From d2b3400f79ffaed3357650307376ab69a7ec3b1b Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Sun, 22 May 2022 20:12:27 +0200
Subject: services: openssh: Listen on both IPv4 and IPv6.

Fixes <https://issues.guix.gnu.org/55335>.
Reported by Christopher Baines <mail@cbaines.net>.

* gnu/services/ssh.scm (openssh-shepherd-service)[inetd-style?]: New variable.
<start>: Use it.  When using 'make-inetd-constructor', pass a list of
endpoints as is possible with the Shepherd 0.9.1.
<stop>: Adjust accordingly.
* gnu/tests/ssh.scm (run-ssh-test)["wait for port 22"]: Rename to...
["wait for port 22, IPv4"]: ... this.
["wait for port 22, IPv6"]: New test.
---
 gnu/services/ssh.scm | 21 +++++++++++++++++----
 gnu/tests/ssh.scm    | 12 +++++++++++-
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 7fbbe383e5..be5d029374 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -528,19 +528,32 @@ (define openssh-command
     #~(list (string-append #$(openssh-configuration-openssh config) "/sbin/sshd")
             "-D" "-f" #$(openssh-config-file config)))
 
+  (define inetd-style?
+    ;; Whether to use 'make-inetd-constructor'.  That procedure appeared in
+    ;; Shepherd 0.9.0, but in 0.9.0, 'make-inetd-constructor' wouldn't let us
+    ;; pass a list of endpoints, and it wouldn't let us define a service
+    ;; listening on both IPv4 and IPv6, hence the conditional below.
+    #~(and (defined? 'make-inetd-constructor)
+           (not (string=? (@ (shepherd config) Version) "0.9.0"))))
+
   (list (shepherd-service
          (documentation "OpenSSH server.")
          (requirement '(syslogd loopback))
          (provision '(ssh-daemon ssh sshd))
-         (start #~(if (defined? 'make-inetd-constructor)
+
+         (start #~(if #$inetd-style?
                       (make-inetd-constructor
                        (append #$openssh-command '("-i"))
-                       (make-socket-address AF_INET INADDR_ANY
-                                            #$port-number)
+                       (list (endpoint
+                              (make-socket-address AF_INET INADDR_ANY
+                                                   #$port-number))
+                             (endpoint
+                              (make-socket-address AF_INET6 IN6ADDR_ANY
+                                                   #$port-number)))
                        #:max-connections #$max-connections)
                       (make-forkexec-constructor #$openssh-command
                                                  #:pid-file #$pid-file)))
-         (stop #~(if (defined? 'make-inetd-destructor)
+         (stop #~(if #$inetd-style?
                      (make-inetd-destructor)
                      (make-kill-destructor)))
          (auto-start? (openssh-auto-start? config)))))
diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scm
index e3dd601603..3f550db5ea 100644
--- a/gnu/tests/ssh.scm
+++ b/gnu/tests/ssh.scm
@@ -136,9 +136,19 @@ (define (call-with-connected-session/auth proc)
                     (= pid (wait-for-file #$pid-file marionette))
                     pid)))
 
-            (test-assert "wait for port 22"
+            (test-assert "wait for port 22, IPv4"
               (wait-for-tcp-port 22 marionette))
 
+            (test-assert "wait for port 22, IPv6"
+              ;; Make sure it's also available as IPv6.
+              ;; See <https://issues.guix.gnu.org/55335>.
+              (wait-for-tcp-port 22 marionette
+                                 #:address
+                                 `(make-socket-address
+                                   AF_INET6
+                                   (inet-pton AF_INET6 "::1")
+                                   22)))
+
             ;; Connect to the guest over SSH.  Make sure we can run a shell
             ;; command there.
             (test-equal "shell command"
-- 
cgit v1.2.3