Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User on the remote host needs to be in nix.trustedUsers #28

Open
eyJhb opened this issue Sep 11, 2020 · 0 comments
Open

User on the remote host needs to be in nix.trustedUsers #28

eyJhb opened this issue Sep 11, 2020 · 0 comments

Comments

@eyJhb
Copy link
Collaborator

eyJhb commented Sep 11, 2020

If the user that we ssh is not in the trusted users, the copy of derivations will fail and it cannot activate the system.
It will fail and try three times and then continue on to activate the system, even though it did not complete the copy.

+ trap exit INT TERM
+ trap 'for pid in $(jobs -p) ; do kill -- -$pid ; done' EXIT
+ exec
+ exec
++ sed 's/^/[myserver] /'
++ sed 's/^/[myserver] /'
[myserver] + [email protected]
[myserver] + echo 'Connecting to host...'
[myserver] Connecting to host...
[myserver] ++ timeout --foreground 30 ssh -o ControlPath=none -o BatchMode=yes [email protected] realpath /run/current-system
[myserver] + OLDSYSTEM=/nix/store/br5iizllmqbcwlj12jlqxfq6y9q6ymfd-nixos-system-tutti-20.03.2730.0c0fe6d85b9
[myserver] + '[' /nix/store/br5iizllmqbcwlj12jlqxfq6y9q6ymfd-nixos-system-tutti-20.03.2730.0c0fe6d85b9 == /nix/store/0lj9anqkyk52mbj250vncr0zsc4qdnq3-nixos-system-tutti-20.09pre-git ']'
[myserver] + echo 'Copying closure to host...'
[myserver] Copying closure to host...
[myserver] + tries=3
[myserver] + '[' 3 -ne 0 ']'
[myserver] + NIX_SSH_OPTS='-o ServerAliveInterval=15'
[myserver] + nix-copy-closure -s --to [email protected] /nix/store/nzrk715wsjny0rrpb3crqzlxkv47v27y-rsync-3.1.3 /nix/store/0lj9anqkyk52mbj250vncr0zsc4qdnq3-nixos-system-tutti-20.09pre-git /nix/store/pb9ji5sldkwwgij6zh7w953ykywbjajx-switch
[myserver] copying 72 paths...
[myserver] copying path '/nix/store/0qbb688iq0gx41mhxix5f1fc2ydm7bw1-vimrc' to 'ssh://[email protected]'...
[myserver] error: cannot add path '/nix/store/0qbb688iq0gx41mhxix5f1fc2ydm7bw1-vimrc' because it lacks a valid signature
[myserver] error (ignored): unexpected end-of-file
[myserver] error (ignored): unexpected end-of-file
[myserver] error: unexpected end-of-file
[myserver] + tries=2
[myserver] + echo 'Failed to copy closure, 2 tries left'
[myserver] Failed to copy closure, 2 tries left
[myserver] + '[' 2 -ne 0 ']'
[myserver] + NIX_SSH_OPTS='-o ServerAliveInterval=15'
[myserver] + nix-copy-closure -s --to [email protected] /nix/store/nzrk715wsjny0rrpb3crqzlxkv47v27y-rsync-3.1.3 /nix/store/0lj9anqkyk52mbj250vncr0zsc4qdnq3-nixos-system-tutti-20.09pre-git /nix/store/pb9ji5sldkwwgij6zh7w953ykywbjajx-switch
[myserver] copying 72 paths...
[myserver] copying path '/nix/store/0qbb688iq0gx41mhxix5f1fc2ydm7bw1-vimrc' to 'ssh://[email protected]'...
[myserver] error: cannot add path '/nix/store/0qbb688iq0gx41mhxix5f1fc2ydm7bw1-vimrc' because it lacks a valid signature
[myserver] error (ignored): unexpected end-of-file
[myserver] error (ignored): unexpected end-of-file
[myserver] error: unexpected end-of-file
[myserver] + tries=1
[myserver] + echo 'Failed to copy closure, 1 tries left'
[myserver] Failed to copy closure, 1 tries left
[myserver] + '[' 1 -ne 0 ']'
[myserver] + NIX_SSH_OPTS='-o ServerAliveInterval=15'
[myserver] + nix-copy-closure -s --to [email protected] /nix/store/nzrk715wsjny0rrpb3crqzlxkv47v27y-rsync-3.1.3 /nix/store/0lj9anqkyk52mbj250vncr0zsc4qdnq3-nixos-system-tutti-20.09pre-git /nix/store/pb9ji5sldkwwgij6zh7w953ykywbjajx-switch
[myserver] copying 72 paths...
[myserver] copying path '/nix/store/0qbb688iq0gx41mhxix5f1fc2ydm7bw1-vimrc' to 'ssh://[email protected]'...
[myserver] error: cannot add path '/nix/store/0qbb688iq0gx41mhxix5f1fc2ydm7bw1-vimrc' because it lacks a valid signature
[myserver] error (ignored): unexpected end-of-file
[myserver] error (ignored): unexpected end-of-file
[myserver] error: unexpected end-of-file
[myserver] + tries=0
[myserver] + echo 'Failed to copy closure, 0 tries left'
[myserver] Failed to copy closure, 0 tries left
[myserver] + '[' 0 -ne 0 ']'
[myserver] + echo 'Copying secrets...'
[myserver] Copying secrets...
[myserver] + ssh [email protected] sudo mkdir -p -m 755 /var/lib/nixus-secrets/pending/per-user /var/lib/nixus-secrets/pending/per-group
[myserver] + rsync --perms --chmod=440 '--rsync-path=sudo /nix/store/nzrk715wsjny0rrpb3crqzlxkv47v27y-rsync-3.1.3/bin/rsync' /nix/store/y2gdasgv4cr95fhcy53x27hd325fg47v-required-secrets [email protected]:/var/lib/nixus-secrets/pending/included-secrets
[myserver] + read -r json
[myserver] + echo 'Finished copying secrets'
[myserver] Finished copying secrets
[myserver] + echo 'Triggering system switcher...'
[myserver] Triggering system switcher...
[myserver] ++ ssh -o BatchMode=yes [email protected] exec /nix/store/pb9ji5sldkwwgij6zh7w953ykywbjajx-switch/bin/switch start /nix/store/0lj9anqkyk52mbj250vncr0zsc4qdnq3-nixos-system-tutti-20.09pre-git
[myserver] bash: /nix/store/pb9ji5sldkwwgij6zh7w953ykywbjajx-switch/bin/switch: No such file or directory
[myserver] + id=
[myserver] ++ jobs -p

A error message that indicates that the user should be trusted/a check that does this would be preferred, instead of no error message :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eyJhb