From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id aBAmAmeSs2X0ZwAAqHPOHw:P1 (envelope-from ) for ; Fri, 26 Jan 2024 12:07:19 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id aBAmAmeSs2X0ZwAAqHPOHw (envelope-from ) for ; Fri, 26 Jan 2024 12:07:19 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=rimm.ee header.s=herman header.b=Kfm5KPVL; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1706267239; a=rsa-sha256; cv=none; b=jjMHKpPJz/DEUdLCvAykVUTf0rqyabVcU849ZeyAFBajLM+p3T/rATNOrZj29KKJ20AcYG 4uIW6MpRf7CYyE7uqdtiiVO9hYwEpFDwIoUUAFp75lDj4rsE05jmZsjwLpIRd3uRba9xbc nr9UtztVv8mqhY7ZI9SjndkJh3UfTv6XJ/Zk6y8GdQ4LkOhjFHmO3X259ulZA0NrQZdAVY sabdR1LYmBgenjRT/I/ixwZWZiztKvm1O75zXS5BqtK/u4ssaTYvghlrjALbKgOIDAL0JW gpm/jlVf3oYmTuE5r+eEAgD02VkfxWrqxvt+NvX40fUuCEXasyJcyBgZ9BZApA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=rimm.ee header.s=herman header.b=Kfm5KPVL; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1706267239; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=ToopVGtORmAJ08CdKvyY7oJ3C1PGWe32Z0YnbDIHQTA=; b=mD5SxGjuiofBSv1tr0cD9V6/djkJT4RkVYUvdyP5eRo1oPqECHAOmQDkR6AHCieF04KsY9 /cBR/RpLmkRgNVxkE0N1ju4YYI07fP8xvQB/xJKvt+XqVcCcQmhcdcNtaxpkJSYFAhGzMm utBSx8yy9x1T0RHW+GWv4CKljVptl/6HUk5XnZBMwC6NLQpXoGy22T9CPf9Dn8EHm6QrCY O/wzUCVkqfcEao6OF93H0aRenY8NVVem+ioVvxZsXSsabSLAT6eGu7/TPLETlehYM9TxFI GJ7PTTmeezANW10GnJjKnNfEy9lxgK7UQzue4vBxjdji9khs4CJJk/OhRvd7Pg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 999B3684E5 for ; Fri, 26 Jan 2024 12:07:18 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rTK34-0002p9-BS; Fri, 26 Jan 2024 06:07:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rTK32-0002om-0F for guix-patches@gnu.org; Fri, 26 Jan 2024 06:07:00 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rTK30-0002BN-VR; Fri, 26 Jan 2024 06:06:58 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rTK33-0002Sj-VX; Fri, 26 Jan 2024 06:07:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#68733] [PATCH] machine: ssh: Add 'graft?' field. Resent-From: Herman Rimm Original-Sender: "Debbugs-submit" Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, rekado@elephly.net, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Fri, 26 Jan 2024 11:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 68733 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68733@debbugs.gnu.org Cc: Herman Rimm , Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by submit@debbugs.gnu.org id=B.17062671779411 (code B ref -1); Fri, 26 Jan 2024 11:07:01 +0000 Received: (at submit) by debbugs.gnu.org; 26 Jan 2024 11:06:17 +0000 Received: from localhost ([127.0.0.1]:50547 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rTK2K-0002Rj-S6 for submit@debbugs.gnu.org; Fri, 26 Jan 2024 06:06:17 -0500 Received: from lists.gnu.org ([2001:470:142::17]:59960) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rTK2J-0002RN-6o for submit@debbugs.gnu.org; Fri, 26 Jan 2024 06:06:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rTK25-0002Hc-6H for guix-patches@gnu.org; Fri, 26 Jan 2024 06:06:01 -0500 Received: from 81-205-150-117.fixed.kpn.net ([81.205.150.117] helo=email.rimm.ee) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1rTK23-0001ro-2F for guix-patches@gnu.org; Fri, 26 Jan 2024 06:06:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rimm.ee; s=herman; t=1706267152; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=ToopVGtORmAJ08CdKvyY7oJ3C1PGWe32Z0YnbDIHQTA=; b=Kfm5KPVLH4ZPe8+Wt0TVOwc4kqJu787XWunA6N96vbSU7MokUPmc6QpY4OgkmD3tfvfXtt jPvLpnF3bdsHBUT09odnuVL4O3KKpKEGysuWJiFWzz/eL5aM5npHJPZIlnlZ24FeZMy6lW bMDBmXUFJhpg3dm+AgVyRrZ8EK07Cn4Ms1ndNByt2wpkbXtc29XIAQJHqg/RESxKQMtoXO RWXKWVnbP0nWzgJSbVTyZgYc4GkAOGmkjeKoA8LNpAaSNHpmN2Nx8okeWAqehNsWRfIKL7 1A9Z6JyI4E3GfAf53lCKI4TFwrkjQwBWYPdTEt9RXGil0FWubCd+PtBXNjHZWw== Received: by 81-205-150-117.fixed.kpn.net (OpenSMTPD) with ESMTPSA id 70a8c77b (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Fri, 26 Jan 2024 11:05:51 +0000 (UTC) Date: Fri, 26 Jan 2024 11:59:30 +0100 Message-ID: <1eb737122611aa921fb8ec0257de0cb5aad5022e.1706266770.git.herman@rimm.ee> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=81.205.150.117; envelope-from=herman@rimm.ee; helo=email.rimm.ee X-Spam_score_int: 12 X-Spam_score: 1.2 X-Spam_bar: + X-Spam_report: (1.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_PBL=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TVD_RCVD_IP=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Herman Rimm X-ACL-Warn: , Herman Rimm via Guix-patches From: Herman Rimm via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx10.migadu.com X-Spam-Score: -3.67 X-Migadu-Queue-Id: 999B3684E5 X-Migadu-Spam-Score: -3.67 X-TUID: tKzgO82KTWJa * gnu/machine/ssh.scm ()[graft?]: New field. * gnu/scripts/deploy.scm (deploy-machine*): Reparameterize %graft?. * doc/guix.texi (Invoking guix deploy): Document it. Change-Id: Ide83bb465c9f30165f4ddc64e48c1b89484e3e69 --- Hi, This patch allows disabling grafts per machine by way of a new graft? field for machine-ssh-configuration. I don't know what happens when a digital-ocean-configuration is used. But that won't matter if %graft? can be parameterized in (deploy-managed-host machine) in /gnu/machine/ ssh.scm. However if %graft? is parameterized alongside %current-system, it does not affect grafting. Where should %graft? be parameterized? Cheers, Herman doc/guix.texi | 5 ++++ gnu/machine/ssh.scm | 10 ++++--- guix/scripts/deploy.scm | 58 ++++++++++++++++++++++------------------- 3 files changed, 42 insertions(+), 31 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index db0c751ded..2e316ae709 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -124,6 +124,7 @@ Copyright @copyright{} 2023 Saku Laesvuori@* Copyright @copyright{} 2023 Graham James Addis@* Copyright @copyright{} 2023 Tomas Volf@* +Copyright @copyright{} 2024 Herman Rimm@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -42359,6 +42360,10 @@ Invoking guix deploy @item @code{authorize?} (default: @code{#t}) If true, the coordinator's signing key will be added to the remote's ACL keyring. +@item @code{graft?} (default: @code{#t}) +If false, system derivations will be built without applying any grafts onto +packages. Grafting should be disabled for deployment to machines with a +differing architecture. @item @code{port} (default: @code{22}) @item @code{user} (default: @code{"root"}) @item @code{identity} (default: @code{#f}) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index b5984dc732..881576ff74 100644 --- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -63,6 +63,7 @@ (define-module (gnu machine ssh) machine-ssh-configuration-build-locally? machine-ssh-configuration-authorize? machine-ssh-configuration-allow-downgrades? + machine-ssh-configuration-graft? machine-ssh-configuration-port machine-ssh-configuration-user machine-ssh-configuration-host-key @@ -95,6 +96,8 @@ (define-record-type* machine-ssh-configuration (default #t)) (allow-downgrades? machine-ssh-configuration-allow-downgrades? ; boolean (default #f)) + (graft? machine-ssh-configuration-graft? ; boolean + (default #t)) (safety-checks? machine-ssh-configuration-safety-checks? ;boolean (default #t)) (port machine-ssh-configuration-port ; integer @@ -489,12 +492,10 @@ (define (deploy-managed-host machine) "Internal implementation of 'deploy-machine' for MACHINE instances with an environment type of 'managed-host." (define config (machine-configuration machine)) - (define host (machine-ssh-configuration-host-name config)) (define system (machine-ssh-configuration-system config)) (maybe-raise-unsupported-configuration-error machine) - (when (machine-ssh-configuration-authorize? - (machine-configuration machine)) + (when (machine-ssh-configuration-authorize? config) (unless (file-exists? %public-key-file) (raise (formatted-message (G_ "no signing key '~a'. \ Have you run 'guix archive --generate-key'?") @@ -512,7 +513,8 @@ (define (deploy-managed-host machine) ;; %BASE-INITRD-MODULES, gets to see the right value. (parameterize ((%current-system system) (%current-target-system #f)) - (let* ((os (machine-operating-system machine)) + (let* ((host (machine-ssh-configuration-host-name config)) + (os (machine-operating-system machine)) (eval (cut machine-remote-eval machine <>)) (menu-entries (map boot-parameters->menu-entry boot-parameters)) (bootloader-configuration (operating-system-bootloader os)) diff --git a/guix/scripts/deploy.scm b/guix/scripts/deploy.scm index 4b1a603049..8ffc45e8c3 100644 --- a/guix/scripts/deploy.scm +++ b/guix/scripts/deploy.scm @@ -20,6 +20,7 @@ (define-module (guix scripts deploy) #:use-module (gnu machine) + #:use-module (gnu machine ssh) #:use-module (guix discovery) #:use-module (guix scripts) #:use-module (guix scripts build) @@ -138,35 +139,38 @@ (define (deploy-machine* store machine) (info (G_ "deploying to ~a...~%") (machine-display-name machine)) - (guard* (c - ;; On Guile 3.0, exceptions such as 'unbound-variable' are compound - ;; and include a '&message'. However, that message only contains - ;; the format string. Thus, special-case it here to avoid - ;; displaying a bare format string. - (((exception-predicate &exception-with-kind-and-args) c) - (raise c)) + (define config (machine-configuration machine)) + (define graft? (machine-ssh-configuration-graft? config)) + (parameterize ((%graft? (and (%graft?) graft?))) + (guard* (c + ;; On Guile 3.0, exceptions such as 'unbound-variable' are compound + ;; and include a '&message'. However, that message only contains + ;; the format string. Thus, special-case it here to avoid + ;; displaying a bare format string. + (((exception-predicate &exception-with-kind-and-args) c) + (raise c)) - ((message-condition? c) - (leave (G_ "failed to deploy ~a: ~a~%") - (machine-display-name machine) - (condition-message c))) - ((formatted-message? c) - (leave (G_ "failed to deploy ~a: ~a~%") - (machine-display-name machine) - (apply format #f - (gettext (formatted-message-string c) - %gettext-domain) - (formatted-message-arguments c)))) - ((deploy-error? c) - (when (deploy-error-should-roll-back c) - (info (G_ "rolling back ~a...~%") - (machine-display-name machine)) - (run-with-store store (roll-back-machine machine))) - (apply throw (deploy-error-captured-args c)))) - (run-with-store store (deploy-machine machine)) + ((message-condition? c) + (leave (G_ "failed to deploy ~a: ~a~%") + (machine-display-name machine) + (condition-message c))) + ((formatted-message? c) + (leave (G_ "failed to deploy ~a: ~a~%") + (machine-display-name machine) + (apply format #f + (gettext (formatted-message-string c) + %gettext-domain) + (formatted-message-arguments c)))) + ((deploy-error? c) + (when (deploy-error-should-roll-back c) + (info (G_ "rolling back ~a...~%") + (machine-display-name machine)) + (run-with-store store (roll-back-machine machine))) + (apply throw (deploy-error-captured-args c)))) + (run-with-store store (deploy-machine machine)) - (info (G_ "successfully deployed ~a~%") - (machine-display-name machine)))) + (info (G_ "successfully deployed ~a~%") + (machine-display-name machine))))) (define (invoke-command store machine command) "Invoke COMMAND, a list of strings, on MACHINE. Display its output (if any) base-commit: cdf1d7dded027019f0ebbd5d6f0147b13dfdd28d -- 2.41.0