From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id 2JofO3h+kmEgpQAAgWs5BA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 15 Nov 2021 16:36:24 +0100
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id cEvRNnh+kmGxcQAAB5/wlQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 15 Nov 2021 15:36:24 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 706FF2E495
	for <larch@yhetil.org>; Mon, 15 Nov 2021 16:36:24 +0100 (CET)
Received: from localhost ([::1]:52606 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1mme1v-0006uB-JI
	for larch@yhetil.org; Mon, 15 Nov 2021 10:36:23 -0500
Received: from eggs.gnu.org ([209.51.188.92]:38058)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mme1a-0006s0-SX
 for bug-guix@gnu.org; Mon, 15 Nov 2021 10:36:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:44273)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mme1a-00054E-KR
 for bug-guix@gnu.org; Mon, 15 Nov 2021 10:36:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mme1a-0006EO-6L
 for bug-guix@gnu.org; Mon, 15 Nov 2021 10:36:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: bug#51487: The openssh service does not allow multiple authorized key
 files per user
Resent-From: Vivien Kraus <vivien@planete-kraus.eu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 15 Nov 2021 15:36:02 +0000
Resent-Message-ID: <handler.51487.B51487.163699054123921@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 51487
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 51487@debbugs.gnu.org
Received: via spool by 51487-submit@debbugs.gnu.org id=B51487.163699054123921
 (code B ref 51487); Mon, 15 Nov 2021 15:36:02 +0000
Received: (at 51487) by debbugs.gnu.org; 15 Nov 2021 15:35:41 +0000
Received: from localhost ([127.0.0.1]:55819 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mme1F-0006Dk-Is
 for submit@debbugs.gnu.org; Mon, 15 Nov 2021 10:35:41 -0500
Received: from planete-kraus.eu ([89.234.140.182]:36486)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <vivien@planete-kraus.eu>) id 1mme1C-0006DV-OK
 for 51487@debbugs.gnu.org; Mon, 15 Nov 2021 10:35:39 -0500
Received: from planete-kraus.eu (localhost.lan [127.0.0.1])
 by planete-kraus.eu (OpenSMTPD) with ESMTP id 6a807a22;
 Mon, 15 Nov 2021 15:35:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=planete-kraus.eu; h=
 references:from:to:cc:subject:date:in-reply-to:message-id
 :mime-version:content-type; s=dkim; bh=wOiZiQo8OEiu9sBCLrCqqETHz
 oc=; b=w/mx9oGNDZXwb88Oq6Dx9J5VBsN7SOmFr5xzCZAsDw4GeACIczOUtduRc
 fK3qIhe6F2cfyWmy6Vd+zz2z+8M599G0444IQ+bGJVUfxJINKwl2ZloSc+XIctvG
 t+q1WO0I/HTzmTiUP8muIeABgM9w/L+TfbMQmlEdPVkTN4hrVw=
Received: by planete-kraus.eu (OpenSMTPD) with ESMTPSA id 549326a3
 (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO); 
 Mon, 15 Nov 2021 15:35:32 +0000 (UTC)
References: <87fssjvmbp.fsf@planete-kraus.eu>
 <handler.51487.B.16355241781380.ack@debbugs.gnu.org>
 <5e2cb25499ce79f6afc6b8fc775b6ff8e5817670.camel@planete-kraus.eu>
 <a3baa9271aba2624bcdcc5f831d071a7dd792128.camel@planete-kraus.eu>
 <e9d6b181ddd0dd156a10bbba9500da11a8f4cfde.camel@planete-kraus.eu>
 <87fss8knw3.fsf_-_@gnu.org> <87lf1zc1lg.fsf@planete-kraus.eu>
 <874k8d5vl7.fsf@gnu.org>
User-agent: mu4e 1.6.9; emacs 27.2
Date: Mon, 15 Nov 2021 15:31:52 +0000
In-reply-to: <874k8d5vl7.fsf@gnu.org>
Message-ID: <87fsrx4eku.fsf@planete-kraus.eu>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
Reply-to:  Vivien Kraus <vivien@planete-kraus.eu>
From:  Vivien Kraus via Bug reports for GNU Guix <bug-guix@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1636990584;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=FCdGi2xHXBMBYZsu5NuPUYfHNmIZ1AlxUx4TMx5RVWc=;
	b=SMmcUzXlrIFQfv4Ta3dyU264GS4QhIkJpzivr9D5WdtIscQLwyzWE56FIgeCS1/Ngw3Xk0
	jWy6kscw1jRe1I75f3Q3E9obWpzDKkeKdsFIVOGv58EvOSshrsY4UBTKWOePLLBzJCQfaH
	MBHvMNPHpd+UrTFic+usP0BbG39QQpACIvsATOx5WCtLAJcgjPAxmsOKII3fTvliOyDpln
	7XGJfsTDUHORUI50iQOn33Q1hFf+cVUpoDlXLbV5GPmQixonRu3biyCdFT6aL0phz5S7nn
	vUcZ81cW/1wZE7pdaqrn6JmZqukQCFkS2hq5CpB0YwaWnpRMgLG7cgKieRBmBA==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1636990584; a=rsa-sha256; cv=none;
	b=IuvjrVoYULn+qeF0kqBqvanrastwI4p6Zlr5lqw/wG0ho+kygqJsMY9td89WNYHlpNzEqN
	ZfM7sOEfbPlB/XKocLL815jFd5hMeuYNQkhVvP3W4FyoA5yCXPoHZ+BM2t/g69WgV05j1c
	pk9J0vzJc4gZbtCOLW0kWFxH4Sq7MX43XSUbbqjzTF0XNQNz9vHh+x4CKcKpJnfrtrUm8R
	6UsfHAWQooZlrPINfqdIJ9BSByNIqro3TcgW3yD6RdIHaWKkiWuWDXMhL9rnVBtrjuqAjw
	PYfi+LqBymfj2Fa0bz0GdICh7ZU7qXEkH4aMUSyDeAXWoNbCWXDrI9fJwAAsbw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=planete-kraus.eu header.s=dkim header.b="w/mx9oGN";
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Spam-Score: -5.44
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=planete-kraus.eu header.s=dkim header.b="w/mx9oGN";
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Queue-Id: 706FF2E495
X-Spam-Score: -5.44
X-Migadu-Scanner: scn1.migadu.com
X-TUID: w837v6hjmB3r

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Ludovic Court=C3=A8s <ludo@gnu.org> writes:
> I find it a bit hard to read.  What I had in mind is along these lines:
>
>   (match (openssh-authorized-keys config)
>     (((users _ ...) ...)
>      ;; Build a user/key-list mapping.
>      (let ((user-keys (fold (lambda (spec table)
>                               (match spec
>                                 ((user keys ...)
>                                  (vhash-cons user keys table))))
>                             vlist-null
>                             (openssh-authorized-keys config))))
>        ;; Coalesce the key lists associated with each user.
>        (map (lambda (user)
>               (concatenate (vhash-fold* cons '() user user-keys)))
>             users))))

That=E2=80=99s way cleaner. I didn=E2=80=99t know of vhash-fold*, it seems =
to save the
day!

(just fixing the final map function not to forget the user name in the
alist, and removing "spec")


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-gnu-openssh-service-Collect-all-keys-for-all-users.patch
Content-Transfer-Encoding: quoted-printable
Content-Description: Collect all users in ssh service

From=207bc8abcfd5024f5269c36dc8cb44803eb0ab29ba Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Fri, 29 Oct 2021 18:25:24 +0200
Subject: [PATCH] gnu: openssh-service: Collect all keys for all users.

* gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key=
 is forgotten.
=2D--
 gnu/services/ssh.scm | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index a018052eeb..92b470aa96 100644
=2D-- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -39,6 +39,7 @@ (define-module (gnu services ssh)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 vlist)
   #:export (lsh-configuration
             lsh-configuration?
             lsh-service
@@ -535,7 +536,19 @@ (define (extend-openssh-authorized-keys config keys)
   (openssh-configuration
    (inherit config)
    (authorized-keys
=2D    (append (openssh-authorized-keys config) keys))))
+    (match (openssh-authorized-keys config)
+      (((users _ ...) ...)
+       ;; Build a user/key-list mapping.
+       (let ((user-keys (fold (match-lambda*
+                                (((user keys ...) table)
+                                 (vhash-cons user keys table)))
+                              vlist-null
+                              (openssh-authorized-keys config))))
+         ;; Coalesce the key lists associated with each user.
+         (map (lambda (user)
+                `(,user
+                  ,@(concatenate (vhash-fold* cons '() user user-keys))))
+              users)))))))
=20
 (define openssh-service-type
   (service-type (name 'openssh)
=2D-=20
2.33.1


--=-=-=
Content-Type: text/plain


Vivien

--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEEq4yIHjMvkliPpwQnO7C8EjLYuCwFAmGSfjIACgkQO7C8EjLY
uCxvrAv/bYqiYgs6ji87X0y9J2WR0yuK93iiWj55yPLkWOY5omw6B8GkpGKjbfij
a50hPRizgM7G99cfRKIveoD0dobHQdmGH/1M/8yQshfgcqOOm77Or5pCMWhS9I3v
UfLwzyMvZBA5eN+n9YNrAcxI+exysl/pwDsbRpaHlwIlFjzIIxMF5T/0abcd8J3L
2FjMxNvNMV91CWrelCtQwMXy+kimPe7tRg/PT4hXU154RMMX2kF1J4grSSZxZRaz
MmhajxwF1iMLb94EPT7PIk4Gr6DlEULYAwMKJKiSwY6hbFs1VwsUjMRGvnmcazaw
SJPQl0Y52m6KGg+kz+r9lyEFS5dTzD29xVN6+RVowP61/59Z55BP7yByOY1fe1qH
vzgvqIamIvodf6Yr4k7eI01SCi5RghX3xNJywf+XLMTpWa04LfLKwL+CbQfbzwN5
bI2iZw2kPinU66PaoAcixvQQidf0CQw7Bb58HKN/PU/xVxb2Es1AUaEwexM1rx8V
LCQSkV0x
=CkkV
-----END PGP SIGNATURE-----
--==-=-=--