> What kind of filesystem and mount options was the code and
> (if set, TMPDIR) on?
> Since Nix seems to use odd paths, what's the default temporary
> directory? ("/tmp" on my systems)

TMPDIR is /build.  The code is extracted to /build/public-inbox.
Relevant mount output is:

    tmp on /build type tmpfs (rw,relatime)

>> t/search.t ................. fatal: Could not make /build/pi-search-i646IK/a.git/branches/ writable by group
>> t/search.t ................. 1/?
>> #   Failed test 'git init (main)'
>> #   at t/search.t line 20.
>> #          got: '0'
>> #     expected: '32768'

After some rather extensive debugging, I've determined that most of
these are to do with not being able to set the setgid bit.  If I mask it
off in git's adjust_shared_perm function, I get down to two failures.  I
don't know enough about filesystem permissions to know why this wouldn't
be allowed inside the sandbox if it is allowed normally, though.