From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id wAdDE/V8hWRqhQAASxT56A (envelope-from ) for ; Sun, 11 Jun 2023 09:51:17 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 2HRFE/V8hWRifgEAauVa8A (envelope-from ) for ; Sun, 11 Jun 2023 09:51:17 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A07F92FE97 for ; Sun, 11 Jun 2023 09:51:15 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q8Fqq-0000Jg-EU; Sun, 11 Jun 2023 03:51:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q8Fqo-0000JN-32 for guix-patches@gnu.org; Sun, 11 Jun 2023 03:51:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q8Fqn-0006GV-QG for guix-patches@gnu.org; Sun, 11 Jun 2023 03:51:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1q8Fqn-0008Ij-Lw for guix-patches@gnu.org; Sun, 11 Jun 2023 03:51:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean References: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> In-Reply-To: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 11 Jun 2023 07:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63786 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63786@debbugs.gnu.org Received: via spool by 63786-submit@debbugs.gnu.org id=B63786.168646980831844 (code B ref 63786); Sun, 11 Jun 2023 07:51:01 +0000 Received: (at 63786) by debbugs.gnu.org; 11 Jun 2023 07:50:08 +0000 Received: from localhost ([127.0.0.1]:36628 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q8Fpw-0008HY-0a for submit@debbugs.gnu.org; Sun, 11 Jun 2023 03:50:08 -0400 Received: from mail-wr1-f43.google.com ([209.85.221.43]:53335) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q8Fpt-0008Gt-Pk for 63786@debbugs.gnu.org; Sun, 11 Jun 2023 03:50:07 -0400 Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-30ae95c4e75so3195942f8f.2 for <63786@debbugs.gnu.org>; Sun, 11 Jun 2023 00:50:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686469800; x=1689061800; h=content-disposition:mime-version:mail-followup-to:message-id :subject:to:from:date:sender:from:to:cc:subject:date:message-id :reply-to; bh=nd/W853paCWRf5rZHB2L0x/Rl2QUeQddpUQMTjIV4VI=; b=YRw5rahUYJsNMwNIfzwbNWF+QWuNGm/oD8uxvg5q1qDX2cgQ6yDrfGBHd1mioqR+CZ RRcGqaL6OaJIsnJD+n4cdxQhg/fA3WUE4afF8b+hZBtfQTm0kWVzaGQDkZiunJmcnOZs byYuqSp+5rh+QN8CYWzaGmOHlwPsRy66b3GWWGoKQWYSVFhfwVukCQjox7302t5zYX51 ybExFOtUy54gYv4WoFI0K5UdsyAcS4EV7CvHS4nsBRMBoA1WffCxkZKUwvDFYb3R2OAr K0mquaDtbOL7/HYcqFSr++L92q6+n+Qq/XidhOHKNz84QHEwNiT5p32nkxg7hgmHdmtn TJXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686469800; x=1689061800; h=content-disposition:mime-version:mail-followup-to:message-id :subject:to:from:date:sender:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=nd/W853paCWRf5rZHB2L0x/Rl2QUeQddpUQMTjIV4VI=; b=Mla1vq0wNpzrOUte7CRt2K+GXr2Zszivr75Q7tL1rJ3Ocrs+lB6hWUArGyRB4aN0iU cJcanUo/T7ofGLybE4DPUv9shnAAtfMRBEtY6fveOtX4kMzAn7wG8gVournHpyXqdbIY DPfW3Sil4i7t1EtNXoDqzz9XL+Q30lRvLDtRzuUdD5kNcyKMWgkUL5TPpXdbAwD8uIjG H6li5dMba/Ko2Rcrq1AyEtCxb1POO/xTN5ELCM9cnjjxz8eGeE1PfCfOjbzJrON0HfL4 BUzBGRFeNnGaxFUe3K5ybMl9Rpfg8aZxx6pvUeaSOm4pBp91bHi4QVZ5ou3ZaTW5vpNk ZLhw== X-Gm-Message-State: AC+VfDy1Z6pNHM2n8IiRH+ag7Lt8udz7LX7jC4fPJZh6g+mjyhjaEcWd pNrhDTKA8gWpxv00g9WuBtNEq+SANuO4nw== X-Google-Smtp-Source: ACHHUZ6sLbmUB6TOEbkGlTGamiV9h5dTtmk5FgQ+cKpfiruEpbfdDT6jaRAcaSyuova1u/JWpwPUNg== X-Received: by 2002:adf:f4cc:0:b0:30f:b9a2:92c5 with SMTP id h12-20020adff4cc000000b0030fb9a292c5mr1434148wrp.49.1686469799473; Sun, 11 Jun 2023 00:49:59 -0700 (PDT) Received: from localhost ([37.46.46.3]) by smtp.gmail.com with ESMTPSA id p5-20020a5d6385000000b0030fba9ef241sm1596509wru.30.2023.06.11.00.49.58 for <63786@debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 11 Jun 2023 00:49:58 -0700 (PDT) Date: Sun, 11 Jun 2023 10:49:58 +0300 From: Efraim Flashner Message-ID: Mail-Followup-To: Efraim Flashner , 63786@debbugs.gnu.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SfYGIGq4gp1+hgm/" Content-Disposition: inline X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1686469877; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=nd/W853paCWRf5rZHB2L0x/Rl2QUeQddpUQMTjIV4VI=; b=Vy7s+t6MCUDiV0yc52pceW0wIpmrQZ1ASfFd1SugKdQeSGV+4R29sujItOxmX/BWmRj6ri wTtF7qzp6LSLOF8Hevylr/RrfBD6kANlrFTyyQ47WCmSmBcE9FQEzUHA54UiVZI9+5xL1q MbcCIgwbo5onVBZJGBDbC59OKsMxXiWGfyR8RlDU0TmsrL1Gqe6gSgetDvHDtrks3/AeRw RfvTIcBQregFwrnVV/iCGtzvzTFvBLD5/Tew1rDApve1lwXIwdxuZyHqgu1NYRKAsIMn4w /i6wkzWK6gFiNhn4LG2obhsOEYM5Golj5UVKFWIqLv523f6M3ZW6OBf7VCrSPQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=YRw5rahU; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1686469877; a=rsa-sha256; cv=none; b=nRkSPRw1a2eV+He7uy4TeTwYgFnVUAxtI5uxyDwiYVpMmw44rbmN/e3QCms1paHlQfUFy5 aJ2TbGN08nRJkMnS+26W2hd+GbLIhWV+L56R7/2WtuVDiow3S4MpSM42ik0bHQ/k1CCHEy oDwaTYJi74fm3qyeM7jhy8thw4y+ss0mGz+n0OykS8vvF8oo7DPXt02vnaaLDKmY7a5x4U 2z3Mordx1d1NlHWzY2KTS0Ge7Yx5Te0hjF0vzl0JC5KPIjlsVigmufm9cpBuA5jddEuzxf CsKp7dgXZnM73ogtVs9Z7OP8YQw7+5f1N06oLENlentYMdPDg3e3zLsY5UrA7A== X-Migadu-Scanner: scn1.migadu.com X-Migadu-Spam-Score: -3.81 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=YRw5rahU; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: A07F92FE97 X-Spam-Score: -3.81 X-TUID: 4vsqb5YTDldF --SfYGIGq4gp1+hgm/ Content-Type: multipart/mixed; boundary="KAQj+y0XgLOZuTqc" Content-Disposition: inline --KAQj+y0XgLOZuTqc Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable options in ssh-config. Reply-To:=20 X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 For some reason this didn't get sent to the bug. --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --KAQj+y0XgLOZuTqc Content-Type: message/rfc822 Content-Disposition: inline Date: Fri, 9 Jun 2023 16:24:26 +0300 From: Efraim Flashner To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#63786: [PATCH] home: services: ssh: Allow unset boolean options in ssh-config. Message-ID: References: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> <87ilbx1xku.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="/+KKtAVMmHMtW/th" Content-Disposition: inline In-Reply-To: <87ilbx1xku.fsf@gnu.org> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 --/+KKtAVMmHMtW/th Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 08, 2023 at 10:57:37PM +0200, Ludovic Court=C3=A8s wrote: > Hello! >=20 > Efraim Flashner skribis: >=20 > >>From man 5 ssh_config: > > Unless noted otherwise, for each parameter, the first obtained value > > will be used. > > > > We want to allow falling through to the first actual user defined value. >=20 > What do you mean by =E2=80=9Cfirst actual user-defined value=E2=80=9D? T= his service is > what generates all the =E2=80=9Cuser-defined values=E2=80=9D, no? Right now my ~/.ssh/config has Host do1-tor Hostname IdentityFile ~/.ssh/id_ed25519 Host *.onion *-tor #ProxyCommand /gnu/store/dgvybjrj154f4cyfbkrbqyirv5gd8ic2-netcat-openbs= d-1.218-2/bin/nc -X 5 -x localhost:9050 %h %p ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h = %p ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p Compression yes The way the ssh config is read is that `ssh do1-tor` first matches do1-tor and then also matches *-tor, so I can factor our ProxyCommand, ControlPath and Compression for use with the other *-tor Hosts I have listed. This configuration could be (openssh-host (name "do1-tor") (host-name ) (identity-file "~/.ssh/id_ed25519")) (openssh-host (name "*-onion *-tor) (compression? #t) (proxy (proxy-command ...)) (extra-content " ControlPath ...\n")) If this is all I enter, then my .ssh/config is generated like this: Host do1-tor Hostname IdentityFile ~/.ssh/id_ed25519 ForwardX11 no ForwardX11Trusted no ForwardAgent no Compression no Host *.onion *-tor ForwardX11 no ForwardX11Trusted no ForwardAgent no Compression yes ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p Compression might default to no, but in my hand crafted .ssh/config I've set it to yes for *-tor Hosts. Forward* might all default to no, and it's not set anywhere, but being explicit about the default here could cause problems if I want X11 forwarding across an entire range of hosts, not just individual ones. > Overall my take is that default values should be specified in our code > (as default values of configuration record fields) rather than left > unspecified. I think this is clearer and more predictable than relying > on upstream=E2=80=99s default values. In general this is a good plan, but here it actually interferes with the expected configuration output. 'Fall through' is the default, not the actual default for each of the individual configuration options. They only get set if that field isn't set by any of the possibly multiple configuration matches set it first. --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --/+KKtAVMmHMtW/th Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmSDKAQACgkQQarn3Mo9 g1GEVBAAshjlsAjh/+PR650tR4unLPpp7yCTbMmsiNjizrxNIFIRaMc1y7S/8Mcj 5iu0+b8p8Z+4sVWNdEemZLgZAUf6rafv2Ujlk9Ky1HCbWgTXVqe0KNCjDP9Q8t3D Lu3y+jreMjuJ/PLvFXR0ZOLoqh8kzn5RdrHc25nc92ev1KDzUKH9jlCbanSDRx4x vISV8euOFA+P2JZvhvs6hn/aF2gcZzuivTiAoGY5PgVOU52dbLebUAAe79fe1fJb sRjH+tglhEvxqV8D8BWABbASp0VmV3LjV4yJg3dHWRcsqwRmmKxIqtbKjkYIAd5f MTP6w858BCXLTx0Am5MpfadzSS4FIFOgq885Ze5PCGcEP0Ut9LnDd9jYHicW19MO td7zvpQUUmiu70viWD/P2m0c+yWmg+S0AhmjArwnTG1yP4ua+mjmOmca8HqYjTiU DsunVxyiXlffJOi/wstk//idsVPH8IV7CpJsxwUfDdwFZ5cnS3Tbb3Z9ILNhWc/d olnndyctzU3avX2r7zWaC/ISbap9o90eXBS4tEfSGy/sL6pHwChBKr6i7jVX5xL/ p8YX8YmwvNiDXUHq9pYc+0KHTlNz6lsKY1jDNpH+5gxI1fjkXDw377YT8vXR8Vzl R2ERChBH+gh5eF2OtvycAzO5vqRw7zy6yOshh1D+MeNGqddBx2g= =luXe -----END PGP SIGNATURE----- --/+KKtAVMmHMtW/th-- --KAQj+y0XgLOZuTqc-- --SfYGIGq4gp1+hgm/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmSFfKIACgkQQarn3Mo9 g1ExXA/6AmsOp4Wdu/ViKVikV+E/iMR07+MDOSrKdcWQtsrtvCwCV0MqNSP90/s0 KkrQdtQwNmi9q2pgwOrjywSMLb+dWf9sqbFXJ7hAGmdsJPhQas52toy2nDPNLSk6 0xT27zAHEeM3IBM9pRweT0mYqBnvNYQ0n0y2CXTilK27F1NBjZm1eTqjmv6AezH3 lnAMq18x08NGp2FW8vmrrpbPuVhUGfl7rZdZaLE8jCvwW0grmAIZia3JQRBK2uWl me8f0Y/WDVZqnlddKNxMQYXvkmPqn4XN9AssgfVWu9usUTo16XGK/gO6Z3XOijMM as9mPDjp9cI+1tFTm+gut96lGDwA+652R8WEM9ZxtMmyYk8/cznz/duaBArVj4UT 0vB/IUmp8DQn8jxeEOKtTD/g5hTbSE7Gpi90Tv4+gKvUSjDbRvD8jGLDrb6XcJfd yNFGi1I9XYZ7iuwoZwuI96I9ibPD0vAFdwc4gk0O0dmghTuR8NSmR4ENebAEq/AX XxG1DsRbT+W9uJ2J178E3/PgfQIy4TfZYDtbYgPNbMAqBL1QhZGf/Rx18DYSQqaL QNRC/uIZIGWKl+jta4RCq9ld39/nXCN5doTSIFldf0EvNx3WuNEO6CvuOIJahx22 8eVF1Y49kku+lGumrAzKEbNYA6PLHeCgzct5UZlPiXa85sSI5+s= =R2m0 -----END PGP SIGNATURE----- --SfYGIGq4gp1+hgm/--