* [bug#73465] [PATCH] Wireguard: Rename field private-key to private-key-file
@ 2024-09-25 3:58 Apoorv Singh
2024-09-26 17:39 ` Sergey Trofimov
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Apoorv Singh @ 2024-09-25 3:58 UTC (permalink / raw)
To: 73465
[-- Attachment #1: Type: text/plain, Size: 154 bytes --]
The following patches renames the field private-key to private-key-file as it makes it more clear that it needs path to a file rather than the key it self
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Wireguard rename field private-key to private-key-file --]
[-- Type: text/x-patch, Size: 3041 bytes --]
From 92e6d353a72e9ed0ee7097f2e5e5ff76521455a7 Mon Sep 17 00:00:00 2001
From: apoorv569 <apoorvs569@gmail.com>
Date: Wed, 25 Sep 2024 09:06:05 +0530
Subject: [PATCH 1/2] Wireguard rename field private-key to private-key-file
---
gnu/services/vpn.scm | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index 7fb4775757..449909e34d 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -741,7 +741,7 @@ (define-record-type* <wireguard-configuration>
(default '("10.0.0.1/32")))
(port wireguard-configuration-port ;integer
(default 51820))
- (private-key wireguard-configuration-private-key ;string
+ (private-key-file wireguard-configuration-private-key-file ;string
(default "/etc/wireguard/private.key"))
(peers wireguard-configuration-peers ;list of <wiregard-peer>
(default '()))
@@ -782,7 +782,7 @@ (define (peers->preshared-keys peer keys)
keys)))
(match-record config <wireguard-configuration>
- (wireguard interface addresses port private-key peers dns
+ (wireguard interface addresses port private-key-file peers dns
pre-up post-up pre-down post-down table)
(let* ((config-file (string-append interface ".conf"))
(peer-keys (fold peers->preshared-keys (list) peers))
@@ -807,7 +807,7 @@ (define lines
(list (format #f "~{PreUp = ~a~%~}" pre-up)))
(format #f "PostUp = ~a set %i private-key ~a\
~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg")
-#$private-key '#$peer-keys)
+#$private-key-file '#$peer-keys)
#$@(if (null? post-up)
'()
(list (format #f "~{PostUp = ~a~%~}" post-up)))
@@ -833,22 +833,22 @@ (define lines
(define (wireguard-activation config)
(match-record config <wireguard-configuration>
- (private-key wireguard)
+ (private-key-file wireguard)
#~(begin
(use-modules (guix build utils)
(ice-9 popen)
(ice-9 rdelim))
- (mkdir-p (dirname #$private-key))
- (unless (file-exists? #$private-key)
+ (mkdir-p (dirname #$private-key-file))
+ (unless (file-exists? #$private-key-file)
(let* ((pipe
(open-input-pipe (string-append
#$(file-append wireguard "/bin/wg")
" genkey")))
(key (read-line pipe)))
- (call-with-output-file #$private-key
+ (call-with-output-file #$private-key-file
(lambda (port)
(display key port)))
- (chmod #$private-key #o400)
+ (chmod #$private-key-file #o400)
(close-pipe pipe))))))
;;; XXX: Copied from (guix scripts pack), changing define to define*.
--
2.46.0
[-- Attachment #3: Type: text/plain, Size: 41 bytes --]
.
--
- Apoorv Singh
- Sent from Emacs.
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#73465] [PATCH] Wireguard: Rename field private-key to private-key-file
2024-09-25 3:58 [bug#73465] [PATCH] Wireguard: Rename field private-key to private-key-file Apoorv Singh
@ 2024-09-26 17:39 ` Sergey Trofimov
2024-09-28 5:29 ` [bug#73465] " Apoorv Singh
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Sergey Trofimov @ 2024-09-26 17:39 UTC (permalink / raw)
To: Apoorv Singh; +Cc: 73465
Apoorv Singh <apoorvs569@gmail.com> writes:
> The following patches renames the field private-key to private-key-file as it
> makes it more clear that it needs path to a file rather than the key it self
>
Hi, you have to deprecate the field instead using
`warn-about-deprecation` procedure and to adjust the documentation as
well.
Please note that there is also preshared-key parameter which also takes
a path. It'd be nice to rename it as well for consistency sake.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#73465] Wireguard: Rename field private-key to private-key-file
2024-09-25 3:58 [bug#73465] [PATCH] Wireguard: Rename field private-key to private-key-file Apoorv Singh
2024-09-26 17:39 ` Sergey Trofimov
@ 2024-09-28 5:29 ` Apoorv Singh
2024-09-30 7:04 ` Apoorv Singh
2024-10-05 3:35 ` [bug#73465] Wireguard: Deprecate and rename fields Apoorv Singh
3 siblings, 0 replies; 6+ messages in thread
From: Apoorv Singh @ 2024-09-28 5:29 UTC (permalink / raw)
To: 73465
Do you want me to keep both private-key and private-key-file in
the record but still use private-key for now? but just warn about
deprecation for the field? Something like,
```
(define-record-type* <wireguard-configuration>
wireguard-configuration make-wireguard-configuration
wireguard-configuration?
;; other fields here..
(private-key wireguard-configuration-private-key-file
;deprecated
(default "/etc/wireguard/private.key"))
(private-key-file wireguard-configuration-private-key-file
;string
(default "/etc/wireguard/private.key"))
```
then, in the `wireguard-configuration-file` procedure, under
`match-record`, I should do something like,
```
(match-record config <wireguard-configuration>
(wireguard interface addresses port private-key peers dns ;;
keeping private-key field here..
pre-up post-up pre-down post-down table)
(let* ((config-file (string-append interface ".conf"))
(peer-keys (fold peers->preshared-keys (list) peers))
(peers (map peer->config peers))
(config
(computed-file
"wireguard-config"
#~(begin
(use-modules (ice-9 format)
(srfi srfi-1))
(define lines
(list
;; other stuff..
(when (not (string-null? #$private-key))
(warn-about-deprecation 'private-key
#f
#:replacement
'private-key-file))
(format #f "PostUp = ~a set %i private-key ~a\
~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg")
#$private-key '#$peer-keys) ;; using private-key field here
still..
Sorry I'm not familiar with how all this works. Just making sure
before I commit any changes.
Also by adjust the documentation you mean edit the
doc/guix.texi:34373 file and append something like,
```
@item @code{private-key} (default:
@code{"/etc/wireguard/private.key"})
The private key file for the interface. It is automatically
generated
if the file does not exist. 'Using private-key' is deprecated use
'private-key-file' instead.
```
--
- Apoorv Singh
- Sent from Emacs.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#73465] Wireguard: Rename field private-key to private-key-file
2024-09-25 3:58 [bug#73465] [PATCH] Wireguard: Rename field private-key to private-key-file Apoorv Singh
2024-09-26 17:39 ` Sergey Trofimov
2024-09-28 5:29 ` [bug#73465] " Apoorv Singh
@ 2024-09-30 7:04 ` Apoorv Singh
2024-10-05 3:35 ` [bug#73465] Wireguard: Deprecate and rename fields Apoorv Singh
3 siblings, 0 replies; 6+ messages in thread
From: Apoorv Singh @ 2024-09-30 7:04 UTC (permalink / raw)
To: 73465
I made some changes, here is the output of `git diff`,
```
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index eee7e78c6d..ebac4ad943 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -67,7 +67,8 @@ (define-module (gnu services vpn)
wireguard-peer-endpoint
wireguard-peer-allowed-ips
wireguard-peer-public-key
- wireguard-peer-preshared-key
+ wireguard-peer-preshared-key ; deprecated
+ wireguard-peer-preshared-key-file
wireguard-peer-keep-alive
wireguard-configuration
@@ -79,7 +80,8 @@ (define-module (gnu services vpn)
wireguard-configuration-dns
wireguard-configuration-monitor-ips?
wireguard-configuration-monitor-ips-interval
- wireguard-configuration-private-key
+ wireguard-configuration-private-key ; deprecated
+ wireguard-configuration-private-key-file
wireguard-configuration-peers
wireguard-configuration-pre-up
wireguard-configuration-post-up
@@ -721,15 +723,17 @@ (define strongswan-service-type
(define-record-type* <wireguard-peer>
wireguard-peer make-wireguard-peer
wireguard-peer?
- (name wireguard-peer-name)
- (endpoint wireguard-peer-endpoint
- (default #f)) ;string
- (public-key wireguard-peer-public-key) ;string
- (preshared-key wireguard-peer-preshared-key
- (default #f)) ;string
- (allowed-ips wireguard-peer-allowed-ips) ;list of strings
- (keep-alive wireguard-peer-keep-alive
- (default #f))) ;integer
+ (name wireguard-peer-name)
+ (endpoint wireguard-peer-endpoint
+ (default #f)) ;string
+ (public-key wireguard-peer-public-key) ;string
+ (preshared-key wireguard-peer-preshared-key ;deprecated
+ (default #f)) ;string
+ (preshared-key-file wireguard-peer-preshared-key-file
+ (default #f)) ;string
+ (allowed-ips wireguard-peer-allowed-ips) ;list of
strings
+ (keep-alive wireguard-peer-keep-alive
+ (default #f))) ;integer
(define-record-type* <wireguard-configuration>
wireguard-configuration make-wireguard-configuration
@@ -742,6 +746,8 @@ (define-record-type* <wireguard-configuration>
(default '("10.0.0.1/32")))
(port wireguard-configuration-port ;integer
(default 51820))
+ (private-key wireguard-configuration-private-key ;string
;deprecated
+ (default "/etc/wireguard/private.key"))
(private-key-file wireguard-configuration-private-key-file
;string
(default "/etc/wireguard/private.key"))
(peers wireguard-configuration-peers ;list of
<wiregard-peer>
@@ -778,18 +784,29 @@ (define (peer->config peer)
(string-join (remove string-null? lines) "\n"))))
(define (peers->preshared-keys peer keys)
- (let ((public-key (wireguard-peer-public-key peer))
- (preshared-key (wireguard-peer-preshared-key peer)))
- (if preshared-key
- (cons* public-key preshared-key keys)
+ (let* ((public-key (wireguard-peer-public-key peer))
+ (preshared-key (wireguard-peer-preshared-key peer))
+ (preshared-key-file (wireguard-peer-preshared-key-file
peer))
+ (final-preshared-key (or preshared-key
preshared-key-file)))
+ ;; XXX Warn about deprecated preshared-key field with newer
replacement
+ (when preshared-key
+ (warn-about-deprecation 'preshared-key #f #:replacement
'preshared-key-file))
+ (if final-preshared-key
+ (cons* public-key final-preshared-key keys)
keys)))
(match-record config <wireguard-configuration>
- (wireguard interface addresses port private-key-file peers
dns
+ (wireguard interface addresses port private-key-file
private-key peers dns
pre-up post-up pre-down post-down table)
+
+ ;; XXX Warn about deprecated private-key field with newer
replacement
+ (when private-key
+ (warn-about-deprecation 'private-key #f #:replacement
'private-key-file))
+
(let* ((config-file (string-append interface ".conf"))
(peer-keys (fold peers->preshared-keys (list) peers))
(peers (map peer->config peers))
+ (final-private-key (or private-key private-key-file))
(config
(computed-file
"wireguard-config"
@@ -810,7 +827,7 @@ (define lines
(list (format #f "~{PreUp = ~a~%~}"
pre-up)))
(format #f "PostUp = ~a set %i private-key
~a\
~{ peer ~a preshared-key ~a~}" #$(file-append wireguard
"/bin/wg")
-#$private-key-file '#$peer-keys)
+#$final-private-key '#$peer-keys)
#$@(if (null? post-up)
'()
(list (format #f "~{PostUp = ~a~%~}"
post-up)))
@@ -836,23 +853,29 @@ (define lines
(define (wireguard-activation config)
(match-record config <wireguard-configuration>
- (private-key-file wireguard)
- #~(begin
- (use-modules (guix build utils)
- (ice-9 popen)
- (ice-9 rdelim))
- (mkdir-p (dirname #$private-key-file))
- (unless (file-exists? #$private-key-file)
- (let* ((pipe
- (open-input-pipe (string-append
- #$(file-append wireguard
"/bin/wg")
- " genkey")))
- (key (read-line pipe)))
- (call-with-output-file #$private-key-file
- (lambda (port)
- (display key port)))
- (chmod #$private-key-file #o400)
- (close-pipe pipe))))))
+ (private-key private-key-file wireguard)
+
+ ;; XXX Warn about deprecated private-key field with newer
replacement
+ (when private-key
+ (warn-about-deprecation 'private-key #f #:replacement
'private-key-file))
+
+ (let ((final-private-key (or private-key private-key-file)))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 popen)
+ (ice-9 rdelim))
+ (mkdir-p (dirname #$final-private-key))
+ (unless (file-exists? #$final-private-key)
+ (let* ((pipe
+ (open-input-pipe (string-append
+ #$(file-append wireguard
"/bin/wg")
+ " genkey")))
+ (key (read-line pipe)))
+ (call-with-output-file #$final-private-key
+ (lambda (port)
+ (display key port)))
+ (chmod #$final-private-key #o400)
+ (close-pipe pipe)))))))
;;; XXX: Copied from (guix scripts pack), changing define to
define*.
(define-syntax-rule (define-with-source (variable args ...) body
body* ...)
```
If this is desired way of doing this, I will share the formatted
patch as an attachment.
--
- Apoorv Singh
- Sent from Emacs.
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#73465] Wireguard: Deprecate and rename fields
2024-09-25 3:58 [bug#73465] [PATCH] Wireguard: Rename field private-key to private-key-file Apoorv Singh
` (2 preceding siblings ...)
2024-09-30 7:04 ` Apoorv Singh
@ 2024-10-05 3:35 ` Apoorv Singh
2024-12-09 17:05 ` Richard Sent
3 siblings, 1 reply; 6+ messages in thread
From: Apoorv Singh @ 2024-10-05 3:35 UTC (permalink / raw)
To: 73465
[-- Attachment #1: Type: text/plain, Size: 135 bytes --]
The following patch is a V2 for renaming the following fields,
- preshared-key to preshared-key-file
- private-key to private-key-file
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Wireguard: Deprecate and rename fields --]
[-- Type: text/x-patch, Size: 6889 bytes --]
From 1e0ca84d91fbcac58ec1ce45447407b0f7848661 Mon Sep 17 00:00:00 2001
From: apoorv569 <apoorvs569@gmail.com>
Date: Wed, 25 Sep 2024 09:06:05 +0530
Subject: [PATCH V2] Wireguard: Deprecate and rename fields with warning
- preshared-key to preshared-key-file
- private-key to private-key-file
---
gnu/services/vpn.scm | 79 +++++++++++++++++++++++++++++---------------
1 file changed, 52 insertions(+), 27 deletions(-)
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index aab41680d3..efdb85e3a6 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -67,7 +67,8 @@ (define-module (gnu services vpn)
wireguard-peer-endpoint
wireguard-peer-allowed-ips
wireguard-peer-public-key
- wireguard-peer-preshared-key
+ wireguard-peer-preshared-key ; deprecated
+ wireguard-peer-preshared-key-file
wireguard-peer-keep-alive
wireguard-configuration
@@ -79,7 +80,8 @@ (define-module (gnu services vpn)
wireguard-configuration-dns
wireguard-configuration-monitor-ips?
wireguard-configuration-monitor-ips-interval
- wireguard-configuration-private-key
+ wireguard-configuration-private-key ; deprecated
+ wireguard-configuration-private-key-file
wireguard-configuration-peers
wireguard-configuration-pre-up
wireguard-configuration-post-up
@@ -725,8 +727,10 @@ (define-record-type* <wireguard-peer>
(endpoint wireguard-peer-endpoint
(default #f)) ;string
(public-key wireguard-peer-public-key) ;string
- (preshared-key wireguard-peer-preshared-key
+ (preshared-key wireguard-peer-preshared-key ;deprecated
(default #f)) ;string
+ (preshared-key-file wireguard-peer-preshared-key-file
+ (default #f)) ;string
(allowed-ips wireguard-peer-allowed-ips) ;list of strings
(keep-alive wireguard-peer-keep-alive
(default #f))) ;integer
@@ -742,7 +746,9 @@ (define-record-type* <wireguard-configuration>
(default '("10.0.0.1/32")))
(port wireguard-configuration-port ;integer
(default 51820))
- (private-key wireguard-configuration-private-key ;string
+ (private-key wireguard-configuration-private-key ;string ;deprecated
+ (default "/etc/wireguard/private.key"))
+ (private-key-file wireguard-configuration-private-key-file ;string
(default "/etc/wireguard/private.key"))
(peers wireguard-configuration-peers ;list of <wiregard-peer>
(default '()))
@@ -778,18 +784,31 @@ (define (peer->config peer)
(string-join (remove string-null? lines) "\n"))))
(define (peers->preshared-keys peer keys)
- (let ((public-key (wireguard-peer-public-key peer))
- (preshared-key (wireguard-peer-preshared-key peer)))
- (if preshared-key
- (cons* public-key preshared-key keys)
+ (let* ((public-key (wireguard-peer-public-key peer))
+ (preshared-key (wireguard-peer-preshared-key peer))
+ (preshared-key-file (wireguard-peer-preshared-key-file peer))
+ (final-preshared-key (or preshared-key preshared-key-file)))
+
+ ;; XXX Warn about deprecated preshared-key field with newer replacement
+ (when preshared-key
+ (warn-about-deprecation 'preshared-key #f #:replacement 'preshared-key-file))
+
+ (if final-preshared-key
+ (cons* public-key final-preshared-key keys)
keys)))
(match-record config <wireguard-configuration>
- (wireguard interface addresses port private-key peers dns
+ (wireguard interface addresses port private-key-file private-key peers dns
pre-up post-up pre-down post-down table)
+
+ ;; XXX Warn about deprecated private-key field with newer replacement
+ (when private-key
+ (warn-about-deprecation 'private-key #f #:replacement 'private-key-file))
+
(let* ((config-file (string-append interface ".conf"))
(peer-keys (fold peers->preshared-keys (list) peers))
(peers (map peer->config peers))
+ (final-private-key (or private-key private-key-file))
(config
(computed-file
"wireguard-config"
@@ -810,7 +829,7 @@ (define lines
(list (format #f "~{PreUp = ~a~%~}" pre-up)))
(format #f "PostUp = ~a set %i private-key ~a\
~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg")
-#$private-key '#$peer-keys)
+#$final-private-key '#$peer-keys)
#$@(if (null? post-up)
'()
(list (format #f "~{PostUp = ~a~%~}" post-up)))
@@ -836,23 +855,29 @@ (define lines
(define (wireguard-activation config)
(match-record config <wireguard-configuration>
- (private-key wireguard)
- #~(begin
- (use-modules (guix build utils)
- (ice-9 popen)
- (ice-9 rdelim))
- (mkdir-p (dirname #$private-key))
- (unless (file-exists? #$private-key)
- (let* ((pipe
- (open-input-pipe (string-append
- #$(file-append wireguard "/bin/wg")
- " genkey")))
- (key (read-line pipe)))
- (call-with-output-file #$private-key
- (lambda (port)
- (display key port)))
- (chmod #$private-key #o400)
- (close-pipe pipe))))))
+ (private-key private-key-file wireguard)
+
+ ;; XXX Warn about deprecated private-key field with newer replacement
+ (when private-key
+ (warn-about-deprecation 'private-key #f #:replacement 'private-key-file))
+
+ (let ((final-private-key (or private-key private-key-file)))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 popen)
+ (ice-9 rdelim))
+ (mkdir-p (dirname #$final-private-key))
+ (unless (file-exists? #$final-private-key)
+ (let* ((pipe
+ (open-input-pipe (string-append
+ #$(file-append wireguard "/bin/wg")
+ " genkey")))
+ (key (read-line pipe)))
+ (call-with-output-file #$final-private-key
+ (lambda (port)
+ (display key port)))
+ (chmod #$final-private-key #o400)
+ (close-pipe pipe)))))))
;;; XXX: Copied from (guix scripts pack), changing define to define*.
(define-syntax-rule (define-with-source (variable args ...) body body* ...)
--
2.46.0
[-- Attachment #3: Type: text/plain, Size: 39 bytes --]
--
- Apoorv Singh
- Sent from Emacs.
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#73465] Wireguard: Deprecate and rename fields
2024-10-05 3:35 ` [bug#73465] Wireguard: Deprecate and rename fields Apoorv Singh
@ 2024-12-09 17:05 ` Richard Sent
0 siblings, 0 replies; 6+ messages in thread
From: Richard Sent @ 2024-12-09 17:05 UTC (permalink / raw)
To: Apoorv Singh; +Cc: 73465
With #73955, private-key better supports g-exp based command redirection,
e.g.
--8<---------------cut here---------------start------------->8---
;; A config of
(wireguard-configuration
...
(private-key (string-append "(<" my-custom-script ">")))
;; Results in
PostUp = ... set %i private-key <(/gnu/store/...-my-custom-script) ...
--8<---------------cut here---------------end--------------->8---
(This was also supported before but was more limited.)
Given that, I think renaming it to private-key-file is more confusing
than keeping it as private-key. Same for preshared-key.
Perhaps we can somehow check the field, see if the user enters a
WG-compatible key literally, and emit a warning? I'm not fluent on the
format to determine the best way for that.
--
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-12-09 17:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-25 3:58 [bug#73465] [PATCH] Wireguard: Rename field private-key to private-key-file Apoorv Singh
2024-09-26 17:39 ` Sergey Trofimov
2024-09-28 5:29 ` [bug#73465] " Apoorv Singh
2024-09-30 7:04 ` Apoorv Singh
2024-10-05 3:35 ` [bug#73465] Wireguard: Deprecate and rename fields Apoorv Singh
2024-12-09 17:05 ` Richard Sent
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).