Allow running nix without a /etc/passwd entry
#8074
Comments
Sidenote regardless of the feature request: This is usually a bad idea because it breaks all kinds of programs because this is expected to exist. I would recommend to use something similar to the systemd DynamicUser feature instead. |
|
systemd isn't available inside docker container by default |
|
and as described you can't influence the userid used by Openstack. |
|
This might be a consequence of #6676 which will cause Any chance you could run |
|
sure, but the current user still has no entry inside |
|
I don't think it would. |
|
ok, let me test if we can change the owner of the home dir on the fly, because it should be writable by current user anyways |
|
ok, only root can change ownership. so i would need to create the home on the fly 😕 |
- unset environment variables - unmount `/etc` - fix actions accordingly see NixOS/nix#8074 about why `$HOME` is now set before calling Nix from an action
Is your feature request related to a problem? Please describe.
We are using the
nix flake updateto update the nix lockfiles from renovatebot.The executable is run inside docker containers which a custom user.
But sometimes the image needs to be run with an arbitrary userid, which is not inside the
/etc/passwdof the prebuild image.This happpens when running on openstack, then the userid is random and the primary group is
root, so we've prepared our image for that usecase.We also explicit set
HOMEto our prebuild user which is writable byrootgroup.This works fine for most tools but not for the nix cli, which fails with
cannot determine user's home directoryherenix/src/libutil/util.cc
Line 553 in e37f436
nix: support running without explicit home containerbase/base#799lockFileMaintenanceis broken renovatebot/github-action#713Describe the solution you'd like
I like to skip that check somehow so the existing writable
HOMEcan be used bynixcli.Describe alternatives you've considered
No workaround possible.
Additional context
Not relevant
Priorities
Add 👍 to issues you find important.
The text was updated successfully, but these errors were encountered: