From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id GPp1HZy8dGSqCwAASxT56A (envelope-from ) for ; Mon, 29 May 2023 16:54:20 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id aMa5HJy8dGQDGQEAG6o9tA (envelope-from ) for ; Mon, 29 May 2023 16:54:20 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CF38E28C8C for ; Mon, 29 May 2023 16:54:19 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q3eG5-0005gJ-EO; Mon, 29 May 2023 10:54:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3eG2-0005fb-Gp for guix-patches@gnu.org; Mon, 29 May 2023 10:54:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3eG2-0005cX-7T for guix-patches@gnu.org; Mon, 29 May 2023 10:54:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1q3eG2-0001gK-2n for guix-patches@gnu.org; Mon, 29 May 2023 10:54:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean options in ssh-config. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: , guix-patches@gnu.org Resent-Date: Mon, 29 May 2023 14:54:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 63786 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63786@debbugs.gnu.org Cc: Efraim Flashner , ( , Andrew Tropin , Ludovic =?UTF-8?Q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: ( , Andrew Tropin , Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by submit@debbugs.gnu.org id=B.16853719896396 (code B ref -1); Mon, 29 May 2023 14:54:01 +0000 Received: (at submit) by debbugs.gnu.org; 29 May 2023 14:53:09 +0000 Received: from localhost ([127.0.0.1]:58858 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3eFA-0001f6-ER for submit@debbugs.gnu.org; Mon, 29 May 2023 10:53:08 -0400 Received: from lists.gnu.org ([209.51.188.17]:51830) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3eF8-0001ex-Hh for submit@debbugs.gnu.org; Mon, 29 May 2023 10:53:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3eF8-0005QR-8g for guix-patches@gnu.org; Mon, 29 May 2023 10:53:06 -0400 Received: from mail-wm1-x32c.google.com ([2a00:1450:4864:20::32c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3eF6-0005HH-Bx for guix-patches@gnu.org; Mon, 29 May 2023 10:53:06 -0400 Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-3f601c57d8dso24046905e9.0 for ; Mon, 29 May 2023 07:53:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685371983; x=1687963983; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:from:to:cc:subject:date:message-id:reply-to; bh=mfz2j4EUPbyb5zR1RBOIN2ip7BWttDFzarYVEHjcWXw=; b=OXdVAiyffWFwK1pQ2amAwWNKUAwyWeIrhb76PvQy9glfOssIsHtrd3UQDNuExeYp9B elH2NQRpXIXDP7ci+und3M8MB1HL1ssAk8nXNXQSNX+UVENWGI9O1SK0HqXUiVSp58Zz mukNu6dv7JBCtToxvXi3rkUPXa73od89zFUlZvPYcEikrOrZA+xMGvxXhrkGlkvKCcGM jFySl8EFhlOfDMNk1O1f78Bl6Mum02tqN4Dn2K4zUjDkQQPy6/CCJWpB0BM+HrkLIPy4 eHnVQHuecCWWO6NGr+h41kspnrk0uWaznMtPCiyewOiJTA69oUcPEKIjN+hM/vCQYbpX qL7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685371983; x=1687963983; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mfz2j4EUPbyb5zR1RBOIN2ip7BWttDFzarYVEHjcWXw=; b=XML9t7nDzFyFeADXQ/ZGrUzTrq8N7H6TMjYVBI0lP1rxjuVBtq7QCWSwwBJzVajxHr GgOTkkReYZLGMftD4RtsjOLX4GRRz2Xm90jVrHT2AKBaVI6BdY/7O4+RQOVZNacZNmPc 89QREesx462QapR1i96H8oU4fXD982q5s8qH7vuEZ+wcRDnSFpa+MOozJzgDojC+zNjn Irw4j7NkJyIbxXj55u8LxTFUMfh17vBTTU4lT540l1xmK4I6D3XxVaqMr9hRc9B9t+ke 91eJJjfu9ZwWjKMjpWRAq3Rbyi4dEEULPz9gD1By8PFtPsaT7FyJusEzAjKO8Z+kGNKl h4Pg== X-Gm-Message-State: AC+VfDwODtHjQB6rbS4y0PJn8xzU3UQhmgRLt8uNMHHsiI+CM1K+G8Fb jZ8hKu9Y8YwyUOz3vMDX2S7tcNXGLieT6A== X-Google-Smtp-Source: ACHHUZ4D6bACvD/Q89gz8k5wSVxcwrFL3isc94jw39fGrztQPqLSXmtPyiGLhrIx2weyKAffyJYBHw== X-Received: by 2002:a7b:c4c3:0:b0:3f5:fa76:8dd0 with SMTP id g3-20020a7bc4c3000000b003f5fa768dd0mr7540835wmk.0.1685371982706; Mon, 29 May 2023 07:53:02 -0700 (PDT) Received: from localhost ([37.46.46.3]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b003f6050d35c9sm14387367wmc.20.2023.05.29.07.53.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 May 2023 07:53:02 -0700 (PDT) From: Efraim Flashner Date: Mon, 29 May 2023 17:52:59 +0300 Message-Id: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::32c; envelope-from=efraim.flashner@gmail.com; helo=mail-wm1-x32c.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1685372060; a=rsa-sha256; cv=none; b=GeyT+SyLvldf3OF670ssm1vqNszM/2QqMysMZD7uW3mbD/DFjXv/6+bfDR8D7WyE+Fy0Lq U/xNQSxByB8DACyLVLY8y2tCylD3GtntIp4ZrOfmJpfdXI3quX3CfCz9pFi9a4SSfLUomM lWR/6iUoKT30TeEtWfNmdxhAvuLcCuNiW4cT7QS/YEaRvbY15Vmtdv131BviJnc+/LP+Yy GzuOfXS+q70fFOp5zhZn0gVImGz/Lv+jGoyBu8bVnYK7C5v2FasRGPwYRt5FlgqhywlMx3 fCSchnNCEKNkxq8Wqv9rf34PTcvPLyv6NJOtvo7F6JEktxSI6U/AV0Trkj9Ycg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=OXdVAiyf; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1685372060; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=mfz2j4EUPbyb5zR1RBOIN2ip7BWttDFzarYVEHjcWXw=; b=QRTRfR+5sek08hQ/dKu20xWssMWBrRZWpun4peVxp6f8/niOjAFONUSGzj9pt4aCQoGVjO 4qjaRUlfisvjefIdthQ9Ph4CP5PR3F1HiXCF/mdON1A2g50pbU/a+wDUVpFhHUuegTZLO4 LEu8Chl5cmUwIr0qQdGqXI+x/CBm+pdiqv6qOPqTquNCxyd8kcZNmPDmoWnYrVJ0jANI42 Hzc5WRW2naWBmVzE0lP647MZ91YVCa7An84ickK8DCJDvgxGWTvjBlu2p3VVesc3c57WLB oqO10K6YkYK3UA9gGmzs0NQp4NiTgR9AmZom8XsOF40Fq5ISxeFXPn5Pdk5yGw== X-Migadu-Spam-Score: -0.11 X-Spam-Score: -0.11 X-Migadu-Queue-Id: CF38E28C8C X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=OXdVAiyf; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-TUID: utwgqqc1wf3t >From man 5 ssh_config: Unless noted otherwise, for each parameter, the first obtained value will be used. We want to allow falling through to the first actual user defined value. * gnu/home/services.ssh.scm (define-maybe boolean): New configuration. (openssh-host)[forward-x11?, forward-x11-trusted?, forward-agent?, compression?]: Replace default value with maybe-boolean. * doc/guix.texi (Secure Shell): Update documentation to match the changes in the code. --- doc/guix.texi | 10 +++++----- gnu/home/services/ssh.scm | 11 +++++++---- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 31dc33fb97..d22924e522 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -33,7 +33,7 @@ Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ricardo Wurmus@* Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@* -Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@* +Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* Copyright @copyright{} 2016, 2017 Nikita Gillmann@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Jan Nieuwenhuizen@* @@ -43017,19 +43017,19 @@ Secure Shell @item @code{user} (type: maybe-string) User name on the remote host. -@item @code{forward-x11?} (default: @code{#f}) (type: boolean) +@item @code{forward-x11?} (type: maybe-boolean) Whether to forward remote client connections to the local X11 graphical display. -@item @code{forward-x11-trusted?} (default: @code{#f}) (type: boolean) +@item @code{forward-x11-trusted?} (type: maybe-boolean) Whether remote X11 clients have full access to the original X11 graphical display. -@item @code{forward-agent?} (default: @code{#f}) (type: boolean) +@item @code{forward-agent?} (type: maybe-boolean) Whether the authentication agent (if any) is forwarded to the remote machine. -@item @code{compression?} (default: @code{#f}) (type: boolean) +@item @code{compression?} (type: maybe-boolean) Whether to compress data in transit. @item @code{proxy} (type: maybe-proxy-command-or-jump-list) diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index 628dc743ae..0a4b37d84e 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2022 Ludovic Courtès ;;; Copyright © 2023 Janneke Nieuwenhuizen +;;; Copyright © 2023 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -104,6 +105,8 @@ (define (serialize-natural-number field value) (string-append " " (serialize-field-name field) " " (number->string value) "\n")) +(define-maybe boolean) + (define (serialize-boolean field value) (string-append " " (serialize-field-name field) " " (if value "yes" "no") "\n")) @@ -194,19 +197,19 @@ (define-configuration openssh-host maybe-string "User name on the remote host.") (forward-x11? - (boolean #f) + maybe-boolean "Whether to forward remote client connections to the local X11 graphical display.") (forward-x11-trusted? - (boolean #f) + maybe-boolean "Whether remote X11 clients have full access to the original X11 graphical display.") (forward-agent? - (boolean #f) + maybe-boolean "Whether the authentication agent (if any) is forwarded to the remote machine.") (compression? - (boolean #f) + maybe-boolean "Whether to compress data in transit.") (proxy-command maybe-string base-commit: 7b400e7f8751e6b0cc6e66d3f7ecfb7f5bd51309 -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted