From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id kN4XHwgK7mC9GAAAgWs5BA (envelope-from ) for ; Tue, 13 Jul 2021 23:47:52 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id gCDgGggK7mC1agAA1q6Kng (envelope-from ) for ; Tue, 13 Jul 2021 21:47:52 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0AD22947E for ; Tue, 13 Jul 2021 23:47:52 +0200 (CEST) Received: from localhost ([::1]:44696 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3QFr-00032a-17 for larch@yhetil.org; Tue, 13 Jul 2021 17:47:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50466) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3QFg-00032G-4t for guix-devel@gnu.org; Tue, 13 Jul 2021 17:47:40 -0400 Received: from mailrelay.tugraz.at ([129.27.2.202]:59808) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3QFb-0000iX-0g for guix-devel@gnu.org; Tue, 13 Jul 2021 17:47:39 -0400 Received: from nijino.local (80-121-26-175.adsl.highway.telekom.at [80.121.26.175]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4GPZ3y4d2rz3x71; Tue, 13 Jul 2021 23:47:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1626212846; bh=UK7kc1MCpB+iG/XlUmi6TV5cWXiw76r2GHZ7pcaw/xU=; h=Subject:From:To:Date:In-Reply-To:References; b=XRtvPfEftX9Gj3tpWQxeS5ufZDW278d37BbdzCdVyU7AH/b+AVjbZMmcngYGzDKXL +KL0NF4ha9MmUdR6EWaqYsRWbD80H7yDtHpQjJpReh8GohNOoPMZ8KZx6wghUy91JP xHc493RcISq+YBll+gPrcqKHJbSkh1TcvJ34JWsU= Message-ID: <55ec7cec6de1b4f9f3336a342df598427949970e.camel@student.tugraz.at> Subject: Re: SSH in git-fetch From: Leo Prikler To: Lo Peter , guix-devel@gnu.org Date: Tue, 13 Jul 2021 23:47:24 +0200 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-TUG-Backscatter-control: bt4lQm5Tva3SBgCuw0EnZw X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -1.4 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117 Received-SPF: pass client-ip=129.27.2.202; envelope-from=leo.prikler@student.tugraz.at; helo=mailrelay.tugraz.at X-Spam_score_int: -37 X-Spam_score: -3.8 X-Spam_bar: --- X-Spam_report: (-3.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, PDS_BTC_ID=0.498, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1626212872; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=UK7kc1MCpB+iG/XlUmi6TV5cWXiw76r2GHZ7pcaw/xU=; b=QPBl+UeJ5M+chpj74Wd2F+4GrsIOu7lZooPe1hQrffwEYqCmPNFqKayXVU0ygTbiMDyz6u Qv0dpDypleefk4YnZjp1P+g4JyghluIh2BzH+aWnOa/4Yusr2rtfKxr+7oTU6k3AZTHOQF VQIXSpcOO0aGDbtqpd59aamtrmXpnQUJW41QsdqN2wXVdWPfzTtD7y1q53/2R1P7PiuISq nhzggkBJLXJw4ghc6uvY/sz5p2Bs5IqV70uncmeFTthJCnZDOfXF4JKqTv4QFTsmYTMex3 Rqr1tgk843bGQrk7CODhgd79vQSqA1HU4TjbobotriSd7Cc/VGu7LEOkM9hcqw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1626212872; a=rsa-sha256; cv=none; b=RLhnJS2wjwaIlG9s5fvyFKP8MN+RpJQZgHlgI743LQck7vbftQ6U8/1ie8yMD2amq7502L cALDj16/BBGYuED0W5jwV9dHaZNUMRBGN9t7GhCCVOdn2bdpVfuV4Fr8/LPD4BrQVHD4Qw J+IK5kP8aOXi1kJifqATaiSmlhC9qlYLtqGvC+0HZ5vdbCyHWHV5WOIhJJeSUD2Lyv4ZUA pRMTBTrDgIq3IQ3GENyJgDa7kL84w/MOzRlUBBf7Vxr8mEDsXrsbOCjjAr9iOYgELXM8Gz TJVkFW0+Fx9BQigzynZ5T2H4juq/LNNqCCex19VelQK2FW1ey1jvSuSJ/+rWUw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=tugraz.at header.s=mailrelay header.b=XRtvPfEf; dmarc=pass (policy=none) header.from=student.tugraz.at; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.10 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=tugraz.at header.s=mailrelay header.b=XRtvPfEf; dmarc=pass (policy=none) header.from=student.tugraz.at; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 0AD22947E X-Spam-Score: -3.10 X-Migadu-Scanner: scn0.migadu.com X-TUID: bgONwwO5eAAK Hello Peter, Am Dienstag, den 13.07.2021, 22:38 +0800 schrieb Lo Peter: > Dear all, > > I am experimenting with writing a package definition for an example R > package (https://github.com/jennybc/foofactors) in a PRIVATE channel, > where the R source is also at a PRIVATE github repository. > While the private channel works with proper setup of SSH key (that > needs to be in PEM format due to a bug in libssh2), I am having > trouble with the private git repository for package source. > > Is it that git-fetch does not support fetching over SSH? Indeed, git-fetch does not support fetching over SSH. > The package definition I have is: > > (define-module (my-packages r-pkgs) > #:use-module ((guix licenses) #:prefix license:) > #:use-module (guix packages) > #:use-module (guix download) > #:use-module (guix git-download) > #:use-module (guix utils) > #:use-module (guix build-system r) > #:use-module (gnu packages) > #:use-module (gnu packages statistics)) > > (define-public r-foofactors > (let ((commit "ef71e8d2e82fa80e0cfc249fd42f50c01924326d") > (revision "1")) > (package > (name "r-foofactors") > (version (git-version "0.0.0.9000" revision commit)) > (source > (origin > (method git-fetch) > (uri (git-reference > (url "git@github.com:peterloleungyau/foofactors.git") > (commit commit))) > (file-name (git-file-name name version)) > (sha256 > (base32 > "1hmfwac2zdl8x6r21yy5b257c4891106ana4j81hfn6rd0rl9f72")))) > (build-system r-build-system) > (propagated-inputs > `(("r-forcats" ,r-forcats))) > (home-page "https://github.com/jennybc/foofactors") > (synopsis "A R package to make factors less aggravating.") > (description > "Factors have driven people to extreme measures, like ordering > custom conference ribbons and laptop stickers to express how HELLNO > we > feel about stringsAsFactors. And yet, sometimes you need them. Can > they > be made less maddening? Let's find out.") > (license license:expat)))) > > > Note that I have cloned the original public repository to my private > repository (for testing purpose). I have added the package definition > to my local ~/to_keep/projects/my-guix-pkgs/my-packages/r-pkgs.scm > > Then I test building it locally with > > $ guix build -L ~/to_keep/projects/my-guix-pkgs/ r-foofactors > The following derivations will be built: > /gnu/store/gnzw26jl9vw3z10cdnpcahd67zlf1ziy-r-foofactors- > 0.0.0.9000-1.ef71e8d.drv > /gnu/store/2l35rb0s5fjk1v8vczir6cp6lfmbbf12-r-foofactors- > 0.0.0.9000-1.ef71e8d-checkout.drv > building /gnu/store/2l35rb0s5fjk1v8vczir6cp6lfmbbf12-r-foofactors- > 0.0.0.9000-1.ef71e8d-checkout.drv... > guile: warning: failed to install locale > environment variable `PATH' set to > `/gnu/store/378zjf2kgajcfd7mfr98jn5xyc5wa3qv-gzip- > 1.10/bin:/gnu/store/sf3rbvb6iqcphgm1afbplcs72hsywg25-tar-1.32/bin' > hint: Using 'master' as the name for the initial branch. This default > branch name > hint: is subject to change. To configure the initial branch name to > use in all > hint: of your new repositories, which will suppress this warning, > call: > hint: > hint: git config --global init.defaultBranch > hint: > hint: Names commonly chosen instead of 'master' are 'main', 'trunk' > and > hint: 'development'. The just-created branch can be renamed via this > command: > hint: > hint: git branch -m > Initialized empty Git repository in > /gnu/store/7i9py1b47lsg2d2wqjk68ha04rv2l89i-r-foofactors-0.0.0.9000- > 1.ef71e8d-checkout/.git/ > error: cannot run ssh: No such file or directory > fatal: unable to fork > Failed to do a shallow fetch; retrying a full fetch... > error: cannot run ssh: No such file or directory > fatal: unable to fork > git-fetch: '/gnu/store/ra24wp6glfzmpx1w6i3471aqcqqdrk96-git-minimal- > 2.32.0/bin/git > fetch origin' failed with exit code 128 > Trying content-addressed mirror at berlin.guix.gnu.org... > Trying content-addressed mirror at berlin.guix.gnu.org... > Trying to download from Software Heritage... > builder for `/gnu/store/2l35rb0s5fjk1v8vczir6cp6lfmbbf12-r- > foofactors-0.0.0.9000-1.ef71e8d-checkout.drv' > failed to produce output path `/gnu/store/7i9py1b47lsg2d2wqjk68ha04r > build of /gnu/store/2l35rb0s5fjk1v8vczir6cp6lfmbbf12-r-foofactors- > 0.0.0.9000-1.ef71e8d-checkout.drv > failed > View build log at > '/var/log/guix/drvs/2l/35rb0s5fjk1v8vczir6cp6lfmbbf12-r-foofactors- > 0.0.0.9000-1.ef71e8d-checkout.drv.bz2'. > cannot build derivation > `/gnu/store/gnzw26jl9vw3z10cdnpcahd67zlf1ziy-r-foofactors-0.0.0.9000- > 1.ef71e8d.drv': > 1 dependencies couldn't be built > guix build: error: build of > `/gnu/store/gnzw26jl9vw3z10cdnpcahd67zlf1ziy-r-foofactors-0.0.0.9000- > 1.ef71e8d.drv' > failed > > > Why is there an error of "cannot run ssh"? Is it that git-fetch does > not support fetching over SSH? Yes, git-fetch does not support fetching over SSH. "Cannot run ssh" is the error returned because the ssh program is missing at fetch time, but even if it existed, you'd get a different error, namely one of lacking keys. You'd have to set up Guix to authenticate itself as you for pulling the source and while that is in theory possible, there is a potential security risk attached to most ways of solving it and no clear path forward. Furthermore, such a feature, were it integrated in Guix, is likely only to be used for nonfree software and thus located closely to such software itself. > I would like to prompt the use of Guix for per-project management in > my small team of data scientists, so we would need a private channel > for a few internal R packages. The above problem is a real blocker. > Any help is greatly appreciated. I don't think this has to necessarily be a blocker. You can point git- fetch to file:// URIs, so your channel could have file:///path/to/repo and it'd work under the assumption that your scientists run git pull on those repos frequently enough (you could automate that with a script, perhaps even one written in Guile/a handwritten Guix extension). If you have company/university intranet, you could also expose those internal package over that on a well-known address, that's not reachable from outside. Regards, Leo