summaryrefslogtreecommitdiff
path: root/guix/ssh.scm
AgeCommit message (Expand)Author
2020-08-07ssh: Really report Guile setup errors in 'send-files'.•••This is a followup to commit 8f53d73493a2949e2db28cd7d689a690b2d9479a, which did not have the desired effect: the 'resolve-module' call was bound to succeed since the inferior runs 'guix repl'. * guix/ssh.scm (store-import-channel)[import]: Add call to 'resolve-module' and write '(module-error) upon error. Write '(importing) when we're ready. (send-files)[inferior-remote-eval*]: Remove. [missing]: Remove call to 'resolve-module'. Call 'handle-import/export-channel-error' when PORT doesn't return '(importing). (handle-import/export-channel-error): New procedure. (retrieve-files*): Use it. Ludovic Courtès
2020-07-25Use 'formatted-message' instead of '&message' where appropriate.•••* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition*): Likewise. * gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file*): Likewise. * guix/ssh.scm (authenticate-server*): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. * guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto. Ludovic Courtès
2020-07-25utils: Move '&fix-hint' to (guix diagnostics).•••* guix/utils.scm (&fix-hint): Move to... * guix/diagnostics.scm (&fix-hint): ... here. * gnu.scm: Adjust imports accordingly. * gnu/system/mapped-devices.scm: Likewise. * guix/channels.scm: Likewise. * guix/profiles.scm: Likewise. * guix/scripts/system/reconfigure.scm: Likewise. * guix/ssh.scm: Likewise. Ludovic Courtès
2020-07-20ssh: Speed up RPCs by using #:nodelay.•••Partly fixes <https://bugs.gnu.org/41702>. * guix/ssh.scm (open-ssh-session): Enable #:nodelay. * m4/guix.m4 (GUIX_CHECK_GUILE_SSH): Add feature check for this new parameter. * doc/guix.texi (Requirements): Adjust. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Lars-Dominik Braun
2020-03-23ssh: 'send-files' reports missing modules on the remote host.•••Reported by Mikael Djurfeldt <mikael@djurfeldt.com> in <https://bugs.gnu.org/40125>. * guix/ssh.scm (send-files)[inferior-remote-eval*]: New procedure. [missing]: Use it. Add an explicit 'resolve-module' call. (report-inferior-exception): New procedure. Ludovic Courtès
2020-02-20ssh: Add Kerberos-support to ssh:// daemon URLs•••* guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key authentication does not work Signed-off-by: Ludovic Courtès <ludo@gnu.org> Lars-Dominik Braun
2019-12-04ssh: 'open-ssh-session' can be passed the expected host key.•••* guix/ssh.scm (open-ssh-session): Add #:host-key parameter. Pass #:knownhosts to 'make-session'. When HOST-KEY is true, call 'authenticate-server*' instead of 'authenticate-server'. Ludovic Courtès
2019-12-04ssh: Always authenticate the server [security fix].•••Until now, users of 'open-ssh-session', including "guix deploy" and "GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not authenticate the SSH server they're talking to. * guix/ssh.scm (open-ssh-session): Call 'authenticate-server'. Ludovic Courtès
2019-12-04ssh: Add 'authenticate-server*' and use it for offloading.•••* guix/scripts/offload.scm (host-key->type+key): Remove. (open-ssh-session): Replace server authentication code with a call to 'authenticate-server*'. * guix/ssh.scm (host-key->type+key, authenticate-server*): New procedures. Ludovic Courtès
2019-10-15ssh: Add a longer SSH timeout by default.•••* guix/ssh.scm (open-ssh-session): Add #:timeout parameter, and add call to 'session-set!' to honor it. Ludovic Courtès
2019-08-28remote, ssh: Show the command exit status upon failure.•••* guix/remote.scm (remote-pipe-for-gexp): Show the exit status in error message. * guix/ssh.scm (remote-inferior): Likewise. Ludovic Courtès
2019-08-16machine: Use 'become-command'.•••* gnu/machine/ssh.scm (managed-host-remote-eval): Pass an appropriate 'become-command' to 'remote-eval'. * guix/ssh.scm (remote-authorize-signing-key): Add optional 'become-command' argument. All callers changed. Jakob L. Kreuze
2019-08-15machine: Automatically authorize the coordinator's signing key.•••* guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. (deploy-managed-host): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. (Invoking guix deploy): Add section describing the 'authorize?' field. Jakob L. Kreuze
2019-08-15machine: Allow non-root users to deploy.•••* doc/guix.texi (Invoking guix deploy): Add section describing prerequisites for deploying as a non-root user. * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' argument. (%remote-eval): New optional 'become-command' argument. (remote-eval): New 'become-command' keyword argument. * guix/ssh.scm (remote-inferior): New optional 'become-command' argument. (inferior-remote-eval): New optional 'become-command' argument. (remote-authorize-signing-key): New optional 'become-command' argument. * gnu/machine/ssh.scm (machine-become-command): New variable. (managed-host-remote-eval): Invoke 'remote-eval' with the '#:become-command' keyword. (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the '#:become-command' keyword. Jakob L. Kreuze
2019-08-14remote: Build derivations appropriate for the remote's•••* gnu/machine/ssh.scm (machine-ssh-configuration): Add 'system' field. (managed-host-remote-eval): Pass 'system' field to 'remote-eval'. (machine-check-building-for-appropriate-system): New variable. (check-deployment-sanity): Add call to 'machine-check-building-for-appropriate-system'. * doc/guix.texi (Invoking guix deploy): Describe new 'system' field. * guix/ssh.scm (remote-system): New variable. * guix/remote.scm (remote-eval): Use result of 'remote-system' when lowering the G-Expression. (remote-eval): Add 'system' keyword argument. (trampoline): Return a <program-file> rather than a <scheme-file>. Jakob L. Kreuze
2019-07-06ssh: Add 'identity' keyword to 'open-ssh-session'.•••* guix/ssh.scm (open-ssh-session): Add 'identity' keyword argument. Jakob L. Kreuze
2019-06-10ssh: Add missing import.•••* guix/ssh.scm: Use (ice-9 format). Ludovic Courtès
2019-01-21store: Rename '&nix-error' to '&store-error'.•••* guix/store.scm (&nix-error): Rename to... (&store-error): ... this, and adjust users. (&nix-connection-error): Rename to... (&store-connection-error): ... this, and adjust users. (&nix-protocol-error): Rename to... (&store-protocol-error): ... this, adjust users. (&nix-error, &nix-connection-error, &nix-protocol-error): Define these condition types and their getters as deprecrated aliases. * build-aux/run-system-tests.scm, guix/derivations.scm, guix/grafts.scm, guix/scripts/challenge.scm, guix/scripts/graph.scm, guix/scripts/lint.scm, guix/scripts/offload.scm, guix/serialization.scm, guix/ssh.scm, guix/tests.scm, guix/ui.scm, tests/derivations.scm, tests/gexp.scm, tests/guix-daemon.sh, tests/packages.scm, tests/store.scm, doc/guix.texi: Adjust to use the new names. Ludovic Courtès
2019-01-21store: Rename <nix-server> to <store-connection>.•••* guix/store.scm (<nix-server>): Rename to... (<store-connection>): ... this. Adjust users accordingly. (nix-server?, nix-server-major-version) (nix-server-minor-version, nix-server-socket) (nix-server-version): Define as deprecated aliases. * guix/inferior.scm: Adjust accordingly. * guix/ssh.scm: Likewise. Ludovic Courtès
2019-01-09Remove most uses of the _IO*F constants.•••These constants, for use with 'setvbuf', were deprecated in Guile 2.2 and disappeared in Guile 3.0. Here we keep these constants in build-side code where removing them is not feasible. * guix/build/download-nar.scm (download-nar): Adjust 'setvbuf' calls to the Guile 2.2+ API. * guix/build/download.scm (open-socket-for-uri): Likewise. (open-connection-for-uri, url-fetch): Likewise. * guix/build/make-bootstrap.scm (make-stripped-libc): Likewise. * guix/build/union.scm (setvbuf) [guile-2.0]: New conditional wrapper. (union-build): Adjust to new API. * guix/ftp-client.scm (ftp-open, ftp-list, ftp-retr): Likewise. * guix/http-client.scm (http-fetch): Likewise. * guix/inferior.scm (proxy): Likewise. * guix/scripts/substitute.scm (fetch, http-multiple-get): Likewise. * guix/self.scm (compiled-modules): Likewise. * guix/ssh.scm (remote-daemon-channel, store-import-channel) (store-export-channel): Likewise. * guix/ui.scm (initialize-guix): Likewise. * tests/publish.scm (http-get-port): Likewise. * guix/store.scm (%newlines): Adjust comment. Ludovic Courtès
2018-12-24offload: Use (guix inferior) instead of (ssh dist node).•••Using inferiors and thus 'guix repl' simplifies setup on build machines (no need to worry about GUILE_LOAD_PATH etc.) Furthermore, the 'guix repl -t machine' protocol running in a remote pipe addresses several issues with the current implementation of nodes and RREPLs in Guile-SSH: fewer round trips, doesn't leave a 'guile --listen' process behind it, stateless (since a new process is started each time), more efficient (the SSH channel can be reused), more reliable (no 'pgrep', 'pkill', and shellology; see <https://github.com/artyom-poptsov/guile-ssh/issues/11> as an example.) * guix/ssh.scm (inferior-remote-eval): New procedure. (send-files): Use it instead of 'make-node' and 'node-eval'. * guix/scripts/offload.scm (node-guile-version): New procedure. (node-free-disk-space, transfer-and-offload, node-load) (choose-build-machine, assert-node-has-guix): Use 'remote-inferior' instead of 'make-node' and 'inferior-eval' instead of 'node-eval'. (assert-node-can-import, assert-node-can-export): Likewise, and add 'session' parameter. (check-machine-availability): Likewise, and add calls to 'close-inferior' and 'disconnect!'. (check-machine-status): Likewise. * doc/guix.texi (Daemon Offload Setup): Remove bit related to 'guile' in $PATH and $GUILE_LOAD_PATH; mention 'guix' alone. Ludovic Courtès
2018-12-24ssh: Add 'remote-inferior'.•••* guix/inferior.scm (<inferior>)[close]: New field. (port->inferior): New procedure. (open-inferior): Rewrite in terms of 'port->inferior'. (close-inferior): Honor INFERIOR's 'close' field. (inferior-eval-with-store): Add FIXME comment. * guix/ssh.scm (remote-inferior): New procedure. Ludovic Courtès
2018-11-24ssh: Make 'send-files' more robust.•••Possibly fixes <https://bugs.gnu.org/33239>. * guix/ssh.scm (send-files): Call 'channel-get-exit-status' only when RESULT is true. Ludovic Courtès
2018-11-05ssh: Honor the SOCKET-NAME argument of connect-to-remote-daemon.•••* guix/ssh.scm (connect-to-remote-daemon): Pass the `socket-name' variable to the `open-connection' call so that it is honored. Maxim Cournoyer
2018-07-29ssh: Display the size of the store items being sent.•••* guix/ssh.scm (send-files): Compute the size of MISSING and display it. Ludovic Courtès
2018-02-09ssh: Work around 'select' bug in Guile.•••Fixes <https://bugs.gnu.org/30365>. * guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'select*' and use it. Ludovic Courtès
2018-01-12ssh: Switch back to 'get-bytevector-some'.•••This mostly reverts 17af5d51de7c40756a4a39d336f81681de2ba447. Suggested by Andy Wingo <wingo@igalia.com>. * guix/ssh.scm (remote-daemon-channel)[redirect]: Remove 'read!' FFI hack. Use buffered ports. Ludovic Courtès
2018-01-12offload: 'test' reports Guile and module errors more nicely.•••Fixes <https://bugs.gnu.org/26008>. Reported by Myles English <mylesenglish@gmail.com>. * guix/ssh.scm (retrieve-files*): Move error reporting to... (report-guile-error, report-module-error): ... here. New procedures. * guix/scripts/offload.scm (assert-node-repl): Use 'report-guile-error'. (assert-node-has-guix): Explicitly check for 'use-modules' first. Use 'report-module-error'. Ludovic Courtès
2018-01-12ssh: 'retrieve-files' now only retrieves what's missing.•••* guix/ssh.scm (retrieve-files): Remove the subset of FILES that is valid in LOCAL. (store-export-channel): Add comment. Ludovic Courtès
2018-01-12offload: Fix regression in file retrieval.•••This fixes a regression in 'retrieve-files*' introduced in 896fec476f728183b331cbb6e2afb891207b4205, whereby (guix scripts offload) would not read the initial sexp now sent by the remote host via 'store-export-channel'. This would effectively prevent file retrieval entirely when offloading. * guix/ssh.scm (retrieve-files*): New procedure, like former 'retrieve-files' but with an extra #:import parameter. (retrieve-files): Rewrite in terms of 'retrieve-files*'. (file-retrieval-port): Make private. * guix/scripts/offload.scm (transfer-and-offload): Pass #:import to 'retrieve-files*'. (retrieve-files*): Remove. Ludovic Courtès
2018-01-11ssh: Pass an empty "exceptfds" set to 'select'.•••Previously the redirect code could end up exiting prematurely because of an uninteresting "exceptional condition" on the socket (info "(libc) Waiting for I/O"). * guix/ssh.scm (remote-daemon-channel): Pass the empty list as the third argument to 'select'. It was a mistake to pass a non-empty list there in the first place. Ludovic Courtès
2018-01-11ssh: Work around 'get-bytevector-some' bug.•••This works around <https://bugs.gnu.org/30066> and noticeably improves performance when using GUIX_DAEMON_SOCKET=ssh://HOST (the redirect code was transferring data to guix-daemon one byte at a time!). * guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'read!' and use it instead of 'get-bytevector-some'. Ludovic Courtès
2018-01-07ssh: Improve error reporting when retrieving files.•••'guix copy --from' now reports messages much more useful than "failed to retrieve files". * guix/ssh.scm (store-export-channel)[export]: Wrap 'use-modules' in 'catch' and 'with-store' in 'guard'. Check for invalid items. Write a status sexp on stdout. (raise-error): New macro. (retrieve-files): Read the initial status sexp and report errors accordingly. Ludovic Courtès
2017-11-19ssh: Use (guix i18n).•••* guix/ssh.scm: Use (guix i18n) instead of (guix ui). Ludovic Courtès
2017-06-04ssh: Improve error reporting when 'send-files' fails.•••Fixes <http://bugs.gnu.org/26972>. * guix/ssh.scm (store-import-channel)[import]: Add 'consume-input' procedure. Wrap body in 'catch' and 'guard'. Use 'open-remote-pipe' with OPEN_BOTH instead of 'open-remote-output-pipe'. (send-files): After the 'channel-send-eof' call, do (read port). Interpret the result sexp and raise an error condition if needed. Ludovic Courtès
2017-05-03ui: Rename '_' to 'G_'.•••This avoids collisions with '_' when the latter is used as a 'match' pattern for instance. See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00464.html>. * guix/ui.scm: Rename '_' to 'G_'. * po/guix/Makevars (XGETTEXT_OPTIONS): Adjust accordingly. * build-aux/compile-all.scm (warnings): Remove 'format'. * gnu/packages.scm, gnu/services.scm, gnu/services/shepherd.scm, gnu/system.scm, gnu/system/shadow.scm, guix/gnupg.scm, guix/http-client.scm, guix/import/cpan.scm, guix/import/elpa.scm, guix/import/pypi.scm, guix/nar.scm, guix/scripts.scm, guix/scripts/archive.scm, guix/scripts/authenticate.scm, guix/scripts/build.scm, guix/scripts/challenge.scm, guix/scripts/container.scm, guix/scripts/container/exec.scm, guix/scripts/copy.scm, guix/scripts/download.scm, guix/scripts/edit.scm, guix/scripts/environment.scm, guix/scripts/gc.scm, guix/scripts/graph.scm, guix/scripts/hash.scm, guix/scripts/import.scm, guix/scripts/import/cpan.scm, guix/scripts/import/cran.scm, guix/scripts/import/crate.scm, guix/scripts/import/elpa.scm, guix/scripts/import/gem.scm, guix/scripts/import/gnu.scm, guix/scripts/import/hackage.scm, guix/scripts/import/nix.scm, guix/scripts/import/pypi.scm, guix/scripts/import/stackage.scm, guix/scripts/lint.scm, guix/scripts/offload.scm, guix/scripts/pack.scm, guix/scripts/package.scm, guix/scripts/perform-download.scm, guix/scripts/publish.scm, guix/scripts/pull.scm, guix/scripts/refresh.scm, guix/scripts/size.scm, guix/scripts/substitute.scm, guix/scripts/system.scm, guix/ssh.scm, guix/upstream.scm: Use 'G_' instead of '_'. Most of this change was obtained by running: "sed -i -e's/(_ "/(G_ "/g' `find -name \*.scm`". Ludovic Courtès
2017-04-21ssh: Decompose 'connect-to-remote-daemon'.•••* guix/ssh.scm (remote-daemon-channel): New procedure. (connect-to-remote-daemon): Implement in terms of it. Ludovic Courtès
2017-04-21ssh: Move 'open-ssh-session' to (guix ssh).•••* guix/scripts/copy.scm (%compression, open-ssh-session): Move to... * guix/ssh.scm: ... here. Use '&message' conditions instead of calling 'leave'. Ludovic Courtès
2016-12-31ssh: 'retrieve-files' detects remote export failures.•••* guix/ssh.scm (retrieve-files): Call 'lookahead-u8' and raise a '&message' condition when it returns EOF. Ludovic Courtès
2016-12-31ssh: 'send-files' returns the list of items sent.•••* guix/ssh.scm (send-files): Return MISSING. Ludovic Courtès
2016-12-31ssh: Allow transfers of complete closures.•••* guix/ssh.scm (store-export-channel, send-files) (file-retrieval-port, retrieve-files): Add #:recursive? parameter and honor it. Ludovic Courtès
2016-12-31Add (guix ssh) module.•••* guix/scripts/offload.scm (connect-to-remote-daemon) (store-import-channel, store-export-channel, send-files) (retrieve-files): Move to (guix ssh). (nonce): Add optional 'name' parameter and use it. (retrieve-files*): New procedure. (transfer-and-offload): Use it instead of 'retrieve-files', and add first parameter to 'send-files'. (assert-node-can-import): Likewise. (assert-node-can-export): Use 'retrieve-files' instead of 'store-export-channel'. * guix/ssh.scm: New file. * configure.ac: Use 'GUIX_CHECK_GUILE_SSH' and define 'HAVE_GUILE_SSH' Automake conditional. * Makefile.am (MODULES) [HAVE_GUILE_SSH]: Add guix/ssh.scm. Ludovic Courtès