Hangs on "Gathering machine facts"

[fin444]

I am attempting to install on a NixOS live ISO using the below command

nix run github:nix-community/nixos-anywhere -- --flake ".#$profile" --phases disko,install --no-substitute-on-destination "[email protected]"

However, after displaying the following output, the script hangs indefinitely

### Uploading install SSH keys ###
/run/current-system/sw/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/tmp/tmp.vz0CaHxquz/nixos-anywhere.pub"
/run/current-system/sw/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/run/current-system/sw/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.1.108' (ED25519) to the list of known hosts.

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -o 'ConnectTimeout=10' -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

### Gathering machine facts ###
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added '192.168.1.108' (ED25519) to the list of known hosts.
Warning: Permanently added '192.168.1.108' (ED25519) to the list of known hosts.

[phaer]

Please run with --debug so we see where it hangs

[fin444]

Full log

+ shift
+ [[ 1 -gt 0 ]]
+ case "$1" in
+ [[ -z '' ]]
+ [email protected]
+ shift
+ [[ 0 -gt 0 ]]
+ [[ y == \y ]]
+ nixOptions+=("-L")
+ [[ n == \n ]]
+ [[ -z [email protected] ]]
+ [[ -n .#okuda ]]
+ [[ .#okuda =~ ^(.*)#([^#"]*)$ ]]
+ flake=.
+ flakeAttr=okuda
+ [[ -z okuda ]]
+ [[ n == y ]]
+ [[ -n . ]]
+ [[ n == \n ]]
++ nixBuild '.#nixosConfigurations."okuda".config.system.build.diskoScript'
++ NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/tmp.K8iFMi6bST/nixos-anywhere '
++ nix build --print-out-paths --no-link --extra-experimental-features 'nix-command flakes' --no-write-lock-file -L '.#nixosConfigurations."okuda".config.system.build.diskoScript'
+ diskoScript=/nix/store/wzsvxil1ai1m446h0fixv6kd6k7m5vsm-disko
++ nixBuild '.#nixosConfigurations."okuda".config.system.build.toplevel'
++ NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/tmp.K8iFMi6bST/nixos-anywhere '
++ nix build --print-out-paths --no-link --extra-experimental-features 'nix-command flakes' --no-write-lock-file -L '.#nixosConfigurations."okuda".config.system.build.toplevel'
+ nixosSystem=/nix/store/qhwbn5xax61gp7agk526q98l43kzc7yw-nixos-system-okuda-24.11.20240802.d049530
+ [[ -n '' ]]
++ ssh -G [email protected]
+ sshSettings='host 192.168.1.108
user root
hostname 192.168.1.108
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys true
enableescapecommandline no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
hostbasedacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
kexalgorithms [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
loglevel INFO
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider internal
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/X11R6/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
canonicaldomains none
globalknownhostsfile /etc/ssh/ssh_known_hosts
userknownhostsfile /root/.ssh/known_hosts /root/.ssh/known_hosts2
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent no
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER'
++ echo 'host 192.168.1.108
user root
hostname 192.168.1.108
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys true
enableescapecommandline no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
hostbasedacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
kexalgorithms [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
loglevel INFO
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider internal
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/X11R6/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
canonicaldomains none
globalknownhostsfile /etc/ssh/ssh_known_hosts
userknownhostsfile /root/.ssh/known_hosts /root/.ssh/known_hosts2
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent no
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER'
++ awk '/^user / { print $2 }'
+ sshUser=root
++ awk '/^hostname / { print $2 }'
++ echo 'host 192.168.1.108
user root
hostname 192.168.1.108
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys true
enableescapecommandline no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
hostbasedacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
kexalgorithms [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
loglevel INFO
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider internal
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/X11R6/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
canonicaldomains none
globalknownhostsfile /etc/ssh/ssh_known_hosts
userknownhostsfile /root/.ssh/known_hosts /root/.ssh/known_hosts2
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent no
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER'
+ sshHost=192.168.1.108
+ uploadSshKey
+ mkdir -p /root/.ssh/
+ ssh-keygen -t ed25519 -f /tmp/tmp.K8iFMi6bST/nixos-anywhere -P '' -C nixos-anywhere
+ declare -a sshCopyIdArgs
+ [[ -n '' ]]
+ step Uploading install SSH keys
+ echo '### Uploading install SSH keys ###'
### Uploading install SSH keys ###
+ [[ n == y ]]
+ ssh-copy-id -i /tmp/tmp.K8iFMi6bST/nixos-anywhere.pub -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [email protected]
/run/current-system/sw/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/tmp/tmp.K8iFMi6bST/nixos-anywhere.pub"
/run/current-system/sw/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/run/current-system/sw/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.1.108' (ED25519) to the list of known hosts.

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -o 'ConnectTimeout=10' -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

+ importFacts
+ step Gathering machine facts
+ echo '### Gathering machine facts ###'
### Gathering machine facts ###
+ local facts filteredFacts
++ runSsh -o ConnectTimeout=10 enableDebug=-x sh --
++ ssh -t -i /tmp/tmp.K8iFMi6bST/nixos-anywhere -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [email protected] -o ConnectTimeout=10 enableDebug=-x sh --
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added '192.168.1.108' (ED25519) to the list of known hosts.
++ test -f /etc/os-release
++ grep -Eq 'ID(_LIKE)?="?nixos"?' /etc/os-release
++ echo y
+ isNixos=y
+ cat
++ uname
++ uname -m
++ test -f /etc/is_kexec
++ echo n
++ '[' y = y ']'
++ grep -Eq 'VARIANT_ID="?installer"?' /etc/os-release
++ echo y
+++ has systemd-detect-virt
+++ command -v systemd-detect-virt
+++ echo y
++ '[' y = y ']'
++ systemd-detect-virt --container
+++ has ip
+++ command -v ip
+++ echo y
++ '[' y = n ']'
++ ip r g 1
++ echo n
++ has tar
++ command -v tar
++ echo y
++ has sudo
++ command -v sudo
++ echo y
++ has doas
++ command -v doas
++ echo n
++ has wget
++ command -v wget
++ echo n
++ has curl
++ command -v curl
++ echo y
++ has setsid
++ command -v setsid
++ echo y
+ facts='isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y'
++ echo 'isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y'
++ grep -E '^(has|is)[A-Za-z0-9_]+=\S+'
+ filteredFacts='isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y'
+ [[ -z isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y ]]
++ echo 'isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y'
++ xargs
+ export isOs=Linux isArch=x86_64 isKexec=n isNixos=y isInstaller=y isContainer=none hasIpv6Only=n hasTar=y hasSudo=y hasDoas=n hasWget=n hasCurl=y hasSetsid=y
+ isOs=Linux
+ isArch=x86_64
+ isKexec=n
+ isNixos=y
+ isInstaller=y
+ isContainer=none
+ hasIpv6Only=n
+ hasTar=y
+ hasSudo=y
+ hasDoas=n
+ hasWget=n
+ hasCurl=y
+ hasSetsid=y
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z Linux ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z x86_64 ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z n ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z none ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z n ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z n ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z n ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ [[ y == \n ]]
+ [[ y == \n ]]
+ maybeSudo=
+ [[ y == \y ]]
+ maybeSudo=sudo
+ [[ Linux != \L\i\n\u\x ]]
+ [[ 0 == 1 ]]
+ [[ y == \y ]]
+ [[ root != \r\o\o\t ]]
+ [[ 1 == 1 ]]
+ runDisko /nix/store/wzsvxil1ai1m446h0fixv6kd6k7m5vsm-disko
+ local diskoScript=/nix/store/wzsvxil1ai1m446h0fixv6kd6k7m5vsm-disko
+ [[ -n /nix/store/wzsvxil1ai1m446h0fixv6kd6k7m5vsm-disko ]]
+ nixCopy --to ssh://[email protected] /nix/store/wzsvxil1ai1m446h0fixv6kd6k7m5vsm-disko
+ NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/tmp.K8iFMi6bST/nixos-anywhere '
+ nix copy --extra-experimental-features 'nix-command flakes' --no-write-lock-file -L --substitute-on-destination --to ssh://[email protected] /nix/store/wzsvxil1ai1m446h0fixv6kd6k7m5vsm-disko
Warning: Permanently added '192.168.1.108' (ED25519) to the list of known hosts.

Looks like it is running nix copy with --substitute-on-destination, and I see HTTPS requests to cache.nixos.org being blocked by my firewall. In version bc77bd1 of the script, this flag is not present.

[fin444]

May be Confirmed fixed by #386