The program prefix was advertised as valid, but it actually wasn't
because I regressed it during a different refactor. Strip the "program:"
prefix when present to correctly parse elevation paths, and add a
regression test so that I don't mess it up again.
The deprecation warning advertised "program:<path>" as a valid value but the
parser treated it as a literal path. Strip the "program:" prefix when present
to correctly parse elevation program paths. Add unit test for this case.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I33de2df17654f95a656a4ee649cf7c9b6a6a6964
This is a massive change, and it primarily concerns
`--elevation-*program*` not making any sense for remote operations. The
change to *strategy* allows the flag to be more descriptive in terms of
how it operates, and allows us to add new strategies to handle.
Fixes https://github.com/nix-community/nh/issues/434
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I9e51838007feca7d2d914402d7f11dbc6a6a6964
For compatibility and I guess consistency with nixos-rebuild-ng which
*does* this, but ours is bit safer so hah!
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ie6ed6ea08b16acf690c8e4bb56d063546a6a6964
Implement optional remote process cleanup when user cancels the
operation (i.e., presses Ctrl+C) during a remote build. If the
environment variable NH_REMOTE_CLEANUP is set to `"1"`, `"true`, or
`"yes"` NH will also attempt to run `pkill` on the remote host to
terminate the Nix process. This is implemented to match
nixos-rebuild-ng's cleanup behaviour, but it is opt-in instead of
opt-out due to the fragility of the action.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I555c84087018025b111a51715c5aa42a6a6a6964
I've cramped too many things in one commit again. Guess it's better to
explain, generally, what has changed.
The primary "fix" that this commit addresses is SSH command construction
by shell-quoting *all* arguments before passing them to the remote
shell, instead of using SSH's `'--'` separator with individual args.
This helps ensure special chars, spaces and shell metachars in paths (I
blame Nix) or arguments args are handled correctly.
Additionally, there are a few improvements to the "robustness" of remote
copying: previously we'd attempt to copy from build-host to target-host,
which is fine, but we failed fast instead of attempting the logically
correct behaviour which is to COPY BACK and THEN relay to the target
host. If remote-to-remote copy fails, the system now logs a warning and
relays through localhost instead of failing. This makes nh's *fallback
behaviour* (but not the first pass) consistent with nixos-rebuild.
Other than that, some build command consolidation and moderately large
documentation tweaks. The code is getting out of hand, so I'd like to
merge this and be done as soon as possible.
God that was a long summary. Hope someone gets to read this.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ib540fc287f1b1e22e2b68b9c9c7b03046a6a6964
Remove the redundant and poor connectivity checks that added overhead
without any tangible benefit, and implement SSH ControlMaster cleanup on
program exit. This reduces the number of SSH connections made during
remote operations and makes sure SSH control processes are properly
terminated
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ideb1825cb7e8302316d7d25b64e7859b6a6a6964
Tiny improvement to how remote connections are made. We now check BEFORE
the connection is made, so that we can avoid all that expensive eval if
it's not reachable. This is not infallible, but it is better. To fix
some target-host quirks, we also have to deal with local symlinks so we
enforce it locally either way.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I65fd7258828459ea82fe6739383567556a6a6964
Fixes a minor issue in how commands that are invalid or improperly
handled are forwarded to the Nix command. Replaces `join()` with
`popen()` to access individual processes in the pipeline. This way we
can better check the exist status of the `nix build` process and
properly propagate them.
Also improves naming a little bit because why not?
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I8a44abf924f9c9a1c06d102e5a3f40aa6a6a6964
Fixes https://github.com/nix-community/nh/issues/428
This is a large architectural change to NH, which lead to me extracting
the remote build logic to its own file so that we may implement it for
Darwin and Home-Manager as well. The `--builders` flag was dropped from
`nh::commands`, and it was replaced with the new and shiny logic that
hopefully avoids previous pitfalls.
The new `nh::remote` module handles remote builds, including:
- Parsing remote host specifications.
- Copying derivations to remote hosts using `nix-copy-closure`.
- Building derivations on remote hosts via `nix build`.
- Copying results back to localhost or directly to a target host.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I236eb1e35dd645f2169462d207bc82e76a6a6964
