home-manager icon indicating copy to clipboard operation
home-manager copied to clipboard
verified publisher icon nix-community

ssh-agent: set $SSH_AUTH_SOCK in non-interactive shells

Open bmrips opened this issue 5 months ago • 5 comments

Description

This PR is a follow-up on #8099.

  • Since #8099, the module sets $SSH_AUTH_SOCK through shells' options for interactive shell initialization instead of home.sessionVariablesExtra. The replacement was not faithful, however, since home.sessionVariablesExtra is sourced also in non-interactive shells. With this PR, the shells' profile options (where home.sessionVariablesExtra is sourced) are used to set $SSH_AUTH_SOCK.

  • ~#8099 introduced shell integration options that guard the code for setting $SSH_AUTH_SOCK. To my understanding it is crucial for the ssh-agent that this env var is set, hence I do not see a reason to have these options. Consequently, this PR removes them.~

    ~Note that this change is not backwards-compatible!~

Fixes #8129.

Checklist

  • [ ] Change is backwards compatible.

  • [x] Code formatted with nix fmt or nix-shell -p treefmt nixfmt deadnix keep-sorted --run treefmt.

  • [x] Code tested through nix run .#tests -- test-all or nix-shell --pure tests -A run.all.

  • [ ] Test cases updated/added. See example.

  • [x] Commit messages are formatted like

    {component}: {description}

{long description}

    See CONTRIBUTING for more information and recent commit messages for examples.

  • If this PR adds a new module

    • [ ] Added myself as module maintainer. See example.
    • [ ] Generate a news entry. See News
    • [ ] Basic tests added. See Tests

  • If this PR adds an exciting new feature or contains a breaking change.

    • [ ] Generate a news entry. See News

bmrips avatar Nov 19 '25 23:11 bmrips

@rhododendrox, @meenzen, @slotThe would you mind testing whether this PR fixes your issues? That would be appreciated because I do not have any issues myself!

bmrips avatar Nov 19 '25 23:11 bmrips

Just tested this, it works and kinda fixes my problem, but that's fine since I discovered the issues I had where partially caused by my config.

Nevertheless I think this is a good change since it makes much more sense to export SSH_AUTH_SOCK in .profile instead of .bashrc

PS: I only tested bash and zsh because those are the shells I use. If someone here uses the other two shells and can test this changes it'd be really helpful.

rhododendrox avatar Nov 20 '25 10:11 rhododendrox

[…] @slotThe would you mind testing whether this PR fixes your issues? That would be appreciated because I do not have any issues myself!

Tested it with fish, and everything seems to work as before after I shuffled some bits: I start X11 from .profile, and by default the export of SSH_AUTH_SOCK was inserted after the call to xinit. Inserting a lib.mkAfter in my own config fixed this, but this should probably be documented as a possible problem when upgrading.

Thanks!

slotThe avatar Nov 24 '25 06:11 slotThe

Tested it with fish, and everything seems to work as before after I shuffled some bits: I start X11 from .profile, and by default the export of SSH_AUTH_SOCK was inserted after the call to xinit. Inserting a lib.mkAfter in my own config fixed this, but this should probably be documented as a possible problem when upgrading.

That's a good point! I added an lib.mkBefore to put the initialization code before other code such that these kind of issues should be fixed.

bmrips avatar Nov 24 '25 09:11 bmrips

Since I just also noticed the Problem, I have tried your fix (on fish). Seems to work just fine for me too.

jokesper avatar Nov 27 '25 23:11 jokesper

Anything else to be done in order to move this forward?

slotThe avatar Dec 17 '25 07:12 slotThe