Age | Commit message (Collapse) | Author |
|
* guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key
authentication does not work
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* guix/ssh.scm (open-ssh-session): Add #:host-key parameter.
Pass #:knownhosts to 'make-session'. When HOST-KEY is true, call
'authenticate-server*' instead of 'authenticate-server'.
|
|
Until now, users of 'open-ssh-session', including "guix deploy" and
"GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not
authenticate the SSH server they're talking to.
* guix/ssh.scm (open-ssh-session): Call 'authenticate-server'.
|
|
* guix/scripts/offload.scm (host-key->type+key): Remove.
(open-ssh-session): Replace server authentication code with a call to
'authenticate-server*'.
* guix/ssh.scm (host-key->type+key, authenticate-server*): New
procedures.
|
|
* guix/ssh.scm (open-ssh-session): Add #:timeout parameter, and add call
to 'session-set!' to honor it.
|
|
* guix/remote.scm (remote-pipe-for-gexp): Show the exit status in error
message.
* guix/ssh.scm (remote-inferior): Likewise.
|
|
* gnu/machine/ssh.scm (managed-host-remote-eval): Pass an appropriate
'become-command' to 'remote-eval'.
* guix/ssh.scm (remote-authorize-signing-key): Add optional
'become-command' argument.
All callers changed.
|
|
* guix/ssh.scm (remote-authorize-signing-key): New variable.
* gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's
signing key before any invocations of 'remote-eval'.
(deploy-managed-host): Display an error if a signing key does not exist.
* doc/guix.texi (Invoking guix deploy): Remove section describing manual
signing key authorization.
(Invoking guix deploy): Add section describing the 'authorize?' field.
|
|
* doc/guix.texi (Invoking guix deploy): Add section describing
prerequisites for deploying as a non-root user.
* guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command'
argument.
(%remote-eval): New optional 'become-command' argument.
(remote-eval): New 'become-command' keyword argument.
* guix/ssh.scm (remote-inferior): New optional 'become-command'
argument.
(inferior-remote-eval): New optional 'become-command' argument.
(remote-authorize-signing-key): New optional 'become-command' argument.
* gnu/machine/ssh.scm (machine-become-command): New variable.
(managed-host-remote-eval): Invoke 'remote-eval' with the
'#:become-command' keyword.
(deploy-managed-host): Invoke 'remote-authorize-signing-key' with the
'#:become-command' keyword.
|
|
* gnu/machine/ssh.scm (machine-ssh-configuration): Add 'system' field.
(managed-host-remote-eval): Pass 'system' field to 'remote-eval'.
(machine-check-building-for-appropriate-system): New variable.
(check-deployment-sanity): Add call to
'machine-check-building-for-appropriate-system'.
* doc/guix.texi (Invoking guix deploy): Describe new 'system' field.
* guix/ssh.scm (remote-system): New variable.
* guix/remote.scm (remote-eval): Use result of 'remote-system' when
lowering the G-Expression.
(remote-eval): Add 'system' keyword argument.
(trampoline): Return a <program-file> rather than a <scheme-file>.
|
|
* guix/ssh.scm (open-ssh-session): Add 'identity' keyword argument.
|
|
* guix/ssh.scm: Use (ice-9 format).
|
|
* guix/store.scm (&nix-error): Rename to...
(&store-error): ... this, and adjust users.
(&nix-connection-error): Rename to...
(&store-connection-error): ... this, and adjust users.
(&nix-protocol-error): Rename to...
(&store-protocol-error): ... this, adjust users.
(&nix-error, &nix-connection-error, &nix-protocol-error): Define these
condition types and their getters as deprecrated aliases.
* build-aux/run-system-tests.scm, guix/derivations.scm,
guix/grafts.scm, guix/scripts/challenge.scm,
guix/scripts/graph.scm, guix/scripts/lint.scm,
guix/scripts/offload.scm, guix/serialization.scm,
guix/ssh.scm, guix/tests.scm, guix/ui.scm,
tests/derivations.scm, tests/gexp.scm, tests/guix-daemon.sh,
tests/packages.scm, tests/store.scm, doc/guix.texi: Adjust to use the
new names.
|
|
* guix/store.scm (<nix-server>): Rename to...
(<store-connection>): ... this. Adjust users accordingly.
(nix-server?, nix-server-major-version)
(nix-server-minor-version, nix-server-socket)
(nix-server-version): Define as deprecated aliases.
* guix/inferior.scm: Adjust accordingly.
* guix/ssh.scm: Likewise.
|
|
These constants, for use with 'setvbuf', were deprecated in Guile 2.2
and disappeared in Guile 3.0. Here we keep these constants in
build-side code where removing them is not feasible.
* guix/build/download-nar.scm (download-nar): Adjust 'setvbuf' calls to
the Guile 2.2+ API.
* guix/build/download.scm (open-socket-for-uri): Likewise.
(open-connection-for-uri, url-fetch): Likewise.
* guix/build/make-bootstrap.scm (make-stripped-libc): Likewise.
* guix/build/union.scm (setvbuf) [guile-2.0]: New conditional wrapper.
(union-build): Adjust to new API.
* guix/ftp-client.scm (ftp-open, ftp-list, ftp-retr): Likewise.
* guix/http-client.scm (http-fetch): Likewise.
* guix/inferior.scm (proxy): Likewise.
* guix/scripts/substitute.scm (fetch, http-multiple-get): Likewise.
* guix/self.scm (compiled-modules): Likewise.
* guix/ssh.scm (remote-daemon-channel, store-import-channel)
(store-export-channel): Likewise.
* guix/ui.scm (initialize-guix): Likewise.
* tests/publish.scm (http-get-port): Likewise.
* guix/store.scm (%newlines): Adjust comment.
|
|
Using inferiors and thus 'guix repl' simplifies setup on build
machines (no need to worry about GUILE_LOAD_PATH etc.)
Furthermore, the 'guix repl -t machine' protocol running in a remote
pipe addresses several issues with the current implementation of nodes
and RREPLs in Guile-SSH: fewer round trips, doesn't leave a 'guile
--listen' process behind it, stateless (since a new process is started
each time), more efficient (the SSH channel can be reused), more
reliable (no 'pgrep', 'pkill', and shellology; see
<https://github.com/artyom-poptsov/guile-ssh/issues/11> as an example.)
* guix/ssh.scm (inferior-remote-eval): New procedure.
(send-files): Use it instead of 'make-node' and 'node-eval'.
* guix/scripts/offload.scm (node-guile-version): New procedure.
(node-free-disk-space, transfer-and-offload, node-load)
(choose-build-machine, assert-node-has-guix): Use 'remote-inferior'
instead of 'make-node' and 'inferior-eval' instead of 'node-eval'.
(assert-node-can-import, assert-node-can-export): Likewise, and add
'session' parameter.
(check-machine-availability): Likewise, and add calls to
'close-inferior' and 'disconnect!'.
(check-machine-status): Likewise.
* doc/guix.texi (Daemon Offload Setup): Remove bit related to 'guile' in
$PATH and $GUILE_LOAD_PATH; mention 'guix' alone.
|
|
* guix/inferior.scm (<inferior>)[close]: New field.
(port->inferior): New procedure.
(open-inferior): Rewrite in terms of 'port->inferior'.
(close-inferior): Honor INFERIOR's 'close' field.
(inferior-eval-with-store): Add FIXME comment.
* guix/ssh.scm (remote-inferior): New procedure.
|
|
Possibly fixes <https://bugs.gnu.org/33239>.
* guix/ssh.scm (send-files): Call 'channel-get-exit-status' only when
RESULT is true.
|
|
* guix/ssh.scm (connect-to-remote-daemon): Pass the `socket-name' variable to
the `open-connection' call so that it is honored.
|
|
* guix/ssh.scm (send-files): Compute the size of MISSING and display
it.
|
|
Fixes <https://bugs.gnu.org/30365>.
* guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'select*' and
use it.
|
|
This mostly reverts 17af5d51de7c40756a4a39d336f81681de2ba447.
Suggested by Andy Wingo <wingo@igalia.com>.
* guix/ssh.scm (remote-daemon-channel)[redirect]: Remove 'read!' FFI
hack. Use buffered ports.
|
|
Fixes <https://bugs.gnu.org/26008>.
Reported by Myles English <mylesenglish@gmail.com>.
* guix/ssh.scm (retrieve-files*): Move error reporting to...
(report-guile-error, report-module-error): ... here. New procedures.
* guix/scripts/offload.scm (assert-node-repl): Use 'report-guile-error'.
(assert-node-has-guix): Explicitly check for 'use-modules' first. Use
'report-module-error'.
|
|
* guix/ssh.scm (retrieve-files): Remove the subset of FILES that is
valid in LOCAL.
(store-export-channel): Add comment.
|
|
This fixes a regression in 'retrieve-files*' introduced in
896fec476f728183b331cbb6e2afb891207b4205, whereby (guix scripts offload)
would not read the initial sexp now sent by the remote host via
'store-export-channel'. This would effectively prevent file retrieval
entirely when offloading.
* guix/ssh.scm (retrieve-files*): New procedure, like former
'retrieve-files' but with an extra #:import parameter.
(retrieve-files): Rewrite in terms of 'retrieve-files*'.
(file-retrieval-port): Make private.
* guix/scripts/offload.scm (transfer-and-offload): Pass #:import to
'retrieve-files*'.
(retrieve-files*): Remove.
|
|
Previously the redirect code could end up exiting prematurely because of
an uninteresting "exceptional condition" on the socket (info "(libc)
Waiting for I/O").
* guix/ssh.scm (remote-daemon-channel): Pass the empty list as the third
argument to 'select'. It was a mistake to pass a non-empty list there
in the first place.
|
|
This works around <https://bugs.gnu.org/30066> and noticeably improves
performance when using GUIX_DAEMON_SOCKET=ssh://HOST (the redirect code
was transferring data to guix-daemon one byte at a time!).
* guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'read!' and use
it instead of 'get-bytevector-some'.
|
|
'guix copy --from' now reports messages much more useful than "failed to
retrieve files".
* guix/ssh.scm (store-export-channel)[export]: Wrap 'use-modules' in
'catch' and 'with-store' in 'guard'. Check for invalid items. Write a
status sexp on stdout.
(raise-error): New macro.
(retrieve-files): Read the initial status sexp and report errors
accordingly.
|
|
* guix/ssh.scm: Use (guix i18n) instead of (guix ui).
|
|
Fixes <http://bugs.gnu.org/26972>.
* guix/ssh.scm (store-import-channel)[import]: Add 'consume-input'
procedure. Wrap body in 'catch' and 'guard'. Use 'open-remote-pipe'
with OPEN_BOTH instead of 'open-remote-output-pipe'.
(send-files): After the 'channel-send-eof' call, do (read port).
Interpret the result sexp and raise an error condition if needed.
|
|
This avoids collisions with '_' when the latter is used as a 'match'
pattern for instance. See
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00464.html>.
* guix/ui.scm: Rename '_' to 'G_'.
* po/guix/Makevars (XGETTEXT_OPTIONS): Adjust accordingly.
* build-aux/compile-all.scm (warnings): Remove 'format'.
* gnu/packages.scm,
gnu/services.scm,
gnu/services/shepherd.scm,
gnu/system.scm,
gnu/system/shadow.scm,
guix/gnupg.scm,
guix/http-client.scm,
guix/import/cpan.scm,
guix/import/elpa.scm,
guix/import/pypi.scm,
guix/nar.scm,
guix/scripts.scm,
guix/scripts/archive.scm,
guix/scripts/authenticate.scm,
guix/scripts/build.scm,
guix/scripts/challenge.scm,
guix/scripts/container.scm,
guix/scripts/container/exec.scm,
guix/scripts/copy.scm,
guix/scripts/download.scm,
guix/scripts/edit.scm,
guix/scripts/environment.scm,
guix/scripts/gc.scm,
guix/scripts/graph.scm,
guix/scripts/hash.scm,
guix/scripts/import.scm,
guix/scripts/import/cpan.scm,
guix/scripts/import/cran.scm,
guix/scripts/import/crate.scm,
guix/scripts/import/elpa.scm,
guix/scripts/import/gem.scm,
guix/scripts/import/gnu.scm,
guix/scripts/import/hackage.scm,
guix/scripts/import/nix.scm,
guix/scripts/import/pypi.scm,
guix/scripts/import/stackage.scm,
guix/scripts/lint.scm,
guix/scripts/offload.scm,
guix/scripts/pack.scm,
guix/scripts/package.scm,
guix/scripts/perform-download.scm,
guix/scripts/publish.scm,
guix/scripts/pull.scm,
guix/scripts/refresh.scm,
guix/scripts/size.scm,
guix/scripts/substitute.scm,
guix/scripts/system.scm,
guix/ssh.scm,
guix/upstream.scm: Use 'G_' instead of '_'. Most of this change was
obtained by running: "sed -i -e's/(_ "/(G_ "/g' `find -name \*.scm`".
|
|
* guix/ssh.scm (remote-daemon-channel): New procedure.
(connect-to-remote-daemon): Implement in terms of it.
|
|
* guix/scripts/copy.scm (%compression, open-ssh-session): Move to...
* guix/ssh.scm: ... here. Use '&message' conditions instead of calling
'leave'.
|
|
* guix/ssh.scm (retrieve-files): Call 'lookahead-u8' and raise a
'&message' condition when it returns EOF.
|
|
* guix/ssh.scm (send-files): Return MISSING.
|
|
* guix/ssh.scm (store-export-channel, send-files)
(file-retrieval-port, retrieve-files): Add #:recursive? parameter and
honor it.
|
|
* guix/scripts/offload.scm (connect-to-remote-daemon)
(store-import-channel, store-export-channel, send-files)
(retrieve-files): Move to (guix ssh).
(nonce): Add optional 'name' parameter and use it.
(retrieve-files*): New procedure.
(transfer-and-offload): Use it instead of 'retrieve-files', and add
first parameter to 'send-files'.
(assert-node-can-import): Likewise.
(assert-node-can-export): Use 'retrieve-files' instead of
'store-export-channel'.
* guix/ssh.scm: New file.
* configure.ac: Use 'GUIX_CHECK_GUILE_SSH' and define 'HAVE_GUILE_SSH'
Automake conditional.
* Makefile.am (MODULES) [HAVE_GUILE_SSH]: Add guix/ssh.scm.
|