Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos-rebuild: add explicit option to enable (remote) sudo #71849

Merged
merged 1 commit into from Nov 7, 2019

Conversation

@bjornfor
Copy link
Contributor

bjornfor commented Oct 23, 2019

Motivation for this change

Add --use-remote-sudo option. When set, remote commands will be prefixed
with 'sudo'. This allows using sudo remotely without having to use
sudo locally (when using --build-host/--taget-host).

@jtojnar: I ended up with --use-remote-sudo instead of --use-sudo, to make the nixos-rebuild command line more self explanatory. And I don't abort if the flag is used and no remote command is happening, because, well, it felt more user friendly that way.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @jtojnar @matthewbauer @LnL7 @Mic92 (last few people to touch nixos-rebuild)

Add --use-remote-sudo option. When set, remote commands will be prefixed
with 'sudo'. This allows using sudo remotely _without_ having to use
sudo locally (when using --build-host/--taget-host).
@bjornfor

This comment has been minimized.

Copy link
Contributor Author

bjornfor commented Oct 23, 2019

This is a follow up on #71143.

@jtojnar

This comment has been minimized.

Copy link
Contributor

jtojnar commented Oct 23, 2019

Do we want to run sudo on both build host and target host? Should not the target host suffice?

@bjornfor

This comment has been minimized.

Copy link
Contributor Author

bjornfor commented Oct 23, 2019

I'm not sure if it's required, but I figured it matches local sudo best (where every command is run with sudo/as root).

@bjornfor bjornfor mentioned this pull request Oct 24, 2019
0 of 10 tasks complete
@bjornfor

This comment has been minimized.

Copy link
Contributor Author

bjornfor commented Oct 28, 2019

Any comments? No objections to merging?

@edolstra

This comment has been minimized.

Copy link
Member

edolstra commented Nov 6, 2019

👍 though to be honest I feel it's better to just connect to root directly. Adding sudo is likely to add all sorts of interesting failure modes (e.g. environment variables not being set correctly, etc).

@bjornfor bjornfor merged commit 2c09cfc into NixOS:master Nov 7, 2019
12 checks passed
12 checks passed
Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
@bjornfor bjornfor deleted the bjornfor:nixos-rebuild-use-remote-sudo branch Nov 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.