Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EC2 instance connect support #66463

Closed

Conversation

thefloweringash
Copy link
Member

Motivation for this change

Amazon released EC2 Instance Connect that allows SSH authentication to be attached to Amazon's authentication system (IAM). They provide packages for Ubuntu and their first party linux. This is an implementation for NixOS.

A note about the implementation: it's a lot of shell scripting, where the scripts are written in a style where the majority (but not all!) of external commands are written with absolute paths. To make this work, these need to be rewritten somehow. I elected to replace the call sites with their resolved path by looking up the path in a constructed lib.makeBinPath. For the few that aren't absolute, I also added coreutils to the PATH in the wrapper.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

@stale
Copy link

stale bot commented Jun 1, 2020

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

  1. Search for maintainers and people that previously touched the
    related code and @ mention them in a comment.
  2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
    irc.freenode.net.

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 1, 2020
@thefloweringash
Copy link
Member Author

Considering the complexity of this package, the security impact, and the difficulty of testing this, I'm going to close this.

Note that upstream is considering reimplementation in another language. If that happens it might become a lot easier to package and more robust to general package churn, so we should reconsider then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant