unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
From: Tomas Volf <~@wolfsden.cz>
To: 74832@debbugs.gnu.org
Cc: "Tomas Volf" <~@wolfsden.cz>,
	"Christopher Baines" <guix@cbaines.net>,
	"Josselin Poiret" <dev@jpoiret.xyz>,
	"Ludovic Courtès" <ludo@gnu.org>,
	"Mathieu Othacehe" <othacehe@gnu.org>,
	"Simon Tournier" <zimon.toutoune@gmail.com>,
	"Tobias Geerinckx-Rice" <me@tobias.gr>
Subject: bug#74832: [PATCH] guix: Do not default to 22 ssh port (let guile-ssh do it).
Date: Thu, 12 Dec 2024 20:31:04 +0100	[thread overview]
Message-ID: <a3e2370fc79301d5de4aa242a3a81083d28cebb0.1734031864.git.~@wolfsden.cz> (raw)
In-Reply-To: <bd64a6c0-3a38-4fe2-9315-c4ff6be02e91@posteo.net>

After update to guile-ssh 0.18.0, options passed to the `make-session'
procedure now take precedence over the configuration file.  In few places we
however had code like `(or port 22)' leading to (in absence of alternative
port being specified) always using port 22, ignoring the configuration file.

Due to that for example following command fails:

    guix copy hello --to=name

Name is reachable, but ssh server listens on port 2222.  That is correctly
configured in ~/.ssh/config, and the invocation used to succeed until the
upgrade.  However now it tries to connect to port 22 (since port was not
specified).  While setting the port on the command line *is* possible, it is
not exactly ergonomic.

Since guile-ssh (well, libssh) defaults to 22 if not told otherwise, we can
just always pass the port, and #f will use the port from ~/.ssh/config or, iff
none is set, 22.

I went through the repository and adjusted all places where it seemed
appropriate.  In particular, these places were left alone:

gnu/machine/digital-ocean.scm: The droplet is created with root user and the
expected key, so forcing them to those values seems correct.

gnu/machine/ssh.scm: For deployments reproducibility is favored over
convenience, and user can pass #f to explicitly request using value the
~/.ssh/config.

* guix/scripts/copy.scm (send-to-remote-host): Always pass the port to
open-ssh-session.
(retrieve-from-remote-host): Same.
* guix/scripts/offload.scm (open-ssh-session): Pass #f as #:config.  Skips
reading the configuration file and is nicer.
* guix/ssh.scm (open-ssh-session): Drop explicit parsing of the configuration
since it is parsed by default.  Report actual port used in the error message.
* guix/store/ssh.scm (connect-to-daemon): Always pass the port part of the
uri, even when #f.

Change-Id: I5fdf20f36509a9a0ef138ce72c7198f688eea494
---
I did few more tweaks than strictly required, feel free to discard them.

 guix/scripts/copy.scm    | 5 ++---
 guix/scripts/offload.scm | 2 +-
 guix/ssh.scm             | 8 +++-----
 guix/store/ssh.scm       | 2 +-
 4 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/guix/scripts/copy.scm b/guix/scripts/copy.scm
index 67975ac1a9..116583590f 100644
--- a/guix/scripts/copy.scm
+++ b/guix/scripts/copy.scm
@@ -75,8 +75,7 @@ (define (send-to-remote-host local target opts)
                 (options->derivations+files local opts)))
     (warn-if-empty items)
     (and (build-derivations local drv)
-         (let* ((session (open-ssh-session host #:user user
-                                           #:port (or port 22)))
+         (let* ((session (open-ssh-session host #:user user #:port port))
                 (remote  (connect-to-remote-daemon session))
                 (sent    (send-files local items remote
                                      #:recursive? #t)))
@@ -89,7 +88,7 @@ (define (retrieve-from-remote-host local source opts)
   (let*-values (((user host port)
                  (ssh-spec->user+host+port source))
                 ((session)
-                 (open-ssh-session host #:user user #:port (or port 22)))
+                 (open-ssh-session host #:user user #:port port))
                 ((remote)
                  (connect-to-remote-daemon session)))
     ;; TODO: Here we could to compute and build the derivations on REMOTE
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index 93e9d3759c..ccf989a881 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -234,7 +234,7 @@ (define* (open-ssh-session machine #:optional max-silent-time)
                                #:knownhosts "/dev/null"

                                ;; Likewise for ~/.ssh/config.
-                               #:config "/dev/null"
+                               #:config #f

                                ;; We need lightweight compression when
                                ;; exchanging full archives.
diff --git a/guix/ssh.scm b/guix/ssh.scm
index ae506df14c..5e89997df3 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -138,10 +138,6 @@ (define* (open-ssh-session host #:key user port identity
                                ;; Speed up RPCs by creating sockets with
                                ;; TCP_NODELAY.
                                #:nodelay #t)))
-
-    ;; Honor ~/.ssh/config.
-    (session-parse-config! session)
-
     (match (connect! session)
       ('ok
        (if host-key
@@ -181,7 +177,9 @@ (define* (open-ssh-session host #:key user port identity
       (x
        ;; Connection failed or timeout expired.
        (raise (formatted-message (G_ "SSH connection to '~a' port ~a failed: ~a~%")
-                                 host (or port 22) (get-error session)))))))
+                                 host
+                                 (session-get session 'port)
+                                 (get-error session)))))))

 (define* (remote-inferior session #:optional become-command)
   "Return a remote inferior for the given SESSION.  If BECOME-COMMAND is
diff --git a/guix/store/ssh.scm b/guix/store/ssh.scm
index 09c0832505..7e6371acbc 100644
--- a/guix/store/ssh.scm
+++ b/guix/store/ssh.scm
@@ -33,7 +33,7 @@ (define (connect-to-daemon uri)
   "Connect to the SSH daemon at URI, a URI object with the 'ssh' scheme."
   (remote-daemon-channel
    (open-ssh-session (uri-host uri)
-                     #:port (or (uri-port uri) 22)
+                     #:port (uri-port uri)
                      #:user (uri-userinfo uri))))

 ;;; ssh.scm ends here
--
2.46.0




  parent reply	other threads:[~2024-12-12 20:43 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-12 16:45 bug#74832: guix copy incorrectly assumes port is 22 Dariqq
2024-12-12 17:35 ` Tomas Volf
2024-12-12 19:31 ` Tomas Volf [this message]
2024-12-19  2:33   ` Maxim Cournoyer
2024-12-19  9:30     ` Tomas Volf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='a3e2370fc79301d5de4aa242a3a81083d28cebb0.1734031864.git.~@wolfsden.cz' \
    --to=~@wolfsden.cz \
    --cc=74832@debbugs.gnu.org \
    --cc=dev@jpoiret.xyz \
    --cc=guix@cbaines.net \
    --cc=ludo@gnu.org \
    --cc=me@tobias.gr \
    --cc=othacehe@gnu.org \
    --cc=zimon.toutoune@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).