nixpkgs' openssh lacks Apple's keychain patch, so `UseKeychain yes` is rejected as "Bad configuration option" when that ssh is on PATH. Prefix it with `IgnoreUnknown UseKeychain` (the module emits IgnoreUnknown first) so a non-Apple ssh skips it while Apple's ssh still honours it. Still Darwin-only. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Emma Thorpe
@@ -245,9 +245,13 @@
|
|||||||
ControlPath = "~/.ssh/master-%r@%n:%p";
|
ControlPath = "~/.ssh/master-%r@%n:%p";
|
||||||
ControlPersist = "no";
|
ControlPersist = "no";
|
||||||
}
|
}
|
||||||
# macOS: also cache the passphrase in the login keychain. UseKeychain is
|
# macOS: also cache the passphrase in the login keychain. UseKeychain
|
||||||
# unknown to non-Apple openssh, so only emit it on Darwin.
|
# exists only in Apple's ssh; nixpkgs' openssh (which may be the `ssh` on
|
||||||
|
# PATH) rejects it as "Bad configuration option". IgnoreUnknown (emitted
|
||||||
|
# first by the module) makes any non-Apple ssh skip it instead of erroring,
|
||||||
|
# while Apple's ssh still honours it. Darwin-only.
|
||||||
// lib.optionalAttrs pkgs.stdenv.hostPlatform.isDarwin {
|
// lib.optionalAttrs pkgs.stdenv.hostPlatform.isDarwin {
|
||||||
|
IgnoreUnknown = "UseKeychain";
|
||||||
UseKeychain = "yes";
|
UseKeychain = "yes";
|
||||||
};
|
};
|
||||||
# Gitea remote (the flake's origin) -- required on every host. HostName
|
# Gitea remote (the flake's origin) -- required on every host. HostName
|
||||||
|
|||||||
Reference in New Issue
Block a user