Siddharth Balyan 64145a1996 fix(nix): replace chown -R with targeted find in container entrypoint (#23633) ... The container entrypoint ran `chown -R` on $HERMES_HOME every start. `chown` strips the setgid bit (kernel security behavior), destroying the 2770 permissions the NixOS activation script sets for group access by hostUsers. This caused PermissionError for interactive CLI users even though they were in the hermes group. Replace with `find ... ! -user $UID -exec chown` which only touches files with wrong ownership, leaving correctly-owned directories and their permission bits intact. Affects: container.enable + container.hostUsers + addToSystemPackages Related: #19795, #19788, #9383		2026-05-11 12:59:57 +05:30
..
checks.nix	feat(nix): add extraDependencyGroups for sealed venv extras (#21817)	2026-05-11 12:23:48 +05:30
configMergeScript.nix	feat: nix flake — uv2nix build, NixOS module, persistent container mode (#20)	2026-03-26 01:08:02 +05:30
devShell.nix	change(nix): dedupe nix lockfile checking scripts in ci (#18000)	2026-04-30 22:52:30 +05:30
hermes-agent.nix	feat(nix): add extraDependencyGroups for sealed venv extras (#21817)	2026-05-11 12:23:48 +05:30
lib.nix	fix(nix): refresh stale tui npmDepsHash + fix cache-blind detection (#20144)	2026-05-05 15:32:20 +05:30
nixosModules.nix	fix(nix): replace chown -R with targeted find in container entrypoint (#23633)	2026-05-11 12:59:57 +05:30
overlays.nix	fix(banner): show correct update status on nix-built hermes (#17550)	2026-04-30 07:03:00 +05:30
packages.nix	fix(banner): show correct update status on nix-built hermes (#17550)	2026-04-30 07:03:00 +05:30
python.nix	feat(nix): declarative plugin installation for NixOS module (#15953)	2026-04-28 00:18:32 +05:30
tui.nix	fix(nix): refresh stale tui npmDepsHash + fix cache-blind detection (#20144)	2026-05-05 15:32:20 +05:30
web.nix	change(nix): dedupe nix lockfile checking scripts in ci (#18000)	2026-04-30 22:52:30 +05:30