From: Marius Bakke <mbakke@fastmail.com>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 29035@debbugs.gnu.org
Subject: [bug#29035] [PATCH 1/2] skel: Test for interactive shell instead of $SSH_CLIENT in .bashrc.
Date: Sun, 29 Oct 2017 21:07:40 +0100 [thread overview]
Message-ID: <87y3nt4t0z.fsf@fastmail.com> (raw)
In-Reply-To: <877eve3uc3.fsf@gnu.org>
[-- Attachment #1.1: Type: text/plain, Size: 1368 bytes --]
Ludovic Courtès <ludo@gnu.org> writes:
> Hi Marius!
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>>
>>> Heya,
>>>
>>> Marius Bakke <mbakke@fastmail.com> skribis:
>>>
>>>> * gnu/system/shadow.scm (default-skeletons): Instead of testing for
>>>> $SSH_CLIENT, check whether '$-' includes the letter 'i'.
>>>
>>> That’s an improvement indeed, LGTM!
>>
>> I realized this will source /etc/profile twice when bash is invoked as
>> 'bash -l -c foo', which isn't great. It also assumes /etc/profile
>> exists at all, which might not hold true e.g. in a container.
>
> OK. (Though GuixSD containers do have /etc/profile, don’t they?)
I only checked `guix environment -C` (no further arguments!).
>> The main motivation for this commit is to make things like
>> 'git-receive-pack', 'rsync' etc work out-of-the-box when installed in
>> a user profile. The test for `cat` was ineffective on OpenSSH since it
>> has a default PATH set to "/run/current-system/profile/bin".
>>
>> I've tested adding ~/.guix-profile/bin to the compiled-in default
>> OpenSSH PATH instead, and it works. WDYT of this series?
>
> OK.
>
> I think it would make sense to add a test to (gnu tests ssh) for this,
> because it’s one of these things that annoy everyone.
Good idea. I came up with this:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-tests-ssh-Make-sure-we-can-run-commands-from-PATH.patch --]
[-- Type: text/x-patch, Size: 1689 bytes --]
diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scm
index 41be36035..6d367dc75 100644
--- a/gnu/tests/ssh.scm
+++ b/gnu/tests/ssh.scm
@@ -169,6 +170,33 @@ root with an empty password."
(call-with-remote-input-file sftp-session witness
read)))))
+ ;; Connect to the guest over SSH. Make sure we can run commands
+ ;; from the system profile.
+ (test-equal "run executables from system profile"
+ #t
+ (call-with-connected-session/auth
+ (lambda (session)
+ (let ((channel (make-channel session)))
+ (channel-open-session channel)
+ (channel-request-exec
+ channel
+ (string-append
+ "mkdir -p /root/.guix-profile/bin && "
+ "touch /root/.guix-profile/bin/witness && "
+ "chmod 755 /root/.guix-profile/bin/witness"))
+ (zero? (channel-get-exit-status channel))))))
+
+ ;; Connect to the guest over SSH. Make sure we can run commands
+ ;; that only exist in the user profile.
+ (test-equal "run executable from user profile"
+ #t
+ (call-with-connected-session/auth
+ (lambda (session)
+ (let ((channel (make-channel session)))
+ (channel-open-session channel)
+ (channel-request-exec channel "witness")
+ (zero? (channel-get-exit-status channel))))))
+
(test-end)
(exit (= (test-runner-fail-count (test-runner-current)) 0)))))
[-- Attachment #1.3: Type: text/plain, Size: 2274 bytes --]
It works as expected with both approaches (changing .bashrc, and
changing "--with-default-path"). WDYT?
>> From fc37dd6dfb6beab9cc4e52de7b7c98946125e7cc Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke@fastmail.com>
>> Date: Sun, 29 Oct 2017 10:31:25 +0100
>> Subject: [PATCH 1/3] gnu: openssh: Add user profiles to the default PATH.
>>
>> * gnu/packages/ssh.scm (openssh)[arguments]<#:configure-flags>: Add
>> '~/guix-profile/bin' to '--with-default-path' arguments.
>> ---
>> gnu/packages/ssh.scm | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
>> index 8317f29cd..2aeeeae1e 100644
>> --- a/gnu/packages/ssh.scm
>> +++ b/gnu/packages/ssh.scm
>> @@ -149,7 +149,9 @@ a server that supports the SSH-2 protocol.")
>> #:configure-flags `("--sysconfdir=/etc/ssh"
>>
>> ;; Default value of 'PATH' used by sshd.
>> - "--with-default-path=/run/current-system/profile/bin"
>> + ,(string-append "--with-default-path="
>> + "/run/current-system/profile/bin:"
>> + "~/.guix-profile/bin")
>
> If sshd performs tilde expansion, that’s fine with me.
Unfortunately, I think the tilde is expanded by the shell, and this made
me look up how POSIX handles tilde in PATH. It appears bash, when
invoked with '--posix', does *not* perform tilde expansion if it appears
as the first character in a PATH element:
<https://www.gnu.org/software/bash/manual/html_node/Bash-POSIX-Mode.html>
(note 16)
So while it works with "bash" as the login shell, unexpected results may
occur with others. It doesn't seem impossible to patch OpenSSH to
perform this expansion, though:
<https://github.com/openssh/openssh-portable/blob/b7548b12a6b2b4abf4d057192c353147e0abba08/session.c#L998>
(_PATH_STDPATH is the --with-default-path)
> Should we do something similar for lsh and Dropbear?
Probably. Since we have a system test, it's easy to experiment with.
For now I think this .bashrc workaround might be the easiest approach,
which makes the above test pass for both OpenSSH and Dropbear:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.4: 0001-system-Test-for-interactive-shell-instead-of-cat-in-.patch --]
[-- Type: text/x-patch, Size: 1428 bytes --]
From 6f4dfbea9cd92a3b03d7e1db89c75a88f4495ba5 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Sun, 29 Oct 2017 21:02:19 +0100
Subject: [PATCH] system: Test for interactive shell instead of `cat` in
skeleton '.bashrc'.
* gnu/system/shadow.scm (default-skeletons)[bashrc]: Wrap $SSH_CLIENT test in
a conditional testing for interactive shell.
---
gnu/system/shadow.scm | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index 236807c70..58613e620 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -157,13 +157,12 @@ if [ -f ~/.bashrc ]; then . ~/.bashrc; fi\n"))
# honor it and otherwise use /bin/sh.
export SHELL
-if [ -n \"$SSH_CLIENT\" -a -z \"`type -P cat`\" ]
+if [[ $- != *i* ]]
then
- # We are being invoked from a non-interactive SSH session
- # (as in \"ssh host command\") but 'cat' cannot be found
- # in $PATH. Source /etc/profile so we get $PATH and other
- # essential variables.
- source /etc/profile
+ # We are being invoked from a non-interactive shell. If this
+ # is an SSH session (as in \"ssh host command\"), source
+ # /etc/profile so we get PATH and other essential variables.
+ [[ -n \"$SSH_CLIENT\" ]] && source /etc/profile
fi
# Adjust the prompt depending on whether we're in 'guix environment'.
--
2.14.3
[-- Attachment #1.5: Type: text/plain, Size: 60 bytes --]
Thanks for the fast replies, and sorry for the round-trip!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
next prev parent reply other threads:[~2017-10-29 20:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-27 23:50 [bug#29035] .bashrc updates Marius Bakke
2017-10-27 23:53 ` [bug#29035] [PATCH 1/2] skel: Test for interactive shell instead of $SSH_CLIENT in .bashrc Marius Bakke
2017-10-27 23:53 ` [bug#29035] [PATCH 2/2] skel: Return early from .bashrc when the shell is non-interactive Marius Bakke
2017-10-28 7:59 ` Ludovic Courtès
2017-10-28 7:57 ` [bug#29035] [PATCH 1/2] skel: Test for interactive shell instead of $SSH_CLIENT in .bashrc Ludovic Courtès
2017-10-29 10:17 ` Marius Bakke
2017-10-29 14:24 ` Ludovic Courtès
2017-10-29 20:07 ` Marius Bakke [this message]
2017-10-29 21:26 ` Ludovic Courtès
2017-11-01 20:38 ` bug#29035: " Marius Bakke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y3nt4t0z.fsf@fastmail.com \
--to=mbakke@fastmail.com \
--cc=29035@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.