aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/ssh.cc
AgeCommit message (Collapse)Author
2024-03-18libutil: make AutoCloseFD a better resourceeldritch horrors
add a reset() method to close the wrapped fd instead of assigning magic constants. also make the from-fd constructor explicit so you can't accidentally assign the *wrong* magic constant, or even an unrelated integer that also just happens to be an fd by pure chance. Change-Id: I51311b0f6e040240886b5103d39d1794a6acc325
2024-03-17Delete hasPrefix and hasSuffix from the codebaseJade Lovelace
These now have equivalents in the standard lib in C++20. This change was performed with a custom clang-tidy check which I will submit later. Executed like so: ninja -C build && run-clang-tidy -checks='-*,nix-*' -load=build/libnix-clang-tidy.so -p .. -fix ../tests | tee -a clang-tidy-result Change-Id: I62679e315ff9e7ce72a40b91b79c3e9fc01b27e9
2024-03-04Merge pull request #9293 from ThinkChaos/ssh-misc-improvmentseldritch horrors
SSH small improvments (cherry picked from commit dcc49744ed0c3b91f905b0f3304d3ca700f9f717) Change-Id: Ie87910df3ab739d0ff983c085190da1d108e96e2
2023-06-13Pass common ssh options in isMasterRunningDavid McFarland
2023-05-16Fix ControlMaster behaviourAlexander Bantyev
2023-03-22SSHMaster: pause logger to show password promptAlexander Bantyev
Pause logger before starting SSH connections, and resume it after the connection is established, so that SSH password prompts are not erased by the logger's updates.
2022-10-22Defer to SSH config files for ForwardAgent optionAustin Kiekintveld
Currently, Nix passes `-a` when it runs commands on a remote machine via SSH, which disables agent forwarding. This causes issues when the `ForwardAgent` option is set in SSH config files, as the command line operation always overrides those. In particular, this causes issues if the command being run is `sudo` and the remote machine is configured with the equivalent of NixOS's `security.pam.enableSSHAgentAuth` option. Not allowing SSH agent forwarding can cause authentication to fail unexpectedly. This can currently be worked around by setting `NIX_SSHOPTS="-A"`, but we should defer to the options in the SSH config files to be least surprising for users.
2022-02-25Remove std::string alias (for real this time)Eelco Dolstra
Also use std::string_view in a few more places.
2021-04-07restoreSignals() + restoreAffinity() -> restoreProcessContext()Eelco Dolstra
2021-02-25distributed builds: load remote builder host key from the machines fileGraham Christensen
This is already used by Hydra, and is very useful when materializing a remote builder list from service discovery. This allows the service discovery tool to only sync one file instead of two.
2020-02-14Fix PR_SET_PDEATHSIG results in Broken pipe (#2395)Tobias Möst
The ssh client is lazily started by the first worker thread, that requires a ssh connection. To avoid the ssh client to be killed, when the worker process is stopped, do not set PR_SET_PDEATHSIG.
2019-12-13SimplifyEelco Dolstra
2019-12-12libstore/ssh: Improve error message on failing `execvp`Profpatsch
If the `throw` is reached, this means that execvp into `ssh` wasn’t successful. We can hint at a usual problem, which is a missing `ssh` executable. Test with: ``` env PATH= ./result/bin/nix-copy-closure --builders '' unusedhost ``` and the bash version with ``` env PATH= ./result/bin/nix-copy-closure --builders '' localhost ```
2019-11-22getEnv(): Return std::optionalEelco Dolstra
This allows distinguishing between an empty value and no value.
2019-02-05Revert "Restore parent mount namespace before executing a child process"Eelco Dolstra
This reverts commit a0ef21262f4d5652bfb65cfacaec01d89c475a93. This doesn't work in 'nix run' and nix-shell because setns() fails in multithreaded programs, and Boehm GC mark threads are uncancellable. Fixes #2646.
2018-11-13Restore parent mount namespace before executing a child processEelco Dolstra
This ensures that they can't write to /nix/store. Fixes #2535.
2018-08-03SSHMaster: Bypass SSH when connecting to localhostEelco Dolstra
This is primarily useful for testing since it removes the need to have SSH working.
2018-03-20SSHMaster: Optionally pass -v to sshEelco Dolstra
2017-08-16Disallow SSH host names starting with a dashEelco Dolstra
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-05-02build-remote: Ugly hackery to get build logs to workEelco Dolstra
The build hook mechanism expects build log output to go to file descriptor 4, so do that.
2017-03-21Honor $NIX_SSHOPTS againEelco Dolstra
NixOps needs this.
2017-03-03SSHMaster: Make thread-safeEelco Dolstra
2017-03-03Improve SSH handlingEelco Dolstra
* Unify SSH code in SSHStore and LegacySSHStore. * Fix a race starting the SSH master. We now wait synchronously for the SSH master to finish starting. This prevents the SSH clients from starting their own connections. * Don't use a master if max-connections == 1. * Add a "max-connections" store parameter. * Add a "compress" store parameter.