unversioned binary download, dependency on install.determinate.systems #84

New issue

Open

opened 2024-05-04 10:40:33 +00:00 by PhilippHeuer · 1 comment

PhilippHeuer commented

2024-05-04 10:40:33 +00:00

(Migrated from github.com)

Hi, thanks for creating this project and nix-installer. I managed to use the action successfully but have some concerns:

the hard dependency on install.determinate.systems (all workflows using this action would break if your server / hoster is unavailable)
the action is fetching unversioned binaries according to the log -> https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-...
the action requires sudo, the v10 changelog has a point about not requiring sudo anymore but when using step-security/harden-runner to disable sudo the action fails

My intent was to disable telemetry, only use versioned resources and avoid additional dependencies unless absolutely necessary. There are a few options in the action + install script, so i tried the following:

- uses: DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563 # v10
  env:
    NIX_INSTALLER_BINARY_ROOT: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0"
    NIX_INSTALLER_OVERRIDE_URL: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer-x86_64-linux"
  with:
    diagnostic-endpoint: "" # opt-out of telemetry
    source-url: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer.sh"

Both NIX_INSTALLER_BINARY_ROOT and NIX_INSTALLER_OVERRIDE_URL didn't have any effect and the file is still downloaded from https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-.... Is there anything else i can try?

CI Logs

Run DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563
  with:
    source-url: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer.sh
    flakehub: false
    force-docker-shim: false
    github-token: ***
    github-server-url: https://github.com/
    kvm: true
    modify-profile: true
    reinstall: false
    start-daemon: true
    trust-runner-user: true
  env:
    NIX_INSTALLER_BINARY_ROOT: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0
    NIX_INSTALLER_OVERRIDE_URL: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer-x86_64-linux"
...
Installing Nix
  Fetching binary from https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-...
...

Hi, thanks for creating this project and nix-installer. I managed to use the action successfully but have some concerns: - the hard dependency on install.determinate.systems (all workflows using this action would break if your server / hoster is unavailable) - the action is fetching unversioned binaries according to the log -> `https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-...` - the action requires sudo, the v10 changelog has a point about not requiring sudo anymore but when using [step-security/harden-runner](https://github.com/step-security/harden-runner) to disable sudo the action fails My intent was to disable telemetry, only use versioned resources and avoid additional dependencies unless absolutely necessary. There are a few options in the action + install script, so i tried the following: ```yaml - uses: DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563 # v10 env: NIX_INSTALLER_BINARY_ROOT: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0" NIX_INSTALLER_OVERRIDE_URL: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer-x86_64-linux" with: diagnostic-endpoint: "" # opt-out of telemetry source-url: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer.sh" ``` Both `NIX_INSTALLER_BINARY_ROOT` and `NIX_INSTALLER_OVERRIDE_URL` didn't have any effect and the file is still downloaded from `https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-...`. Is there anything else i can try? <details> <summary>CI Logs</summary> ``` Run DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563 with: source-url: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer.sh flakehub: false force-docker-shim: false github-token: *** github-server-url: https://github.com/ kvm: true modify-profile: true reinstall: false start-daemon: true trust-runner-user: true env: NIX_INSTALLER_BINARY_ROOT: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0 NIX_INSTALLER_OVERRIDE_URL: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer-x86_64-linux" ... Installing Nix Fetching binary from https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-... ... ``` </details>

lucperkins commented

2024-05-15 21:48:45 +00:00

(Migrated from github.com)

@PhilippHeuer Could you try again with a more recent commit? We've recently overhauled the JS behind this Action pretty significantly. I don't have a specific reason to think that that would or wouldn't fix this issue, but the changes have been significant enough that it's worth trying.

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-project/lix-install-action#84

No description provided.