From f7657a38957300d25de24213cf966adcc37a682f Mon Sep 17 00:00:00 2001
From: Ray Walker <ray@27b.io>
Date: Thu, 28 May 2026 21:51:29 +1000
Subject: [PATCH] ci: pin RUSTUP_HOME/CARGO_HOME to /tmp for nightly-installing
 jobs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The miri-subset job (security-medium) and the miri-full + fuzzing jobs
(security-deep) all install a nightly toolchain via bare
`rustup toolchain install nightly`. On the self-hosted `cachekit` ARC
runner the default `~/.rustup/{tmp,toolchains}` paths straddle the pod's
overlay and hostPath layers, so rustup's atomic rename during install
fails with `Invalid cross-device link (os error 18)` — rust-lang/rustup#1239.

security-medium has been red on main for 12 days as a result; the same
latent bug breaks the nightly security-deep run.

Fix: scope `RUSTUP_HOME=/tmp/rustup` and `CARGO_HOME=/tmp/cargo` to just
the three affected jobs. This is the same workaround already used by
fuzz-smoke.yml. The pre-shipped stable toolchain jobs (cargo-geiger,
kani-verification) are intentionally left untouched so they keep using
the runner image's cached toolchain.
---
 .github/workflows/security-deep.yml   | 12 ++++++++++++
 .github/workflows/security-medium.yml |  6 ++++++
 2 files changed, 18 insertions(+)

diff --git a/.github/workflows/security-deep.yml b/.github/workflows/security-deep.yml
index ee3391d..cce2822 100644
--- a/.github/workflows/security-deep.yml
+++ b/.github/workflows/security-deep.yml
@@ -41,6 +41,12 @@ jobs:
     name: Extended Fuzzing (3 targets × 1h)
     runs-on: cachekit
     timeout-minutes: 200
+    env:
+      # Avoid EXDEV "cross-device link" errors when rustup stages a nightly
+      # toolchain across overlay/hostPath boundaries on the ARC runner pod
+      # (rust-lang/rustup#1239). Same pattern as fuzz-smoke.yml.
+      RUSTUP_HOME: /tmp/rustup
+      CARGO_HOME: /tmp/cargo
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
@@ -127,6 +133,12 @@ jobs:
     name: Miri Full Suite
     runs-on: cachekit
     timeout-minutes: 30
+    env:
+      # Avoid EXDEV "cross-device link" errors when rustup stages a nightly
+      # toolchain across overlay/hostPath boundaries on the ARC runner pod
+      # (rust-lang/rustup#1239). Same pattern as fuzz-smoke.yml.
+      RUSTUP_HOME: /tmp/rustup
+      CARGO_HOME: /tmp/cargo
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
diff --git a/.github/workflows/security-medium.yml b/.github/workflows/security-medium.yml
index a1e8ae9..8fd5eb2 100644
--- a/.github/workflows/security-medium.yml
+++ b/.github/workflows/security-medium.yml
@@ -61,6 +61,12 @@ jobs:
     name: Miri UB Detection (Subset)
     runs-on: cachekit
     timeout-minutes: 20
+    env:
+      # Avoid EXDEV "cross-device link" errors when rustup stages a nightly
+      # toolchain across overlay/hostPath boundaries on the ARC runner pod
+      # (rust-lang/rustup#1239). Same pattern as fuzz-smoke.yml.
+      RUSTUP_HOME: /tmp/rustup
+      CARGO_HOME: /tmp/cargo
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6