From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54164)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ew7p1-0005aT-NR
	for guix-patches@gnu.org; Wed, 14 Mar 2018 10:56:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ew7ow-0002ik-Sg
	for guix-patches@gnu.org; Wed, 14 Mar 2018 10:56:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:53740)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1ew7ow-0002id-NS
	for guix-patches@gnu.org; Wed, 14 Mar 2018 10:56:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ew7ow-0005rI-Gu
	for guix-patches@gnu.org; Wed, 14 Mar 2018 10:56:02 -0400
Subject: [bug#30817] [PATCH] openssh-service: export AcceptEnv option
Resent-Message-ID: <handler.30817.B.152103934622492@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54062)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <castilma@uni-bremen.de>) id 1ew7oW-00057Q-Ut
	for guix-patches@gnu.org; Wed, 14 Mar 2018 10:55:38 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <castilma@uni-bremen.de>) id 1ew7oS-0002P0-2q
	for guix-patches@gnu.org; Wed, 14 Mar 2018 10:55:37 -0400
Received: from gabriel-vm-2.zfn.uni-bremen.de ([134.102.50.10]:51862
	helo=smtp.uni-bremen.de)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <castilma@uni-bremen.de>)
	id 1ew7oR-0002It-KA
	for guix-patches@gnu.org; Wed, 14 Mar 2018 10:55:32 -0400
Received: from [192.168.178.5] (ip4d173913.dynamic.kabel-deutschland.de
	[77.23.57.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.uni-bremen.de (Postfix) with ESMTPSA id F3AF0203B3
	for <guix-patches@gnu.org>; Wed, 14 Mar 2018 15:55:22 +0100 (CET)
From: Martin Castillo <castilma@uni-bremen.de>
Message-ID: <25eef45c-9acd-29ab-d82e-5dbc16909ef4@uni-bremen.de>
Date: Wed, 14 Mar 2018 15:55:14 +0100
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="xUhgoxtF5E5700yuVBpAdRE2L6H5S5lvs"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 30817@debbugs.gnu.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--xUhgoxtF5E5700yuVBpAdRE2L6H5S5lvs
Content-Type: multipart/mixed; boundary="IC4VkdivZd9fZZ6eAhP4U4ItYQK5FQhcU";
 protected-headers="v1"
From: Martin Castillo <castilma@uni-bremen.de>
To: guix-patches@gnu.org
Message-ID: <25eef45c-9acd-29ab-d82e-5dbc16909ef4@uni-bremen.de>
Subject: [PATCH] openssh-service: export AcceptEnv option

--IC4VkdivZd9fZZ6eAhP4U4ItYQK5FQhcU
Content-Type: multipart/mixed;
 boundary="------------07A9C47C1B6B6812FE9754B5"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------07A9C47C1B6B6812FE9754B5
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

(Resent, because I forgot '[PATCH]' in the subject.)

This patch makes AcceptEnv configurable from config.scm.

Questions:
Is the dash in environment-variables correct?
Why are there always two spaces after a period?
Is @option the correct annotation for AcceptEnv?

Martin


--------------07A9C47C1B6B6812FE9754B5
Content-Type: text/x-patch;
 name="0001-services-openssh-Add-AcceptEnv-field.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
 filename="0001-services-openssh-Add-AcceptEnv-field.patch"

=46rom e64e4a908936c5aec0c026324cc08be12edb8ec1 Mon Sep 17 00:00:00 2001
From: Martin Castillo <castilma@uni-bremen.de>
Date: Tue, 13 Mar 2018 16:40:55 +0100
Subject: [PATCH] services: openssh: Add 'AcceptEnv' field.

* gnu/services/ssh.scm (<openssh-configuration>)[AcceptEnv]: New field.
(openssh-config-file): Honor 'AcceptEnv'.
* doc/guix.texi (Networking Services): Document it.
---
 doc/guix.texi        | 11 +++++++++++
 gnu/services/ssh.scm |  7 +++++++
 2 files changed, 18 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index d3a7908f9..bed0d3359 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -11158,6 +11158,17 @@ server.  Alternately, one can specify the @comma=
nd{sftp-server} command:
            `(("sftp" ,(file-append openssh "/libexec/sftp-server"))))))
 @end example
=20
+@item @code{accept-env} (default: @code{'()})
+List of strings describing which environment-variables may be exported.
+
+Each string gets on its own line.  See the @option{AcceptEnv} option in
+@code{sshd_config(5)}.
+@example
+(service openssh-service-type
+         (openssh-configuration
+		  (accept-env '("COLORTERM"))))
+@end example
+
 @item @code{authorized-keys} (default: @code{'()})
 @cindex authorized keys, SSH
 @cindex SSH authorized keys
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 301ba7404..ad778f394 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -302,6 +302,10 @@ The other options should be self-descriptive."
   (subsystems            openssh-configuration-subsystems
                          (default '(("sftp" "internal-sftp"))))
=20
+  ;; list of strings
+  (accept-env            openssh-configuration-accept-env
+                         (default '()))
+
   ;; list of user-name/file-like tuples
   (authorized-keys       openssh-authorized-keys
                          (default '()))
@@ -430,6 +434,9 @@ of user-name/file-like tuples."
            (format port "AuthorizedKeysFile \
  .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%=
u\n")
=20
+           (for-each (lambda (s) (format port "AcceptEnv ~a\n" s))
+                     '#$(openssh-configuration-accept-env config))
+
            (for-each
             (match-lambda
               ((name command) (format port "Subsystem\t~a\t~a\n" name co=
mmand)))
--=20
2.16.2



--------------07A9C47C1B6B6812FE9754B5--

--IC4VkdivZd9fZZ6eAhP4U4ItYQK5FQhcU--

--xUhgoxtF5E5700yuVBpAdRE2L6H5S5lvs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE61CTslYA+K5btSvb61vedmKoYVkFAlqpN9oACgkQ61vedmKo
YVlHWQf/TAKiuFzXVBbNUxnqfYLJ5dpsqqs+ItjJZsSE2iJxRaKGd3c1o80SLi+f
62u+i2nahRVy8JLGp2kzpb7BmGc3J7yyYySWx2LNuGyXxrB2qAJjmn45vkOoV2kR
6KB+NcEogY61/P4rHuJvi0jE3QomxZLd4VnMSoPufXLstwnhEqLGvoE87YxFCWvR
jdltyx67LoAiwKMSDDI6JQYHZrWVqH7fskY2ul3KWZ6z8yNCkWxTRYRMwb0Vpd/u
qdrLMo55Mz5CCcoEYHnm+/KgPd5HmDCeKy2yF2xb8NeAupolJmRwhqBjmFLRVD93
qh05afktL0dNXZSBygKfC9ozywWVSA==
=DR2P
-----END PGP SIGNATURE-----

--xUhgoxtF5E5700yuVBpAdRE2L6H5S5lvs--