Revert "machines update: support --target-host localhost"

This reverts commit a2818d4946cc66a08b9dd7a1ab95dc48ea708fe3.

Setting `--target-host localhost` breaks with:
sudo: no askpass program specified, try setting SUDO_ASKPASS

checks/update/flake-module.nix

@@ -174,7 +174,7 @@
 
 
                       ##############
-                      print("TEST: update with --build-host localhost --target-host localhost")
+                      print("TEST: update with --build-host local")
                       with open(machine_config_path, "w") as f:
                           f.write("""
                       {
@@ -197,6 +197,15 @@
                         check=True
                       )
 
+                      # allow machine to ssh into itself
+                      subprocess.run([
+                          "ssh",
+                          "-o", "UserKnownHostsFile=/dev/null",
+                          "-o", "StrictHostKeyChecking=no",
+                          f"root@192.168.1.1",
+                          "mkdir -p /root/.ssh && chmod 700 /root/.ssh && echo \"$(cat \"${../assets/ssh/privkey}\")\" > /root/.ssh/id_ed25519 && chmod 600 /root/.ssh/id_ed25519",
+                      ], check=True)
+
                       # install the clan-cli package into the container's Nix store
                       subprocess.run(
                         [
@@ -216,7 +225,7 @@
                         },
                       )
 
-                      # Run ssh on the host to run the clan update command via --build-host localhost
+                      # Run ssh on the host to run the clan update command via --build-host local
                       subprocess.run([
                           "ssh",
                           "-o", "UserKnownHostsFile=/dev/null",
@@ -230,8 +239,8 @@
                           "--host-key-check", "none",
                           "--upload-inputs",  # Use local store instead of fetching from network
                           "--build-host", "localhost",
-                          "--target-host", "localhost",
                           "test-update-machine",
+                          "--target-host", f"root@localhost",
                       ], check=True)
 
                       # Verify the update was successful

pkgs/clan-cli/clan_cli/machines/update.py

@@ -144,10 +144,6 @@ def update_command(args: argparse.Namespace) -> None:
                     build_host = machine.build_host()
                 # Figure out the target host
                 if args.target_host:
-                    target_host: Host | None = None
-                    if args.target_host == "localhost":
-                        target_host = LocalHost()
-                    else:
                     target_host = Remote.from_ssh_uri(
                         machine_name=machine.name,
                         address=args.target_host,

pkgs/clan-cli/clan_lib/ssh/localhost.py

@@ -18,7 +18,7 @@ class LocalHost:
 
     command_prefix: str = "localhost"
     _user: str = field(default_factory=lambda: os.environ.get("USER", "root"))
-    _sudo: bool = False
+    _askpass_path: str | None = None
 
     @property
     def target(self) -> str:
@@ -52,10 +52,11 @@ class LocalHost:
             env.update(extra_env)
 
         # Handle sudo if needed
-        if self._sudo:
+        if self._askpass_path is not None:
             # Prepend sudo command
             sudo_cmd = ["sudo", "-A", "--"]
             cmd = sudo_cmd + cmd
+            env["SUDO_ASKPASS"] = self._askpass_path
 
         # Set options
         opts.env = env
@@ -84,8 +85,9 @@ class LocalHost:
             yield self
             return
 
-        # This is a simplified version - could be enhanced with sudo askpass proxy.
-        yield LocalHost(_sudo=True)
+        # For local execution, we can use sudo with askpass if GUI is available
+        # This is a simplified version - could be enhanced with sudo askpass proxy
+        yield self
 
     @contextmanager
     def host_connection(self) -> Iterator["LocalHost"]: