Merge pull request #11021 from hercules-ci/issue-11010

Fix SSH invocation when local SHELL misbehaves
2025-07-08 06:53:54 +02:00 · 2024-08-26 10:40:51 -04:00 · 2024-08-26 10:40:51 -04:00 · 440de80d34
commit 440de80d34
parent 7b53636150 a03bb4455c
5 changed files with 67 additions and 4 deletions
--- a/tests/nixos/remote-builds.nix
+++ b/tests/nixos/remote-builds.nix
@ -81,6 +81,17 @@ in
            virtualisation.additionalPaths = [ config.system.build.extraUtils ];
            nix.settings.substituters = lib.mkForce [ ];
            programs.ssh.extraConfig = "ConnectTimeout 30";
+            environment.systemPackages = [
+              # `bad-shell` is used to make sure Nix works an environment with a misbehaving shell.
+              #
+              # More realistically, a bad shell would still run the command ("echo started")
+              # but considering that our solution is to avoid this shell (set via $SHELL), we
+              # don't need to bother with a more functional mock shell.
+              (pkgs.writeScriptBin "bad-shell" ''
+                #!${pkgs.runtimeShell}
+                echo "Hello, I am a broken shell"
+              '')
+            ];
          };
      };

@ -114,9 +125,13 @@ in
            'echo hello world on $(hostname)' >&2
        """)

+      # Check that SSH uses SHELL for LocalCommand, as expected, and check that
+      # our test setup here is working. The next test will use this bad SHELL.
+      client.succeed(f"SHELL=$(which bad-shell) ssh -oLocalCommand='true' -oPermitLocalCommand=yes {builder1.name} 'echo hello world' | grep -F 'Hello, I am a broken shell'")
+
      # Perform a build and check that it was performed on the builder.
      out = client.succeed(
-        "nix-build ${expr nodes.client 1} 2> build-output",
+        "SHELL=$(which bad-shell) nix-build ${expr nodes.client 1} 2> build-output",
        "grep -q Hello build-output"
      )
      builder1.succeed(f"test -e {out}")