Re: SSH error guix pull

[Mauritz Stenek <mstenek@disroot.org>]

On 2023-12-05 at 13:28, Wojtek Kosior <koszko@koszko.org> wrote:

> [[PGP Signed Part:Undecided]]
>> Thanks Wojtek for your kind help (my comments below).
>> 
>> Status update: I got it running!
>
> Great to hear that :)
>
>> [...]
>> 
>> and that's it: the setup that works.
>> 
>> However, The error `guix pull` ssh error only goes away after I 
>> ssh to a remote computer: `$ ssh root@repo.local`; this command 
>> somehow triggers something that makes `git pull` work. Odd.
>
> Hmm.  Since the SSH agent remembers SSH key password, it'd make 
> sense
> that one has to first "unlock" a key in an interactive CLI 
> session
> before Guix can use it non-interactively.  If this also happens 
> with
> passwordless keys, then it's indeed odd.  Nevertheless, I guess 
> a
> hypothetical solution would be to allow Guix to — when desired — 
> call
> SSH with access to its TTY/PTY :)

Would you mind showing me how?

Thanks Wojtek.

>
> Best
> Wojtek
>
>
> -- (sig_start)
> website: https://koszko.org/koszko.html
> fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
> follow me on Fediverse: 
> https://friendica.me/profile/koszko/profile
>
> ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
> c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
> U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> -- (sig_end)
>
>
> On Tue, 05 Dec 2023 11:44:57 -0600 Mauritz Stenek 
> <mstenek@disroot.org> wrote:
>
>> Thanks Wojtek for your kind help (my comments below).
>> 
>> Status update: I got it running!
>> 
>> Perhaps I should clarify that I'm running a very light setup -- 
>> Desktop services with dwm (I tried to go even leaner, but I 
>> couldn't get the xorg server to work w/o a login manager); I'm 
>> unsure if this is affecting the ssh setup.
>> 
>> This is what I did (the superflouos commented lines show my 
>> tweaks 
>> to the doc's suggestion[1]):
>> 
>> (1) I created an ssh agent -- as per the shepherd docs[1] with 
>> some tweaks. I added the `&` to the recommended bash setup to 
>> send 
>> the job to the background:
>> 
>> ```
>> if [[ ! -S ${XDG_RUNTIME_DIR-$HOME/.cache}/shepherd/socket ]]; 
>> then
>>     shepherd &
>> fi
>> ```
>> 
>> (2) I commented out `(shepherd service)` import and the 
>> `(perform-service-action 'shepherd 'daemonize)` expression in 
>> the 
>> `init.scm` file:
>> 
>> ```
>> (use-modules ;; (shepherd service)
>>              ((ice-9 ftw) #:select (scandir)))
>> 
>> ;; Send shepherd into the background
>> ;; (perform-service-action 'shepherd 'daemonize)
>> 
>> ;; Load all the files in the directory 'init.d' with a suffix 
>>    '.scm'.
>> (for-each
>>   (lambda (file)
>>     (load (string-append "init.d/" file)))
>>   (scandir (string-append (dirname (current-filename)) 
>>   "/init.d")
>>            (lambda (file)
>>              (string-suffix? ".scm" file))))
>> ```
>> 
>> (3): I removed the conditional export of the auth sock varible 
>> in 
>> the `.bash_profile` file:
>> 
>> ```
>> #if [[ ! -n ${SSH_CONNECTION} ]]; then
>>     SSH_AUTH_SOCK=${XDG_RUNTIME_DIR-$HOME/.cache}/ssh-agent/socket
>>     export SSH_AUTH_SOCK
>> #fi
>> ```
>> 
>> and that's it: the setup that works.
>> 
>> However, The error `guix pull` ssh error only goes away after I 
>> ssh to a remote computer: `$ ssh root@repo.local`; this command 
>> somehow triggers something that makes `git pull` work. Odd.
>> 
>> 
>> [1]: 
>> https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html
>> 
>> On 2023-12-01 at 14:07, Wojtek Kosior <koszko@koszko.org> 
>> wrote:
>> 
>> > [[PGP Signed Part:Undecided]]  
>> >> Starting service root...
>> >> Service root started.
>> >> Service root running with value #t.
>> >> Service root has been started.
>> >> Uncaught exception while loading configuration file 
>> >> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
>> >> applicable method for ~S in call ~S" (#<<generic> 
>> >> service-actions   
>> >> (1)> (service-actions shepherd)) ())    
>> >> ```
>> >> 
>> >> which I don't know how to fix.  
>> >
>> > I see…  I've never been using shepherd alone, in separation 
>> > from 
>> > Guix
>> > but I see that my Guix-generated user shepherd config has 
>> > this
>> >
>> > --8<---------------cut 
>> > here---------------start------------->8---
>> > (action 'root 'daemonize)
>> > --8<---------------cut 
>> > here---------------end--------------->8---
>> >
>> >
>> > while the example you linked to uses
>> >
>> > --8<---------------cut 
>> > here---------------end--------------->8---
>> > (perform-service-action 'shepherd 'daemonize)
>> > --8<---------------cut 
>> > here---------------start------------->8---
>> >
>> >
>> > Anyway, if there's no strong reason for not using Guix home, 
>> > I'd 
>> > suggest
>> > using it.  I mean the `guix home` command and its 
>> > subcommands. 
>> > It
>> > handles — among others — shepherd configuration.  The link I 
>> > gave
>> > earlier was about using SSH through Guix home.  
>> 
>> Yes, I still need to explore Guix Home -- baby steps.
>> 
>> >> > Btw, there's perhaps another solution — pull from local 
>> >> > git 
>> >> > checkout.
>> >> > You can pass a filesystem path instead of a url when 
>> >> > running 
>> >> > `guix
>> >> > pull`. This might later cause some issues if you try to 
>> >> > `sudo 
>> >> > guix
>> >> > system reconfigure` but that's another topic…    
>> >> 
>> >> I was able to install a package like this but it's not 
>> >> ideal.  
>> >
>> > You can also set serve a cloneable git repo over HTTP on 
>> > localhost…
>> > Here's a sample script for this that I happen to have written 
>> > for my own
>> > purposes just today ;)
>> >
>> > --8<---------------cut 
>> > here---------------start------------->8---
>> > #!/usr/bin/env -S guix repl --
>> > !#
>> >
>> > ;; SPDX-License-Identifier: CC0-1.0
>> >
>> > ;; Copyright (C) 2023 Wojtek Kosior <koszko@koszko.org>
>> > ;;
>> > ;; Available under the terms of Creative Commons Zero v1.0 
>> > Universal.
>> >
>> > (use-modules ((guix gexp) #:select
>> >               (gexp file-append mixed-text-file program-file 
>> >               lower-object))
>> >              ((gnu packages version-control) #:select (git))
>> >              ((gnu packages web) #:select (lighttpd))
>> >              ((guix store) #:select (run-with-store 
>> >              with-store 
>> >              %store-monad))
>> >              ((guix monads) #:select (mlet mbegin return))
>> >              ((guix derivations) #:select
>> >               (built-derivations derivation-output-path 
>> >               derivation-outputs)))
>> >
>> > (define here
>> >   (dirname (current-filename)))
>> >
>> > (define git-http-backend
>> >   (file-append git "/libexec/git-core/git-http-backend"))
>> >
>> > (define lighttpd-config
>> >   (mixed-text-file "lighttpd.conf"
>> >                    "\
>> > server.document-root = \"/dev/null\"
>> > server.modules = ( \"mod_alias\", \"mod_cgi\", 
>> > \"mod_setenv\")
>> > server.port = 8098
>> >
>> > alias.url = ( \"/guix\" => \"" git-http-backend "\" )
>> > cgi.assign = (\"\" => \"\")
>> >
>> > setenv.add-environment = (
>> >     \"GIT_PROJECT_ROOT\" => \"" here "\" + \"/.git\",
>> >     \"GIT_HTTP_EXPORT_ALL\" => \"\"
>> > )
>> > "))
>> >
>> > (define run-lighttpd-guix-repo-server
>> >   (program-file "run-lighttpd-guix-repo-server"
>> >                 #~(system* #$(file-append lighttpd 
>> >                 "/sbin/lighttpd") "-D"
>> >                            "-f" #$lighttpd-config)))
>> >
>> > (system*
>> >  (with-store store
>> >    (run-with-store store
>> >      (mlet %store-monad ((script-drv (lower-object
>> >                                       run-lighttpd-guix-repo-server)))
>> >        (mbegin %current-monad
>> >          (built-derivations (list script-drv))
>> >          (return (derivation-output-path
>> >                   (assoc-ref (derivation-outputs script-drv) 
>> >                   "out"))))))))
>> > --8<---------------cut 
>> > here---------------end--------------->8---
>> >
>> >
>> > One can write it as, say, "serve-git-repo.scm" in a git 
>> > project
>> > checkout (possibly also listing it in `.git/info/exclude` to 
>> > have git
>> > ignore it).  Then `chmod +x` it and run — if all goes OK, it 
>> > should
>> > serve the repo at: http://localhost:8098/guix
>> >
>> > It's then possible to do e.g.
>> >
>> > --8<---------------cut 
>> > here---------------start------------->8---
>> > guix pull --url=http://localhost:8098/guix
>> > --8<---------------cut 
>> > here---------------end--------------->8---
>> >
>> > The benefit is that the aforementioned `guix system 
>> > reconfigure` 
>> > seems
>> > to work afterwards (although the local git repo server needs 
>> > to 
>> > be
>> > running during this time).
>> >
>> > Voila!  We no longer need to rely on remote git servers 
>> > availability :)
>> > It'd make sense	to also spawn this HTTP server through 
>> > shepherd.
>> > And to generalize it to be able to serve multiple repos at 
>> > once 
>> > — for
>> > example a custom Guix tree, a channel other than "guix" and 
>> > some
>> > software projects  
>> 
>> Cool! I will definitely give this a try!
>> 
>> 
>> >
>> > Best
>> > Wojtek
>> >
>> >
>> > -- (sig_start)
>> > website: https://koszko.org/koszko.html
>> > fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 
>> > FD1A
>> > follow me on Fediverse: 
>> > https://friendica.me/profile/koszko/profile
>> >
>> > ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
>> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
>> > ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
>> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
>> > -- (sig_end)
>> >
>> >
>> > On Fri, 01 Dec 2023 12:37:58 -0600 Mauritz Stenek 
>> > <mstenek@disroot.org> wrote:
>> >  
>> >> On 2023-12-01 at 07:12, Wojtek Kosior <koszko@koszko.org> 
>> >> wrote:
>> >>   
>> >> > [[PGP Signed Part:Undecided]]
>> >> > Hi
>> >> >    
>> >> >> However, on a full Guix system I keep getting this error:
>> >> >> 
>> >> >> ```
>> >> >> guix pull: error: Git error: error authenticating: no 
>> >> >> auth 
>> >> >> sock 
>> >> >> variable
>> >> >> ```
>> >> >> 
>> >> >> and, for the life of me, I just can't get it to work.    
>> >> >
>> >> > Maybe you're not running ssh user agent daemon under your 
>> >> > user? 
>> >> > You
>> >> > need it for this to work.
>> >> >
>> >> > You can probably spawn it in a number of ways.  One of 
>> >> > them 
>> >> > would be
>> >> > through Guix home.  See this[1] Guix manual node for info 
>> >> > about
>> >> > ssh-agent's home service :)
>> >> >
>> >> > Also, you're not running `guix pull` with sudo, are you? 
>> >> > It 
>> >> > wouldn't
>> >> > work this way because sudo erases environment variables, 
>> >> > including
>> >> > "SSH_AUTH_SOCK".
>> >> >
>> >> > Btw, on my fully Guixified laptop I am using Guix home 
>> >> > without
>> >> > ssh-agent configured and yet I do have ssh-agent running 
>> >> > under 
>> >> > my user.
>> >> > I'm not sure what started it…    
>> >> 
>> >> Seems like that is the situation. I actually tried to run 
>> >> the 
>> >> ssh-agent user service example in the shepherd manual 
>> >> (https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Services.html) 
>> >> -- verbatim -- and I get this error:
>> >> 
>> >> ```
>> >> Starting service root...
>> >> Service root started.
>> >> Service root running with value #t.
>> >> Service root has been started.
>> >> Uncaught exception while loading configuration file 
>> >> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No 
>> >> applicable method for ~S in call ~S" (#<<generic> 
>> >> service-actions   
>> >> (1)> (service-actions shepherd)) ())    
>> >> ```
>> >> 
>> >> which I don't know how to fix.
>> >> 
>> >> Other than that example, I'm at a loss with ssh.
>> >>   
>> >> >    
>> >> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
>> >> >> learning 
>> >> >> as I go)    
>> >> >
>> >> > As all of us, haha :D    
>> >> 
>> >> :D
>> >>   
>> >> >
>> >> > Btw, there's perhaps another solution — pull from local 
>> >> > git 
>> >> > checkout.
>> >> > You can pass a filesystem path instead of a url when 
>> >> > running 
>> >> > `guix
>> >> > pull`. This might later cause some issues if you try to 
>> >> > `sudo 
>> >> > guix
>> >> > system reconfigure` but that's another topic…    
>> >> 
>> >> I was able to install a package like this but it's not 
>> >> ideal.
>> >>   
>> >> > Good luck and happy hacking!    
>> >> 
>> >> Thanks! I can tell you, it is a journey.
>> >>   
>> >> > Wojtek
>> >> >
>> >> > [1] 
>> >> > https://guix.gnu.org/manual/devel/en/html_node/Secure-Shell.html
>> >> >
>> >> >
>> >> > -- (sig_start)
>> >> > website: https://koszko.org/koszko.html
>> >> > fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 
>> >> > FD1A
>> >> > follow me on Fediverse: 
>> >> > https://friendica.me/profile/koszko/profile
>> >> >
>> >> > ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ 
>> >> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
>> >> > ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? 
>> >> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
>> >> > -- (sig_end)
>> >> >
>> >> >
>> >> > On Thu, 30 Nov 2023 19:47:43 -0600 Mauritz Stenek 
>> >> > <mstenek@disroot.org> wrote:
>> >> >    
>> >> >> I'm trying out Guix and created a personal (private) 
>> >> >> channel 
>> >> >> with 
>> >> >> some custom packages. I access my git repo with ssh.
>> >> >> 
>> >> >> Using Guix on a foreign distro, pulling from my git repo 
>> >> >> works 
>> >> >> fine after applying this strategy: 
>> >> >> https://issues.guix.gnu.org/31285.
>> >> >> 
>> >> >> However, on a full Guix system I keep getting this error:
>> >> >> 
>> >> >> ```
>> >> >> guix pull: error: Git error: error authenticating: no 
>> >> >> auth 
>> >> >> sock 
>> >> >> variable
>> >> >> ```
>> >> >> 
>> >> >> and, for the life of me, I just can't get it to work.
>> >> >> 
>> >> >> (disclaimer: I'm a total scheme/guile neophyte -- and am 
>> >> >> learning 
>> >> >> as I go)
>> >> >> 
>> >> >> Please help.
>> >> >>     
>> >> >
>> >> > [[End of PGP Signed Part]]    
>> >> 
>> >>   
>> >
>> > [[End of PGP Signed Part]]  
>> 
>> 
>
> [[End of PGP Signed Part]]


-- 
Mauritz Stenek <mstenek@disroot.org>