search

awakesecurity / nix-delegate

Convenient utility for distributed Nix builds
Other
86 stars 6 forks source link

Commands with shell characters (space, <, etc.) need quotes #17

Open Warbo opened 6 years ago

Warbo commented 6 years ago

I tried running the following, as a simple "hello world" test:

$ nix-delegate --host desktop nix-build -E 'with import <nixpkgs> {}; bash'
Generating RSA private key, 2048 bit long modulus
..................+++
.......................................+++
e is 65537 (0x10001)
writing RSA key
[+] Downloading: /etc/nix/signing-key.sec
[+] Installing: /etc/nix/signing-key.sec

    This will prompt you for your `sudo` password
[sudo] password for chris: 
[+] Downloading: /etc/nix/signing-key.pub
[+] Installing: /etc/nix/signing-key.pub
[+] Running command: sudo nix-build -E with import <nixpkgs> {}; bash
[+] Full command context: sudo NIX_BUILD_HOOK=/nix/store/mgrzfclwgi46n5951j167550idqyphbh-nix-2.0/libexec/nix/build-remote.pl NIX_PATH=ssh-config-file=/home/chris/.ssh/config:ssh-auth-sock=/run/user/1000/ssh-agent:nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels NIX_REMOTE_SYSTEMS=/tmp/remote-systems30431-2.conf NIX_CURRENT_LOAD=/tmp/build-remote-load30431 nix-build -E with import <nixpkgs> {
}; bash
/bin/sh: nixpkgs: No such file or directory
  C-c C-cnix-delegate: user error ([x] The subcommand you specified exited with a non-zero exit code:

    Original error: ShellFailed {shellCommandLine = "sudo NIX_BUILD_HOOK=/nix/store/mgrzfclwgi46n5951j167550idqyphbh-nix-2.0/libexec/nix/build-remote.pl NIX_PATH=ssh-config-file=/home/chris/.ssh/config:ssh-auth-sock=/run/user/1000/ssh-agent:nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels NIX_REMOTE_SYSTEMS=/tmp/remote-systems30431-2.conf NIX_CURRENT_LOAD=/tmp/build-remote-load30431 nix-build
 -E with import <nixpkgs> {}; bash", shellExitCode = ExitFailure (-2)}
)

It looks like /bin/sh is trying to interpret <nixpkgs> as a file redirection, e.g. like we might do </dev/null.

I wrapped the whole command in quotes and it worked:

$ nix-delegate --host desktop "nix-build -E 'with import <nixpkgs> {}; bash'"
[+] Downloading: /etc/nix/signing-key.sec
[+] Installing: /etc/nix/signing-key.sec

    This will prompt you for your `sudo` password
[sudo] password for chris: 
[+] Downloading: /etc/nix/signing-key.pub
[+] Installing: /etc/nix/signing-key.pub
[+] Running command:  nix-build -E 'with import <nixpkgs> {}; bash' 
[+] Full command context:  NIX_BUILD_HOOK=/nix/store/mgrzfclwgi46n5951j167550idqyphbh-nix-2.0/libexec/nix/build-remote.pl NIX_PATH=ssh-config-file=/home/chris/.ssh/config:ssh-auth-sock=/run/user/1000/ssh-agent:nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels NIX_REMOTE_SYSTEMS=/tmp/remote-systems12784-2.conf NIX_CURRENT_LOAD=/tmp/build-remote-load12784 nix-build -E 'with import <nixpkgs> {}; 
bash' 
/nix/store/3kwm20w030ipg5whk8aqlzjfbln274r7-bash-4.4-p12

This might be worth documenting, especially since the README's example of nix-build --no-out-link -A shipit release.nix isn't quoted; that example just-so-happens to work because none of its arguments contain spaces or shell characters like <

ocharles commented 5 years ago

The bug seems to be more that the quotes you provided have been lost:

[+] Running command: sudo nix-build -E with import <nixpkgs> {}; bash

should be

[+] Running command: sudo nix-build -E 'with import <nixpkgs> {}; bash'

e.g., the very thing you wrote in the first place!