Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[backport] nixos-rebuild: support sudo + --target-host #71707

Conversation

@bjornfor
Copy link
Contributor

bjornfor commented Oct 22, 2019

Motivation for this change

I'd like to use nixos-rebuild --target-host with normal user and sudo instead of using root. Backport that feature from master branch to release-19.09. Also bring the related and dependent commit "nixos-rebuild: Fix target-host using fish".

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

@bjornfor
Copy link
Contributor Author

bjornfor commented Oct 30, 2019

Waiting for feedback / merge of #71849.

jtojnar and others added 3 commits Oct 8, 2019
I have `users.defaultUserShell = pkgs.fish;` set on my server and when I ran `nixos-rebuild switch --target-host …`, the command failed with the following error:

    fish: Unsupported use of '='. To run 'nix-store' with a modified environment, please use 'env PATH=… nix-store…'

That is because fish requires env to set environment variables for a program. It should also work on other shells.

(cherry picked from commit 316d4fa)
This adds support for deploying to remote hosts without being root:

  sudo nixos-rebuild --target-host non-root@host

Without this change, only root@host is able to deploy.

The idea is that if the local command is run with sudo, so should the
remote one, thus there is no need for adding any CLI options.

(cherry picked from commit 263a81e)
Add --use-remote-sudo option. When set, remote commands will be prefixed
with 'sudo'. This allows using sudo remotely _without_ having to use
sudo locally (when using --build-host/--taget-host).

(cherry picked from commit 2c09cfc)
@bjornfor bjornfor force-pushed the bjornfor:backport-nixos-rebuild-sudo-target-host branch from 5d169e7 to ef69202 Nov 7, 2019
@bjornfor
Copy link
Contributor Author

bjornfor commented Nov 7, 2019

#71849 was merged, please comment if this is OK or not to backport.

@drewrisinger
Copy link
Contributor

drewrisinger commented May 4, 2020

Can you link PRs that this backports? Other than #71849

@bjornfor
Copy link
Contributor Author

bjornfor commented May 4, 2020

I don't know an easy way to do that. (But the commits are there, what do you need the PRs for?) Also, I think by now this PR is not going to be merged. (The new release is out already.)

@drewrisinger
Copy link
Contributor

drewrisinger commented May 4, 2020

I was asking for PRs to double-check that they made it to a release/approved version (i.e. that they're not on some orphaned branch and so shouldn't make their way to a release). If you're ok with this not getting backported, then please close the PR.

@bjornfor
Copy link
Contributor Author

bjornfor commented May 5, 2020

Github shows the branches that contain the commit (if any) just below the commit message. Or use 'git branch --contains COMMIT'.

@bjornfor bjornfor closed this May 5, 2020
@bjornfor bjornfor deleted the bjornfor:backport-nixos-rebuild-sudo-target-host branch May 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.