Skip to content

nixos/run0: switch to run0-sudo-shim#531696

Merged
LordGrimmauld merged 2 commits into
NixOS:masterfrom
zimward:push-xtukrvvzwtkv
Jun 17, 2026
Merged

nixos/run0: switch to run0-sudo-shim#531696
LordGrimmauld merged 2 commits into
NixOS:masterfrom
zimward:push-xtukrvvzwtkv

Conversation

@zimward

@zimward zimward commented Jun 14, 2026

Copy link
Copy Markdown
Contributor

Now with release note entry!

CC: @LordGrimmauld @kuflierl @arcayr if you want to maintain the nixos module too

Things done

LordGrimmauld
LordGrimmauld requested changes Jun 14, 2026
View reviewed changes

@LordGrimmauld LordGrimmauld left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may make sense to target this against staging-nixos to avoid merge conflicts against #530106

Comment thread doc/release-notes/rl-2611.section.md Outdated
Comment thread nixos/modules/security/run0.nix Outdated
@nixpkgs-ci nixpkgs-ci Bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: documentation This PR adds or changes documentation labels Jun 14, 2026
@zimward zimward force-pushed the push-xtukrvvzwtkv branch from bf16771 to 6df05f8 Compare June 14, 2026 15:43
@zimward zimward changed the base branch from master to staging-next June 14, 2026 15:46
@nixpkgs-ci nixpkgs-ci Bot closed this Jun 14, 2026
@nixpkgs-ci nixpkgs-ci Bot reopened this Jun 14, 2026
nixpkgs-branch-check[bot]

This comment was marked as outdated.

Sign in to view

@zimward zimward force-pushed the push-xtukrvvzwtkv branch from 6df05f8 to 7ce0282 Compare June 14, 2026 15:52
@nixpkgs-branch-check nixpkgs-branch-check Bot dismissed their stale review June 14, 2026 15:53

Review dismissed automatically

@nixpkgs-ci nixpkgs-ci Bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. and removed 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. labels Jun 14, 2026
LordGrimmauld
LordGrimmauld previously approved these changes Jun 14, 2026
View reviewed changes

@LordGrimmauld LordGrimmauld left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ty, cc @mweinelt too who suggested this in #530106 (comment)

@zimward zimward force-pushed the push-xtukrvvzwtkv branch from 7ce0282 to 143085d Compare June 14, 2026 16:05
@zimward zimward changed the base branch from staging-next to staging-nixos June 14, 2026 16:05
@nixpkgs-ci nixpkgs-ci Bot closed this Jun 14, 2026
@nixpkgs-ci nixpkgs-ci Bot reopened this Jun 14, 2026
@LordGrimmauld LordGrimmauld dismissed their stale review June 14, 2026 16:08

Things changed and checks fail now

@nixpkgs-ci nixpkgs-ci Bot added the 12.approvals: 1 This PR was reviewed and approved by one person. label Jun 14, 2026
kuflierl
kuflierl approved these changes Jun 14, 2026
View reviewed changes

@kuflierl kuflierl left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty clean.
Could you also add me as maintainer?
Backporting would probably be a breaking change and would not be that great of an idea.

@LordGrimmauld

LordGrimmauld commented Jun 14, 2026

Copy link
Copy Markdown
Contributor

Yeah no we can't backport this

@nixpkgs-ci nixpkgs-ci Bot added 12.approvals: 2 This PR was reviewed and approved by two persons. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Jun 14, 2026
@zimward zimward force-pushed the push-xtukrvvzwtkv branch from 143085d to cef918d Compare June 14, 2026 18:48
@zimward

zimward commented Jun 14, 2026

Copy link
Copy Markdown
Contributor Author

Looks pretty clean. Could you also add me as maintainer? Backporting would probably be a breaking change and would not be that great of an idea.

done

@LordGrimmauld LordGrimmauld changed the base branch from staging-nixos to master June 15, 2026 07:03
@nixpkgs-ci nixpkgs-ci Bot closed this Jun 15, 2026
@nixpkgs-ci nixpkgs-ci Bot reopened this Jun 15, 2026
@kuflierl

kuflierl commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Member

What changed? I thought we were waiting for polkit

@LordGrimmauld

LordGrimmauld commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

#531808 means staging-nixos was just merged to master, so we can target master here too

@nixpkgs-ci nixpkgs-ci Bot added 12.approvals: 3+ This PR was reviewed and approved by three or more persons. and removed 12.approvals: 2 This PR was reviewed and approved by two persons. labels Jun 15, 2026
whispersofthedawn
whispersofthedawn reviewed Jun 15, 2026
View reviewed changes
Comment thread nixos/modules/security/run0.nix Outdated
Comment thread nixos/doc/manual/release-notes/rl-2611.section.md

- `komodo` has been updated to the v2 release line (2.x). See the [upstream v1 → v2 upgrade guide](https://github.com/moghtech/komodo/releases/tag/v2.0.0).

- `security.run0.enableSudoAlias` now uses the `run0-sudo-shim` instead of a shell-script to improve compatibility.

@whispersofthedawn whispersofthedawn Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `security.run0.enableSudoAlias` now uses the `run0-sudo-shim` instead of a shell-script to improve compatibility.
- `security.run0.enableSudoAlias` has been renamed to `security.run0.sudo-shim.enable` and now uses the `run0-sudo-shim` instead of a shell-script to improve compatibility.

maybe worth it to call out the rename? don't feel strongly either way since it's aliased. i just read the relnotes first and was slightly surprised we kept the "alias" name when it was no longer a simple alias

@zimward zimward Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't have any strong oppinions in either direction. i just felt that having a toplevel option makes a bit more sense from a user standpoint.

@zimward zimward force-pushed the push-xtukrvvzwtkv branch from cef918d to f523550 Compare June 17, 2026 20:08
@LordGrimmauld LordGrimmauld added this pull request to the merge queue Jun 17, 2026
Merged via the queue into NixOS:master with commit 14410cc Jun 17, 2026
26 checks passed
@zimward zimward deleted the push-xtukrvvzwtkv branch June 18, 2026 08:54
pjrm pushed a commit to pjrm/nixpkgs that referenced this pull request Jun 18, 2026
@LordGrimmauld @pjrm
nixos/run0: switch to run0-sudo-shim (NixOS#531696)
510f63f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mweinelt mweinelt mweinelt approved these changes
@LordGrimmauld LordGrimmauld LordGrimmauld approved these changes
@nixpkgs-branch-check nixpkgs-branch-check[bot] nixpkgs-branch-check[bot] left review comments
+2 more reviewers
@whispersofthedawn whispersofthedawn whispersofthedawn left review comments
@kuflierl kuflierl kuflierl approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 3+ This PR was reviewed and approved by three or more persons.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@zimward @LordGrimmauld @kuflierl @mweinelt @whispersofthedawn