From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id OMnPFepnb2XDsQAAauVa8A:P1 (envelope-from ) for ; Tue, 05 Dec 2023 19:11:54 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id OMnPFepnb2XDsQAAauVa8A (envelope-from ) for ; Tue, 05 Dec 2023 19:11:54 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E9A375C69F for ; Tue, 5 Dec 2023 19:11:53 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=disroot.org header.s=mail header.b="E/Q6pV8v"; dmarc=pass (policy=reject) header.from=disroot.org; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1701799914; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=e6k7F76ZrSedNM4kGK9eqzh1hZGoMk+IvgCx68yL1Zk=; b=s+8DRrVBwvznq13+jPG82flva3WEwA8QukgG44JN24sMn1yO2c4codHJ+3uQ+MVAbeDvbL 1R+Lu78ZeDLjTX9hSXq8rBXYheerdNT3d9DFGU1uqlx4ykda5+l173qjdJSIxqzpy8Fuwb EA/nn5XpS3mJGV0jr4RHVpEa5cSYSS86j7vwhafy48nhDPTiGofc2R0DmcIblwevMf2ObC RJKZf+XgW7cvDjAYZyIqyqzWVH1UdHBegUAa+hM3Lz7pKFSQVlpNUXzkiLHWyV1gR0beV2 0dksuR5Sg6fsqBLM3SnLAh8K4BYer4dz9PVCKvH63GQlsuTIpmEhNONgp6qMtQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1701799914; a=rsa-sha256; cv=none; b=U3nNkkd6oi/jO+w9F3h2KsL++jUizHcYehy3GC7EvduvzEy38/JqlnN9S1VICCn1ZX3BbN xGizVNK1y69OWlLXwesDBwsxFhwz+m/fdyJD8lZre/kruElwFAvbxZAwzBEeS339ZzogJ0 sUFPZLqOr4Hb6XtvcRMAVFefB8n2CvTEvDmcJzVNGM1XixAt3/1RD49RNJA4Fjpf526eX8 zfIPGNC74o7E5VqBcQgnW708KDXxRdB0ZHCc08nsJtZ0gfLZUSS0TIftqL9XGajV57WG3x IB3QC7v7B4bq0vEFK4Nc7yGmtGnHLplsvl4JSmWv6/XdVpW37BujxBib5nHNLA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=disroot.org header.s=mail header.b="E/Q6pV8v"; dmarc=pass (policy=reject) header.from=disroot.org; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rAZtG-0006SK-U1; Tue, 05 Dec 2023 13:11:26 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rAZtC-0006Ry-Ia for help-guix@gnu.org; Tue, 05 Dec 2023 13:11:23 -0500 Received: from layka.disroot.org ([178.21.23.139]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rAZt9-00089z-8G for help-guix@gnu.org; Tue, 05 Dec 2023 13:11:22 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id A64AA40D2E; Tue, 5 Dec 2023 19:11:15 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iprj1fMVKuK4; Tue, 5 Dec 2023 19:11:14 +0100 (CET) References: <87zfyuit2g.fsf@disroot.org> <20231201141224.6169bfea.koszko@koszko.org> <87sf4liww5.fsf@disroot.org> <20231201210717.0d3d8ec4.koszko@koszko.org> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1701799874; bh=tGmjLKPTyUIhgoPYF31wV/lAWbDUTP2lmUlnYoTxEnY=; h=References:From:To:Cc:Subject:Date:In-reply-to; b=E/Q6pV8vtEneiFTM5Zmymn+F1gd50NzQT6RI44xe9ey2OuYthVyr+oNXqGIJ1G7IX HqvqdY7iD7VN7Zj+o+WH9gJgFiGRZRiH4y9oCEOwT74znLatQ5nsZpyj6K9/UciQK1 z6iqKBX0B8gnezNKQyisC32d4H+M8E3gD2dnaB3dpE2QX1J5JoNH6VOiWV8b0LynCa cwfH8B5O6jVmu9TFSGPE7nOF5zCwHAm7d7PCOelmkwrnSboRYWU4WsK+YbQGmFGZjl 5e4eoq83rpktviNqhiObBTvv1jj5oPFoOI62E/qyE2LmVsjZUkK1GJu2OvjCcSaPgb X/ad9HxOyahFQ== From: Mauritz Stenek To: Wojtek Kosior Cc: help-guix@gnu.org Subject: Re: SSH error guix pull Date: Tue, 05 Dec 2023 11:44:57 -0600 In-reply-to: <20231201210717.0d3d8ec4.koszko@koszko.org> Message-ID: <87zfyor03l.fsf@disroot.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=178.21.23.139; envelope-from=mstenek@disroot.org; helo=layka.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: -7.93 X-Spam-Score: -7.93 X-Migadu-Queue-Id: E9A375C69F X-TUID: GvRoFvLmatXF Thanks Wojtek for your kind help (my comments below). Status update: I got it running! Perhaps I should clarify that I'm running a very light setup --=20 Desktop services with dwm (I tried to go even leaner, but I=20 couldn't get the xorg server to work w/o a login manager); I'm=20 unsure if this is affecting the ssh setup. This is what I did (the superflouos commented lines show my tweaks=20 to the doc's suggestion[1]): (1) I created an ssh agent -- as per the shepherd docs[1] with=20 some tweaks. I added the `&` to the recommended bash setup to send=20 the job to the background: ``` if [[ ! -S ${XDG_RUNTIME_DIR-$HOME/.cache}/shepherd/socket ]];=20 then shepherd & fi ``` (2) I commented out `(shepherd service)` import and the=20 `(perform-service-action 'shepherd 'daemonize)` expression in the=20 `init.scm` file: ``` (use-modules ;; (shepherd service) ((ice-9 ftw) #:select (scandir))) ;; Send shepherd into the background ;; (perform-service-action 'shepherd 'daemonize) ;; Load all the files in the directory 'init.d' with a suffix=20 '.scm'. (for-each (lambda (file) (load (string-append "init.d/" file))) (scandir (string-append (dirname (current-filename)) "/init.d") (lambda (file) (string-suffix? ".scm" file)))) ``` (3): I removed the conditional export of the auth sock varible in=20 the `.bash_profile` file: ``` #if [[ ! -n ${SSH_CONNECTION} ]]; then SSH_AUTH_SOCK=3D${XDG_RUNTIME_DIR-$HOME/.cache}/ssh-agent/socket export SSH_AUTH_SOCK #fi ``` and that's it: the setup that works. However, The error `guix pull` ssh error only goes away after I=20 ssh to a remote computer: `$ ssh root@repo.local`; this command=20 somehow triggers something that makes `git pull` work. Odd. [1]:=20 https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Servic= es.html On 2023-12-01 at 14:07, Wojtek Kosior wrote: > [[PGP Signed Part:Undecided]] >> Starting service root... >> Service root started. >> Service root running with value #t. >> Service root has been started. >> Uncaught exception while loading configuration file=20 >> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No=20 >> applicable method for ~S in call ~S" (#<=20 >> service-actions=20 >> (1)> (service-actions shepherd)) ())=20=20 >> ``` >>=20 >> which I don't know how to fix. > > I see=E2=80=A6 I've never been using shepherd alone, in separation from= =20 > Guix > but I see that my Guix-generated user shepherd config has this > > --8<---------------cut=20 > here---------------start------------->8--- > (action 'root 'daemonize) > --8<---------------cut=20 > here---------------end--------------->8--- > > > while the example you linked to uses > > --8<---------------cut=20 > here---------------end--------------->8--- > (perform-service-action 'shepherd 'daemonize) > --8<---------------cut=20 > here---------------start------------->8--- > > > Anyway, if there's no strong reason for not using Guix home, I'd=20 > suggest > using it. I mean the `guix home` command and its subcommands.=20 > It > handles =E2=80=94 among others =E2=80=94 shepherd configuration. The lin= k I=20 > gave > earlier was about using SSH through Guix home. Yes, I still need to explore Guix Home -- baby steps. >> > Btw, there's perhaps another solution =E2=80=94 pull from local git=20 >> > checkout. >> > You can pass a filesystem path instead of a url when running=20 >> > `guix >> > pull`. This might later cause some issues if you try to `sudo=20 >> > guix >> > system reconfigure` but that's another topic=E2=80=A6=20=20 >>=20 >> I was able to install a package like this but it's not ideal. > > You can also set serve a cloneable git repo over HTTP on=20 > localhost=E2=80=A6 > Here's a sample script for this that I happen to have written=20 > for my own > purposes just today ;) > > --8<---------------cut=20 > here---------------start------------->8--- > #!/usr/bin/env -S guix repl -- > !# > > ;; SPDX-License-Identifier: CC0-1.0 > > ;; Copyright (C) 2023 Wojtek Kosior > ;; > ;; Available under the terms of Creative Commons Zero v1.0=20 > Universal. > > (use-modules ((guix gexp) #:select > (gexp file-append mixed-text-file program-file=20 > lower-object)) > ((gnu packages version-control) #:select (git)) > ((gnu packages web) #:select (lighttpd)) > ((guix store) #:select (run-with-store with-store=20 > %store-monad)) > ((guix monads) #:select (mlet mbegin return)) > ((guix derivations) #:select > (built-derivations derivation-output-path=20 > derivation-outputs))) > > (define here > (dirname (current-filename))) > > (define git-http-backend > (file-append git "/libexec/git-core/git-http-backend")) > > (define lighttpd-config > (mixed-text-file "lighttpd.conf" > "\ > server.document-root =3D \"/dev/null\" > server.modules =3D ( \"mod_alias\", \"mod_cgi\", \"mod_setenv\") > server.port =3D 8098 > > alias.url =3D ( \"/guix\" =3D> \"" git-http-backend "\" ) > cgi.assign =3D (\"\" =3D> \"\") > > setenv.add-environment =3D ( > \"GIT_PROJECT_ROOT\" =3D> \"" here "\" + \"/.git\", > \"GIT_HTTP_EXPORT_ALL\" =3D> \"\" > ) > ")) > > (define run-lighttpd-guix-repo-server > (program-file "run-lighttpd-guix-repo-server" > #~(system* #$(file-append lighttpd=20 > "/sbin/lighttpd") "-D" > "-f" #$lighttpd-config))) > > (system* > (with-store store > (run-with-store store > (mlet %store-monad ((script-drv (lower-object > run-lighttpd-guix-repo-server))) > (mbegin %current-monad > (built-derivations (list script-drv)) > (return (derivation-output-path > (assoc-ref (derivation-outputs script-drv)=20 > "out")))))))) > --8<---------------cut=20 > here---------------end--------------->8--- > > > One can write it as, say, "serve-git-repo.scm" in a git project > checkout (possibly also listing it in `.git/info/exclude` to=20 > have git > ignore it). Then `chmod +x` it and run =E2=80=94 if all goes OK, it=20 > should > serve the repo at: http://localhost:8098/guix > > It's then possible to do e.g. > > --8<---------------cut=20 > here---------------start------------->8--- > guix pull --url=3Dhttp://localhost:8098/guix > --8<---------------cut=20 > here---------------end--------------->8--- > > The benefit is that the aforementioned `guix system reconfigure`=20 > seems > to work afterwards (although the local git repo server needs to=20 > be > running during this time). > > Voila! We no longer need to rely on remote git servers=20 > availability :) > It'd make sense to also spawn this HTTP server through=20 > shepherd. > And to generalize it to be able to serve multiple repos at once=20 > =E2=80=94 for > example a custom Guix tree, a channel other than "guix" and some > software projects Cool! I will definitely give this a try! > > Best > Wojtek > > > -- (sig_start) > website: https://koszko.org/koszko.html > fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A > follow me on Fediverse:=20 > https://friendica.me/profile/koszko/profile > > =E2=99=A5 R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ=3D=3D | =C3=B7=20 > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ=3D=3D > =E2=9C=9D YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ=3D=3D | ?=20 > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=3D > -- (sig_end) > > > On Fri, 01 Dec 2023 12:37:58 -0600 Mauritz Stenek=20 > wrote: > >> On 2023-12-01 at 07:12, Wojtek Kosior =20 >> wrote: >>=20 >> > [[PGP Signed Part:Undecided]] >> > Hi >> >=20=20 >> >> However, on a full Guix system I keep getting this error: >> >>=20 >> >> ``` >> >> guix pull: error: Git error: error authenticating: no auth=20 >> >> sock=20 >> >> variable >> >> ``` >> >>=20 >> >> and, for the life of me, I just can't get it to work.=20=20 >> > >> > Maybe you're not running ssh user agent daemon under your=20 >> > user?=20 >> > You >> > need it for this to work. >> > >> > You can probably spawn it in a number of ways. One of them=20 >> > would be >> > through Guix home. See this[1] Guix manual node for info=20 >> > about >> > ssh-agent's home service :) >> > >> > Also, you're not running `guix pull` with sudo, are you? It=20 >> > wouldn't >> > work this way because sudo erases environment variables,=20 >> > including >> > "SSH_AUTH_SOCK". >> > >> > Btw, on my fully Guixified laptop I am using Guix home=20 >> > without >> > ssh-agent configured and yet I do have ssh-agent running=20 >> > under=20 >> > my user. >> > I'm not sure what started it=E2=80=A6=20=20 >>=20 >> Seems like that is the situation. I actually tried to run the=20 >> ssh-agent user service example in the shepherd manual=20 >> (https://www.gnu.org/software/shepherd/manual/html_node/Managing-User-Se= rvices.html)=20 >> -- verbatim -- and I get this error: >>=20 >> ``` >> Starting service root... >> Service root started. >> Service root running with value #t. >> Service root has been started. >> Uncaught exception while loading configuration file=20 >> '/home/mst/.config/shepherd/init.scm': (goops-error #f "No=20 >> applicable method for ~S in call ~S" (#<=20 >> service-actions=20 >> (1)> (service-actions shepherd)) ())=20=20 >> ``` >>=20 >> which I don't know how to fix. >>=20 >> Other than that example, I'm at a loss with ssh. >>=20 >> >=20=20 >> >> (disclaimer: I'm a total scheme/guile neophyte -- and am=20 >> >> learning=20 >> >> as I go)=20=20 >> > >> > As all of us, haha :D=20=20 >>=20 >> :D >>=20 >> > >> > Btw, there's perhaps another solution =E2=80=94 pull from local git=20 >> > checkout. >> > You can pass a filesystem path instead of a url when running=20 >> > `guix >> > pull`. This might later cause some issues if you try to `sudo=20 >> > guix >> > system reconfigure` but that's another topic=E2=80=A6=20=20 >>=20 >> I was able to install a package like this but it's not ideal. >>=20 >> > Good luck and happy hacking!=20=20 >>=20 >> Thanks! I can tell you, it is a journey. >>=20 >> > Wojtek >> > >> > [1]=20 >> > https://guix.gnu.org/manual/devel/en/html_node/Secure-Shell.html >> > >> > >> > -- (sig_start) >> > website: https://koszko.org/koszko.html >> > fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79=20 >> > FD1A >> > follow me on Fediverse:=20 >> > https://friendica.me/profile/koszko/profile >> > >> > =E2=99=A5 R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ=3D=3D | =C3=B7=20 >> > c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ=3D=3D >> > =E2=9C=9D YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ=3D=3D | ?=20 >> > U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=3D >> > -- (sig_end) >> > >> > >> > On Thu, 30 Nov 2023 19:47:43 -0600 Mauritz Stenek=20 >> > wrote: >> >=20=20 >> >> I'm trying out Guix and created a personal (private) channel=20 >> >> with=20 >> >> some custom packages. I access my git repo with ssh. >> >>=20 >> >> Using Guix on a foreign distro, pulling from my git repo=20 >> >> works=20 >> >> fine after applying this strategy:=20 >> >> https://issues.guix.gnu.org/31285. >> >>=20 >> >> However, on a full Guix system I keep getting this error: >> >>=20 >> >> ``` >> >> guix pull: error: Git error: error authenticating: no auth=20 >> >> sock=20 >> >> variable >> >> ``` >> >>=20 >> >> and, for the life of me, I just can't get it to work. >> >>=20 >> >> (disclaimer: I'm a total scheme/guile neophyte -- and am=20 >> >> learning=20 >> >> as I go) >> >>=20 >> >> Please help. >> >>=20=20=20 >> > >> > [[End of PGP Signed Part]]=20=20 >>=20 >>=20 > > [[End of PGP Signed Part]] --=20 Mauritz Stenek