The test failed with
> Test "test5 user should not be able to run commands under root" failed with
> error: "invalid literal for int() with base 10: ''"
since 2492da88ea.
The reason for this is that `sudo(8)` writes the lecture to the
tty[1] and only as a fallback to stdout[2]. This means that the
`base64 --wrap 0` executed by `machine.execute()` doesn't affect the
text written to the terminal, however the lecture is part of the string
that's read from the VM via `shell.recv()`.
I confirmed the problem in an interactive test session[3]:
>>> command = "sudo -u test5 sudo -n -u root true"
>>> out_command = f"( set -euo pipefail; {command} ) | (base64 --wrap 0; echo)\n"
>>> machine.shell.send(out_command.encode())
84
>>> machine # [ 99.015512] sudo[877]: root : TTY=hvc0 ; PWD=/tmp ; USER=test5 ; COMMAND=/run/wrappers/bin/sudo -n -u root true
machine # [ 99.019373] sudo[877]: pam_unix(sudo:session): session opened for user test5(uid=1005) by (uid=0)
machine # [ 99.038692] sudo[879]: pam_unix(sudo:auth): conversation failed
machine # sudo: a password is required
machine # [ 99.041860] sudo[879]: pam_unix(sudo:auth): auth could not identify password for [test5]
machine # [ 99.046901] sudo[877]: pam_unix(sudo:session): session closed for user test5
>>>
>>> x=machine._next_newline_closed_block_from_shell()
>>> print(x)
<newline>
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
<newline>
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
<newline>
<newline>
<newline>
>>>
Since the lecture isn't strictly necessary to confirm that
`security.sudo` works as expected, I decided to disable lecturing
inside the test, however we may want to fix the underlying problem in
the test-driver at some point.
[1] https://github.com/sudo-project/sudo/blob/SUDO_1_9_9/plugins/sudoers/check.c#L275-L283
[2] https://github.com/sudo-project/sudo/blob/SUDO_1_9_9/src/conversation.c#L95-L120
[3] I replaced each empty line with `<newline>` to make sure these
aren't swallowed by git.
Chrome, Chromium, VSCode, Slack, Signal, Discord, element-desktop,
schildichat.
For the latter two, the feature flag useWayland was removed and a
wrapper script was provided.
The `nix.*` options, apart from options for setting up the
daemon itself, currently provide a lot of setting mappings
for the Nix daemon configuration. The scope of the mapping yields
convience, but the line where an option is considered essential
is blurry. For instance, the `extra-sandbox-paths` mapping is
provided without its primary consumer, and the corresponding
`sandbox-paths` option is also not mapped.
The current system increases the maintenance burden as maintainers have to
closely follow upstream changes. In this case, there are two state versions
of Nix which have to be maintained collectively, with different options
avaliable.
This commit aims to following the standard outlined in RFC 42[1] to
implement a structural setting pattern. The Nix configuration is encoded
at its core as key-value pairs which maps nicely to attribute sets, making
it feasible to express in the Nix language itself. Some existing options are
kept such as `buildMachines` and `registry` which present a simplified interface
to managing the respective settings. The interface is exposed as `nix.settings`.
Legacy configurations are mapped to their corresponding options under `nix.settings`
for backwards compatibility.
Various options settings in other nixos modules and relevant tests have been
updated to use structural setting for consistency.
The generation and validation of the configration file has been modified to
use `writeTextFile` instead of `runCommand` for clarity. Note that validation
is now mandatory as strict checking of options has been pushed down to the
derivation level due to freeformType consuming unmatched options. Furthermore,
validation can not occur when cross-compiling due to current limitations.
A new option `publicHostKey` was added to the `buildMachines`
submodule corresponding to the base64 encoded public host key settings
exposed in the builder syntax. The build machine generation was subsequently
rewritten to use `concatStringsSep` for better performance by grouping
concatenations.
[1] - https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
