search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.16k stars 13.43k forks source link

enableNg causes git warning with sudo nixos-rebuild switch as root #325154

Open stephen-huan opened 1 month ago

stephen-huan commented 1 month ago

Describe the bug

With system.switch.enableNg = true, running sudo sudo nixos-rebuild switch (note the two sudo's) gives

fatal: detected dubious ownership in repository at '/keep/home/ikue/.config/home-manager/.git'
To add an exception for this directory, call:

    git config --global --add safe.directory /keep/home/ikue/.config/home-manager/.git
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
warning: could not read HEAD ref from repo at '/keep/home/ikue/.config/home-manager', using 'master'
building the system configuration...
fatal: detected dubious ownership in repository at '/keep/home/ikue/.config/home-manager/.git'
To add an exception for this directory, call:

    git config --global --add safe.directory /keep/home/ikue/.config/home-manager/.git
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
warning: could not read HEAD ref from repo at '/keep/home/ikue/.config/home-manager', using 'master'
activating the configuration...
setting up /etc...
reloading user units for ikue...
restarting sysinit-reactivation.target

Note that the system is still successfully updated from the master branch of my personal configuration.

Running sudo nixos-rebuild switch (only one sudo) gives

building the system configuration...
activating the configuration...
setting up /etc...
reloading user units for ikue...
restarting sysinit-reactivation.target

as expected. Equivalently, the warnings occur if one is root (sudo su) and runs sudo nixos-rebuild switch and does not occur if nixos-rebuild switch is ran as root. I'm not sure why there is a difference between sudo sudo and sudo.

Steps To Reproduce

The quirks in my setup that could be contributing are

Filesystem             Size  Used Avail Use% Mounted on
devtmpfs               1.6G     0  1.6G   0% /dev
tmpfs                   16G   35M   16G   1% /dev/shm
tmpfs                  7.7G  6.2M  7.7G   1% /run
tmpfs                   16G  960K   16G   1% /run/wrappers
tmpfs                  2.0G  5.2M  2.0G   1% /
/dev/VolumeGroup/root  883G  283G  556G  34% /keep
efivarfs               128K   21K  103K  18% /sys/firmware/efi/efivars
tmpfs                  3.1G   52K  3.1G   1% /run/user/1000
/dev/nvme0n1p1        1022M   47M  976M   5% /boot
/etc/nixos/flake.nix -> /etc/static/nixos/flake.nix
/etc/static/nixos/flake.nix -> /home/ikue/.config/home-manager/flake.nix
/home/ikue/.config/home-manager/ -> /nix/store/8hsazz933czilwdv5094fqb6xznlmqmg-home-manager-files/.config/home-manager
/nix/store/8hsazz933czilwdv5094fqb6xznlmqmg-home-manager-files/.config/home-manager -> /nix/store/aya860p5kg2zzfrsiqnby2sz1pyysbm5-keep-home-ikue-config-home-manager
/nix/store/aya860p5kg2zzfrsiqnby2sz1pyysbm5-keep-home-ikue-config-home-manager -> /keep/home/ikue/.config/home-manager
  File: /home/ikue/.config/home-manager/.git
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: 254,2   Inode: 33031164    Links: 8
Access: (0755/drwxr-xr-x)  Uid: ( 1000/    ikue)   Gid: (  100/   users)

Expected behavior

Wasn't sure if this was worth reporting but the original PR says

The goal of this change is to provide an implementation of switch-to-configuration that is compatible (bug-for-bug, feature-for-feature) with the current perl script.

and I do not get the warning with the perl script.

Notify maintainers

@jmbaur (sorry for the noise if there's something simple I'm missing!)

Metadata

Add a :+1: reaction to issues you find important.

jmbaur commented 1 month ago

I guess first thought is that the switch-to-configuration program, regardless of if you're using the new implementation or not, is only responsible for the last parts of the output above. The git errors look like errors happening during the build of your config's config.system.build.toplevel. I can't see anything here that would cause a difference based on switch-to-configuration implementation. Have you tried using the --use-remote-sudo when calling nixos-rebuild instead of calling with sudo?

stephen-huan commented 1 month ago

I guess first thought is that the switch-to-configuration program, regardless of if you're using the new implementation or not, is only responsible for the last parts of the output above. The git errors look like errors happening during the build of your config's config.system.build.toplevel. I can't see anything here that would cause a difference based on switch-to-configuration implementation.

All I can say is I've definitely not gotten these warnings with the perl script and got the warnings as soon as I switched (https://github.com/stephen-huan/nixos-config/commit/12ae15d21e460e2fb2b6532c03964b236697e5d2) ~a month ago.

Have you tried using the --use-remote-sudo when calling nixos-rebuild instead of calling with sudo?

nixos-rebuild switch --use-remote-sudo works, sudo nixos-rebuild switch --use-remote-sudo works, and sudo sudo nixos-rebuild switch --use-remote-sudo gives the warnings again.

To be clear, I'm not looking for a workaround---I can just not run nixos-rebuild with two sudo's, and even if I do, the update still happens successfully anyways. I just figured I might as well report an inconsistency I was observing.

Thanks for the pointers. I'll see if I can track the error down to something more concrete, and update this issue if I do.