diff --git a/checks/update/flake-module.nix b/checks/update/flake-module.nix index a017c63cf..2ec716b8b 100644 --- a/checks/update/flake-module.nix +++ b/checks/update/flake-module.nix @@ -174,7 +174,7 @@ ############## - print("TEST: update with --build-host localhost --target-host localhost") + print("TEST: update with --build-host local") with open(machine_config_path, "w") as f: f.write(""" { @@ -197,6 +197,15 @@ check=True ) + # allow machine to ssh into itself + subprocess.run([ + "ssh", + "-o", "UserKnownHostsFile=/dev/null", + "-o", "StrictHostKeyChecking=no", + f"root@192.168.1.1", + "mkdir -p /root/.ssh && chmod 700 /root/.ssh && echo \"$(cat \"${../assets/ssh/privkey}\")\" > /root/.ssh/id_ed25519 && chmod 600 /root/.ssh/id_ed25519", + ], check=True) + # install the clan-cli package into the container's Nix store subprocess.run( [ @@ -216,7 +225,7 @@ }, ) - # Run ssh on the host to run the clan update command via --build-host localhost + # Run ssh on the host to run the clan update command via --build-host local subprocess.run([ "ssh", "-o", "UserKnownHostsFile=/dev/null", @@ -230,8 +239,8 @@ "--host-key-check", "none", "--upload-inputs", # Use local store instead of fetching from network "--build-host", "localhost", - "--target-host", "localhost", "test-update-machine", + "--target-host", f"root@localhost", ], check=True) # Verify the update was successful diff --git a/pkgs/clan-cli/clan_cli/machines/update.py b/pkgs/clan-cli/clan_cli/machines/update.py index e79722b69..7a6cd552b 100644 --- a/pkgs/clan-cli/clan_cli/machines/update.py +++ b/pkgs/clan-cli/clan_cli/machines/update.py @@ -144,14 +144,10 @@ def update_command(args: argparse.Namespace) -> None: build_host = machine.build_host() # Figure out the target host if args.target_host: - target_host: Host | None = None - if args.target_host == "localhost": - target_host = LocalHost() - else: - target_host = Remote.from_ssh_uri( - machine_name=machine.name, - address=args.target_host, - ).override(host_key_check=host_key_check) + target_host = Remote.from_ssh_uri( + machine_name=machine.name, + address=args.target_host, + ).override(host_key_check=host_key_check) else: target_host = machine.target_host().override( host_key_check=host_key_check diff --git a/pkgs/clan-cli/clan_lib/ssh/localhost.py b/pkgs/clan-cli/clan_lib/ssh/localhost.py index ac5f0794b..4db3e5b26 100644 --- a/pkgs/clan-cli/clan_lib/ssh/localhost.py +++ b/pkgs/clan-cli/clan_lib/ssh/localhost.py @@ -18,7 +18,7 @@ class LocalHost: command_prefix: str = "localhost" _user: str = field(default_factory=lambda: os.environ.get("USER", "root")) - _sudo: bool = False + _askpass_path: str | None = None @property def target(self) -> str: @@ -52,10 +52,11 @@ class LocalHost: env.update(extra_env) # Handle sudo if needed - if self._sudo: + if self._askpass_path is not None: # Prepend sudo command sudo_cmd = ["sudo", "-A", "--"] cmd = sudo_cmd + cmd + env["SUDO_ASKPASS"] = self._askpass_path # Set options opts.env = env @@ -84,8 +85,9 @@ class LocalHost: yield self return - # This is a simplified version - could be enhanced with sudo askpass proxy. - yield LocalHost(_sudo=True) + # For local execution, we can use sudo with askpass if GUI is available + # This is a simplified version - could be enhanced with sudo askpass proxy + yield self @contextmanager def host_connection(self) -> Iterator["LocalHost"]: