version 1.0.2.
When trying to provision a server with "Use same credentials for sudo" set to off I get the following logs:
3:37:51 PM preflight Starting server preflight checks.
3:37:51 PM preflight Remote OS kernel: Linux
3:37:51 PM preflight Remote distribution: Ubuntu 26.04 LTS
3:37:51 PM preflight Verified sudo access using explicit sudo password.
3:37:51 PM preflight Remote CPU architecture: x86_64 (using bundle target x86_64)
3:37:51 PM preflight Free disk space on /: 3.9 GiB
3:37:51 PM preflight Available memory: 2913 MiB
3:37:52 PM preflight DNS lookup for api.github.com succeeded.
3:37:52 PM preflight DNS lookup for oauth2.googleapis.com succeeded.
3:37:52 PM preflight DNS lookup for fcm.googleapis.com succeeded.
3:37:52 PM preflight Outbound HTTPS to https://api.github.com succeeded.
3:37:52 PM preflight Outbound HTTPS probe for https://oauth2.googleapis.com failed. Firebase push setup may fail until the server can reach Google OAuth over HTTPS.
3:37:52 PM preflight No existing Secluso server install detected.
3:37:52 PM preflight Port 8000 is free on the server.
3:37:52 PM preflight Reverse proxy mode selected, but no common proxy binary was detected. Make sure something forwards traffic to 127.0.0.1:8000.
3:37:52 PM preflight Skipping public port probe during preflight because reverse proxy mode is selected.
3:37:56 PM preflight bash: line 1: REDACTED: command not found
3:37:56 PM detect REMOTE_HAS_BIN=false
3:37:56 PM detect REMOTE_HAS_UNIT=false
3:37:56 PM detect REMOTE_SERVICE_ACTIVE=false
3:37:56 PM detect REMOTE_SERVER_VERSION=unknown
3:37:56 PM detect REMOTE_PORT_8000_IN_USE=false
3:37:57 PM artifacts Latest immutable release for secluso/secluso: v1.0.2
3:37:59 PM artifacts Verified release bundle v1.0.2 for x86_64 (server=15387144 bytes, updater=15023800 bytes).
3:38:00 PM secrets No service account key provided; deploying without FCM support.
3:38:00 PM sudo Using sudo wrapper: sudo -S -p ''
3:38:00 PM remote bash: line 1: REDACTED: command not found
3:38:00 PM config INSTALL_BIN_DIR=/usr/bin
3:38:00 PM config VERSION_ROOT=/var/lib/secluso/current_version
3:38:00 PM config STATE_DIR=/var/lib/secluso
3:38:00 PM config OWNER_REPO=secluso/secluso
3:38:00 PM config SERVER_UNIT=secluso-server.service
3:38:00 PM config UPDATER_SERVICE=secluso-updater.service
3:38:00 PM config ENABLE_UPDATER=1
3:38:00 PM config OVERWRITE=0
3:38:00 PM config FIRST_INSTALL=1
3:38:00 PM config BIND_ADDRESS=127.0.0.1
3:38:00 PM config LISTEN_PORT=8000
3:38:00 PM config RELEASE_TAG=v1.0.2
3:38:00 PM config GITHUB_TOKEN=
3:38:00 PM config STAGING_DIR=set
3:38:00 PM deps Installing minimal runtime dependencies (apt-get)...
3:38:00 PM remote [sudo: ''] Password:
3:38:05 PM trap Failed at line 84 (exit=1)
3:38:05 PM remote sudo: Authentication failed, try again.
3:38:05 PM remote [sudo: ''] Password:
3:38:05 PM remote sudo: Authentication failed, try again.
3:38:05 PM remote [sudo: ''] Password:
3:38:05 PM remote sudo: maximum 3 incorrect authentication attempts
3:38:05 PM fatal Remote script failed (exit=1).
I think exec_remote_script_streaming in deploy/src-tauri/src/provision_server/ssh.rs is passing the password in a why where it is interpreted as a command instead of being passed to sudo:
|
// if sudo needs a password and the script uses sudo -s, we send it first |
|
// the script reads sudo_pass from env but some sudo calls may still read stdin |
|
if let Some(pw) = sudo_pw { |
|
let _ = channel.write_all(format!("{pw}\n").as_bytes()); |
|
} |
version 1.0.2.
When trying to provision a server with "Use same credentials for sudo" set to off I get the following logs:
I think
exec_remote_script_streamingindeploy/src-tauri/src/provision_server/ssh.rsis passing the password in a why where it is interpreted as a command instead of being passed to sudo:core/deploy/src-tauri/src/provision_server/ssh.rs
Lines 227 to 231 in ae2069a