From 99d3e0c1680c0e652e6da1e50de465c176fd6d92 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 14 Jan 2024 00:48:53 +0100 Subject: [PATCH 1/3] Revert "nixos-rebuild: fix entering sudo password over SSH" This reverts commit 09fd207cb8a6a1e654cdc9dc49610ebd456fe05d. It caused a regression when using `--build-host` and flakes. See https://github.com/NixOS/nixpkgs/pull/277642#issuecomment-1890783714 --- pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index 4439487a9301a73..ba8c8fc537a32d7 100755 --- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -436,7 +436,7 @@ if [ "$action" = edit ]; then exit 1 fi -SSHOPTS="$NIX_SSHOPTS -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-%n -o ControlPersist=60 -t" +SSHOPTS="$NIX_SSHOPTS -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-%n -o ControlPersist=60" # First build Nix, since NixOS may require a newer version than the # current one. From 472dfb38884dcbaed042b69fab6249fe58819939 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 14 Jan 2024 01:14:33 +0100 Subject: [PATCH 2/3] nixos-rebuild: Add tty only to "sudo-able" commands for target This solves again the problem solved by 09fd207cb8a6a1e654cdc9dc49610ebd456fe05d. To quote: > We always want to use `ssh -t` to force PTY allocation as there may be > interactive SSH prompts like trusting unknown hosts. However, the creation of a pseudoterminal causes the remote stdout and stderr to point to the same tty, resulting in a single stream in the ssh client, which breaks other usages of ssh, such as `--build-host`. Hence, this commit only sets the flag for invocations that need it - or would need it if sudo were disabled. That should help with development and gives a somewhat more consistent user experience. --- pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index ba8c8fc537a32d7..1b7ec45ae2d329b 100755 --- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -196,9 +196,11 @@ targetHostCmd() { targetHostSudoCmd() { if [ -n "$remoteSudo" ]; then - useSudo=1 targetHostCmd "$@" + useSudo=1 SSHOPTS="$SSHOPTS -t" targetHostCmd "$@" else - targetHostCmd "$@" + # While a tty might not be necessary, we apply it to be consistent with + # sudo usage, and an experience that is more consistent with local deployment. + SSHOPTS="$SSHOPTS -t" targetHostCmd "$@" fi } From c8c3c5854e16ab98afa718801badd62fff6bbb42 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 14 Jan 2024 02:23:52 +0100 Subject: [PATCH 3/3] nixos-rebuild: Avoid empty command "${a[@]}" => ok "${foo:+a[@]}" => empty string when length is 0 --- .../linux/nixos-rebuild/nixos-rebuild.sh | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index 1b7ec45ae2d329b..006b5db6320c513 100755 --- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -177,20 +177,34 @@ runCmd() { } buildHostCmd() { + local c + if [[ "${useSudo:-x}" = 1 ]]; then + c=("${sudoCommand[@]}") + else + c=() + fi + if [ -z "$buildHost" ]; then runCmd "$@" elif [ -n "$remoteNix" ]; then - runCmd ssh $SSHOPTS "$buildHost" "${useSudo:+${sudoCommand[@]}}" env PATH="$remoteNix":'$PATH' "$@" + runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" env PATH="$remoteNix":'$PATH' "$@" else - runCmd ssh $SSHOPTS "$buildHost" "${useSudo:+${sudoCommand[@]}}" "$@" + runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" "$@" fi } targetHostCmd() { + local c + if [[ "${useSudo:-x}" = 1 ]]; then + c=("${sudoCommand[@]}") + else + c=() + fi + if [ -z "$targetHost" ]; then - runCmd "${useSudo:+${sudoCommand[@]}}" "$@" + runCmd "${c[@]}" "$@" else - runCmd ssh $SSHOPTS "$targetHost" "${useSudo:+${sudoCommand[@]}}" "$@" + runCmd ssh $SSHOPTS "$targetHost" "${c[@]}" "$@" fi }