--extra-files copied to target machine with original user's ownership

[madsamjp]

I'm having an issue with this command:

install -d -m755 "$temp/persist/etc/ssh"
...
chmod 600 "$temp/persist/etc/ssh/ssh_host_ed25519_key"
chmod 644 "$temp/persist/etc/ssh/ssh_host_ed25519_key.pub"
nix run github:nix-community/nixos-anywhere -- --extra-files "$temp" --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"

nixos-anywhere seems to be copying the extra files as the original user, thus breaking my installation. /etc and /etc/ssh are owned by 1000:users, when they should be root:root

I noticed this after the recent rsync related merge today: #325, so not sure if it's related to that, or if I'm doing something dumb.

[madsamjp]

I've run the command using the last revision before today's merge, and the issue goes away confirming that the recent merge is the source of the issue:

nix run github:nix-community/nixos-anywhere/242444d228636b1f0e89d3681f04a75254c29f66 -- --extra-files "$temp" --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"

[Prince213]

This makes sense. Sorry for that. The original idea is to let the user setup permissions etc. But well, this situation should be better taken care of.

[badele]

This issue ruined my entire weekend, which is ironic for a tool supposed to set up an instance in less than 5 minutes!

Indeed, it crashes the entire installation, especially the SSHD server! For security reasons, SSH is strict about the owner of the /var/empty file. However, if you mistakenly copy a file into /etc/, the entire root directory changes its owner to the user.

You can see on the new installation, the boot problem

Several options are possible:

• Run nixos-anywhere as root, which I am not very keen on.
• Offer the possibility to execute a post-script on new installation

[badele]

Also, recommending the use of the command nix run github:nix-community/nixos-anywhere is counterproductive because it uses the latest version and not locked version

I think it would be better to advise using nix run nixpkgs#nixos-anywhere or similar so that it uses a locked version ?

[Prince213]

@badele Please try nix run github:Prince213/nixos-anywhere/extra-files and see if that solves the problem? All files will be own by root.

[badele]

@badele Please try nix run github:Prince213/nixos-anywhere/extra-files and see if that solves the problem? All files will be own by root.

Hi @Prince213 thanks for your quick contribution, it seems to be working now.

[Prince213]

@badele Please try nix run github:Prince213/nixos-anywhere/extra-files and see if that solves the problem? All files will be own by root.

Hi @Prince213 thanks for your quick contribution, it seems to be working now.

@badele Glad it helped!