unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* bug#26548: [PATCH] install: Enable SSH in installation image.
@ 2017-04-17 21:30 Marius Bakke
  2017-04-17 21:54 ` Leo Famulari
  2017-04-18  8:43 ` Ludovic Courtès
  0 siblings, 2 replies; 16+ messages in thread
From: Marius Bakke @ 2017-04-17 21:30 UTC (permalink / raw)
  To: 26548

Hi Guix! This patch adds an SSH server to the installation image
to aid remote installations as requested in
https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html

lsh-service depends on networking, so I pulled in a DHCP client too.
It increases the image size by about 29MiB.

* gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
and LSH-SERVICE.
---
 gnu/system/install.scm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 191ccf168..95904f151 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -24,7 +24,9 @@
   #:use-module (guix store)
   #:use-module (guix monads)
   #:use-module ((guix store) #:select (%store-prefix))
+  #:use-module (gnu services networking)
   #:use-module (gnu services shepherd)
+  #:use-module (gnu services ssh)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bootloaders)
@@ -262,6 +264,17 @@ You have been warned.  Thanks for being so brave.
           ;; To facilitate copy/paste.
           (gpm-service)
 
+          ;; Add a DHCP client for networking.
+          (dhcp-client-service)
+
+          ;; Add an SSH server to facilitate remote installs.
+          (lsh-service #:port-number 22
+                       #:root-login? #t
+                       #:password-authentication? #t
+                       ;; The root account is passwordless, so make sure
+                       ;; a password is set before allowing logins.
+                       #:allow-empty-passwords? #f)
+
           ;; Since this is running on a USB stick with a unionfs as the root
           ;; file system, use an appropriate cache configuration.
           (nscd-service (nscd-configuration
-- 
2.12.2

^ permalink raw reply related	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-04-17 21:30 bug#26548: [PATCH] install: Enable SSH in installation image Marius Bakke
@ 2017-04-17 21:54 ` Leo Famulari
  2017-04-17 22:06   ` Marius Bakke
  2017-04-18  8:43 ` Ludovic Courtès
  1 sibling, 1 reply; 16+ messages in thread
From: Leo Famulari @ 2017-04-17 21:54 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 26548

[-- Attachment #1: Type: text/plain, Size: 571 bytes --]

On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
> Hi Guix! This patch adds an SSH server to the installation image
> to aid remote installations as requested in
> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
> 
> lsh-service depends on networking, so I pulled in a DHCP client too.
> It increases the image size by about 29MiB.
> 
> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> and LSH-SERVICE.

I wonder, did you consider using OpenSSH instead? Are there any
advantages to using lsh here?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-04-17 21:54 ` Leo Famulari
@ 2017-04-17 22:06   ` Marius Bakke
  2017-04-17 22:19     ` ng0
  0 siblings, 1 reply; 16+ messages in thread
From: Marius Bakke @ 2017-04-17 22:06 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 26548

[-- Attachment #1: Type: text/plain, Size: 888 bytes --]

Leo Famulari <leo@famulari.name> writes:

> On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
>> Hi Guix! This patch adds an SSH server to the installation image
>> to aid remote installations as requested in
>> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>> 
>> lsh-service depends on networking, so I pulled in a DHCP client too.
>> It increases the image size by about 29MiB.
>> 
>> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
>> and LSH-SERVICE.
>
> I wonder, did you consider using OpenSSH instead? Are there any
> advantages to using lsh here?

I chose lsh mostly because I thought the GNU live image should use the
GNU ssh implementation. For the intended usage (logging in once with a
password to complete the installation), there is no difference to the
end user. No strong opinion though :-)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-04-17 22:06   ` Marius Bakke
@ 2017-04-17 22:19     ` ng0
  2017-04-17 23:01       ` Marius Bakke
  0 siblings, 1 reply; 16+ messages in thread
From: ng0 @ 2017-04-17 22:19 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 26548

Marius Bakke transcribed 1.5K bytes:
> Leo Famulari <leo@famulari.name> writes:
> 
> > On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
> >> Hi Guix! This patch adds an SSH server to the installation image
> >> to aid remote installations as requested in
> >> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
> >> 
> >> lsh-service depends on networking, so I pulled in a DHCP client too.
> >> It increases the image size by about 29MiB.
> >> 
> >> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> >> and LSH-SERVICE.
> >
> > I wonder, did you consider using OpenSSH instead? Are there any
> > advantages to using lsh here?
> 
> I chose lsh mostly because I thought the GNU live image should use the
> GNU ssh implementation. For the intended usage (logging in once with a
> password to complete the installation), there is no difference to the
> end user. No strong opinion though :-)


Uhm, didn't we choose to default to OpenSSH in the config? Why should the installation
image differ?

There were good reasons against lsh mentioned in the thread.
-- 
PGP and more: https://people.pragmatique.xyz/ng0/

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-04-17 22:19     ` ng0
@ 2017-04-17 23:01       ` Marius Bakke
  2017-04-18 11:06         ` ng0
  0 siblings, 1 reply; 16+ messages in thread
From: Marius Bakke @ 2017-04-17 23:01 UTC (permalink / raw)
  To: ng0; +Cc: 26548

[-- Attachment #1: Type: text/plain, Size: 1670 bytes --]

ng0 <contact.ng0@cryptolab.net> writes:

> Marius Bakke transcribed 1.5K bytes:
>> Leo Famulari <leo@famulari.name> writes:
>> 
>> > On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
>> >> Hi Guix! This patch adds an SSH server to the installation image
>> >> to aid remote installations as requested in
>> >> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>> >> 
>> >> lsh-service depends on networking, so I pulled in a DHCP client too.
>> >> It increases the image size by about 29MiB.
>> >> 
>> >> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
>> >> and LSH-SERVICE.
>> >
>> > I wonder, did you consider using OpenSSH instead? Are there any
>> > advantages to using lsh here?
>> 
>> I chose lsh mostly because I thought the GNU live image should use the
>> GNU ssh implementation. For the intended usage (logging in once with a
>> password to complete the installation), there is no difference to the
>> end user. No strong opinion though :-)
>
>
> Uhm, didn't we choose to default to OpenSSH in the config? Why should the installation
> image differ?
>
> There were good reasons against lsh mentioned in the thread.

The only argument I can see is that ~/.ssh/authorized_keys is not
working out of the box. Which is not a huge problem in the ephemeral
live image since most users will just set a password and use that,
instad of copying over or typing out their public key first.

But, I don't have a strong opinion on this and will leave the decision
to those who will ultimately sign this thing and offer to end users (if
networking support is desired at all) :-)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-04-17 21:30 bug#26548: [PATCH] install: Enable SSH in installation image Marius Bakke
  2017-04-17 21:54 ` Leo Famulari
@ 2017-04-18  8:43 ` Ludovic Courtès
  2017-04-18 11:09   ` ng0
  2017-05-08 12:01   ` Marius Bakke
  1 sibling, 2 replies; 16+ messages in thread
From: Ludovic Courtès @ 2017-04-18  8:43 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 26548

Hello!

Marius Bakke <mbakke@fastmail.com> skribis:

> Hi Guix! This patch adds an SSH server to the installation image
> to aid remote installations as requested in
> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>
> lsh-service depends on networking, so I pulled in a DHCP client too.
> It increases the image size by about 29MiB.
>
> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> and LSH-SERVICE.

[...]

> +          ;; Add a DHCP client for networking.
> +          (dhcp-client-service)

This is a problem: in the installation instructions, we tell people to
configure networking (possibly wireless) by hand, so we cannot expect
the DHCP client to work directly when the image is booted.

Also, the installation instructions would need to be updated.

However, what we could do, instead, is to add an SSH service that is off
by default (with (start? #f)) and does not depend on ‘networking’.  That
way, people would only need to type

  herd start ssh-daemon

to get the thing up and running.  WDYT?

> +          ;; Add an SSH server to facilitate remote installs.
> +          (lsh-service #:port-number 22

I agree with others that we should use OpenSSH here.  :-)

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-04-17 23:01       ` Marius Bakke
@ 2017-04-18 11:06         ` ng0
  0 siblings, 0 replies; 16+ messages in thread
From: ng0 @ 2017-04-18 11:06 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 26548

Marius Bakke transcribed 2.2K bytes:
> ng0 <contact.ng0@cryptolab.net> writes:
> 
> > Marius Bakke transcribed 1.5K bytes:
> >> Leo Famulari <leo@famulari.name> writes:
> >> 
> >> > On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
> >> >> Hi Guix! This patch adds an SSH server to the installation image
> >> >> to aid remote installations as requested in
> >> >> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
> >> >> 
> >> >> lsh-service depends on networking, so I pulled in a DHCP client too.
> >> >> It increases the image size by about 29MiB.
> >> >> 
> >> >> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> >> >> and LSH-SERVICE.
> >> >
> >> > I wonder, did you consider using OpenSSH instead? Are there any
> >> > advantages to using lsh here?
> >> 
> >> I chose lsh mostly because I thought the GNU live image should use the
> >> GNU ssh implementation. For the intended usage (logging in once with a
> >> password to complete the installation), there is no difference to the
> >> end user. No strong opinion though :-)
> >
> >
> > Uhm, didn't we choose to default to OpenSSH in the config? Why should the installation
> > image differ?
> >
> > There were good reasons against lsh mentioned in the thread.
> 
> The only argument I can see is that ~/.ssh/authorized_keys is not
> working out of the box. Which is not a huge problem in the ephemeral
> live image since most users will just set a password and use that,
> instad of copying over or typing out their public key first.
> 
> But, I don't have a strong opinion on this and will leave the decision
> to those who will ultimately sign this thing and offer to end users (if
> networking support is desired at all) :-)

Another point: With OpenSSH you can copy a file over with scp, for example
a system config, without too much work and reading.
With lsh... "it is complicated".

-- 
PGP and more: https://people.pragmatique.xyz/ng0/

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-04-18  8:43 ` Ludovic Courtès
@ 2017-04-18 11:09   ` ng0
  2017-05-08 12:01   ` Marius Bakke
  1 sibling, 0 replies; 16+ messages in thread
From: ng0 @ 2017-04-18 11:09 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 26548

Ludovic Courtès transcribed 1.2K bytes:
> Hello!
> 
> Marius Bakke <mbakke@fastmail.com> skribis:
> 
> > Hi Guix! This patch adds an SSH server to the installation image
> > to aid remote installations as requested in
> > https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
> >
> > lsh-service depends on networking, so I pulled in a DHCP client too.
> > It increases the image size by about 29MiB.
> >
> > * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> > and LSH-SERVICE.
> 
> [...]
> 
> > +          ;; Add a DHCP client for networking.
> > +          (dhcp-client-service)
> 
> This is a problem: in the installation instructions, we tell people to
> configure networking (possibly wireless) by hand, so we cannot expect
> the DHCP client to work directly when the image is booted.
> 
> Also, the installation instructions would need to be updated.
> 
> However, what we could do, instead, is to add an SSH service that is off
> by default (with (start? #f)) and does not depend on ‘networking’.  That
> way, people would only need to type
> 
>   herd start ssh-daemon
> 
> to get the thing up and running.  WDYT?

For the moment it's okay I think.

In the futurey, we would ship GuixSD normal and GuixSD server images?
I'm just trying to gather enough data from hosters at the moment
to see what's the best action here and how we can react in the future
(dhcp, agetty, openssh, etc).

> > +          ;; Add an SSH server to facilitate remote installs.
> > +          (lsh-service #:port-number 22
> 
> I agree with others that we should use OpenSSH here.  :-)
> 
> Thanks,
> Ludo’.
> 
> 
> 

-- 
PGP and more: https://people.pragmatique.xyz/ng0/

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-04-18  8:43 ` Ludovic Courtès
  2017-04-18 11:09   ` ng0
@ 2017-05-08 12:01   ` Marius Bakke
  2017-05-10 20:28     ` Ludovic Courtès
  1 sibling, 1 reply; 16+ messages in thread
From: Marius Bakke @ 2017-05-08 12:01 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 26548

[-- Attachment #1: Type: text/plain, Size: 1336 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> Hello!
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> Hi Guix! This patch adds an SSH server to the installation image
>> to aid remote installations as requested in
>> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>>
>> lsh-service depends on networking, so I pulled in a DHCP client too.
>> It increases the image size by about 29MiB.
>>
>> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
>> and LSH-SERVICE.
>
> [...]
>
>> +          ;; Add a DHCP client for networking.
>> +          (dhcp-client-service)
>
> This is a problem: in the installation instructions, we tell people to
> configure networking (possibly wireless) by hand, so we cannot expect
> the DHCP client to work directly when the image is booted.
>
> Also, the installation instructions would need to be updated.
>
> However, what we could do, instead, is to add an SSH service that is off
> by default (with (start? #f)) and does not depend on ‘networking’.  That
> way, people would only need to type
>
>   herd start ssh-daemon
>
> to get the thing up and running.  WDYT?

I've changed this patch to use OpenSSH, but can't really see how to
override the openssh-shepherd-service to not depend on networking. Any
hints? :-)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-05-08 12:01   ` Marius Bakke
@ 2017-05-10 20:28     ` Ludovic Courtès
  2017-05-17 12:14       ` Marius Bakke
  0 siblings, 1 reply; 16+ messages in thread
From: Ludovic Courtès @ 2017-05-10 20:28 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 26548

Marius Bakke <mbakke@fastmail.com> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>> This is a problem: in the installation instructions, we tell people to
>> configure networking (possibly wireless) by hand, so we cannot expect
>> the DHCP client to work directly when the image is booted.
>>
>> Also, the installation instructions would need to be updated.
>>
>> However, what we could do, instead, is to add an SSH service that is off
>> by default (with (start? #f)) and does not depend on ‘networking’.  That
>> way, people would only need to type
>>
>>   herd start ssh-daemon
>>
>> to get the thing up and running.  WDYT?
>
> I've changed this patch to use OpenSSH, but can't really see how to
> override the openssh-shepherd-service to not depend on networking. Any
> hints? :-)

Does it make sense in the first place to have it depend on ‘networking’?
Isn’t sshd able to adjust as new interfaces come up and down?

That said, you could do (untested):

  (define custom-openssh-service-type
    (service-type
      (inherit openssh-service-type)
      (extensions (cons my-own-shepherd-service-extension
                        (remove shepherd-service-extension?
                                (service-type-extensions openssh-service-type))))))

where:

  (define (shepherd-service-extension? extension)
    (eq? shepherd-root-service-type
         (service-extension-target extension)))

  (define my-own-shepherd-service-extension
    (service-extension shepherd-root-service-type
                       my-own-proc))

  …

Does that make sense?

Ludo’.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH] install: Enable SSH in installation image.
  2017-05-10 20:28     ` Ludovic Courtès
@ 2017-05-17 12:14       ` Marius Bakke
  2017-05-17 12:15         ` bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking Marius Bakke
  0 siblings, 1 reply; 16+ messages in thread
From: Marius Bakke @ 2017-05-17 12:14 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 26548

[-- Attachment #1: Type: text/plain, Size: 1195 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> This is a problem: in the installation instructions, we tell people to
>>> configure networking (possibly wireless) by hand, so we cannot expect
>>> the DHCP client to work directly when the image is booted.
>>>
>>> Also, the installation instructions would need to be updated.
>>>
>>> However, what we could do, instead, is to add an SSH service that is off
>>> by default (with (start? #f)) and does not depend on ‘networking’.  That
>>> way, people would only need to type
>>>
>>>   herd start ssh-daemon
>>>
>>> to get the thing up and running.  WDYT?
>>
>> I've changed this patch to use OpenSSH, but can't really see how to
>> override the openssh-shepherd-service to not depend on networking. Any
>> hints? :-)
>
> Does it make sense in the first place to have it depend on ‘networking’?
> Isn’t sshd able to adjust as new interfaces come up and down?

You're right. I've tested this by starting "ssh-daemon" before
configuring network interfaces on a live UEFI disk image.

New patches incoming!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking.
  2017-05-17 12:14       ` Marius Bakke
@ 2017-05-17 12:15         ` Marius Bakke
  2017-05-17 12:15           ` bug#26548: [PATCH v2 2/2] install: Enable SSH in installation image Marius Bakke
  2017-05-17 21:29           ` bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking Ludovic Courtès
  0 siblings, 2 replies; 16+ messages in thread
From: Marius Bakke @ 2017-05-17 12:15 UTC (permalink / raw)
  To: 26548

* gnu/services/ssh.scm (openssh-shepherd-service): Drop requirement.
---
 gnu/services/ssh.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 9917c311c..2a6c8d45c 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -385,7 +385,7 @@ The other options should be self-descriptive."
 
   (list (shepherd-service
          (documentation "OpenSSH server.")
-         (requirement '(networking syslogd))
+         (requirement '(syslogd))
          (provision '(ssh-daemon))
          (start #~(make-forkexec-constructor #$openssh-command
                                              #:pid-file #$pid-file))
-- 
2.13.0

^ permalink raw reply related	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH v2 2/2] install: Enable SSH in installation image.
  2017-05-17 12:15         ` bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking Marius Bakke
@ 2017-05-17 12:15           ` Marius Bakke
  2017-05-17 21:36             ` Ludovic Courtès
  2017-05-17 21:29           ` bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking Ludovic Courtès
  1 sibling, 1 reply; 16+ messages in thread
From: Marius Bakke @ 2017-05-17 12:15 UTC (permalink / raw)
  To: 26548

* gnu/system/install.scm (%installation-services): Add OPENSSH-SERVICE.
* doc/guix.texi (Preparing for Installation)[Networking]: Document it.
---
 doc/guix.texi          | 11 +++++++++++
 gnu/system/install.scm | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index b272fcec8..9d3b1fb1f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7446,6 +7446,17 @@ ping -c 3 gnu.org
 Setting up network access is almost always a requirement because the
 image does not contain all the software and tools that may be needed.
 
+@cindex installing over SSH
+From here you can proceed to do the rest of the installation remotely
+by starting an SSH server:
+
+@example
+herd start ssh-daemon
+@end example
+
+Make sure to either set a password with @command{passwd}, or configure
+OpenSSH public key authentication before logging in.
+
 @subsubsection Disk Partitioning
 
 Unless this has already been done, the next step is to partition, and
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 191ccf168..327406b72 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -25,6 +25,7 @@
   #:use-module (guix monads)
   #:use-module ((guix store) #:select (%store-prefix))
   #:use-module (gnu services shepherd)
+  #:use-module (gnu services ssh)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bootloaders)
@@ -262,6 +263,16 @@ You have been warned.  Thanks for being so brave.
           ;; To facilitate copy/paste.
           (gpm-service)
 
+          ;; Add an SSH server to facilitate remote installs.
+          (service openssh-service-type
+                   (openssh-configuration
+                    (port-number 22)
+                    (permit-root-login #t)
+                    ;; The root account is passwordless, so make sure
+                    ;; a password is set before allowing logins.
+                    (allow-empty-passwords? #f)
+                    (password-authentication? #t)))
+
           ;; Since this is running on a USB stick with a unionfs as the root
           ;; file system, use an appropriate cache configuration.
           (nscd-service (nscd-configuration
-- 
2.13.0

^ permalink raw reply related	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking.
  2017-05-17 12:15         ` bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking Marius Bakke
  2017-05-17 12:15           ` bug#26548: [PATCH v2 2/2] install: Enable SSH in installation image Marius Bakke
@ 2017-05-17 21:29           ` Ludovic Courtès
  1 sibling, 0 replies; 16+ messages in thread
From: Ludovic Courtès @ 2017-05-17 21:29 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 26548

Marius Bakke <mbakke@fastmail.com> skribis:

> * gnu/services/ssh.scm (openssh-shepherd-service): Drop requirement.
> ---
>  gnu/services/ssh.scm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
> index 9917c311c..2a6c8d45c 100644
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -385,7 +385,7 @@ The other options should be self-descriptive."
>  
>    (list (shepherd-service
>           (documentation "OpenSSH server.")
> -         (requirement '(networking syslogd))
> +         (requirement '(syslogd))
>           (provision '(ssh-daemon))
>           (start #~(make-forkexec-constructor #$openssh-command
>                                               #:pid-file #$pid-file))

OK!  (Please make sure “make check-system TESTS=openssh” still works.)

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH v2 2/2] install: Enable SSH in installation image.
  2017-05-17 12:15           ` bug#26548: [PATCH v2 2/2] install: Enable SSH in installation image Marius Bakke
@ 2017-05-17 21:36             ` Ludovic Courtès
  2017-05-17 23:01               ` Marius Bakke
  0 siblings, 1 reply; 16+ messages in thread
From: Ludovic Courtès @ 2017-05-17 21:36 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 26548

Marius Bakke <mbakke@fastmail.com> skribis:

> * gnu/system/install.scm (%installation-services): Add OPENSSH-SERVICE.
> * doc/guix.texi (Preparing for Installation)[Networking]: Document it.

[...]

> +@cindex installing over SSH
> +From here you can proceed to do the rest of the installation remotely
> +by starting an SSH server:

Maybe s/From here/If you want to, / to clarify that people are not
required to do this?

Otherwise LGTM!

How does this affect:

  guix size $(./pre-inst-env guix system build gnu/system/install.scm)

?

Thank you!

Ludo’.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* bug#26548: [PATCH v2 2/2] install: Enable SSH in installation image.
  2017-05-17 21:36             ` Ludovic Courtès
@ 2017-05-17 23:01               ` Marius Bakke
  0 siblings, 0 replies; 16+ messages in thread
From: Marius Bakke @ 2017-05-17 23:01 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 26548-done

[-- Attachment #1: Type: text/plain, Size: 731 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> * gnu/system/install.scm (%installation-services): Add OPENSSH-SERVICE.
>> * doc/guix.texi (Preparing for Installation)[Networking]: Document it.
>
> [...]
>
>> +@cindex installing over SSH
>> +From here you can proceed to do the rest of the installation remotely
>> +by starting an SSH server:
>
> Maybe s/From here/If you want to, / to clarify that people are not
> required to do this?

Thanks, fixed!

> Otherwise LGTM!
>
> How does this affect:
>
>   guix size $(./pre-inst-env guix system build gnu/system/install.scm)

Before: 882.1MiB
After:  910.0MiB

"make check-system TESTS=openssh" passes. Pushed!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

end of thread, other threads:[~2017-05-17 23:02 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-17 21:30 bug#26548: [PATCH] install: Enable SSH in installation image Marius Bakke
2017-04-17 21:54 ` Leo Famulari
2017-04-17 22:06   ` Marius Bakke
2017-04-17 22:19     ` ng0
2017-04-17 23:01       ` Marius Bakke
2017-04-18 11:06         ` ng0
2017-04-18  8:43 ` Ludovic Courtès
2017-04-18 11:09   ` ng0
2017-05-08 12:01   ` Marius Bakke
2017-05-10 20:28     ` Ludovic Courtès
2017-05-17 12:14       ` Marius Bakke
2017-05-17 12:15         ` bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking Marius Bakke
2017-05-17 12:15           ` bug#26548: [PATCH v2 2/2] install: Enable SSH in installation image Marius Bakke
2017-05-17 21:36             ` Ludovic Courtès
2017-05-17 23:01               ` Marius Bakke
2017-05-17 21:29           ` bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).