Commit Graph

38 Commits

Author SHA1 Message Date
Ludovic Courtès
8f53d73493
ssh: 'send-files' reports missing modules on the remote host.
Reported by Mikael Djurfeldt <mikael@djurfeldt.com>
in <https://bugs.gnu.org/40125>.

* guix/ssh.scm (send-files)[inferior-remote-eval*]: New procedure.
[missing]: Use it.  Add an explicit 'resolve-module' call.
(report-inferior-exception): New procedure.
2020-03-23 10:48:17 +01:00
Lars-Dominik Braun
35f3511167
ssh: Add Kerberos-support to ssh:// daemon URLs
* guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key
authentication does not work

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2020-02-20 11:14:44 +01:00
Ludovic Courtès
2b8682841d
ssh: 'open-ssh-session' can be passed the expected host key.
* guix/ssh.scm (open-ssh-session): Add #:host-key parameter.
Pass #:knownhosts to 'make-session'.  When HOST-KEY is true, call
'authenticate-server*' instead of 'authenticate-server'.
2019-12-04 18:16:08 +01:00
Ludovic Courtès
f5c180180e
ssh: Always authenticate the server [security fix].
Until now, users of 'open-ssh-session', including "guix deploy" and
"GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not
authenticate the SSH server they're talking to.

* guix/ssh.scm (open-ssh-session): Call 'authenticate-server'.
2019-12-04 18:16:08 +01:00
Ludovic Courtès
114dcb429a
ssh: Add 'authenticate-server*' and use it for offloading.
* guix/scripts/offload.scm (host-key->type+key): Remove.
(open-ssh-session): Replace server authentication code with a call to
'authenticate-server*'.
* guix/ssh.scm (host-key->type+key, authenticate-server*): New
procedures.
2019-12-04 18:16:08 +01:00
Ludovic Courtès
81c5873ab7
ssh: Add a longer SSH timeout by default.
* guix/ssh.scm (open-ssh-session): Add #:timeout parameter, and add call
to 'session-set!' to honor it.
2019-10-15 13:56:41 +02:00
Ludovic Courtès
e09c7f4ae4
remote, ssh: Show the command exit status upon failure.
* guix/remote.scm (remote-pipe-for-gexp): Show the exit status in error
message.
* guix/ssh.scm (remote-inferior): Likewise.
2019-08-28 18:52:52 +02:00
Jakob L. Kreuze
4cc5e5204b
machine: Use 'become-command'.
* gnu/machine/ssh.scm (managed-host-remote-eval): Pass an appropriate
'become-command' to 'remote-eval'.
* guix/ssh.scm (remote-authorize-signing-key): Add optional
'become-command' argument.
All callers changed.
2019-08-16 08:47:28 -04:00
Jakob L. Kreuze
3033d59ac9
machine: Automatically authorize the coordinator's signing key.
* guix/ssh.scm (remote-authorize-signing-key): New variable.
* gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's
signing key before any invocations of 'remote-eval'.
(deploy-managed-host): Display an error if a signing key does not exist.
* doc/guix.texi (Invoking guix deploy): Remove section describing manual
signing key authorization.
(Invoking guix deploy): Add section describing the 'authorize?' field.
2019-08-15 07:43:13 -04:00
Jakob L. Kreuze
5ea7537b9a
machine: Allow non-root users to deploy.
* doc/guix.texi (Invoking guix deploy): Add section describing
prerequisites for deploying as a non-root user.
* guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command'
argument.
(%remote-eval): New optional 'become-command' argument.
(remote-eval): New 'become-command' keyword argument.
* guix/ssh.scm (remote-inferior): New optional 'become-command'
argument.
(inferior-remote-eval): New optional 'become-command' argument.
(remote-authorize-signing-key): New optional 'become-command' argument.
* gnu/machine/ssh.scm (machine-become-command): New variable.
(managed-host-remote-eval): Invoke 'remote-eval' with the
'#:become-command' keyword.
(deploy-managed-host): Invoke 'remote-authorize-signing-key' with the
'#:become-command' keyword.
2019-08-15 07:43:03 -04:00
Jakob L. Kreuze
2c8e04f136
remote: Build derivations appropriate for the remote's
* gnu/machine/ssh.scm (machine-ssh-configuration): Add 'system' field.
(managed-host-remote-eval): Pass 'system' field to 'remote-eval'.
(machine-check-building-for-appropriate-system): New variable.
(check-deployment-sanity): Add call to
'machine-check-building-for-appropriate-system'.
* doc/guix.texi (Invoking guix deploy): Describe new 'system' field.
* guix/ssh.scm (remote-system): New variable.
* guix/remote.scm (remote-eval): Use result of 'remote-system' when
lowering the G-Expression.
(remote-eval): Add 'system' keyword argument.
(trampoline): Return a <program-file> rather than a <scheme-file>.
2019-08-14 15:38:09 -04:00
Jakob L. Kreuze
a9b09ed776
ssh: Add 'identity' keyword to 'open-ssh-session'.
* guix/ssh.scm (open-ssh-session): Add 'identity' keyword argument.
2019-07-06 02:09:58 -04:00
Ludovic Courtès
416a7c69f1
ssh: Add missing import.
* guix/ssh.scm: Use (ice-9 format).
2019-06-10 22:42:52 +02:00
Ludovic Courtès
f9e8a12379
store: Rename '&nix-error' to '&store-error'.
* guix/store.scm (&nix-error): Rename to...
(&store-error): ... this, and adjust users.
(&nix-connection-error): Rename to...
(&store-connection-error): ... this, and adjust users.
(&nix-protocol-error): Rename to...
(&store-protocol-error): ... this, adjust users.
(&nix-error, &nix-connection-error, &nix-protocol-error): Define these
condition types and their getters as deprecrated aliases.
* build-aux/run-system-tests.scm, guix/derivations.scm,
guix/grafts.scm, guix/scripts/challenge.scm,
guix/scripts/graph.scm, guix/scripts/lint.scm,
guix/scripts/offload.scm, guix/serialization.scm,
guix/ssh.scm, guix/tests.scm, guix/ui.scm,
tests/derivations.scm, tests/gexp.scm, tests/guix-daemon.sh,
tests/packages.scm, tests/store.scm, doc/guix.texi: Adjust to use the
new names.
2019-01-21 23:09:55 +01:00
Ludovic Courtès
de9fbe9cdc
store: Rename <nix-server> to <store-connection>.
* guix/store.scm (<nix-server>): Rename to...
(<store-connection>): ... this.  Adjust users accordingly.
(nix-server?, nix-server-major-version)
(nix-server-minor-version, nix-server-socket)
(nix-server-version): Define as deprecated aliases.
* guix/inferior.scm: Adjust accordingly.
* guix/ssh.scm: Likewise.
2019-01-21 23:09:55 +01:00
Ludovic Courtès
76832d3420
Remove most uses of the _IO*F constants.
These constants, for use with 'setvbuf', were deprecated in Guile 2.2
and disappeared in Guile 3.0.  Here we keep these constants in
build-side code where removing them is not feasible.

* guix/build/download-nar.scm (download-nar): Adjust 'setvbuf' calls to
the Guile 2.2+ API.
* guix/build/download.scm (open-socket-for-uri): Likewise.
(open-connection-for-uri, url-fetch): Likewise.
* guix/build/make-bootstrap.scm (make-stripped-libc): Likewise.
* guix/build/union.scm (setvbuf) [guile-2.0]: New conditional wrapper.
(union-build): Adjust to new API.
* guix/ftp-client.scm (ftp-open, ftp-list, ftp-retr): Likewise.
* guix/http-client.scm (http-fetch): Likewise.
* guix/inferior.scm (proxy): Likewise.
* guix/scripts/substitute.scm (fetch, http-multiple-get): Likewise.
* guix/self.scm (compiled-modules): Likewise.
* guix/ssh.scm (remote-daemon-channel, store-import-channel)
(store-export-channel): Likewise.
* guix/ui.scm (initialize-guix): Likewise.
* tests/publish.scm (http-get-port): Likewise.
* guix/store.scm (%newlines): Adjust comment.
2019-01-09 14:47:53 +01:00
Ludovic Courtès
ed7b44370f
offload: Use (guix inferior) instead of (ssh dist node).
Using inferiors and thus 'guix repl' simplifies setup on build
machines (no need to worry about GUILE_LOAD_PATH etc.)

Furthermore, the 'guix repl -t machine' protocol running in a remote
pipe addresses several issues with the current implementation of nodes
and RREPLs in Guile-SSH: fewer round trips, doesn't leave a 'guile
--listen' process behind it, stateless (since a new process is started
each time), more efficient (the SSH channel can be reused), more
reliable (no 'pgrep', 'pkill', and shellology; see
<https://github.com/artyom-poptsov/guile-ssh/issues/11> as an example.)

* guix/ssh.scm (inferior-remote-eval): New procedure.
(send-files): Use it instead of 'make-node' and 'node-eval'.
* guix/scripts/offload.scm (node-guile-version): New procedure.
(node-free-disk-space, transfer-and-offload, node-load)
(choose-build-machine, assert-node-has-guix): Use 'remote-inferior'
instead of 'make-node' and 'inferior-eval' instead of 'node-eval'.
(assert-node-can-import, assert-node-can-export): Likewise, and add
'session' parameter.
(check-machine-availability): Likewise, and add calls to
'close-inferior' and 'disconnect!'.
(check-machine-status): Likewise.
* doc/guix.texi (Daemon Offload Setup): Remove bit related to 'guile' in
$PATH and $GUILE_LOAD_PATH; mention 'guix' alone.
2018-12-24 16:06:32 +01:00
Ludovic Courtès
af15fe13b6
ssh: Add 'remote-inferior'.
* guix/inferior.scm (<inferior>)[close]: New field.
(port->inferior): New procedure.
(open-inferior): Rewrite in terms of 'port->inferior'.
(close-inferior): Honor INFERIOR's 'close' field.
(inferior-eval-with-store): Add FIXME comment.
* guix/ssh.scm (remote-inferior): New procedure.
2018-12-24 16:06:32 +01:00
Ludovic Courtès
63fd9f084a
ssh: Make 'send-files' more robust.
Possibly fixes <https://bugs.gnu.org/33239>.

* guix/ssh.scm (send-files): Call 'channel-get-exit-status' only when
RESULT is true.
2018-11-24 19:52:16 +01:00
Maxim Cournoyer
2e4d83398b
ssh: Honor the SOCKET-NAME argument of connect-to-remote-daemon.
* guix/ssh.scm (connect-to-remote-daemon): Pass the `socket-name' variable to
the `open-connection' call so that it is honored.
2018-11-05 21:28:59 -05:00
Ludovic Courtès
b90d97ec2e
ssh: Display the size of the store items being sent.
* guix/ssh.scm (send-files): Compute the size of MISSING and display
it.
2018-07-29 18:50:28 +02:00
Ludovic Courtès
8446dc5a36
ssh: Work around 'select' bug in Guile.
Fixes <https://bugs.gnu.org/30365>.

* guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'select*' and
use it.
2018-02-09 11:23:27 +01:00
Ludovic Courtès
0dcf675c56
ssh: Switch back to 'get-bytevector-some'.
This mostly reverts 17af5d51de.
Suggested by Andy Wingo <wingo@igalia.com>.

* guix/ssh.scm (remote-daemon-channel)[redirect]: Remove 'read!' FFI
hack.  Use buffered ports.
2018-01-12 23:41:15 +01:00
Ludovic Courtès
4eb0f9ae05
offload: 'test' reports Guile and module errors more nicely.
Fixes <https://bugs.gnu.org/26008>.
Reported by Myles English <mylesenglish@gmail.com>.

* guix/ssh.scm (retrieve-files*): Move error reporting to...
(report-guile-error, report-module-error): ... here.  New procedures.
* guix/scripts/offload.scm (assert-node-repl): Use 'report-guile-error'.
(assert-node-has-guix): Explicitly check for 'use-modules' first.  Use
'report-module-error'.
2018-01-12 23:41:15 +01:00
Ludovic Courtès
0e3c8528af
ssh: 'retrieve-files' now only retrieves what's missing.
* guix/ssh.scm (retrieve-files): Remove the subset of FILES that is
valid in LOCAL.
(store-export-channel): Add comment.
2018-01-12 23:41:15 +01:00
Ludovic Courtès
d06d54e338
offload: Fix regression in file retrieval.
This fixes a regression in 'retrieve-files*' introduced in
896fec476f, whereby (guix scripts offload)
would not read the initial sexp now sent by the remote host via
'store-export-channel'.  This would effectively prevent file retrieval
entirely when offloading.

* guix/ssh.scm (retrieve-files*): New procedure, like former
'retrieve-files' but with an extra #:import parameter.
(retrieve-files): Rewrite in terms of 'retrieve-files*'.
(file-retrieval-port): Make private.
* guix/scripts/offload.scm (transfer-and-offload): Pass #:import to
'retrieve-files*'.
(retrieve-files*): Remove.
2018-01-12 23:41:15 +01:00
Ludovic Courtès
55f40fdbcd
ssh: Pass an empty "exceptfds" set to 'select'.
Previously the redirect code could end up exiting prematurely because of
an uninteresting "exceptional condition" on the socket (info "(libc)
Waiting for I/O").

* guix/ssh.scm (remote-daemon-channel): Pass the empty list as the third
argument to 'select'.  It was a mistake to pass a non-empty list there
in the first place.
2018-01-11 00:00:03 +01:00
Ludovic Courtès
17af5d51de
ssh: Work around 'get-bytevector-some' bug.
This works around <https://bugs.gnu.org/30066> and noticeably improves
performance when using GUIX_DAEMON_SOCKET=ssh://HOST (the redirect code
was transferring data to guix-daemon one byte at a time!).

* guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'read!' and use
it instead of 'get-bytevector-some'.
2018-01-11 00:00:02 +01:00
Ludovic Courtès
896fec476f
ssh: Improve error reporting when retrieving files.
'guix copy --from' now reports messages much more useful than "failed to
retrieve files".

* guix/ssh.scm (store-export-channel)[export]: Wrap 'use-modules' in
'catch' and 'with-store' in 'guard'.  Check for invalid items.  Write a
status sexp on stdout.
(raise-error): New macro.
(retrieve-files): Read the initial status sexp and report errors
accordingly.
2018-01-07 23:46:39 +01:00
Ludovic Courtès
52d174d6d1
ssh: Use (guix i18n).
* guix/ssh.scm: Use (guix i18n) instead of (guix ui).
2017-11-19 23:09:01 +01:00
Ludovic Courtès
de9d8f0e29
ssh: Improve error reporting when 'send-files' fails.
Fixes <http://bugs.gnu.org/26972>.

* guix/ssh.scm (store-import-channel)[import]: Add 'consume-input'
procedure.  Wrap body in 'catch' and 'guard'.  Use 'open-remote-pipe'
with OPEN_BOTH instead of 'open-remote-output-pipe'.
(send-files): After the 'channel-send-eof' call, do (read port).
Interpret the result sexp and raise an error condition if needed.
2017-06-04 23:00:32 +02:00
Ludovic Courtès
69daee23af
ui: Rename '_' to 'G_'.
This avoids collisions with '_' when the latter is used as a 'match'
pattern for instance.  See
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00464.html>.

* guix/ui.scm: Rename '_' to 'G_'.
* po/guix/Makevars (XGETTEXT_OPTIONS): Adjust accordingly.
* build-aux/compile-all.scm (warnings): Remove 'format'.
* gnu/packages.scm,
gnu/services.scm,
gnu/services/shepherd.scm,
gnu/system.scm,
gnu/system/shadow.scm,
guix/gnupg.scm,
guix/http-client.scm,
guix/import/cpan.scm,
guix/import/elpa.scm,
guix/import/pypi.scm,
guix/nar.scm,
guix/scripts.scm,
guix/scripts/archive.scm,
guix/scripts/authenticate.scm,
guix/scripts/build.scm,
guix/scripts/challenge.scm,
guix/scripts/container.scm,
guix/scripts/container/exec.scm,
guix/scripts/copy.scm,
guix/scripts/download.scm,
guix/scripts/edit.scm,
guix/scripts/environment.scm,
guix/scripts/gc.scm,
guix/scripts/graph.scm,
guix/scripts/hash.scm,
guix/scripts/import.scm,
guix/scripts/import/cpan.scm,
guix/scripts/import/cran.scm,
guix/scripts/import/crate.scm,
guix/scripts/import/elpa.scm,
guix/scripts/import/gem.scm,
guix/scripts/import/gnu.scm,
guix/scripts/import/hackage.scm,
guix/scripts/import/nix.scm,
guix/scripts/import/pypi.scm,
guix/scripts/import/stackage.scm,
guix/scripts/lint.scm,
guix/scripts/offload.scm,
guix/scripts/pack.scm,
guix/scripts/package.scm,
guix/scripts/perform-download.scm,
guix/scripts/publish.scm,
guix/scripts/pull.scm,
guix/scripts/refresh.scm,
guix/scripts/size.scm,
guix/scripts/substitute.scm,
guix/scripts/system.scm,
guix/ssh.scm,
guix/upstream.scm: Use 'G_' instead of '_'.  Most of this change was
obtained by running: "sed -i -e's/(_ "/(G_ "/g' `find -name \*.scm`".
2017-05-03 16:16:17 +02:00
Ludovic Courtès
e537833726
ssh: Decompose 'connect-to-remote-daemon'.
* guix/ssh.scm (remote-daemon-channel): New procedure.
(connect-to-remote-daemon): Implement in terms of it.
2017-04-21 19:17:36 +02:00
Ludovic Courtès
615c5298f7
ssh: Move 'open-ssh-session' to (guix ssh).
* guix/scripts/copy.scm (%compression, open-ssh-session): Move to...
* guix/ssh.scm: ... here.  Use '&message' conditions instead of calling
'leave'.
2017-04-21 19:17:34 +02:00
Ludovic Courtès
13164a2102
ssh: 'retrieve-files' detects remote export failures.
* guix/ssh.scm (retrieve-files): Call 'lookahead-u8' and raise a
'&message' condition when it returns EOF.
2016-12-31 18:35:29 +01:00
Ludovic Courtès
23973e4fbf
ssh: 'send-files' returns the list of items sent.
* guix/ssh.scm (send-files): Return MISSING.
2016-12-31 18:35:29 +01:00
Ludovic Courtès
e9629e8221
ssh: Allow transfers of complete closures.
* guix/ssh.scm (store-export-channel, send-files)
(file-retrieval-port, retrieve-files): Add #:recursive? parameter and
honor it.
2016-12-31 18:35:29 +01:00
Ludovic Courtès
987a29ba43
Add (guix ssh) module.
* guix/scripts/offload.scm (connect-to-remote-daemon)
(store-import-channel, store-export-channel, send-files)
(retrieve-files): Move to (guix ssh).
(nonce): Add optional 'name' parameter and use it.
(retrieve-files*): New procedure.
(transfer-and-offload): Use it instead of 'retrieve-files', and add
first parameter to 'send-files'.
(assert-node-can-import): Likewise.
(assert-node-can-export): Use 'retrieve-files' instead of
'store-export-channel'.
* guix/ssh.scm: New file.
* configure.ac: Use 'GUIX_CHECK_GUILE_SSH' and define 'HAVE_GUILE_SSH'
Automake conditional.
* Makefile.am (MODULES) [HAVE_GUILE_SSH]: Add guix/ssh.scm.
2016-12-31 01:44:04 +01:00