| 22 Apr 2025 |
 K900 | That seems to work on my local machine | 15:39:57 |
| K900 | But fails tests on buildkit | 15:40:00 |
| K900 | * But fails tests on buildkite | 15:40:01 |
| K900 | Also my brain is completely fried | 15:42:15 |
| K900 | And Oblivion Remastered is out | 15:42:20 |
| K900 | So I'm going to go do that | 15:42:23 |
| K900 | And if anyone wants to debug cursed pipe sorcery, feel free to take a stab at it in the meantime | 15:42:47 |
 aloisw | In reply to @k900:0upti.me
SSH connection is established, but SOMETHING else is executed instead of the thing we asked for Did the old version even work against that? The LocalCommand is executed on the client no matter what runs on the remote. | 16:37:25 |
| K900 | Fuck me if I know | 16:39:22 |
 helle (just a stray cat girl) | .... why is nix special casing ssh://localhost (and not actually connecting), but thankfully ssh://::1 does work, anyway we may have a funny option for K900 | 16:46:32 |
| helle (just a stray cat girl) | in sshd_config ForceCommand /bin/sh -c '[ "${SSH_ORIGINAL_COMMAND}" ] && exec ${SSH_ORIGINAL_COMMAND} "$@" || exec ${SHELL}'
which can also be in authorized_keys as command="/bin/sh -c '[ \"${SSH_ORIGINAL_COMMAND}\" ] && exec ${SSH_ORIGINAL_COMMAND} \"$@\" || exec ${SHELL}'" key_here
basically, makes it use /bin/sh for non-interactive ssh's, think that does work | 16:48:44 |
| helle (just a stray cat girl) | anyway, that is a workaround | 16:48:48 |
| helle (just a stray cat girl) | (I am sure there are some edge cases we are ignoring by doing this) | 16:52:06 |
| aloisw | Isn't SSH_ORIGINAL_COMMAND the entire command line? | 16:52:40 |
| helle (just a stray cat girl) | just the command part | 16:52:50 |
| helle (just a stray cat girl) | $@ contains the parameters for it | 16:53:13 |
| aloisw | WAT | 16:53:33 |
| aloisw | How does that even work? | 16:53:43 |
| helle (just a stray cat girl) | well, uh, not quite | 16:53:58 |
| aloisw | SSH_ORIGINAL_COMMAND
This variable contains the original command line if a forced
command is executed. It can be used to extract the original
arguments.
| 16:55:29 |
| helle (just a stray cat girl) | let me write this out entirely correctly and we may spot an error, lol | 16:55:31 |
| aloisw | That sounds like it should contain all of the args? | 16:55:36 |
| helle (just a stray cat girl) | yeah, uh, that doesn't seem to be the case? | 16:55:40 |
| helle (just a stray cat girl) | or mmm | 16:55:43 |
| helle (just a stray cat girl) | are we breaking it due to the wrapping in layers of stuff | 16:55:52 |
| helle (just a stray cat girl) | (this is why we dislike ssh relying on "$SHELL -c", too many layers) | 16:57:00 |
| aloisw | Well the [ "${SSH_ORIGINAL_COMMAND}" ] part probably only checks that the command is set at all. Then the exec executes it and the "$@" part does nothing because it is empty. | 16:57:56 |
| aloisw | (and things will probably break if the command contains quotes or dollar signs in bad places) | 16:58:32 |
| helle (just a stray cat girl) | yes, surprisingly nix store ping was okay, trying to currently find the other edge cases | 16:58:54 |
| helle (just a stray cat girl) | like, we knew there would be edge cases, we are like 2 shells deep at that point | 16:59:14 |
