NixOS compatibility

[globin]

This fixes some minor issues in regard to NixOS compatibility mostly
due to the fact that NixOS only has the binaries /usr/bin/env and /bin/sh
in deterministic absolute locations.

Additionally this removes the copying of the template to the lxc template
path, which is in a read-only mount on NixOS and a non-deterministic location.
Instead it uses the absolute path to the template which is supported since lxc 1.0.

[globin]

Fixed the failing test

[fgrehm]

Sorry for the long silence but as per GH-375 I'm looking for help to maintain this plugin and for now I'm holding back from bringing in new changes =/

If you are interested on maintaining the project and keep things moving please shoot me an email or drop a message on GH-375 so I can arrange things.

Cheers 🍻

[globin]

I've actually just started writing a comment on there, since we use this heavily @mayflower..

So we are definitely interested in keeping this alive and up to date.

I guess @fpletz, @codec, @fadenb and possibly @marco-jantke, might want to chime in, too.

What's the best way to support you?

[fgrehm]

That is awesome! 💥 🙌 💪 🍻 🎆

Well, if you guys are up for it I can provide write access to one of you and you can start hacking away, merging PRs, closing issues... 😄 I'll be around to help out and provide feedback whenever needed but unfortunately I'm very unlikely to have the time to test changes or write code.

Once you guys are ready to cut a release, just open up PR and @ping me on it so that I can provide RubyGems.org access to someone over there too.

WDYT?

[fpletz]

@globin IMHO we should remove at least the gemset.nix because the sha256sums of some git repositories are not stable and there are still some problems with SSL. We should probably wait until this is fixed in NixOS and just get the code & test fixes merged ASAP.

[fpletz]

Can we prepend "/usr/bin/env" to every path in the sudo_wrapper instead of fixing this for every command manually? There are some more similar cases in the networking code where tools like ip and brctl are called.

[globin]

Updated and rebased

[krtek4]

Definitively would love to see that in a release :)

[fpletz]

👍

[mvikharev]

That breaks avoiding sudo passwords on Ubuntu 14.04 when running vagrant ssh.

$ cat /etc/sudoers.d/vagrant-lxc
# Automatically created by vagrant-lxc
mvikharev ALL=(root) NOPASSWD: /usr/local/bin/vagrant-lxc-wrapper

$ vagrant ssh
...
INFO machine: Initializing machine: default
INFO machine:   - Provider: Vagrant::LXC::Provider
INFO subprocess: Starting process: ["/usr/bin/sudo", "/usr/bin/env", "/usr/local/bin/vagrant-lxc-wrapper", "lxc-ls"]
INFO subprocess: Command not in installer, restoring original environment...
[sudo] password for mvikharev:

[ccope]

Also, I think the sudo wrapper is actually not compatible with nix. If it allows calling commands with /usr/bin/env, then an attacker could just add whatever binaries they want to the user's path and call them.

[globin]

Fix released in 1.2.1