Accept strings with Nix paths as proper shells #24786
Conversation
|
@abbradar, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @ericsagnes and @nbp to be potential reviewers. |
abbradar
changed the title
|
@abbradar , I am not sure to understand the use case, can you provide an example. |
|
@nbp More elaborated, it doesn't work now because:
|
|
Would the following work: |
|
It should but |
|
I actually have a similar use case in one of my configuration files: users.extraUsers.git = {
uid = config.ids.uids.git;
group = "git";
description = "Git User";
home = "/home/git";
createHome = true;
shell = pkgs.git + "/bin/git-shell";
openssh.authorizedKeys.keyFiles = [ ...
./nicolas.computer.pub
];
}; |
|
I think the proper reviewer for these changes should be @zimbatm |
|
Hm, it's interesting that it works for your configuration without those patches. I'll look into this, maybe there's something deeper going on... |
|
The types.either types.shellPackage types.path;Thus in my case, I get a nix-store path which is validated by the I see that multiple locations have the same type with either a shellPackage or a path. 2 things we can do:
|
|
the path type was to preserve legacy usage. if you have a better approach I'm all for it |
|
@nbp Ah, I get it now, I'm for option (2) -- I'll look at implementing it somewhere this week. |
|
Option (2) is just a clean-up, and not a solution, it would not solve the problem you are facing. Option (1) is from what I understand the proper way to fix this issue. |
|
Hm, this seems a wrong place to fix the problem to me because I feel that |
|
having a |
|
@nbp That's okay, what I mean is that either the type should be |
|
So, do we agree that |
Yes the |
nixos/lib/utils.nix
Outdated
| @@ -21,8 +21,8 @@ rec { | |||
| toShellPath = shell: | |||
| if types.shellPackage.check shell then | |||
| "/run/current-system/sw${shell.shellPath}" | |||
| else if types.package.check shell then | |||
| throw "${shell} is not a shell package" | |||
| else if isString shell && types.path.check shell then | |||
There was a problem hiding this comment.
Why do we need isString when we have types.path.check here? Also, the type of the shell option is either shellPackage path, so we know that both test are correct.
There was a problem hiding this comment.
path accepts not only strings, but also derivations. Here we have already filtered derivations with shellPath defined (shellPackage.check shell == true), so now we want to handle strings that are also valid paths (start with /), but not derivations. We'll then throw on them.
There was a problem hiding this comment.
Now that I think of it the proper way here might be to refine the type instead so that it accepts only string paths or shellPackages.
|
I've made a new version; we now have a separate type |
|
I'm working on a third version of this patch and wonder -- why do we need to install shells globally? What is the downside of using direct Nix store paths? |
|
It comes from |
|
Ah, then it means that using shells which are not installed in system environment is a bad idea anyway! Then this PR is a bad idea as it is too -- let's close it. I'll document that shells need stable paths somewhere in comments later. |
Motivation for this change
I have a special user account on a server for the sole purpose of playing NetHack. It's forced (via SSH's
ForceCommandandextraUsers.*.shell) to run special script (writeScript) whichexecs the game, so the only thing one can do after he/she logs in to the account is to play the game. Without this patch you can't use any such custom script as the shell because it detects that it's in Nix store, "reverses" derivation from it and fails to find needed attributes. This makesshellPackageto require a derivation and fixestoShellPathso that such paths are accepted.Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)