-
-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos-rebuild: fix issues when using --target-host
#277642
Conversation
9c84bc8
to
053906e
Compare
--target-host
f70347f
to
dda66bb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately, if you don't add a test, it will keep breaking. Please add a test.
I tried this pr. But it didn't fix #262686. My first switch (https://github.com/duament/flakes/actions/runs/7363818666/job/20043632674) succeeded, although there's a warning My second switch (https://github.com/duament/flakes/actions/runs/7363898397/job/20043786127) failed, but the exit code was 0 and github treated it as a success. Here's the error message: |
71c4560
to
9206f06
Compare
@duament could you test this PR again? I've changed the flag from |
9206f06
to
d9aed94
Compare
|
@@ -30,6 +30,7 @@ | |||
.Op Fl -build-host Va host | |||
.Op Fl -target-host Va host | |||
.Op Fl -use-remote-sudo | |||
.Op Fl -use-remote-sudo-always |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we really need a new behavior (do we?), maybe fix the inconsistency of "remote" vs "target"?
Not sure I like "target" because of cross compilation terminology, but target does become less relevant to users as compilers and their Nix expressions improve. "Remote" isn't great either, because both machines may be equally remote, as demonstrated by the test.
Also if you have an office with NixOS machines and you make the on site server responsible for deploying updates, arguably the deployer is more remote.
So I think I prefer target?
.Op Fl -use-remote-sudo-always | |
.Op Fl -target-use-sudo |
Using target
as a prefix reinforces nice grouping, and helps with discovery through shell completions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've removed the --use-remote-sudo-always
flag, opting to just make this PR an improvement on the existing --use-remote-sudo
flag
d9aed94
to
9ab6b24
Compare
9ab6b24
to
ee010f8
Compare
We always want to use `ssh -t` to force PTY allocation as there may be interactive SSH prompts like trusting unknown hosts.
ee010f8
to
cd61094
Compare
I just tested the change with my nixos server and I observed a regression. When using
All subsequent commands then fail with weird errors. Reverting 09fd207 fixes the issue. |
Found an even worse problem as well, which was already caught by the tests, but not reported well by ofborg. I did check the list, but missed the single grey status this time. Fixes available in #280842; will merge as soon as tests pass locally. If any other issues come up, consider reverting both PRs unless trivially fixable. TODO:
|
This reverts commit 09fd207. It caused a regression when using `--build-host` and flakes. See #277642 (comment)
nixos-rebuild: Fix regression from #277642
Made a start here. Would appreciate some help. |
Description of changes
This PR fixes deploying to hosts that require entering a password for
sudo
using--target-host
.This PR changes
--use-remote-sudo
to usesudo
as little as possible.This PR also fixes
systemd-run
hanging when used with--target-host
.Replaces #109046
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)cc @FRidh @zimbatm @oxalica @bjornfor
Add a 馃憤 reaction to pull requests you find important.