summaryrefslogtreecommitdiff
path: root/guix/ssh.scm
AgeCommit message (Collapse)Author
2020-02-20ssh: Add Kerberos-support to ssh:// daemon URLsLars-Dominik Braun
* guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key authentication does not work Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2019-12-04ssh: 'open-ssh-session' can be passed the expected host key.Ludovic Courtès
* guix/ssh.scm (open-ssh-session): Add #:host-key parameter. Pass #:knownhosts to 'make-session'. When HOST-KEY is true, call 'authenticate-server*' instead of 'authenticate-server'.
2019-12-04ssh: Always authenticate the server [security fix].Ludovic Courtès
Until now, users of 'open-ssh-session', including "guix deploy" and "GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not authenticate the SSH server they're talking to. * guix/ssh.scm (open-ssh-session): Call 'authenticate-server'.
2019-12-04ssh: Add 'authenticate-server*' and use it for offloading.Ludovic Courtès
* guix/scripts/offload.scm (host-key->type+key): Remove. (open-ssh-session): Replace server authentication code with a call to 'authenticate-server*'. * guix/ssh.scm (host-key->type+key, authenticate-server*): New procedures.
2019-10-15ssh: Add a longer SSH timeout by default.Ludovic Courtès
* guix/ssh.scm (open-ssh-session): Add #:timeout parameter, and add call to 'session-set!' to honor it.
2019-08-28remote, ssh: Show the command exit status upon failure.Ludovic Courtès
* guix/remote.scm (remote-pipe-for-gexp): Show the exit status in error message. * guix/ssh.scm (remote-inferior): Likewise.
2019-08-16machine: Use 'become-command'.Jakob L. Kreuze
* gnu/machine/ssh.scm (managed-host-remote-eval): Pass an appropriate 'become-command' to 'remote-eval'. * guix/ssh.scm (remote-authorize-signing-key): Add optional 'become-command' argument. All callers changed.
2019-08-15machine: Automatically authorize the coordinator's signing key.Jakob L. Kreuze
* guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. (deploy-managed-host): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. (Invoking guix deploy): Add section describing the 'authorize?' field.
2019-08-15machine: Allow non-root users to deploy.Jakob L. Kreuze
* doc/guix.texi (Invoking guix deploy): Add section describing prerequisites for deploying as a non-root user. * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' argument. (%remote-eval): New optional 'become-command' argument. (remote-eval): New 'become-command' keyword argument. * guix/ssh.scm (remote-inferior): New optional 'become-command' argument. (inferior-remote-eval): New optional 'become-command' argument. (remote-authorize-signing-key): New optional 'become-command' argument. * gnu/machine/ssh.scm (machine-become-command): New variable. (managed-host-remote-eval): Invoke 'remote-eval' with the '#:become-command' keyword. (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the '#:become-command' keyword.
2019-08-14remote: Build derivations appropriate for the remote'sJakob L. Kreuze
* gnu/machine/ssh.scm (machine-ssh-configuration): Add 'system' field. (managed-host-remote-eval): Pass 'system' field to 'remote-eval'. (machine-check-building-for-appropriate-system): New variable. (check-deployment-sanity): Add call to 'machine-check-building-for-appropriate-system'. * doc/guix.texi (Invoking guix deploy): Describe new 'system' field. * guix/ssh.scm (remote-system): New variable. * guix/remote.scm (remote-eval): Use result of 'remote-system' when lowering the G-Expression. (remote-eval): Add 'system' keyword argument. (trampoline): Return a <program-file> rather than a <scheme-file>.
2019-07-06ssh: Add 'identity' keyword to 'open-ssh-session'.Jakob L. Kreuze
* guix/ssh.scm (open-ssh-session): Add 'identity' keyword argument.
2019-06-10ssh: Add missing import.Ludovic Courtès
* guix/ssh.scm: Use (ice-9 format).
2019-01-21store: Rename '&nix-error' to '&store-error'.Ludovic Courtès
* guix/store.scm (&nix-error): Rename to... (&store-error): ... this, and adjust users. (&nix-connection-error): Rename to... (&store-connection-error): ... this, and adjust users. (&nix-protocol-error): Rename to... (&store-protocol-error): ... this, adjust users. (&nix-error, &nix-connection-error, &nix-protocol-error): Define these condition types and their getters as deprecrated aliases. * build-aux/run-system-tests.scm, guix/derivations.scm, guix/grafts.scm, guix/scripts/challenge.scm, guix/scripts/graph.scm, guix/scripts/lint.scm, guix/scripts/offload.scm, guix/serialization.scm, guix/ssh.scm, guix/tests.scm, guix/ui.scm, tests/derivations.scm, tests/gexp.scm, tests/guix-daemon.sh, tests/packages.scm, tests/store.scm, doc/guix.texi: Adjust to use the new names.
2019-01-21store: Rename <nix-server> to <store-connection>.Ludovic Courtès
* guix/store.scm (<nix-server>): Rename to... (<store-connection>): ... this. Adjust users accordingly. (nix-server?, nix-server-major-version) (nix-server-minor-version, nix-server-socket) (nix-server-version): Define as deprecated aliases. * guix/inferior.scm: Adjust accordingly. * guix/ssh.scm: Likewise.
2019-01-09Remove most uses of the _IO*F constants.Ludovic Courtès
These constants, for use with 'setvbuf', were deprecated in Guile 2.2 and disappeared in Guile 3.0. Here we keep these constants in build-side code where removing them is not feasible. * guix/build/download-nar.scm (download-nar): Adjust 'setvbuf' calls to the Guile 2.2+ API. * guix/build/download.scm (open-socket-for-uri): Likewise. (open-connection-for-uri, url-fetch): Likewise. * guix/build/make-bootstrap.scm (make-stripped-libc): Likewise. * guix/build/union.scm (setvbuf) [guile-2.0]: New conditional wrapper. (union-build): Adjust to new API. * guix/ftp-client.scm (ftp-open, ftp-list, ftp-retr): Likewise. * guix/http-client.scm (http-fetch): Likewise. * guix/inferior.scm (proxy): Likewise. * guix/scripts/substitute.scm (fetch, http-multiple-get): Likewise. * guix/self.scm (compiled-modules): Likewise. * guix/ssh.scm (remote-daemon-channel, store-import-channel) (store-export-channel): Likewise. * guix/ui.scm (initialize-guix): Likewise. * tests/publish.scm (http-get-port): Likewise. * guix/store.scm (%newlines): Adjust comment.
2018-12-24offload: Use (guix inferior) instead of (ssh dist node).Ludovic Courtès
Using inferiors and thus 'guix repl' simplifies setup on build machines (no need to worry about GUILE_LOAD_PATH etc.) Furthermore, the 'guix repl -t machine' protocol running in a remote pipe addresses several issues with the current implementation of nodes and RREPLs in Guile-SSH: fewer round trips, doesn't leave a 'guile --listen' process behind it, stateless (since a new process is started each time), more efficient (the SSH channel can be reused), more reliable (no 'pgrep', 'pkill', and shellology; see <https://github.com/artyom-poptsov/guile-ssh/issues/11> as an example.) * guix/ssh.scm (inferior-remote-eval): New procedure. (send-files): Use it instead of 'make-node' and 'node-eval'. * guix/scripts/offload.scm (node-guile-version): New procedure. (node-free-disk-space, transfer-and-offload, node-load) (choose-build-machine, assert-node-has-guix): Use 'remote-inferior' instead of 'make-node' and 'inferior-eval' instead of 'node-eval'. (assert-node-can-import, assert-node-can-export): Likewise, and add 'session' parameter. (check-machine-availability): Likewise, and add calls to 'close-inferior' and 'disconnect!'. (check-machine-status): Likewise. * doc/guix.texi (Daemon Offload Setup): Remove bit related to 'guile' in $PATH and $GUILE_LOAD_PATH; mention 'guix' alone.
2018-12-24ssh: Add 'remote-inferior'.Ludovic Courtès
* guix/inferior.scm (<inferior>)[close]: New field. (port->inferior): New procedure. (open-inferior): Rewrite in terms of 'port->inferior'. (close-inferior): Honor INFERIOR's 'close' field. (inferior-eval-with-store): Add FIXME comment. * guix/ssh.scm (remote-inferior): New procedure.
2018-11-24ssh: Make 'send-files' more robust.Ludovic Courtès
Possibly fixes <https://bugs.gnu.org/33239>. * guix/ssh.scm (send-files): Call 'channel-get-exit-status' only when RESULT is true.
2018-11-05ssh: Honor the SOCKET-NAME argument of connect-to-remote-daemon.Maxim Cournoyer
* guix/ssh.scm (connect-to-remote-daemon): Pass the `socket-name' variable to the `open-connection' call so that it is honored.
2018-07-29ssh: Display the size of the store items being sent.Ludovic Courtès
* guix/ssh.scm (send-files): Compute the size of MISSING and display it.
2018-02-09ssh: Work around 'select' bug in Guile.Ludovic Courtès
Fixes <https://bugs.gnu.org/30365>. * guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'select*' and use it.
2018-01-12ssh: Switch back to 'get-bytevector-some'.Ludovic Courtès
This mostly reverts 17af5d51de7c40756a4a39d336f81681de2ba447. Suggested by Andy Wingo <wingo@igalia.com>. * guix/ssh.scm (remote-daemon-channel)[redirect]: Remove 'read!' FFI hack. Use buffered ports.
2018-01-12offload: 'test' reports Guile and module errors more nicely.Ludovic Courtès
Fixes <https://bugs.gnu.org/26008>. Reported by Myles English <mylesenglish@gmail.com>. * guix/ssh.scm (retrieve-files*): Move error reporting to... (report-guile-error, report-module-error): ... here. New procedures. * guix/scripts/offload.scm (assert-node-repl): Use 'report-guile-error'. (assert-node-has-guix): Explicitly check for 'use-modules' first. Use 'report-module-error'.
2018-01-12ssh: 'retrieve-files' now only retrieves what's missing.Ludovic Courtès
* guix/ssh.scm (retrieve-files): Remove the subset of FILES that is valid in LOCAL. (store-export-channel): Add comment.
2018-01-12offload: Fix regression in file retrieval.Ludovic Courtès
This fixes a regression in 'retrieve-files*' introduced in 896fec476f728183b331cbb6e2afb891207b4205, whereby (guix scripts offload) would not read the initial sexp now sent by the remote host via 'store-export-channel'. This would effectively prevent file retrieval entirely when offloading. * guix/ssh.scm (retrieve-files*): New procedure, like former 'retrieve-files' but with an extra #:import parameter. (retrieve-files): Rewrite in terms of 'retrieve-files*'. (file-retrieval-port): Make private. * guix/scripts/offload.scm (transfer-and-offload): Pass #:import to 'retrieve-files*'. (retrieve-files*): Remove.
2018-01-11ssh: Pass an empty "exceptfds" set to 'select'.Ludovic Courtès
Previously the redirect code could end up exiting prematurely because of an uninteresting "exceptional condition" on the socket (info "(libc) Waiting for I/O"). * guix/ssh.scm (remote-daemon-channel): Pass the empty list as the third argument to 'select'. It was a mistake to pass a non-empty list there in the first place.
2018-01-11ssh: Work around 'get-bytevector-some' bug.Ludovic Courtès
This works around <https://bugs.gnu.org/30066> and noticeably improves performance when using GUIX_DAEMON_SOCKET=ssh://HOST (the redirect code was transferring data to guix-daemon one byte at a time!). * guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'read!' and use it instead of 'get-bytevector-some'.
2018-01-07ssh: Improve error reporting when retrieving files.Ludovic Courtès
'guix copy --from' now reports messages much more useful than "failed to retrieve files". * guix/ssh.scm (store-export-channel)[export]: Wrap 'use-modules' in 'catch' and 'with-store' in 'guard'. Check for invalid items. Write a status sexp on stdout. (raise-error): New macro. (retrieve-files): Read the initial status sexp and report errors accordingly.
2017-11-19ssh: Use (guix i18n).Ludovic Courtès
* guix/ssh.scm: Use (guix i18n) instead of (guix ui).
2017-06-04ssh: Improve error reporting when 'send-files' fails.Ludovic Courtès
Fixes <http://bugs.gnu.org/26972>. * guix/ssh.scm (store-import-channel)[import]: Add 'consume-input' procedure. Wrap body in 'catch' and 'guard'. Use 'open-remote-pipe' with OPEN_BOTH instead of 'open-remote-output-pipe'. (send-files): After the 'channel-send-eof' call, do (read port). Interpret the result sexp and raise an error condition if needed.
2017-05-03ui: Rename '_' to 'G_'.Ludovic Courtès
This avoids collisions with '_' when the latter is used as a 'match' pattern for instance. See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00464.html>. * guix/ui.scm: Rename '_' to 'G_'. * po/guix/Makevars (XGETTEXT_OPTIONS): Adjust accordingly. * build-aux/compile-all.scm (warnings): Remove 'format'. * gnu/packages.scm, gnu/services.scm, gnu/services/shepherd.scm, gnu/system.scm, gnu/system/shadow.scm, guix/gnupg.scm, guix/http-client.scm, guix/import/cpan.scm, guix/import/elpa.scm, guix/import/pypi.scm, guix/nar.scm, guix/scripts.scm, guix/scripts/archive.scm, guix/scripts/authenticate.scm, guix/scripts/build.scm, guix/scripts/challenge.scm, guix/scripts/container.scm, guix/scripts/container/exec.scm, guix/scripts/copy.scm, guix/scripts/download.scm, guix/scripts/edit.scm, guix/scripts/environment.scm, guix/scripts/gc.scm, guix/scripts/graph.scm, guix/scripts/hash.scm, guix/scripts/import.scm, guix/scripts/import/cpan.scm, guix/scripts/import/cran.scm, guix/scripts/import/crate.scm, guix/scripts/import/elpa.scm, guix/scripts/import/gem.scm, guix/scripts/import/gnu.scm, guix/scripts/import/hackage.scm, guix/scripts/import/nix.scm, guix/scripts/import/pypi.scm, guix/scripts/import/stackage.scm, guix/scripts/lint.scm, guix/scripts/offload.scm, guix/scripts/pack.scm, guix/scripts/package.scm, guix/scripts/perform-download.scm, guix/scripts/publish.scm, guix/scripts/pull.scm, guix/scripts/refresh.scm, guix/scripts/size.scm, guix/scripts/substitute.scm, guix/scripts/system.scm, guix/ssh.scm, guix/upstream.scm: Use 'G_' instead of '_'. Most of this change was obtained by running: "sed -i -e's/(_ "/(G_ "/g' `find -name \*.scm`".
2017-04-21ssh: Decompose 'connect-to-remote-daemon'.Ludovic Courtès
* guix/ssh.scm (remote-daemon-channel): New procedure. (connect-to-remote-daemon): Implement in terms of it.
2017-04-21ssh: Move 'open-ssh-session' to (guix ssh).Ludovic Courtès
* guix/scripts/copy.scm (%compression, open-ssh-session): Move to... * guix/ssh.scm: ... here. Use '&message' conditions instead of calling 'leave'.
2016-12-31ssh: 'retrieve-files' detects remote export failures.Ludovic Courtès
* guix/ssh.scm (retrieve-files): Call 'lookahead-u8' and raise a '&message' condition when it returns EOF.
2016-12-31ssh: 'send-files' returns the list of items sent.Ludovic Courtès
* guix/ssh.scm (send-files): Return MISSING.
2016-12-31ssh: Allow transfers of complete closures.Ludovic Courtès
* guix/ssh.scm (store-export-channel, send-files) (file-retrieval-port, retrieve-files): Add #:recursive? parameter and honor it.
2016-12-31Add (guix ssh) module.Ludovic Courtès
* guix/scripts/offload.scm (connect-to-remote-daemon) (store-import-channel, store-export-channel, send-files) (retrieve-files): Move to (guix ssh). (nonce): Add optional 'name' parameter and use it. (retrieve-files*): New procedure. (transfer-and-offload): Use it instead of 'retrieve-files', and add first parameter to 'send-files'. (assert-node-can-import): Likewise. (assert-node-can-export): Use 'retrieve-files' instead of 'store-export-channel'. * guix/ssh.scm: New file. * configure.ac: Use 'GUIX_CHECK_GUILE_SSH' and define 'HAVE_GUILE_SSH' Automake conditional. * Makefile.am (MODULES) [HAVE_GUILE_SSH]: Add guix/ssh.scm.