search

ryantm / agenix

age-encrypted secrets for NixOS and Home manager
https://matrix.to/#/#agenix:nixos.org
Creative Commons Zero v1.0 Universal
1.34k stars 108 forks source link

Incorrect Assignment of Owner #189

Closed JayRovacsek closed 1 year ago

JayRovacsek commented 1 year ago

G'day all, tentative in posting this, but I think there may be an issue in setting the owner in a configuration I have.

My configuration spans both Linux and Darwin, but this behavior only exists within a Darwin setting. I'm not sure how to best troubleshoot this one, as it was working recently, however has stopped working (I have a suspicion a system update could be related - 13.4)

Snippet of configuration:

{
  age = {
    identityPaths = [
      "/private/var/agenix/id-ed25519-ssh-primary"
      "/private/var/agenix/id-ed25519-terraform-primary"
    ];
    secrets = let owner = "j.rovacsek";
    in {
      "j.rovacsek-id-ed25519-sk-type-a-1" = {
        inherit owner;
        file = ../../secrets/ssh/jay-id-ed25519-sk-type-a-1.age;
      };

Link to the full file in question

The behavior I'm seeing is a symlink being created with root:wheel ownership instead of the expected j.rovacsek:wheel value. Read/write/execute is set correctly still, the ownership just appears incorrect.

As an example the output of an ls on the decrypted file:

-r-------- 1 root wheel 561 May 26 12:37 /run/agenix.d/1/j.rovacsek-id-ed25519-sk-type-a-1

Curious if anyone else if experiencing this issue possibly on Darwin? I can't see any recent commit changes to this repository that would point to the issue being within the repository

JayRovacsek commented 1 year ago

So I identified that this secret was causing this behaviour, leading to all secrets not being chown'd correctly. Closing this issue :+1: