From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id QKJ7FQ0Mb2Y/tQAAqHPOHw:P1 (envelope-from ) for ; Sun, 16 Jun 2024 16:00:13 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id QKJ7FQ0Mb2Y/tQAAqHPOHw (envelope-from ) for ; Sun, 16 Jun 2024 18:00:13 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=ikherbers.com header.s=strato-dkim-0002 header.b=iusKyacr; dkim=fail ("headers eddsa verify failed") header.d=ikherbers.com header.s=strato-dkim-0003 header.b=1tm810uN; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; arc=reject ("signature check failed: fail, {[1] = sig:strato.com:reject}") ARC-Seal: i=2; s=key1; d=yhetil.org; t=1718553613; a=rsa-sha256; cv=fail; b=hXy2LGMdYubtZZ0eeLtzPiFx9t1RzPJIOfsBthe4ZACSSuoXA9Ahew5nwApPIWunhGAOvz a36J0aleaMPC1DRO+8p10g86YjHvL8n0uZcu5mqCekYdYxxs7UFyP6iU9O/8j80ShA+/Gd Ja206m5UGes1vbFnZdxwsfW3zZNYAvgMgFlT5dBFYdFlRFTG5pZ14MVbySEai9sqo294V4 Rkkt4MB+IgmG84J8B/VmL/nCaHA/93Tkcpbfm2YHdD5A7wyoeXt27yROtPKJz/KWVLKoXB eoqPB8ItevSgZ+2Ram99w9v4tATI8BVkZ+ToJ9Q641sIJ/CpxogJscZQaz4/Iw== ARC-Authentication-Results: i=2; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=ikherbers.com header.s=strato-dkim-0002 header.b=iusKyacr; dkim=fail ("headers eddsa verify failed") header.d=ikherbers.com header.s=strato-dkim-0003 header.b=1tm810uN; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; arc=reject ("signature check failed: fail, {[1] = sig:strato.com:reject}") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1718553613; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=Z1PYhM6dFbNhd/dv8nfZ3fpnwCkazBcCwFvv241xc8s=; b=gP+T+E2YHhTYU/lsz1xvSsNH38ae54qlPiNkc13VbAmOmdPqPx3mqZOdS0ELOPkvqZD2yq BfT1Y2plK0OYIEnEzGfOqIzgi9wlO4m2NM7yPEzFRl2t5qJn7azle1oVcBBCJQp65dfcH6 VtSwvy8BWG/3LVnQG+5rcui+SirSosWXYJlYZzSqq1rPcVVeFCzMJZQbXcc8ZMuiOP/eY9 WSel8gl9f0fHChVMrJQwlHxNYlPh9Q3D3T3gtJwEt3glbZzTKpn2Bc3n8G/wB/BmJljg6c UJNUUxagRihIj131Vb4AI1EZB/KvjF2nNy3l6gaOCZ/aAdP56MT7q44sfYpO4Q== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E205569E69 for ; Sun, 16 Jun 2024 18:00:12 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sIsIV-0001DS-Tn; Sun, 16 Jun 2024 12:00:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sIsIT-0001CW-Uc for guix-patches@gnu.org; Sun, 16 Jun 2024 12:00:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sIsIT-0003H1-F7 for guix-patches@gnu.org; Sun, 16 Jun 2024 12:00:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sIsIU-0008MV-Qc for guix-patches@gnu.org; Sun, 16 Jun 2024 12:00:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71594] [PATCH] file-systems: Allow specifying CIFS credentials in a file. Resent-From: vicvbcun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 16 Jun 2024 16:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 71594 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 71594@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.171855359232079 (code B ref -1); Sun, 16 Jun 2024 16:00:02 +0000 Received: (at submit) by debbugs.gnu.org; 16 Jun 2024 15:59:52 +0000 Received: from localhost ([127.0.0.1]:39843 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sIsIJ-0008LJ-Qp for submit@debbugs.gnu.org; Sun, 16 Jun 2024 11:59:52 -0400 Received: from lists.gnu.org ([209.51.188.17]:33422) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sIsII-0008LC-Ef for submit@debbugs.gnu.org; Sun, 16 Jun 2024 11:59:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sIsIG-00010I-MD for guix-patches@gnu.org; Sun, 16 Jun 2024 11:59:48 -0400 Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.162]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sIsIE-0003BJ-A0 for guix-patches@gnu.org; Sun, 16 Jun 2024 11:59:48 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1718553582; cv=none; d=strato.com; s=strato-dkim-0002; b=p0TW5zx5R4q1Q8AONH2QkkRUshYArtzv3CEqzCG346zWI0RaAGgRLzRZxxobC+kg8Z 7lBlBmu1AbqCOrwVfLaxEDAUP5mYBR0d0t4p6Fj3tDWCKKVwvcxJYVrbnYhzDkie8i6m Cf7K+bGEB4h2Kr2eERFtlizpHPqF76pCdeOcgRL9g1N4jRH32BQNdU4PnLd/EHwfS/s1 R411IWzXtstBjCA3C/xwitxVuZ9Kac8ELg2jPVbp+uwu9JtECjkQJJfExGlEcHJTedjL /T97+Bu2RbcFAP/e/BcxVa1iFdFC/Y5zFBw+OGh/wi2WFJts5ySi3wNHR0hxBdN/ebIp 12Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1718553582; s=strato-dkim-0002; d=strato.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=Z1PYhM6dFbNhd/dv8nfZ3fpnwCkazBcCwFvv241xc8s=; b=tWHzAbjjG7PXdU2FUj4tFPyOAWh0P9IC1UsxD/ysOAWHoVutBdjOWuTEFsA2P1X3Kf JyzBk0K0g0LSAaPwZcFv55XzLvjlcneiguXMooCvBlxSw23Vf6HtdKNiT/vztcghvuK4 SJeyK6540p79YwvZtCfI11vvEh8OrC7Yk6oyCAlHt4R5YsS7aWwxMzTIZRYiogk0DV05 +ptPBxtB/Un0PmGw/jYQxZZeoEUrPDHPDh5I9S4YG78NACTnmh0hpFdHl+o0/Bmk39Rx q94SoUs0j506rWX7Jrksf/HzkNgsf2lbXWCqFpV7AappCHNf24AO5ua5Qy+e5cgKfKLP f5aA== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1718553582; s=strato-dkim-0002; d=ikherbers.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=Z1PYhM6dFbNhd/dv8nfZ3fpnwCkazBcCwFvv241xc8s=; b=iusKyacrYdtpUqPtEODrNbrM1UDAFNTZD0KAYrBeA0stWIjfdxJz8dejZfyfAS3Zvt 5HrMttKlTCgKyHP58d4VWcWr7UCUlLQHiE1dhfGdmKXd1rGYDuAKQ1sf43SzYX0jnbcD OUdVmbVchpuf8/6kns2y4ynPrcO2/nRQLUWZO9T7svK45gEpfHcxOpIzN0KSVABz8cCf 7PruKbxmLH6upRClXn5OGFou5zfAANcwFtWrl3D0dXKtHchXNgeA/a061/xlQMlzLWQa ELUOo+xaIwC4cFUimLSFwdEZnje/y5nHCauYhhq4MzMrKL2qhvIwlGJJpcQB7O8aHIQQ Sxiw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1718553582; s=strato-dkim-0003; d=ikherbers.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=Z1PYhM6dFbNhd/dv8nfZ3fpnwCkazBcCwFvv241xc8s=; b=1tm810uNDO8QGyqJ23BZbJg7iIfgloHD7DQcGu67uNkePzZs5uYyhXQYJ1jhbUo0Sv 6t6HD7TvnfAt5+9IUtBg== X-RZG-AUTH: ":IUwNfkitaf3qOWm2b/jA5tveVwUUcwH3PkiYp6DPxTDDEo4xO9elHkvI0r6JTEExTmUrmnl6ykGnvsiYyFkBs3LjhTWRb1/+yDNK" Received: from lambda.localdomain by smtp.strato.de (RZmta 50.5.0 AUTH) with ESMTPSA id 507f1505GFxgUga (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate) for ; Sun, 16 Jun 2024 17:59:42 +0200 (CEST) From: vicvbcun Date: Sun, 16 Jun 2024 17:59:38 +0200 Message-ID: <434a45cea2afc5e4de5af5b15bc732b7587a979a.1718550930.git.guix@ikherbers.com> X-Mailer: git-send-email 2.45.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="us-ascii" Received-SPF: none client-ip=81.169.146.162; envelope-from=guix@ikherbers.com; helo=mo4-p00-ob.smtp.rzone.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -3.55 X-Migadu-Scanner: mx12.migadu.com X-Spam-Score: -3.55 X-Migadu-Queue-Id: E205569E69 X-TUID: xmYISISusnDn As files in the store and /etc/fstab are world readable, specifying the password in the file-system record is suboptimal. To mitigate this, `mount.cifs' supports reading `username', `password' and `domain' options from a file named by the `credentials' or `cred' option. * gnu/build/file-systems.scm (mount-file-system): Read mount options from the file specified via the `credentials' or `cred' option if specified. Change-Id: I786c5da373fc26d45fe7a876c56a8c4854d18532 --- `read-credential-file' is certainly not very elegant, but it matches what `mount.cifs' does. gnu/build/file-systems.scm | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index ae29b36c4e..f0c16453e8 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -39,6 +39,7 @@ (define-module (gnu build file-systems) #:use-module (ice-9 match) #:use-module (ice-9 rdelim) #:use-module (ice-9 regex) + #:use-module (ice-9 string-fun) #:use-module (system foreign) #:autoload (system repl repl) (start-repl) #:use-module (srfi srfi-1) @@ -1186,6 +1187,28 @@ (define* (mount-file-system fs #:key (root "/root") (string-append "," options) ""))))) + (define (read-credential-file file) + ;; Read password, user and domain options from file + (with-input-from-file file + (lambda () + (let loop + ((next-line (read-line)) + (lines '())) + (if (not (eof-object? next-line)) + (loop (read-line) + (cond + ((string-match "^[[:space:]]*pass" next-line) + ;; mount.cifs escapes commas in the password by doubling + ;; them + (cons (string-replace-substring (string-trim next-line) "," ",,") + lines)) + ((string-match "^[[:space:]]*(user|dom)" next-line) + (cons (string-trim next-line) lines)) + ;; Ignore all other lines. + (else + lines))) + lines))))) + (define (mount-cifs source mount-point type flags options) ;; Source is of form "///" (let* ((regex-match (string-match "//([^/]+)/(.+)" source)) @@ -1194,6 +1217,8 @@ (define* (mount-file-system fs #:key (root "/root") ;; Match ",guest,", ",guest$", "^guest,", or "^guest$," not ;; e.g. user=foo,pass=notaguest (guest? (string-match "(^|,)(guest)($|,)" options)) + (credential-file (and=> (string-match "(^|,)(credentials|cred)=([^,]+)(,|$)" options) + (cut match:substring <> 3))) ;; Perform DNS resolution now instead of attempting kernel dns ;; resolver upcalling. /sbin/request-key does not exist and the ;; kernel hardcodes the path. @@ -1218,6 +1243,10 @@ (define* (mount-file-system fs #:key (root "/root") ;; ignores it. Also, avoiding excess commas ;; when deleting is a pain. (string-append "," options) + "") + (if credential-file + ;; The "credentials" option is ignored too. + (string-join (read-credential-file credential-file) "," 'prefix) ""))))) (let* ((type (file-system-type fs)) base-commit: 2195f70936b7aeec123d4e95345f1007d3a7bb06 -- 2.45.1