-
-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
tailscale: fix tailscale ssh #311176
tailscale: fix tailscale ssh #311176
Conversation
We should revert the combination PR rather than shipping an un-reviewed PR as a patch - We clearly don't have enough testing infrastructure in place here, and repeatedly breaking folks networking and security boundary software is painfully invasive. |
(Reviewed the patch and there's technically also a slight regression). |
fcfc886
to
8192f8d
Compare
8192f8d
to
d2eeeb4
Compare
That was easy to fix by using the same method the tailscaled uses to detect if it should start the cli https://github.com/tailscale/tailscale/pull/5193/files
"We" as in tailscale. I took this from their upstream documentation https://tailscale.com/kb/1207/small-tailscale and since there were no hints at all, I assumed this is straightforward and easy to use to reduce unnecessary binary size. I think we understand the problem at hand pretty well and I have looked at all other usages of os.Executable() and there should not be affected by this, so a revert would create a noisy history. |
We: Nixpkgs - There have been several ways that we've broken the tailscale package and module lately - including this. We should move back to a stable point and then only start making changes if they're going to be well tested first. |
Well, the other breakage was because a years old commit got reverted and that PR shouldn't have been merged in the first place and didn't receive a proper review from a maintainer. We cannot realistically test everything, hence we always need to rely a bit on nixos-unstable to discover some issues. I think we should just merge this and move forward and then we are at the stable point again. |
I agree that not every tailscale feature can be realistically tested every PR. If this issue when using In order to focus on how we (as the nixpkgs maintainers for tailscale) can improve going forwards rather than focusing on past negatives here are some proposals:
We will not catch all issues but these could help. I welcome thoughts on these proposals or additional ideas. |
Successfully created backport PR for |
Closes #310950
Description of changes
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 馃憤 reaction to pull requests you find important.