934f141a495dd94481 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Thu, 20 Jul 2023 10:58:10 -0400
Subject: [PATCH] try to shed root privileges

We have root on CircleCI in the docker container.  We can't currently shed
them before we get inside the flake app because we can't run `nix build` as
non-root inside the nix container. :/

https://github.com/nix-community/docker-nixpkgs/issues/62
---
 flake.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index 0dfa3d03a9..53870eac28 100644
--- a/flake.nix
+++ b/flake.nix
@@ -193,7 +193,14 @@
                 writeScript "unit-tests"
                   ''
                     export TAHOE_LAFS_HYPOTHESIS_PROFILE=ci
-                    ${makeTestEnv pyVersion}/bin/python -m twisted.trial "$@"
+                    if [ $(id -u) = "0" ]; then
+                      # The test suite assumes non-root permissions.  Get rid
+                      # of the root permissions we seem to have.
+                      SUDO="sudo -u nobody"
+                    else
+                      SUDO=""
+                    fi
+                    $SUDO ${makeTestEnv pyVersion}/bin/python -m twisted.trial "$@"
                   '';
             };
           };