SSH error guix pull

unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed

* SSH error guix pull
@ 2023-12-01  1:47 Mauritz Stenek
  2023-12-01 13:12 ` Wojtek Kosior via
  0 siblings, 1 reply; 9+ messages in thread
From: Mauritz Stenek @ 2023-12-01  1:47 UTC (permalink / raw)
  To: help-guix

I'm trying out Guix and created a personal (private) channel with 
some custom packages. I access my git repo with ssh.

Using Guix on a foreign distro, pulling from my git repo works 
fine after applying this strategy: 
https://issues.guix.gnu.org/31285.

However, on a full Guix system I keep getting this error:

```
guix pull: error: Git error: error authenticating: no auth sock 
variable
```

and, for the life of me, I just can't get it to work.

(disclaimer: I'm a total scheme/guile neophyte -- and am learning 
as I go)

Please help.

-- 
Mauritz Stenek <mstenek@disroot.org>

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SSH error guix pull
  2023-12-01  1:47 SSH error guix pull Mauritz Stenek
@ 2023-12-01 13:12 ` Wojtek Kosior via
  2023-12-01 18:37   ` Mauritz Stenek
  0 siblings, 1 reply; 9+ messages in thread
From: Wojtek Kosior via @ 2023-12-01 13:12 UTC (permalink / raw)
  To: Mauritz Stenek; +Cc: help-guix

[-- Attachment #1: Type: text/plain, Size: 2375 bytes --]

Hi

> However, on a full Guix system I keep getting this error:
> 
> ```
> guix pull: error: Git error: error authenticating: no auth sock 
> variable
> ```
> 
> and, for the life of me, I just can't get it to work.

Maybe you're not running ssh user agent daemon under your user?  You
need it for this to work.

You can probably spawn it in a number of ways.  One of them would be
through Guix home.  See this[1] Guix manual node for info about
ssh-agent's home service :)

Also, you're not running `guix pull` with sudo, are you?  It wouldn't
work this way because sudo erases environment variables, including
"SSH_AUTH_SOCK".

Btw, on my fully Guixified laptop I am using Guix home without
ssh-agent configured and yet I do have ssh-agent running under my user.
I'm not sure what started it…

> (disclaimer: I'm a total scheme/guile neophyte -- and am learning 
> as I go)

As all of us, haha :D

Btw, there's perhaps another solution — pull from local git checkout.
You can pass a filesystem path instead of a url when running `guix
pull`. This might later cause some issues if you try to `sudo guix
system reconfigure` but that's another topic…

Good luck and happy hacking!
Wojtek

[1] https://guix.gnu.org/manual/devel/en/html_node/Secure-Shell.html

-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)

On Thu, 30 Nov 2023 19:47:43 -0600 Mauritz Stenek <mstenek@disroot.org> wrote:

> I'm trying out Guix and created a personal (private) channel with 
> some custom packages. I access my git repo with ssh.
> 
> Using Guix on a foreign distro, pulling from my git repo works 
> fine after applying this strategy: 
> https://issues.guix.gnu.org/31285.
> 
> However, on a full Guix system I keep getting this error:
> 
> ```
> guix pull: error: Git error: error authenticating: no auth sock 
> variable
> ```
> 
> and, for the life of me, I just can't get it to work.
> 
> (disclaimer: I'm a total scheme/guile neophyte -- and am learning 
> as I go)
> 
> Please help.
> 

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SSH error guix pull
  2023-12-01 13:12 ` Wojtek Kosior via
@ 2023-12-01 18:37   ` Mauritz Stenek
  2023-12-01 20:07     ` Wojtek Kosior via
  0 siblings, 1 reply; 9+ messages in thread
From: Mauritz Stenek @ 2023-12-01 18:37 UTC (permalink / raw)
  To: Wojtek Kosior; +Cc: help-guix


On 2023-12-01 at 07:12, Wojtek Kosior <koszko@koszko.org> wrote:

> [[PGP Signed Part:Undecided]]
> Hi
>
>> However, on a full Guix system I keep getting this error:
>> 
>> ```
>> guix pull: error: Git error: error authenticating: no auth sock 
>> variable
>> ```
>> 
>> and, for the life of me, I just can't get it to work.
>
> Maybe you're not running ssh user agent daemon under your user? 
> You
> need it for this to work.
>
> You can probably spawn it in a number of ways.  One of them 
> would be
> through Guix home.  See this[1] Guix manual node for info about
> ssh-agent's home service :)
>
> Also, you're not running `guix pull` with sudo, are you?  It 
> wouldn't
> work this way because sudo erases environment variables, 
> including
> "SSH_AUTH_SOCK".
>
> Btw, on my fully Guixified laptop I am using Guix home without
> ssh-agent configured and yet I do have ssh-agent running under 
> my user.
> I'm not sure what started it…

Seems like that is the situation. I actually tried to run the 
ssh-agent user service example in the shepherd manual 
(https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html) 
-- verbatim -- and I get this error:

```
Starting service root...
Service root started.
Service root running with value #t.
Service root has been started.
Uncaught exception while loading configuration file 
'/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
applicable method for ~S in call ~S" (#<<generic> service-actions 
(1)> (service-actions shepherd)) ())
```

which I don't know how to fix.

Other than that example, I'm at a loss with ssh.

>
>> (disclaimer: I'm a total scheme/guile neophyte -- and am 
>> learning 
>> as I go)
>
> As all of us, haha :D

:D

>
> Btw, there's perhaps another solution — pull from local git 
> checkout.
> You can pass a filesystem path instead of a url when running 
> `guix
> pull`. This might later cause some issues if you try to `sudo 
> guix
> system reconfigure` but that's another topic…

I was able to install a package like this but it's not ideal.

> Good luck and happy hacking!

Thanks! I can tell you, it is a journey.

> Wojtek
>
> [1] 
> https://guix.gnu.org/manual/devel/en/html_node/Secure-Shell.html
>
>
> -- (sig_start)
> website: https://koszko.org/koszko.html
> fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
> follow me on Fediverse: 
> https://friendica.me/profile/koszko/profile
>
> ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
> c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
> U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> -- (sig_end)
>
>
> On Thu, 30 Nov 2023 19:47:43 -0600 Mauritz Stenek 
> <mstenek@disroot.org> wrote:
>
>> I'm trying out Guix and created a personal (private) channel 
>> with 
>> some custom packages. I access my git repo with ssh.
>> 
>> Using Guix on a foreign distro, pulling from my git repo works 
>> fine after applying this strategy: 
>> https://issues.guix.gnu.org/31285.
>> 
>> However, on a full Guix system I keep getting this error:
>> 
>> ```
>> guix pull: error: Git error: error authenticating: no auth sock 
>> variable
>> ```
>> 
>> and, for the life of me, I just can't get it to work.
>> 
>> (disclaimer: I'm a total scheme/guile neophyte -- and am 
>> learning 
>> as I go)
>> 
>> Please help.
>> 
>
> [[End of PGP Signed Part]]


-- 
Mauritz Stenek <mstenek@disroot.org>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SSH error guix pull
  2023-12-01 18:37   ` Mauritz Stenek
@ 2023-12-01 20:07     ` Wojtek Kosior via
  2023-12-05 17:44       ` Mauritz Stenek
  0 siblings, 1 reply; 9+ messages in thread
From: Wojtek Kosior via @ 2023-12-01 20:07 UTC (permalink / raw)
  To: Mauritz Stenek; +Cc: help-guix

[-- Attachment #1: Type: text/plain, Size: 8904 bytes --]

> Starting service root...
> Service root started.
> Service root running with value #t.
> Service root has been started.
> Uncaught exception while loading configuration file 
> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
> applicable method for ~S in call ~S" (#<<generic> service-actions 
> (1)> (service-actions shepherd)) ())  
> ```
> 
> which I don't know how to fix.

I see…  I've never been using shepherd alone, in separation from Guix
but I see that my Guix-generated user shepherd config has this

--8<---------------cut here---------------start------------->8---
(action 'root 'daemonize)
--8<---------------cut here---------------end--------------->8---

while the example you linked to uses

--8<---------------cut here---------------end--------------->8---
(perform-service-action 'shepherd 'daemonize)
--8<---------------cut here---------------start------------->8---

Anyway, if there's no strong reason for not using Guix home, I'd suggest
using it.  I mean the `guix home` command and its subcommands.  It
handles — among others — shepherd configuration.  The link I gave
earlier was about using SSH through Guix home.

> > Btw, there's perhaps another solution — pull from local git 
> > checkout.
> > You can pass a filesystem path instead of a url when running 
> > `guix
> > pull`. This might later cause some issues if you try to `sudo 
> > guix
> > system reconfigure` but that's another topic…  
> 
> I was able to install a package like this but it's not ideal.

You can also set serve a cloneable git repo over HTTP on localhost…
Here's a sample script for this that I happen to have written for my own
purposes just today ;)

--8<---------------cut here---------------start------------->8---
#!/usr/bin/env -S guix repl --
!#

;; SPDX-License-Identifier: CC0-1.0

;; Copyright (C) 2023 Wojtek Kosior <koszko@koszko.org>
;;
;; Available under the terms of Creative Commons Zero v1.0 Universal.

(use-modules ((guix gexp) #:select
              (gexp file-append mixed-text-file program-file lower-object))
             ((gnu packages version-control) #:select (git))
             ((gnu packages web) #:select (lighttpd))
             ((guix store) #:select (run-with-store with-store %store-monad))
             ((guix monads) #:select (mlet mbegin return))
             ((guix derivations) #:select
              (built-derivations derivation-output-path derivation-outputs)))

(define here
  (dirname (current-filename)))

(define git-http-backend
  (file-append git "/libexec/git-core/git-http-backend"))

(define lighttpd-config
  (mixed-text-file "lighttpd.conf"
                   "\
server.document-root = \"/dev/null\"
server.modules = ( \"mod_alias\", \"mod_cgi\", \"mod_setenv\")
server.port = 8098

alias.url = ( \"/guix\" => \"" git-http-backend "\" )
cgi.assign = (\"\" => \"\")

setenv.add-environment = (
    \"GIT_PROJECT_ROOT\" => \"" here "\" + \"/.git\",
    \"GIT_HTTP_EXPORT_ALL\" => \"\"
)
"))

(define run-lighttpd-guix-repo-server
  (program-file "run-lighttpd-guix-repo-server"
                #~(system* #$(file-append lighttpd "/sbin/lighttpd") "-D"
                           "-f" #$lighttpd-config)))

(system*
 (with-store store
   (run-with-store store
     (mlet %store-monad ((script-drv (lower-object
                                      run-lighttpd-guix-repo-server)))
       (mbegin %current-monad
         (built-derivations (list script-drv))
         (return (derivation-output-path
                  (assoc-ref (derivation-outputs script-drv) "out"))))))))
--8<---------------cut here---------------end--------------->8---

One can write it as, say, "serve-git-repo.scm" in a git project
checkout (possibly also listing it in `.git/info/exclude` to have git
ignore it).  Then `chmod +x` it and run — if all goes OK, it should
serve the repo at: http://localhost:8098/guix

It's then possible to do e.g.

--8<---------------cut here---------------start------------->8---
guix pull --url=http://localhost:8098/guix
--8<---------------cut here---------------end--------------->8---

The benefit is that the aforementioned `guix system reconfigure` seems
to work afterwards (although the local git repo server needs to be
running during this time).

Voila!  We no longer need to rely on remote git servers availability :)
It'd make sense	to also spawn this HTTP server through shepherd.
And to generalize it to be able to serve multiple repos at once — for
example a custom Guix tree, a channel other than "guix" and some
software projects

Best
Wojtek


-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)


On Fri, 01 Dec 2023 12:37:58 -0600 Mauritz Stenek <mstenek@disroot.org> wrote:

> On 2023-12-01 at 07:12, Wojtek Kosior <koszko@koszko.org> wrote:
> 
> > [[PGP Signed Part:Undecided]]
> > Hi
> >  
> >> However, on a full Guix system I keep getting this error:
> >> 
> >> ```
> >> guix pull: error: Git error: error authenticating: no auth sock 
> >> variable
> >> ```
> >> 
> >> and, for the life of me, I just can't get it to work.  
> >
> > Maybe you're not running ssh user agent daemon under your user? 
> > You
> > need it for this to work.
> >
> > You can probably spawn it in a number of ways.  One of them 
> > would be
> > through Guix home.  See this[1] Guix manual node for info about
> > ssh-agent's home service :)
> >
> > Also, you're not running `guix pull` with sudo, are you?  It 
> > wouldn't
> > work this way because sudo erases environment variables, 
> > including
> > "SSH_AUTH_SOCK".
> >
> > Btw, on my fully Guixified laptop I am using Guix home without
> > ssh-agent configured and yet I do have ssh-agent running under 
> > my user.
> > I'm not sure what started it…  
> 
> Seems like that is the situation. I actually tried to run the 
> ssh-agent user service example in the shepherd manual 
> (https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html) 
> -- verbatim -- and I get this error:
> 
> ```
> Starting service root...
> Service root started.
> Service root running with value #t.
> Service root has been started.
> Uncaught exception while loading configuration file 
> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
> applicable method for ~S in call ~S" (#<<generic> service-actions 
> (1)> (service-actions shepherd)) ())  
> ```
> 
> which I don't know how to fix.
> 
> Other than that example, I'm at a loss with ssh.
> 
> >  
> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
> >> learning 
> >> as I go)  
> >
> > As all of us, haha :D  
> 
> :D
> 
> >
> > Btw, there's perhaps another solution — pull from local git 
> > checkout.
> > You can pass a filesystem path instead of a url when running 
> > `guix
> > pull`. This might later cause some issues if you try to `sudo 
> > guix
> > system reconfigure` but that's another topic…  
> 
> I was able to install a package like this but it's not ideal.
> 
> > Good luck and happy hacking!  
> 
> Thanks! I can tell you, it is a journey.
> 
> > Wojtek
> >
> > [1] 
> > https://guix.gnu.org/manual/devel/en/html_node/Secure-Shell.html
> >
> >
> > -- (sig_start)
> > website: https://koszko.org/koszko.html
> > fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
> > follow me on Fediverse: 
> > https://friendica.me/profile/koszko/profile
> >
> > ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> > ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> > -- (sig_end)
> >
> >
> > On Thu, 30 Nov 2023 19:47:43 -0600 Mauritz Stenek 
> > <mstenek@disroot.org> wrote:
> >  
> >> I'm trying out Guix and created a personal (private) channel 
> >> with 
> >> some custom packages. I access my git repo with ssh.
> >> 
> >> Using Guix on a foreign distro, pulling from my git repo works 
> >> fine after applying this strategy: 
> >> https://issues.guix.gnu.org/31285.
> >> 
> >> However, on a full Guix system I keep getting this error:
> >> 
> >> ```
> >> guix pull: error: Git error: error authenticating: no auth sock 
> >> variable
> >> ```
> >> 
> >> and, for the life of me, I just can't get it to work.
> >> 
> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
> >> learning 
> >> as I go)
> >> 
> >> Please help.
> >>   
> >
> > [[End of PGP Signed Part]]  
> 
> 

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SSH error guix pull
  2023-12-01 20:07     ` Wojtek Kosior via
@ 2023-12-05 17:44       ` Mauritz Stenek
  2023-12-05 19:28         ` Wojtek Kosior via
  0 siblings, 1 reply; 9+ messages in thread
From: Mauritz Stenek @ 2023-12-05 17:44 UTC (permalink / raw)
  To: Wojtek Kosior; +Cc: help-guix


Thanks Wojtek for your kind help (my comments below).

Status update: I got it running!

Perhaps I should clarify that I'm running a very light setup -- 
Desktop services with dwm (I tried to go even leaner, but I 
couldn't get the xorg server to work w/o a login manager); I'm 
unsure if this is affecting the ssh setup.

This is what I did (the superflouos commented lines show my tweaks 
to the doc's suggestion[1]):

(1) I created an ssh agent -- as per the shepherd docs[1] with 
some tweaks. I added the `&` to the recommended bash setup to send 
the job to the background:

```
if [[ ! -S ${XDG_RUNTIME_DIR-$HOME/.cache}/shepherd/socket ]]; 
then
    shepherd &
fi
```

(2) I commented out `(shepherd service)` import and the 
`(perform-service-action 'shepherd 'daemonize)` expression in the 
`init.scm` file:

```
(use-modules ;; (shepherd service)
             ((ice-9 ftw) #:select (scandir)))

;; Send shepherd into the background
;; (perform-service-action 'shepherd 'daemonize)

;; Load all the files in the directory 'init.d' with a suffix 
   '.scm'.
(for-each
  (lambda (file)
    (load (string-append "init.d/" file)))
  (scandir (string-append (dirname (current-filename)) "/init.d")
           (lambda (file)
             (string-suffix? ".scm" file))))
```

(3): I removed the conditional export of the auth sock varible in 
the `.bash_profile` file:

```
#if [[ ! -n ${SSH_CONNECTION} ]]; then
    SSH_AUTH_SOCK=${XDG_RUNTIME_DIR-$HOME/.cache}/ssh-agent/socket
    export SSH_AUTH_SOCK
#fi
```

and that's it: the setup that works.

However, The error `guix pull` ssh error only goes away after I 
ssh to a remote computer: `$ ssh root@repo.local`; this command 
somehow triggers something that makes `git pull` work. Odd.


[1]: 
https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html

On 2023-12-01 at 14:07, Wojtek Kosior <koszko@koszko.org> wrote:

> [[PGP Signed Part:Undecided]]
>> Starting service root...
>> Service root started.
>> Service root running with value #t.
>> Service root has been started.
>> Uncaught exception while loading configuration file 
>> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
>> applicable method for ~S in call ~S" (#<<generic> 
>> service-actions 
>> (1)> (service-actions shepherd)) ())  
>> ```
>> 
>> which I don't know how to fix.
>
> I see…  I've never been using shepherd alone, in separation from 
> Guix
> but I see that my Guix-generated user shepherd config has this
>
> --8<---------------cut 
> here---------------start------------->8---
> (action 'root 'daemonize)
> --8<---------------cut 
> here---------------end--------------->8---
>
>
> while the example you linked to uses
>
> --8<---------------cut 
> here---------------end--------------->8---
> (perform-service-action 'shepherd 'daemonize)
> --8<---------------cut 
> here---------------start------------->8---
>
>
> Anyway, if there's no strong reason for not using Guix home, I'd 
> suggest
> using it.  I mean the `guix home` command and its subcommands. 
> It
> handles — among others — shepherd configuration.  The link I 
> gave
> earlier was about using SSH through Guix home.

Yes, I still need to explore Guix Home -- baby steps.

>> > Btw, there's perhaps another solution — pull from local git 
>> > checkout.
>> > You can pass a filesystem path instead of a url when running 
>> > `guix
>> > pull`. This might later cause some issues if you try to `sudo 
>> > guix
>> > system reconfigure` but that's another topic…  
>> 
>> I was able to install a package like this but it's not ideal.
>
> You can also set serve a cloneable git repo over HTTP on 
> localhost…
> Here's a sample script for this that I happen to have written 
> for my own
> purposes just today ;)
>
> --8<---------------cut 
> here---------------start------------->8---
> #!/usr/bin/env -S guix repl --
> !#
>
> ;; SPDX-License-Identifier: CC0-1.0
>
> ;; Copyright (C) 2023 Wojtek Kosior <koszko@koszko.org>
> ;;
> ;; Available under the terms of Creative Commons Zero v1.0 
> Universal.
>
> (use-modules ((guix gexp) #:select
>               (gexp file-append mixed-text-file program-file 
>               lower-object))
>              ((gnu packages version-control) #:select (git))
>              ((gnu packages web) #:select (lighttpd))
>              ((guix store) #:select (run-with-store with-store 
>              %store-monad))
>              ((guix monads) #:select (mlet mbegin return))
>              ((guix derivations) #:select
>               (built-derivations derivation-output-path 
>               derivation-outputs)))
>
> (define here
>   (dirname (current-filename)))
>
> (define git-http-backend
>   (file-append git "/libexec/git-core/git-http-backend"))
>
> (define lighttpd-config
>   (mixed-text-file "lighttpd.conf"
>                    "\
> server.document-root = \"/dev/null\"
> server.modules = ( \"mod_alias\", \"mod_cgi\", \"mod_setenv\")
> server.port = 8098
>
> alias.url = ( \"/guix\" => \"" git-http-backend "\" )
> cgi.assign = (\"\" => \"\")
>
> setenv.add-environment = (
>     \"GIT_PROJECT_ROOT\" => \"" here "\" + \"/.git\",
>     \"GIT_HTTP_EXPORT_ALL\" => \"\"
> )
> "))
>
> (define run-lighttpd-guix-repo-server
>   (program-file "run-lighttpd-guix-repo-server"
>                 #~(system* #$(file-append lighttpd 
>                 "/sbin/lighttpd") "-D"
>                            "-f" #$lighttpd-config)))
>
> (system*
>  (with-store store
>    (run-with-store store
>      (mlet %store-monad ((script-drv (lower-object
>                                       run-lighttpd-guix-repo-server)))
>        (mbegin %current-monad
>          (built-derivations (list script-drv))
>          (return (derivation-output-path
>                   (assoc-ref (derivation-outputs script-drv) 
>                   "out"))))))))
> --8<---------------cut 
> here---------------end--------------->8---
>
>
> One can write it as, say, "serve-git-repo.scm" in a git project
> checkout (possibly also listing it in `.git/info/exclude` to 
> have git
> ignore it).  Then `chmod +x` it and run — if all goes OK, it 
> should
> serve the repo at: http://localhost:8098/guix
>
> It's then possible to do e.g.
>
> --8<---------------cut 
> here---------------start------------->8---
> guix pull --url=http://localhost:8098/guix
> --8<---------------cut 
> here---------------end--------------->8---
>
> The benefit is that the aforementioned `guix system reconfigure` 
> seems
> to work afterwards (although the local git repo server needs to 
> be
> running during this time).
>
> Voila!  We no longer need to rely on remote git servers 
> availability :)
> It'd make sense	to also spawn this HTTP server through 
> shepherd.
> And to generalize it to be able to serve multiple repos at once 
> — for
> example a custom Guix tree, a channel other than "guix" and some
> software projects

Cool! I will definitely give this a try!


>
> Best
> Wojtek
>
>
> -- (sig_start)
> website: https://koszko.org/koszko.html
> fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
> follow me on Fediverse: 
> https://friendica.me/profile/koszko/profile
>
> ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
> c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
> U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> -- (sig_end)
>
>
> On Fri, 01 Dec 2023 12:37:58 -0600 Mauritz Stenek 
> <mstenek@disroot.org> wrote:
>
>> On 2023-12-01 at 07:12, Wojtek Kosior <koszko@koszko.org> 
>> wrote:
>> 
>> > [[PGP Signed Part:Undecided]]
>> > Hi
>> >  
>> >> However, on a full Guix system I keep getting this error:
>> >> 
>> >> ```
>> >> guix pull: error: Git error: error authenticating: no auth 
>> >> sock 
>> >> variable
>> >> ```
>> >> 
>> >> and, for the life of me, I just can't get it to work.  
>> >
>> > Maybe you're not running ssh user agent daemon under your 
>> > user? 
>> > You
>> > need it for this to work.
>> >
>> > You can probably spawn it in a number of ways.  One of them 
>> > would be
>> > through Guix home.  See this[1] Guix manual node for info 
>> > about
>> > ssh-agent's home service :)
>> >
>> > Also, you're not running `guix pull` with sudo, are you?  It 
>> > wouldn't
>> > work this way because sudo erases environment variables, 
>> > including
>> > "SSH_AUTH_SOCK".
>> >
>> > Btw, on my fully Guixified laptop I am using Guix home 
>> > without
>> > ssh-agent configured and yet I do have ssh-agent running 
>> > under 
>> > my user.
>> > I'm not sure what started it…  
>> 
>> Seems like that is the situation. I actually tried to run the 
>> ssh-agent user service example in the shepherd manual 
>> (https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html) 
>> -- verbatim -- and I get this error:
>> 
>> ```
>> Starting service root...
>> Service root started.
>> Service root running with value #t.
>> Service root has been started.
>> Uncaught exception while loading configuration file 
>> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
>> applicable method for ~S in call ~S" (#<<generic> 
>> service-actions 
>> (1)> (service-actions shepherd)) ())  
>> ```
>> 
>> which I don't know how to fix.
>> 
>> Other than that example, I'm at a loss with ssh.
>> 
>> >  
>> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
>> >> learning 
>> >> as I go)  
>> >
>> > As all of us, haha :D  
>> 
>> :D
>> 
>> >
>> > Btw, there's perhaps another solution — pull from local git 
>> > checkout.
>> > You can pass a filesystem path instead of a url when running 
>> > `guix
>> > pull`. This might later cause some issues if you try to `sudo 
>> > guix
>> > system reconfigure` but that's another topic…  
>> 
>> I was able to install a package like this but it's not ideal.
>> 
>> > Good luck and happy hacking!  
>> 
>> Thanks! I can tell you, it is a journey.
>> 
>> > Wojtek
>> >
>> > [1] 
>> > https://guix.gnu.org/manual/devel/en/html_node/Secure-Shell.html
>> >
>> >
>> > -- (sig_start)
>> > website: https://koszko.org/koszko.html
>> > fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 
>> > FD1A
>> > follow me on Fediverse: 
>> > https://friendica.me/profile/koszko/profile
>> >
>> > ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
>> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
>> > ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
>> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
>> > -- (sig_end)
>> >
>> >
>> > On Thu, 30 Nov 2023 19:47:43 -0600 Mauritz Stenek 
>> > <mstenek@disroot.org> wrote:
>> >  
>> >> I'm trying out Guix and created a personal (private) channel 
>> >> with 
>> >> some custom packages. I access my git repo with ssh.
>> >> 
>> >> Using Guix on a foreign distro, pulling from my git repo 
>> >> works 
>> >> fine after applying this strategy: 
>> >> https://issues.guix.gnu.org/31285.
>> >> 
>> >> However, on a full Guix system I keep getting this error:
>> >> 
>> >> ```
>> >> guix pull: error: Git error: error authenticating: no auth 
>> >> sock 
>> >> variable
>> >> ```
>> >> 
>> >> and, for the life of me, I just can't get it to work.
>> >> 
>> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
>> >> learning 
>> >> as I go)
>> >> 
>> >> Please help.
>> >>   
>> >
>> > [[End of PGP Signed Part]]  
>> 
>> 
>
> [[End of PGP Signed Part]]


-- 
Mauritz Stenek <mstenek@disroot.org>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SSH error guix pull
  2023-12-05 17:44       ` Mauritz Stenek
@ 2023-12-05 19:28         ` Wojtek Kosior via
  2023-12-07 20:33           ` Mauritz Stenek
  0 siblings, 1 reply; 9+ messages in thread
From: Wojtek Kosior via @ 2023-12-05 19:28 UTC (permalink / raw)
  To: Mauritz Stenek; +Cc: help-guix

[-- Attachment #1: Type: text/plain, Size: 13761 bytes --]

> Thanks Wojtek for your kind help (my comments below).
> 
> Status update: I got it running!

Great to hear that :)

> [...]
> 
> and that's it: the setup that works.
> 
> However, The error `guix pull` ssh error only goes away after I 
> ssh to a remote computer: `$ ssh root@repo.local`; this command 
> somehow triggers something that makes `git pull` work. Odd.

Hmm.  Since the SSH agent remembers SSH key password, it'd make sense
that one has to first "unlock" a key in an interactive CLI session
before Guix can use it non-interactively.  If this also happens with
passwordless keys, then it's indeed odd.  Nevertheless, I guess a
hypothetical solution would be to allow Guix to — when desired — call
SSH with access to its TTY/PTY :)

Best
Wojtek


-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)


On Tue, 05 Dec 2023 11:44:57 -0600 Mauritz Stenek <mstenek@disroot.org> wrote:

> Thanks Wojtek for your kind help (my comments below).
> 
> Status update: I got it running!
> 
> Perhaps I should clarify that I'm running a very light setup -- 
> Desktop services with dwm (I tried to go even leaner, but I 
> couldn't get the xorg server to work w/o a login manager); I'm 
> unsure if this is affecting the ssh setup.
> 
> This is what I did (the superflouos commented lines show my tweaks 
> to the doc's suggestion[1]):
> 
> (1) I created an ssh agent -- as per the shepherd docs[1] with 
> some tweaks. I added the `&` to the recommended bash setup to send 
> the job to the background:
> 
> ```
> if [[ ! -S ${XDG_RUNTIME_DIR-$HOME/.cache}/shepherd/socket ]]; 
> then
>     shepherd &
> fi
> ```
> 
> (2) I commented out `(shepherd service)` import and the 
> `(perform-service-action 'shepherd 'daemonize)` expression in the 
> `init.scm` file:
> 
> ```
> (use-modules ;; (shepherd service)
>              ((ice-9 ftw) #:select (scandir)))
> 
> ;; Send shepherd into the background
> ;; (perform-service-action 'shepherd 'daemonize)
> 
> ;; Load all the files in the directory 'init.d' with a suffix 
>    '.scm'.
> (for-each
>   (lambda (file)
>     (load (string-append "init.d/" file)))
>   (scandir (string-append (dirname (current-filename)) "/init.d")
>            (lambda (file)
>              (string-suffix? ".scm" file))))
> ```
> 
> (3): I removed the conditional export of the auth sock varible in 
> the `.bash_profile` file:
> 
> ```
> #if [[ ! -n ${SSH_CONNECTION} ]]; then
>     SSH_AUTH_SOCK=${XDG_RUNTIME_DIR-$HOME/.cache}/ssh-agent/socket
>     export SSH_AUTH_SOCK
> #fi
> ```
> 
> and that's it: the setup that works.
> 
> However, The error `guix pull` ssh error only goes away after I 
> ssh to a remote computer: `$ ssh root@repo.local`; this command 
> somehow triggers something that makes `git pull` work. Odd.
> 
> 
> [1]: 
> https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html
> 
> On 2023-12-01 at 14:07, Wojtek Kosior <koszko@koszko.org> wrote:
> 
> > [[PGP Signed Part:Undecided]]  
> >> Starting service root...
> >> Service root started.
> >> Service root running with value #t.
> >> Service root has been started.
> >> Uncaught exception while loading configuration file 
> >> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
> >> applicable method for ~S in call ~S" (#<<generic> 
> >> service-actions   
> >> (1)> (service-actions shepherd)) ())    
> >> ```
> >> 
> >> which I don't know how to fix.  
> >
> > I see…  I've never been using shepherd alone, in separation from 
> > Guix
> > but I see that my Guix-generated user shepherd config has this
> >
> > --8<---------------cut 
> > here---------------start------------->8---
> > (action 'root 'daemonize)
> > --8<---------------cut 
> > here---------------end--------------->8---
> >
> >
> > while the example you linked to uses
> >
> > --8<---------------cut 
> > here---------------end--------------->8---
> > (perform-service-action 'shepherd 'daemonize)
> > --8<---------------cut 
> > here---------------start------------->8---
> >
> >
> > Anyway, if there's no strong reason for not using Guix home, I'd 
> > suggest
> > using it.  I mean the `guix home` command and its subcommands. 
> > It
> > handles — among others — shepherd configuration.  The link I 
> > gave
> > earlier was about using SSH through Guix home.  
> 
> Yes, I still need to explore Guix Home -- baby steps.
> 
> >> > Btw, there's perhaps another solution — pull from local git 
> >> > checkout.
> >> > You can pass a filesystem path instead of a url when running 
> >> > `guix
> >> > pull`. This might later cause some issues if you try to `sudo 
> >> > guix
> >> > system reconfigure` but that's another topic…    
> >> 
> >> I was able to install a package like this but it's not ideal.  
> >
> > You can also set serve a cloneable git repo over HTTP on 
> > localhost…
> > Here's a sample script for this that I happen to have written 
> > for my own
> > purposes just today ;)
> >
> > --8<---------------cut 
> > here---------------start------------->8---
> > #!/usr/bin/env -S guix repl --
> > !#
> >
> > ;; SPDX-License-Identifier: CC0-1.0
> >
> > ;; Copyright (C) 2023 Wojtek Kosior <koszko@koszko.org>
> > ;;
> > ;; Available under the terms of Creative Commons Zero v1.0 
> > Universal.
> >
> > (use-modules ((guix gexp) #:select
> >               (gexp file-append mixed-text-file program-file 
> >               lower-object))
> >              ((gnu packages version-control) #:select (git))
> >              ((gnu packages web) #:select (lighttpd))
> >              ((guix store) #:select (run-with-store with-store 
> >              %store-monad))
> >              ((guix monads) #:select (mlet mbegin return))
> >              ((guix derivations) #:select
> >               (built-derivations derivation-output-path 
> >               derivation-outputs)))
> >
> > (define here
> >   (dirname (current-filename)))
> >
> > (define git-http-backend
> >   (file-append git "/libexec/git-core/git-http-backend"))
> >
> > (define lighttpd-config
> >   (mixed-text-file "lighttpd.conf"
> >                    "\
> > server.document-root = \"/dev/null\"
> > server.modules = ( \"mod_alias\", \"mod_cgi\", \"mod_setenv\")
> > server.port = 8098
> >
> > alias.url = ( \"/guix\" => \"" git-http-backend "\" )
> > cgi.assign = (\"\" => \"\")
> >
> > setenv.add-environment = (
> >     \"GIT_PROJECT_ROOT\" => \"" here "\" + \"/.git\",
> >     \"GIT_HTTP_EXPORT_ALL\" => \"\"
> > )
> > "))
> >
> > (define run-lighttpd-guix-repo-server
> >   (program-file "run-lighttpd-guix-repo-server"
> >                 #~(system* #$(file-append lighttpd 
> >                 "/sbin/lighttpd") "-D"
> >                            "-f" #$lighttpd-config)))
> >
> > (system*
> >  (with-store store
> >    (run-with-store store
> >      (mlet %store-monad ((script-drv (lower-object
> >                                       run-lighttpd-guix-repo-server)))
> >        (mbegin %current-monad
> >          (built-derivations (list script-drv))
> >          (return (derivation-output-path
> >                   (assoc-ref (derivation-outputs script-drv) 
> >                   "out"))))))))
> > --8<---------------cut 
> > here---------------end--------------->8---
> >
> >
> > One can write it as, say, "serve-git-repo.scm" in a git project
> > checkout (possibly also listing it in `.git/info/exclude` to 
> > have git
> > ignore it).  Then `chmod +x` it and run — if all goes OK, it 
> > should
> > serve the repo at: http://localhost:8098/guix
> >
> > It's then possible to do e.g.
> >
> > --8<---------------cut 
> > here---------------start------------->8---
> > guix pull --url=http://localhost:8098/guix
> > --8<---------------cut 
> > here---------------end--------------->8---
> >
> > The benefit is that the aforementioned `guix system reconfigure` 
> > seems
> > to work afterwards (although the local git repo server needs to 
> > be
> > running during this time).
> >
> > Voila!  We no longer need to rely on remote git servers 
> > availability :)
> > It'd make sense	to also spawn this HTTP server through 
> > shepherd.
> > And to generalize it to be able to serve multiple repos at once 
> > — for
> > example a custom Guix tree, a channel other than "guix" and some
> > software projects  
> 
> Cool! I will definitely give this a try!
> 
> 
> >
> > Best
> > Wojtek
> >
> >
> > -- (sig_start)
> > website: https://koszko.org/koszko.html
> > fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
> > follow me on Fediverse: 
> > https://friendica.me/profile/koszko/profile
> >
> > ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> > ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> > -- (sig_end)
> >
> >
> > On Fri, 01 Dec 2023 12:37:58 -0600 Mauritz Stenek 
> > <mstenek@disroot.org> wrote:
> >  
> >> On 2023-12-01 at 07:12, Wojtek Kosior <koszko@koszko.org> 
> >> wrote:
> >>   
> >> > [[PGP Signed Part:Undecided]]
> >> > Hi
> >> >    
> >> >> However, on a full Guix system I keep getting this error:
> >> >> 
> >> >> ```
> >> >> guix pull: error: Git error: error authenticating: no auth 
> >> >> sock 
> >> >> variable
> >> >> ```
> >> >> 
> >> >> and, for the life of me, I just can't get it to work.    
> >> >
> >> > Maybe you're not running ssh user agent daemon under your 
> >> > user? 
> >> > You
> >> > need it for this to work.
> >> >
> >> > You can probably spawn it in a number of ways.  One of them 
> >> > would be
> >> > through Guix home.  See this[1] Guix manual node for info 
> >> > about
> >> > ssh-agent's home service :)
> >> >
> >> > Also, you're not running `guix pull` with sudo, are you?  It 
> >> > wouldn't
> >> > work this way because sudo erases environment variables, 
> >> > including
> >> > "SSH_AUTH_SOCK".
> >> >
> >> > Btw, on my fully Guixified laptop I am using Guix home 
> >> > without
> >> > ssh-agent configured and yet I do have ssh-agent running 
> >> > under 
> >> > my user.
> >> > I'm not sure what started it…    
> >> 
> >> Seems like that is the situation. I actually tried to run the 
> >> ssh-agent user service example in the shepherd manual 
> >> (https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html) 
> >> -- verbatim -- and I get this error:
> >> 
> >> ```
> >> Starting service root...
> >> Service root started.
> >> Service root running with value #t.
> >> Service root has been started.
> >> Uncaught exception while loading configuration file 
> >> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
> >> applicable method for ~S in call ~S" (#<<generic> 
> >> service-actions   
> >> (1)> (service-actions shepherd)) ())    
> >> ```
> >> 
> >> which I don't know how to fix.
> >> 
> >> Other than that example, I'm at a loss with ssh.
> >>   
> >> >    
> >> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
> >> >> learning 
> >> >> as I go)    
> >> >
> >> > As all of us, haha :D    
> >> 
> >> :D
> >>   
> >> >
> >> > Btw, there's perhaps another solution — pull from local git 
> >> > checkout.
> >> > You can pass a filesystem path instead of a url when running 
> >> > `guix
> >> > pull`. This might later cause some issues if you try to `sudo 
> >> > guix
> >> > system reconfigure` but that's another topic…    
> >> 
> >> I was able to install a package like this but it's not ideal.
> >>   
> >> > Good luck and happy hacking!    
> >> 
> >> Thanks! I can tell you, it is a journey.
> >>   
> >> > Wojtek
> >> >
> >> > [1] 
> >> > https://guix.gnu.org/manual/devel/en/html_node/Secure-Shell.html
> >> >
> >> >
> >> > -- (sig_start)
> >> > website: https://koszko.org/koszko.html
> >> > fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 
> >> > FD1A
> >> > follow me on Fediverse: 
> >> > https://friendica.me/profile/koszko/profile
> >> >
> >> > ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
> >> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> >> > ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
> >> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> >> > -- (sig_end)
> >> >
> >> >
> >> > On Thu, 30 Nov 2023 19:47:43 -0600 Mauritz Stenek 
> >> > <mstenek@disroot.org> wrote:
> >> >    
> >> >> I'm trying out Guix and created a personal (private) channel 
> >> >> with 
> >> >> some custom packages. I access my git repo with ssh.
> >> >> 
> >> >> Using Guix on a foreign distro, pulling from my git repo 
> >> >> works 
> >> >> fine after applying this strategy: 
> >> >> https://issues.guix.gnu.org/31285.
> >> >> 
> >> >> However, on a full Guix system I keep getting this error:
> >> >> 
> >> >> ```
> >> >> guix pull: error: Git error: error authenticating: no auth 
> >> >> sock 
> >> >> variable
> >> >> ```
> >> >> 
> >> >> and, for the life of me, I just can't get it to work.
> >> >> 
> >> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
> >> >> learning 
> >> >> as I go)
> >> >> 
> >> >> Please help.
> >> >>     
> >> >
> >> > [[End of PGP Signed Part]]    
> >> 
> >>   
> >
> > [[End of PGP Signed Part]]  
> 
> 

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SSH error guix pull
  2023-12-05 19:28         ` Wojtek Kosior via
@ 2023-12-07 20:33           ` Mauritz Stenek
  2023-12-07 20:57             ` Wojtek Kosior via
  0 siblings, 1 reply; 9+ messages in thread
From: Mauritz Stenek @ 2023-12-07 20:33 UTC (permalink / raw)
  To: Wojtek Kosior; +Cc: help-guix


On 2023-12-05 at 13:28, Wojtek Kosior <koszko@koszko.org> wrote:

> [[PGP Signed Part:Undecided]]
>> Thanks Wojtek for your kind help (my comments below).
>> 
>> Status update: I got it running!
>
> Great to hear that :)
>
>> [...]
>> 
>> and that's it: the setup that works.
>> 
>> However, The error `guix pull` ssh error only goes away after I 
>> ssh to a remote computer: `$ ssh root@repo.local`; this command 
>> somehow triggers something that makes `git pull` work. Odd.
>
> Hmm.  Since the SSH agent remembers SSH key password, it'd make 
> sense
> that one has to first "unlock" a key in an interactive CLI 
> session
> before Guix can use it non-interactively.  If this also happens 
> with
> passwordless keys, then it's indeed odd.  Nevertheless, I guess 
> a
> hypothetical solution would be to allow Guix to — when desired — 
> call
> SSH with access to its TTY/PTY :)

Would you mind showing me how?

Thanks Wojtek.

>
> Best
> Wojtek
>
>
> -- (sig_start)
> website: https://koszko.org/koszko.html
> fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
> follow me on Fediverse: 
> https://friendica.me/profile/koszko/profile
>
> ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
> c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
> U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> -- (sig_end)
>
>
> On Tue, 05 Dec 2023 11:44:57 -0600 Mauritz Stenek 
> <mstenek@disroot.org> wrote:
>
>> Thanks Wojtek for your kind help (my comments below).
>> 
>> Status update: I got it running!
>> 
>> Perhaps I should clarify that I'm running a very light setup -- 
>> Desktop services with dwm (I tried to go even leaner, but I 
>> couldn't get the xorg server to work w/o a login manager); I'm 
>> unsure if this is affecting the ssh setup.
>> 
>> This is what I did (the superflouos commented lines show my 
>> tweaks 
>> to the doc's suggestion[1]):
>> 
>> (1) I created an ssh agent -- as per the shepherd docs[1] with 
>> some tweaks. I added the `&` to the recommended bash setup to 
>> send 
>> the job to the background:
>> 
>> ```
>> if [[ ! -S ${XDG_RUNTIME_DIR-$HOME/.cache}/shepherd/socket ]]; 
>> then
>>     shepherd &
>> fi
>> ```
>> 
>> (2) I commented out `(shepherd service)` import and the 
>> `(perform-service-action 'shepherd 'daemonize)` expression in 
>> the 
>> `init.scm` file:
>> 
>> ```
>> (use-modules ;; (shepherd service)
>>              ((ice-9 ftw) #:select (scandir)))
>> 
>> ;; Send shepherd into the background
>> ;; (perform-service-action 'shepherd 'daemonize)
>> 
>> ;; Load all the files in the directory 'init.d' with a suffix 
>>    '.scm'.
>> (for-each
>>   (lambda (file)
>>     (load (string-append "init.d/" file)))
>>   (scandir (string-append (dirname (current-filename)) 
>>   "/init.d")
>>            (lambda (file)
>>              (string-suffix? ".scm" file))))
>> ```
>> 
>> (3): I removed the conditional export of the auth sock varible 
>> in 
>> the `.bash_profile` file:
>> 
>> ```
>> #if [[ ! -n ${SSH_CONNECTION} ]]; then
>>     SSH_AUTH_SOCK=${XDG_RUNTIME_DIR-$HOME/.cache}/ssh-agent/socket
>>     export SSH_AUTH_SOCK
>> #fi
>> ```
>> 
>> and that's it: the setup that works.
>> 
>> However, The error `guix pull` ssh error only goes away after I 
>> ssh to a remote computer: `$ ssh root@repo.local`; this command 
>> somehow triggers something that makes `git pull` work. Odd.
>> 
>> 
>> [1]: 
>> https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html
>> 
>> On 2023-12-01 at 14:07, Wojtek Kosior <koszko@koszko.org> 
>> wrote:
>> 
>> > [[PGP Signed Part:Undecided]]  
>> >> Starting service root...
>> >> Service root started.
>> >> Service root running with value #t.
>> >> Service root has been started.
>> >> Uncaught exception while loading configuration file 
>> >> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
>> >> applicable method for ~S in call ~S" (#<<generic> 
>> >> service-actions   
>> >> (1)> (service-actions shepherd)) ())    
>> >> ```
>> >> 
>> >> which I don't know how to fix.  
>> >
>> > I see…  I've never been using shepherd alone, in separation 
>> > from 
>> > Guix
>> > but I see that my Guix-generated user shepherd config has 
>> > this
>> >
>> > --8<---------------cut 
>> > here---------------start------------->8---
>> > (action 'root 'daemonize)
>> > --8<---------------cut 
>> > here---------------end--------------->8---
>> >
>> >
>> > while the example you linked to uses
>> >
>> > --8<---------------cut 
>> > here---------------end--------------->8---
>> > (perform-service-action 'shepherd 'daemonize)
>> > --8<---------------cut 
>> > here---------------start------------->8---
>> >
>> >
>> > Anyway, if there's no strong reason for not using Guix home, 
>> > I'd 
>> > suggest
>> > using it.  I mean the `guix home` command and its 
>> > subcommands. 
>> > It
>> > handles — among others — shepherd configuration.  The link I 
>> > gave
>> > earlier was about using SSH through Guix home.  
>> 
>> Yes, I still need to explore Guix Home -- baby steps.
>> 
>> >> > Btw, there's perhaps another solution — pull from local 
>> >> > git 
>> >> > checkout.
>> >> > You can pass a filesystem path instead of a url when 
>> >> > running 
>> >> > `guix
>> >> > pull`. This might later cause some issues if you try to 
>> >> > `sudo 
>> >> > guix
>> >> > system reconfigure` but that's another topic…    
>> >> 
>> >> I was able to install a package like this but it's not 
>> >> ideal.  
>> >
>> > You can also set serve a cloneable git repo over HTTP on 
>> > localhost…
>> > Here's a sample script for this that I happen to have written 
>> > for my own
>> > purposes just today ;)
>> >
>> > --8<---------------cut 
>> > here---------------start------------->8---
>> > #!/usr/bin/env -S guix repl --
>> > !#
>> >
>> > ;; SPDX-License-Identifier: CC0-1.0
>> >
>> > ;; Copyright (C) 2023 Wojtek Kosior <koszko@koszko.org>
>> > ;;
>> > ;; Available under the terms of Creative Commons Zero v1.0 
>> > Universal.
>> >
>> > (use-modules ((guix gexp) #:select
>> >               (gexp file-append mixed-text-file program-file 
>> >               lower-object))
>> >              ((gnu packages version-control) #:select (git))
>> >              ((gnu packages web) #:select (lighttpd))
>> >              ((guix store) #:select (run-with-store 
>> >              with-store 
>> >              %store-monad))
>> >              ((guix monads) #:select (mlet mbegin return))
>> >              ((guix derivations) #:select
>> >               (built-derivations derivation-output-path 
>> >               derivation-outputs)))
>> >
>> > (define here
>> >   (dirname (current-filename)))
>> >
>> > (define git-http-backend
>> >   (file-append git "/libexec/git-core/git-http-backend"))
>> >
>> > (define lighttpd-config
>> >   (mixed-text-file "lighttpd.conf"
>> >                    "\
>> > server.document-root = \"/dev/null\"
>> > server.modules = ( \"mod_alias\", \"mod_cgi\", 
>> > \"mod_setenv\")
>> > server.port = 8098
>> >
>> > alias.url = ( \"/guix\" => \"" git-http-backend "\" )
>> > cgi.assign = (\"\" => \"\")
>> >
>> > setenv.add-environment = (
>> >     \"GIT_PROJECT_ROOT\" => \"" here "\" + \"/.git\",
>> >     \"GIT_HTTP_EXPORT_ALL\" => \"\"
>> > )
>> > "))
>> >
>> > (define run-lighttpd-guix-repo-server
>> >   (program-file "run-lighttpd-guix-repo-server"
>> >                 #~(system* #$(file-append lighttpd 
>> >                 "/sbin/lighttpd") "-D"
>> >                            "-f" #$lighttpd-config)))
>> >
>> > (system*
>> >  (with-store store
>> >    (run-with-store store
>> >      (mlet %store-monad ((script-drv (lower-object
>> >                                       run-lighttpd-guix-repo-server)))
>> >        (mbegin %current-monad
>> >          (built-derivations (list script-drv))
>> >          (return (derivation-output-path
>> >                   (assoc-ref (derivation-outputs script-drv) 
>> >                   "out"))))))))
>> > --8<---------------cut 
>> > here---------------end--------------->8---
>> >
>> >
>> > One can write it as, say, "serve-git-repo.scm" in a git 
>> > project
>> > checkout (possibly also listing it in `.git/info/exclude` to 
>> > have git
>> > ignore it).  Then `chmod +x` it and run — if all goes OK, it 
>> > should
>> > serve the repo at: http://localhost:8098/guix
>> >
>> > It's then possible to do e.g.
>> >
>> > --8<---------------cut 
>> > here---------------start------------->8---
>> > guix pull --url=http://localhost:8098/guix
>> > --8<---------------cut 
>> > here---------------end--------------->8---
>> >
>> > The benefit is that the aforementioned `guix system 
>> > reconfigure` 
>> > seems
>> > to work afterwards (although the local git repo server needs 
>> > to 
>> > be
>> > running during this time).
>> >
>> > Voila!  We no longer need to rely on remote git servers 
>> > availability :)
>> > It'd make sense	to also spawn this HTTP server through 
>> > shepherd.
>> > And to generalize it to be able to serve multiple repos at 
>> > once 
>> > — for
>> > example a custom Guix tree, a channel other than "guix" and 
>> > some
>> > software projects  
>> 
>> Cool! I will definitely give this a try!
>> 
>> 
>> >
>> > Best
>> > Wojtek
>> >
>> >
>> > -- (sig_start)
>> > website: https://koszko.org/koszko.html
>> > fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 
>> > FD1A
>> > follow me on Fediverse: 
>> > https://friendica.me/profile/koszko/profile
>> >
>> > ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
>> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
>> > ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
>> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
>> > -- (sig_end)
>> >
>> >
>> > On Fri, 01 Dec 2023 12:37:58 -0600 Mauritz Stenek 
>> > <mstenek@disroot.org> wrote:
>> >  
>> >> On 2023-12-01 at 07:12, Wojtek Kosior <koszko@koszko.org> 
>> >> wrote:
>> >>   
>> >> > [[PGP Signed Part:Undecided]]
>> >> > Hi
>> >> >    
>> >> >> However, on a full Guix system I keep getting this error:
>> >> >> 
>> >> >> ```
>> >> >> guix pull: error: Git error: error authenticating: no 
>> >> >> auth 
>> >> >> sock 
>> >> >> variable
>> >> >> ```
>> >> >> 
>> >> >> and, for the life of me, I just can't get it to work.    
>> >> >
>> >> > Maybe you're not running ssh user agent daemon under your 
>> >> > user? 
>> >> > You
>> >> > need it for this to work.
>> >> >
>> >> > You can probably spawn it in a number of ways.  One of 
>> >> > them 
>> >> > would be
>> >> > through Guix home.  See this[1] Guix manual node for info 
>> >> > about
>> >> > ssh-agent's home service :)
>> >> >
>> >> > Also, you're not running `guix pull` with sudo, are you? 
>> >> > It 
>> >> > wouldn't
>> >> > work this way because sudo erases environment variables, 
>> >> > including
>> >> > "SSH_AUTH_SOCK".
>> >> >
>> >> > Btw, on my fully Guixified laptop I am using Guix home 
>> >> > without
>> >> > ssh-agent configured and yet I do have ssh-agent running 
>> >> > under 
>> >> > my user.
>> >> > I'm not sure what started it…    
>> >> 
>> >> Seems like that is the situation. I actually tried to run 
>> >> the 
>> >> ssh-agent user service example in the shepherd manual 
>> >> (https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html) 
>> >> -- verbatim -- and I get this error:
>> >> 
>> >> ```
>> >> Starting service root...
>> >> Service root started.
>> >> Service root running with value #t.
>> >> Service root has been started.
>> >> Uncaught exception while loading configuration file 
>> >> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
>> >> applicable method for ~S in call ~S" (#<<generic> 
>> >> service-actions   
>> >> (1)> (service-actions shepherd)) ())    
>> >> ```
>> >> 
>> >> which I don't know how to fix.
>> >> 
>> >> Other than that example, I'm at a loss with ssh.
>> >>   
>> >> >    
>> >> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
>> >> >> learning 
>> >> >> as I go)    
>> >> >
>> >> > As all of us, haha :D    
>> >> 
>> >> :D
>> >>   
>> >> >
>> >> > Btw, there's perhaps another solution — pull from local 
>> >> > git 
>> >> > checkout.
>> >> > You can pass a filesystem path instead of a url when 
>> >> > running 
>> >> > `guix
>> >> > pull`. This might later cause some issues if you try to 
>> >> > `sudo 
>> >> > guix
>> >> > system reconfigure` but that's another topic…    
>> >> 
>> >> I was able to install a package like this but it's not 
>> >> ideal.
>> >>   
>> >> > Good luck and happy hacking!    
>> >> 
>> >> Thanks! I can tell you, it is a journey.
>> >>   
>> >> > Wojtek
>> >> >
>> >> > [1] 
>> >> > https://guix.gnu.org/manual/devel/en/html_node/Secure-Shell.html
>> >> >
>> >> >
>> >> > -- (sig_start)
>> >> > website: https://koszko.org/koszko.html
>> >> > fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 
>> >> > FD1A
>> >> > follow me on Fediverse: 
>> >> > https://friendica.me/profile/koszko/profile
>> >> >
>> >> > ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
>> >> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
>> >> > ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
>> >> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
>> >> > -- (sig_end)
>> >> >
>> >> >
>> >> > On Thu, 30 Nov 2023 19:47:43 -0600 Mauritz Stenek 
>> >> > <mstenek@disroot.org> wrote:
>> >> >    
>> >> >> I'm trying out Guix and created a personal (private) 
>> >> >> channel 
>> >> >> with 
>> >> >> some custom packages. I access my git repo with ssh.
>> >> >> 
>> >> >> Using Guix on a foreign distro, pulling from my git repo 
>> >> >> works 
>> >> >> fine after applying this strategy: 
>> >> >> https://issues.guix.gnu.org/31285.
>> >> >> 
>> >> >> However, on a full Guix system I keep getting this error:
>> >> >> 
>> >> >> ```
>> >> >> guix pull: error: Git error: error authenticating: no 
>> >> >> auth 
>> >> >> sock 
>> >> >> variable
>> >> >> ```
>> >> >> 
>> >> >> and, for the life of me, I just can't get it to work.
>> >> >> 
>> >> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
>> >> >> learning 
>> >> >> as I go)
>> >> >> 
>> >> >> Please help.
>> >> >>     
>> >> >
>> >> > [[End of PGP Signed Part]]    
>> >> 
>> >>   
>> >
>> > [[End of PGP Signed Part]]  
>> 
>> 
>
> [[End of PGP Signed Part]]


-- 
Mauritz Stenek <mstenek@disroot.org>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SSH error guix pull
  2023-12-07 20:33           ` Mauritz Stenek
@ 2023-12-07 20:57             ` Wojtek Kosior via
  2023-12-07 21:02               ` Mauritz Stenek
  0 siblings, 1 reply; 9+ messages in thread
From: Wojtek Kosior via @ 2023-12-07 20:57 UTC (permalink / raw)
  To: Mauritz Stenek, help-guix

[-- Attachment #1: Type: text/plain, Size: 1676 bytes --]

> > Nevertheless, I guess a
> > hypothetical solution would be to allow Guix to — when desired — 
> > call
> > SSH with access to its TTY/PTY :)  
> 
> Would you mind showing me how?

Oh, that'd be hard…  I meant modification to some internal code that
spawns an SSH process.  So that when certain CLI option is passed, Guix
does this without substituting stdin/stdout/stderr file descriptors.

Actually, I'm not even 100% sure the substitution is controlled
directly by Guix — it might be in libgit which IIRC is used for cloning
here.

Anyway, this improvement would require digging deep into either Guix or
libgit. That's why I called it hypothetical — because it is too much
work to consider here :)

Anyway, if you're inclined to work around the problem, you might want
to experiment with the SSH_ASKPASS and SSH_ASKPASS_REQUIRE environment
variables.  So that you're asked to enter the password in a GUI.
See `man ssh` for more info about these vars

Happy Hacking!
Wojtek

-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)

On Thu, 07 Dec 2023 14:33:18 -0600 Mauritz Stenek <mstenek@disroot.org> wrote:

> Nevertheless, I guess 
> > a
> > hypothetical solution would be to allow Guix to — when desired — 
> > call
> > SSH with access to its TTY/PTY :)  
> 
> Would you mind showing me how?

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SSH error guix pull
  2023-12-07 20:57             ` Wojtek Kosior via
@ 2023-12-07 21:02               ` Mauritz Stenek
  0 siblings, 0 replies; 9+ messages in thread
From: Mauritz Stenek @ 2023-12-07 21:02 UTC (permalink / raw)
  To: Wojtek Kosior; +Cc: help-guix


On 2023-12-07 at 14:57, Wojtek Kosior <koszko@koszko.org> wrote:

> [[PGP Signed Part:Undecided]]
>> > Nevertheless, I guess a
>> > hypothetical solution would be to allow Guix to — when 
>> > desired — 
>> > call
>> > SSH with access to its TTY/PTY :)  
>> 
>> Would you mind showing me how?
>
> Oh, that'd be hard…  I meant modification to some internal code 
> that
> spawns an SSH process.  So that when certain CLI option is 
> passed, Guix
> does this without substituting stdin/stdout/stderr file 
> descriptors.
>
> Actually, I'm not even 100% sure the substitution is controlled
> directly by Guix — it might be in libgit which IIRC is used for 
> cloning
> here.

I think you might be on to something -- scouring the internet, 
libgit2 seems to be the culprit.

>
> Anyway, this improvement would require digging deep into either 
> Guix or
> libgit. That's why I called it hypothetical — because it is too 
> much
> work to consider here :)
>
> Anyway, if you're inclined to work around the problem, you might 
> want
> to experiment with the SSH_ASKPASS and SSH_ASKPASS_REQUIRE 
> environment
> variables.  So that you're asked to enter the password in a GUI.
> See `man ssh` for more info about these vars
>
> Happy Hacking!
> Wojtek

Thanks for your all your help. What I have now works, which, is 
sufficient for now (I hope).

A couple of things more I want to check, and that's it: I'm 
migrating to a full Guix system.


>
>
> -- (sig_start)
> website: https://koszko.org/koszko.html
> fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
> follow me on Fediverse: 
> https://friendica.me/profile/koszko/profile
>
> ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
> c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
> U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> -- (sig_end)
>
>
> On Thu, 07 Dec 2023 14:33:18 -0600 Mauritz Stenek 
> <mstenek@disroot.org> wrote:
>
>> Nevertheless, I guess 
>> > a
>> > hypothetical solution would be to allow Guix to — when 
>> > desired — 
>> > call
>> > SSH with access to its TTY/PTY :)  
>> 
>> Would you mind showing me how?
>
> [[End of PGP Signed Part]]


-- 
Mauritz Stenek <mstenek@disroot.org>


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2023-12-07 21:09 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-01  1:47 SSH error guix pull Mauritz Stenek
2023-12-01 13:12 ` Wojtek Kosior via
2023-12-01 18:37   ` Mauritz Stenek
2023-12-01 20:07     ` Wojtek Kosior via
2023-12-05 17:44       ` Mauritz Stenek
2023-12-05 19:28         ` Wojtek Kosior via
2023-12-07 20:33           ` Mauritz Stenek
2023-12-07 20:57             ` Wojtek Kosior via
2023-12-07 21:02               ` Mauritz Stenek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).