aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/ssh.cc
AgeCommit message (Collapse)Author
2022-10-22Defer to SSH config files for ForwardAgent optionAustin Kiekintveld
Currently, Nix passes `-a` when it runs commands on a remote machine via SSH, which disables agent forwarding. This causes issues when the `ForwardAgent` option is set in SSH config files, as the command line operation always overrides those. In particular, this causes issues if the command being run is `sudo` and the remote machine is configured with the equivalent of NixOS's `security.pam.enableSSHAgentAuth` option. Not allowing SSH agent forwarding can cause authentication to fail unexpectedly. This can currently be worked around by setting `NIX_SSHOPTS="-A"`, but we should defer to the options in the SSH config files to be least surprising for users.
2022-02-25Remove std::string alias (for real this time)Eelco Dolstra
Also use std::string_view in a few more places.
2021-04-07restoreSignals() + restoreAffinity() -> restoreProcessContext()Eelco Dolstra
2021-02-25distributed builds: load remote builder host key from the machines fileGraham Christensen
This is already used by Hydra, and is very useful when materializing a remote builder list from service discovery. This allows the service discovery tool to only sync one file instead of two.
2020-02-14Fix PR_SET_PDEATHSIG results in Broken pipe (#2395)Tobias Möst
The ssh client is lazily started by the first worker thread, that requires a ssh connection. To avoid the ssh client to be killed, when the worker process is stopped, do not set PR_SET_PDEATHSIG.
2019-12-13SimplifyEelco Dolstra
2019-12-12libstore/ssh: Improve error message on failing `execvp`Profpatsch
If the `throw` is reached, this means that execvp into `ssh` wasn’t successful. We can hint at a usual problem, which is a missing `ssh` executable. Test with: ``` env PATH= ./result/bin/nix-copy-closure --builders '' unusedhost ``` and the bash version with ``` env PATH= ./result/bin/nix-copy-closure --builders '' localhost ```
2019-11-22getEnv(): Return std::optionalEelco Dolstra
This allows distinguishing between an empty value and no value.
2019-02-05Revert "Restore parent mount namespace before executing a child process"Eelco Dolstra
This reverts commit a0ef21262f4d5652bfb65cfacaec01d89c475a93. This doesn't work in 'nix run' and nix-shell because setns() fails in multithreaded programs, and Boehm GC mark threads are uncancellable. Fixes #2646.
2018-11-13Restore parent mount namespace before executing a child processEelco Dolstra
This ensures that they can't write to /nix/store. Fixes #2535.
2018-08-03SSHMaster: Bypass SSH when connecting to localhostEelco Dolstra
This is primarily useful for testing since it removes the need to have SSH working.
2018-03-20SSHMaster: Optionally pass -v to sshEelco Dolstra
2017-08-16Disallow SSH host names starting with a dashEelco Dolstra
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-05-02build-remote: Ugly hackery to get build logs to workEelco Dolstra
The build hook mechanism expects build log output to go to file descriptor 4, so do that.
2017-03-21Honor $NIX_SSHOPTS againEelco Dolstra
NixOps needs this.
2017-03-03SSHMaster: Make thread-safeEelco Dolstra
2017-03-03Improve SSH handlingEelco Dolstra
* Unify SSH code in SSHStore and LegacySSHStore. * Fix a race starting the SSH master. We now wait synchronously for the SSH master to finish starting. This prevents the SSH clients from starting their own connections. * Don't use a master if max-connections == 1. * Add a "max-connections" store parameter. * Add a "compress" store parameter.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 23:50:54 +0000