fix: correct sudo-rs detection and centralize Ansible workaround#68
Open
salverius-tech wants to merge 1 commit intomainfrom
Open
fix: correct sudo-rs detection and centralize Ansible workaround#68salverius-tech wants to merge 1 commit intomainfrom
salverius-tech wants to merge 1 commit intomainfrom
Conversation
Ubuntu 25+ ships sudo-rs which changes the password prompt format, breaking Ansible's become plugin (ansible/ansible#85837). The previous fix (cc65bc8) used `sudo-rs --version` which doesn't exist as a binary (sudo-rs installs as /usr/bin/sudo), and only applied inside bootstrap.sh — direct make targets were unaffected. Changes: - Fix detection: `sudo --version | grep sudo-rs` instead of the non-existent `sudo-rs --version` command - Centralize workaround in make.d/install.mk so all Ansible targets (install-docker, nuke-snaps, etc.) are covered - Add NOPASSWD sudoers fallback when sudo.ws is unavailable, since Ubuntu 25.10+ plans to drop traditional sudo entirely - Wire fix-sudo-rs as prerequisite for all Ansible make targets
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Ubuntu 25+ ships
sudo-rs(Rust reimplementation) as the default sudo provider. It changes the password prompt format, which breaks Ansible'sbecomeplugin — the prompt parser never recognises the sudo-rs format and times out:Tracked upstream as ansible/ansible#85837. The upstream fix (PR #86175) is still a draft.
What was wrong with the previous fix (cc65bc8)
sudo-rs --versionis not a real command. sudo-rs installs itself as/usr/bin/sudovia update-alternatives; there is nosudo-rsbinary.bootstrap.sh. Direct make targets (make install-docker,make nuke-snaps, etc.) bypassed it entirely.sudo.ws(traditional sudo) was not installed, the block did nothing and Ansible would still fail.Changes
bootstrap.shsudo --version 2>&1 | grep -qi sudo-rssudo.wsif available:export ANSIBLE_BECOME_EXE=sudo.ws/etc/sudoers.d/onramp-nopasswdwithNOPASSWD:ALLfor the current user (bypasses the prompt entirely)make.d/install.mkSUDO_IS_RSdetection at Makefile parse time using the samesudo --versionchecksudo.wsavailable:export ANSIBLE_BECOME_EXE = sudo.wssudo.ws:NEEDS_NOPASSWD = yesfix-sudo-rstarget that creates the NOPASSWD sudoers file when needed (no-op otherwise)fix-sudo-rsas a prerequisite ofnuke-snaps,install-docker,install-node-exporter, andinstall-nvidia-driversRemoval
All sudo-rs workaround blocks are commented with the upstream issue reference. They can be removed once Ansible merges PR #86175 and ships a release.