nix-darwin: login as the user when activating#587
Closed
kalbasit wants to merge 1 commit intonix-community:masterfrom
Closed
nix-darwin: login as the user when activating#587kalbasit wants to merge 1 commit intonix-community:masterfrom
kalbasit wants to merge 1 commit intonix-community:masterfrom
Conversation
This was referenced Feb 21, 2019
kalbasit
changed the title
Member
|
Rebased to master in 7ec1538 🙂 |
toonn
added a commit
to toonn/home-manager
that referenced
this pull request
Jun 20, 2022
In nix-community#587, kalbasit introduce the `-i` flag so the sudo invocation would run in an environment with `HOME` set to the correct value for the target user. This was necessary to be able to set up multiple users without interfering with the invoking user's `HOME`. In nix-community#807, I switched to `-s` instead because I managed to get an invalid shell set for my user by switching `useUserPackages` from `true` to `false` which changes the location where packages are installed and `~/.nix-profile/bin/<my-shell>` was no longer valid. This was based on the assumption that `SHELL` would be set to some sensible value by Home Manager at this point. This turned out to be false as reported in nix-community#2900. In 0ced6d6 (this commit's parent at this time), I explicitly set `SHELL` to `${pkgs.bash}` so it is definitely set to a good shell when invoking the activation script. However, nix-community#807 broke activation for multiple users, the original motivation for `-i`, as reported in nix-community#2856. I fixed this in nix-community#2857 by additionally passing `--set-home`. Further discussion with rycee in nix-community#3040 made me realize that the activation script already has a good Nix store bash shebang. So all the problems have been caused, not by the shell used for the activation script but by sudo trying to use a different shell at all. `-i` uses the shell set in the `passwd` file for the target user, but this can become invalid as happened to me. `-s` uses either `SHELL` if it's defined or the invoking user's shell as set in the `passwd` file. By explicitly setting this to a shell provided by Nix we make sure we're not trying to launch a non-existent shell. However, we're clearly already running in an existing shell and because of `--set-home` we can activate other users properly so there's not actually any need to try to have sudo start a different shell first, it just adds an extra process that then goes on to run the activation script with a good bash because of the shebang. Dropping `-s` altogether and keeping `--set-home` should avoid all of these issues.
rycee
pushed a commit
to toonn/home-manager
that referenced
this pull request
Sep 19, 2022
In nix-community#587, kalbasit introduce the `-i` flag so the sudo invocation would run in an environment with `HOME` set to the correct value for the target user. This was necessary to be able to set up multiple users without interfering with the invoking user's `HOME`. In nix-community#807, I switched to `-s` instead because I managed to get an invalid shell set for my user by switching `useUserPackages` from `true` to `false` which changes the location where packages are installed and `~/.nix-profile/bin/<my-shell>` was no longer valid. This was based on the assumption that `SHELL` would be set to some sensible value by Home Manager at this point. This turned out to be false as reported in nix-community#2900. In 0ced6d6 (this commit's parent at this time), I explicitly set `SHELL` to `${pkgs.bash}` so it is definitely set to a good shell when invoking the activation script. However, nix-community#807 broke activation for multiple users, the original motivation for `-i`, as reported in nix-community#2856. I fixed this in nix-community#2857 by additionally passing `--set-home`. Further discussion with rycee in nix-community#3040 made me realize that the activation script already has a good Nix store bash shebang. So all the problems have been caused, not by the shell used for the activation script but by sudo trying to use a different shell at all. `-i` uses the shell set in the `passwd` file for the target user, but this can become invalid as happened to me. `-s` uses either `SHELL` if it's defined or the invoking user's shell as set in the `passwd` file. By explicitly setting this to a shell provided by Nix we make sure we're not trying to launch a non-existent shell. However, we're clearly already running in an existing shell and because of `--set-home` we can activate other users properly so there's not actually any need to try to have sudo start a different shell first, it just adds an extra process that then goes on to run the activation script with a good bash because of the shebang. Dropping `-s` altogether and keeping `--set-home` should avoid all of these issues.
austinharris
pushed a commit
to austinharris/home-manager
that referenced
this pull request
Dec 23, 2022
In nix-community#587, kalbasit introduce the `-i` flag so the sudo invocation would run in an environment with `HOME` set to the correct value for the target user. This was necessary to be able to set up multiple users without interfering with the invoking user's `HOME`. In nix-community#807, I switched to `-s` instead because I managed to get an invalid shell set for my user by switching `useUserPackages` from `true` to `false` which changes the location where packages are installed and `~/.nix-profile/bin/<my-shell>` was no longer valid. This was based on the assumption that `SHELL` would be set to some sensible value by Home Manager at this point. This turned out to be false as reported in nix-community#2900. In 0ced6d6 (this commit's parent at this time), I explicitly set `SHELL` to `${pkgs.bash}` so it is definitely set to a good shell when invoking the activation script. However, nix-community#807 broke activation for multiple users, the original motivation for `-i`, as reported in nix-community#2856. I fixed this in nix-community#2857 by additionally passing `--set-home`. Further discussion with rycee in nix-community#3040 made me realize that the activation script already has a good Nix store bash shebang. So all the problems have been caused, not by the shell used for the activation script but by sudo trying to use a different shell at all. `-i` uses the shell set in the `passwd` file for the target user, but this can become invalid as happened to me. `-s` uses either `SHELL` if it's defined or the invoking user's shell as set in the `passwd` file. By explicitly setting this to a shell provided by Nix we make sure we're not trying to launch a non-existent shell. However, we're clearly already running in an existing shell and because of `--set-home` we can activate other users properly so there's not actually any need to try to have sudo start a different shell first, it just adds an extra process that then goes on to run the activation script with a good bash because of the shebang. Dropping `-s` altogether and keeping `--set-home` should avoid all of these issues.
spacekookie
pushed a commit
to spacekookie/home-manager
that referenced
this pull request
Feb 10, 2023
In nix-community#587, kalbasit introduce the `-i` flag so the sudo invocation would run in an environment with `HOME` set to the correct value for the target user. This was necessary to be able to set up multiple users without interfering with the invoking user's `HOME`. In nix-community#807, I switched to `-s` instead because I managed to get an invalid shell set for my user by switching `useUserPackages` from `true` to `false` which changes the location where packages are installed and `~/.nix-profile/bin/<my-shell>` was no longer valid. This was based on the assumption that `SHELL` would be set to some sensible value by Home Manager at this point. This turned out to be false as reported in nix-community#2900. In 0ced6d6 (this commit's parent at this time), I explicitly set `SHELL` to `${pkgs.bash}` so it is definitely set to a good shell when invoking the activation script. However, nix-community#807 broke activation for multiple users, the original motivation for `-i`, as reported in nix-community#2856. I fixed this in nix-community#2857 by additionally passing `--set-home`. Further discussion with rycee in nix-community#3040 made me realize that the activation script already has a good Nix store bash shebang. So all the problems have been caused, not by the shell used for the activation script but by sudo trying to use a different shell at all. `-i` uses the shell set in the `passwd` file for the target user, but this can become invalid as happened to me. `-s` uses either `SHELL` if it's defined or the invoking user's shell as set in the `passwd` file. By explicitly setting this to a shell provided by Nix we make sure we're not trying to launch a non-existent shell. However, we're clearly already running in an existing shell and because of `--set-home` we can activate other users properly so there's not actually any need to try to have sudo start a different shell first, it just adds an extra process that then goes on to run the activation script with a good bash because of the shebang. Dropping `-s` altogether and keeping `--set-home` should avoid all of these issues.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Log in as the user when activating a home-manager configuration on Nix-Darwin. Otherwise, the
$HOMEis not set correctly and might inadvertently setup the HOME for the current user invoking the switch, although that might also fail with a permission denied error.This pr depends on nix-darwin/nix-darwin#128
cc @ElvishJerricco