summaryrefslogtreecommitdiff
path: root/guix/ssh.scm
AgeCommit message (Collapse)Author
2023-08-22ssh: Also print the user when authentication fails.Attila Lendvai
* guix/ssh.scm (open-ssh-session): Show user in error message. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2023-04-19ssh: Silence remote daemon messages when sending store items.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/61839>. Previously, when running 'guix-daemon --debug' on the remote machine, lots of debugging outputs would be printed to stderr; since the client wouldn't read it, we could eventually reach a deadlock where the 'guix repl' process would be stuck writing to stderr while the client is stuck waiting on its stdout. * guix/ssh.scm (store-import-channel)[import]: Parameterize 'current-build-output-port'.
2023-02-19ssh: Factor out progress % calculation.Tobias Geerinckx-Rice
* guix/ssh.scm (notify-transfer-progress): Trust its % argument.
2022-08-10ssh: 'open-ssh-session' gracefully handles connection timeouts.Ludovic Courtès
* guix/ssh.scm (open-ssh-session): Add case for 'again.
2022-06-15ssh: Add #:connection-timeout parameter to 'open-ssh-session'.Ludovic Courtès
* guix/ssh.scm (open-ssh-session): Add #:connection-timeout parameter and honor it.
2021-05-11ssh: Fix type that broke offloading.Ludovic Courtès
Reported by Simon Streit <simon@netpanic.org>. Regression introduced in 3270308eebe82075d2f02517c5a2b1599928495c. * guix/ssh.scm (remote-daemon-channel)[redirect]: Unquote SOCKET-NAME.
2021-05-08ssh: Honor GUIX_DAEMON_SOCKET on the target machine.Ludovic Courtès
Fixes <https://bugs.gnu.org/48240>. Reported by Ricardo Wurmus <rekado@elephly.net>. * guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'connect-to-daemon'. Use the same-named procedure from (guix store) when available, and honor GUIX_DAEMON_SOCKET.
2021-05-08ssh: 'connect-to-remote-daemon' raises a nicer message upon error.Ludovic Courtès
* guix/ssh.scm (connect-to-remote-daemon): Catch 'store-connection-error?' and rethrow.
2020-12-23ssh: Use 'guix repl' instead of 'guile'.Ludovic Courtès
This simplifies setup of build machines: no need to install Guile in addition to Guix, no need to set 'GUILE_LOAD_PATH' & co., leading to fewer failure modes. * guix/ssh.scm (remote-run): New procedure. (remote-daemon-channel): Use it instead of 'open-remote-pipe*'. (store-import-channel)[import]: Remove check for module availability. Add call to 'primitive-exit'. Use 'remote-run' instead of 'open-remote-pipe'. (store-export-channel)[export]: Remove check for module availability. Add calls to 'primitive-exit'. Use 'remote-run' instead of 'open-remote-pipe'. (handle-import/export-channel-error): Remove 'module-error' clause. (report-module-error): Remove. * guix/scripts/offload.scm (assert-node-has-guix): Replace call to 'report-module-error' by 'leave'. * doc/guix.texi (Daemon Offload Setup): Remove mention of Guile.
2020-09-02ssh: Fix progress bar crash when there are zero items to send.Ludovic Courtès
* guix/ssh.scm (notify-transfer-progress): Do nothing when TOTAL is zero.
2020-09-02ssh: Fix regression in 'send-files'.Ludovic Courtès
Regression introduced in b03267df6d5ec44e9617b6aab0df14a2e79f822e. The (take files 20) is a leftover from testing session. * guix/ssh.scm (send-files): Fix value for 'missing'.
2020-08-31ssh: 'send-files' displays a progress bar.Ludovic Courtès
* guix/store.scm (export-paths): Add #:start, #:progress, and #:finish parameters and honor them. * guix/ssh.scm (prepare-to-send, notify-transfer-progress) (notify-transfer-completion): New procedures. (send-files): Pass #:start, #:progress, and #:finish to 'export-paths'.
2020-08-07ssh: Really report Guile setup errors in 'send-files'.Ludovic Courtès
This is a followup to commit 8f53d73493a2949e2db28cd7d689a690b2d9479a, which did not have the desired effect: the 'resolve-module' call was bound to succeed since the inferior runs 'guix repl'. * guix/ssh.scm (store-import-channel)[import]: Add call to 'resolve-module' and write '(module-error) upon error. Write '(importing) when we're ready. (send-files)[inferior-remote-eval*]: Remove. [missing]: Remove call to 'resolve-module'. Call 'handle-import/export-channel-error' when PORT doesn't return '(importing). (handle-import/export-channel-error): New procedure. (retrieve-files*): Use it.
2020-07-25Use 'formatted-message' instead of '&message' where appropriate.Ludovic Courtès
* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition*): Likewise. * gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file*): Likewise. * guix/ssh.scm (authenticate-server*): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. * guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto.
2020-07-25utils: Move '&fix-hint' to (guix diagnostics).Ludovic Courtès
* guix/utils.scm (&fix-hint): Move to... * guix/diagnostics.scm (&fix-hint): ... here. * gnu.scm: Adjust imports accordingly. * gnu/system/mapped-devices.scm: Likewise. * guix/channels.scm: Likewise. * guix/profiles.scm: Likewise. * guix/scripts/system/reconfigure.scm: Likewise. * guix/ssh.scm: Likewise.
2020-07-20ssh: Speed up RPCs by using #:nodelay.Lars-Dominik Braun
Partly fixes <https://bugs.gnu.org/41702>. * guix/ssh.scm (open-ssh-session): Enable #:nodelay. * m4/guix.m4 (GUIX_CHECK_GUILE_SSH): Add feature check for this new parameter. * doc/guix.texi (Requirements): Adjust. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2020-03-23ssh: 'send-files' reports missing modules on the remote host.Ludovic Courtès
Reported by Mikael Djurfeldt <mikael@djurfeldt.com> in <https://bugs.gnu.org/40125>. * guix/ssh.scm (send-files)[inferior-remote-eval*]: New procedure. [missing]: Use it. Add an explicit 'resolve-module' call. (report-inferior-exception): New procedure.
2020-02-20ssh: Add Kerberos-support to ssh:// daemon URLsLars-Dominik Braun
* guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key authentication does not work Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2019-12-04ssh: 'open-ssh-session' can be passed the expected host key.Ludovic Courtès
* guix/ssh.scm (open-ssh-session): Add #:host-key parameter. Pass #:knownhosts to 'make-session'. When HOST-KEY is true, call 'authenticate-server*' instead of 'authenticate-server'.
2019-12-04ssh: Always authenticate the server [security fix].Ludovic Courtès
Until now, users of 'open-ssh-session', including "guix deploy" and "GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not authenticate the SSH server they're talking to. * guix/ssh.scm (open-ssh-session): Call 'authenticate-server'.
2019-12-04ssh: Add 'authenticate-server*' and use it for offloading.Ludovic Courtès
* guix/scripts/offload.scm (host-key->type+key): Remove. (open-ssh-session): Replace server authentication code with a call to 'authenticate-server*'. * guix/ssh.scm (host-key->type+key, authenticate-server*): New procedures.
2019-10-15ssh: Add a longer SSH timeout by default.Ludovic Courtès
* guix/ssh.scm (open-ssh-session): Add #:timeout parameter, and add call to 'session-set!' to honor it.
2019-08-28remote, ssh: Show the command exit status upon failure.Ludovic Courtès
* guix/remote.scm (remote-pipe-for-gexp): Show the exit status in error message. * guix/ssh.scm (remote-inferior): Likewise.
2019-08-16machine: Use 'become-command'.Jakob L. Kreuze
* gnu/machine/ssh.scm (managed-host-remote-eval): Pass an appropriate 'become-command' to 'remote-eval'. * guix/ssh.scm (remote-authorize-signing-key): Add optional 'become-command' argument. All callers changed.
2019-08-15machine: Automatically authorize the coordinator's signing key.Jakob L. Kreuze
* guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. (deploy-managed-host): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. (Invoking guix deploy): Add section describing the 'authorize?' field.
2019-08-15machine: Allow non-root users to deploy.Jakob L. Kreuze
* doc/guix.texi (Invoking guix deploy): Add section describing prerequisites for deploying as a non-root user. * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' argument. (%remote-eval): New optional 'become-command' argument. (remote-eval): New 'become-command' keyword argument. * guix/ssh.scm (remote-inferior): New optional 'become-command' argument. (inferior-remote-eval): New optional 'become-command' argument. (remote-authorize-signing-key): New optional 'become-command' argument. * gnu/machine/ssh.scm (machine-become-command): New variable. (managed-host-remote-eval): Invoke 'remote-eval' with the '#:become-command' keyword. (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the '#:become-command' keyword.
2019-08-14remote: Build derivations appropriate for the remote'sJakob L. Kreuze
* gnu/machine/ssh.scm (machine-ssh-configuration): Add 'system' field. (managed-host-remote-eval): Pass 'system' field to 'remote-eval'. (machine-check-building-for-appropriate-system): New variable. (check-deployment-sanity): Add call to 'machine-check-building-for-appropriate-system'. * doc/guix.texi (Invoking guix deploy): Describe new 'system' field. * guix/ssh.scm (remote-system): New variable. * guix/remote.scm (remote-eval): Use result of 'remote-system' when lowering the G-Expression. (remote-eval): Add 'system' keyword argument. (trampoline): Return a <program-file> rather than a <scheme-file>.
2019-07-06ssh: Add 'identity' keyword to 'open-ssh-session'.Jakob L. Kreuze
* guix/ssh.scm (open-ssh-session): Add 'identity' keyword argument.
2019-06-10ssh: Add missing import.Ludovic Courtès
* guix/ssh.scm: Use (ice-9 format).
2019-01-21store: Rename '&nix-error' to '&store-error'.Ludovic Courtès
* guix/store.scm (&nix-error): Rename to... (&store-error): ... this, and adjust users. (&nix-connection-error): Rename to... (&store-connection-error): ... this, and adjust users. (&nix-protocol-error): Rename to... (&store-protocol-error): ... this, adjust users. (&nix-error, &nix-connection-error, &nix-protocol-error): Define these condition types and their getters as deprecrated aliases. * build-aux/run-system-tests.scm, guix/derivations.scm, guix/grafts.scm, guix/scripts/challenge.scm, guix/scripts/graph.scm, guix/scripts/lint.scm, guix/scripts/offload.scm, guix/serialization.scm, guix/ssh.scm, guix/tests.scm, guix/ui.scm, tests/derivations.scm, tests/gexp.scm, tests/guix-daemon.sh, tests/packages.scm, tests/store.scm, doc/guix.texi: Adjust to use the new names.
2019-01-21store: Rename <nix-server> to <store-connection>.Ludovic Courtès
* guix/store.scm (<nix-server>): Rename to... (<store-connection>): ... this. Adjust users accordingly. (nix-server?, nix-server-major-version) (nix-server-minor-version, nix-server-socket) (nix-server-version): Define as deprecated aliases. * guix/inferior.scm: Adjust accordingly. * guix/ssh.scm: Likewise.
2019-01-09Remove most uses of the _IO*F constants.Ludovic Courtès
These constants, for use with 'setvbuf', were deprecated in Guile 2.2 and disappeared in Guile 3.0. Here we keep these constants in build-side code where removing them is not feasible. * guix/build/download-nar.scm (download-nar): Adjust 'setvbuf' calls to the Guile 2.2+ API. * guix/build/download.scm (open-socket-for-uri): Likewise. (open-connection-for-uri, url-fetch): Likewise. * guix/build/make-bootstrap.scm (make-stripped-libc): Likewise. * guix/build/union.scm (setvbuf) [guile-2.0]: New conditional wrapper. (union-build): Adjust to new API. * guix/ftp-client.scm (ftp-open, ftp-list, ftp-retr): Likewise. * guix/http-client.scm (http-fetch): Likewise. * guix/inferior.scm (proxy): Likewise. * guix/scripts/substitute.scm (fetch, http-multiple-get): Likewise. * guix/self.scm (compiled-modules): Likewise. * guix/ssh.scm (remote-daemon-channel, store-import-channel) (store-export-channel): Likewise. * guix/ui.scm (initialize-guix): Likewise. * tests/publish.scm (http-get-port): Likewise. * guix/store.scm (%newlines): Adjust comment.
2018-12-24offload: Use (guix inferior) instead of (ssh dist node).Ludovic Courtès
Using inferiors and thus 'guix repl' simplifies setup on build machines (no need to worry about GUILE_LOAD_PATH etc.) Furthermore, the 'guix repl -t machine' protocol running in a remote pipe addresses several issues with the current implementation of nodes and RREPLs in Guile-SSH: fewer round trips, doesn't leave a 'guile --listen' process behind it, stateless (since a new process is started each time), more efficient (the SSH channel can be reused), more reliable (no 'pgrep', 'pkill', and shellology; see <https://github.com/artyom-poptsov/guile-ssh/issues/11> as an example.) * guix/ssh.scm (inferior-remote-eval): New procedure. (send-files): Use it instead of 'make-node' and 'node-eval'. * guix/scripts/offload.scm (node-guile-version): New procedure. (node-free-disk-space, transfer-and-offload, node-load) (choose-build-machine, assert-node-has-guix): Use 'remote-inferior' instead of 'make-node' and 'inferior-eval' instead of 'node-eval'. (assert-node-can-import, assert-node-can-export): Likewise, and add 'session' parameter. (check-machine-availability): Likewise, and add calls to 'close-inferior' and 'disconnect!'. (check-machine-status): Likewise. * doc/guix.texi (Daemon Offload Setup): Remove bit related to 'guile' in $PATH and $GUILE_LOAD_PATH; mention 'guix' alone.
2018-12-24ssh: Add 'remote-inferior'.Ludovic Courtès
* guix/inferior.scm (<inferior>)[close]: New field. (port->inferior): New procedure. (open-inferior): Rewrite in terms of 'port->inferior'. (close-inferior): Honor INFERIOR's 'close' field. (inferior-eval-with-store): Add FIXME comment. * guix/ssh.scm (remote-inferior): New procedure.
2018-11-24ssh: Make 'send-files' more robust.Ludovic Courtès
Possibly fixes <https://bugs.gnu.org/33239>. * guix/ssh.scm (send-files): Call 'channel-get-exit-status' only when RESULT is true.
2018-11-05ssh: Honor the SOCKET-NAME argument of connect-to-remote-daemon.Maxim Cournoyer
* guix/ssh.scm (connect-to-remote-daemon): Pass the `socket-name' variable to the `open-connection' call so that it is honored.
2018-07-29ssh: Display the size of the store items being sent.Ludovic Courtès
* guix/ssh.scm (send-files): Compute the size of MISSING and display it.
2018-02-09ssh: Work around 'select' bug in Guile.Ludovic Courtès
Fixes <https://bugs.gnu.org/30365>. * guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'select*' and use it.
2018-01-12ssh: Switch back to 'get-bytevector-some'.Ludovic Courtès
This mostly reverts 17af5d51de7c40756a4a39d336f81681de2ba447. Suggested by Andy Wingo <wingo@igalia.com>. * guix/ssh.scm (remote-daemon-channel)[redirect]: Remove 'read!' FFI hack. Use buffered ports.
2018-01-12offload: 'test' reports Guile and module errors more nicely.Ludovic Courtès
Fixes <https://bugs.gnu.org/26008>. Reported by Myles English <mylesenglish@gmail.com>. * guix/ssh.scm (retrieve-files*): Move error reporting to... (report-guile-error, report-module-error): ... here. New procedures. * guix/scripts/offload.scm (assert-node-repl): Use 'report-guile-error'. (assert-node-has-guix): Explicitly check for 'use-modules' first. Use 'report-module-error'.
2018-01-12ssh: 'retrieve-files' now only retrieves what's missing.Ludovic Courtès
* guix/ssh.scm (retrieve-files): Remove the subset of FILES that is valid in LOCAL. (store-export-channel): Add comment.
2018-01-12offload: Fix regression in file retrieval.Ludovic Courtès
This fixes a regression in 'retrieve-files*' introduced in 896fec476f728183b331cbb6e2afb891207b4205, whereby (guix scripts offload) would not read the initial sexp now sent by the remote host via 'store-export-channel'. This would effectively prevent file retrieval entirely when offloading. * guix/ssh.scm (retrieve-files*): New procedure, like former 'retrieve-files' but with an extra #:import parameter. (retrieve-files): Rewrite in terms of 'retrieve-files*'. (file-retrieval-port): Make private. * guix/scripts/offload.scm (transfer-and-offload): Pass #:import to 'retrieve-files*'. (retrieve-files*): Remove.
2018-01-11ssh: Pass an empty "exceptfds" set to 'select'.Ludovic Courtès
Previously the redirect code could end up exiting prematurely because of an uninteresting "exceptional condition" on the socket (info "(libc) Waiting for I/O"). * guix/ssh.scm (remote-daemon-channel): Pass the empty list as the third argument to 'select'. It was a mistake to pass a non-empty list there in the first place.
2018-01-11ssh: Work around 'get-bytevector-some' bug.Ludovic Courtès
This works around <https://bugs.gnu.org/30066> and noticeably improves performance when using GUIX_DAEMON_SOCKET=ssh://HOST (the redirect code was transferring data to guix-daemon one byte at a time!). * guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'read!' and use it instead of 'get-bytevector-some'.
2018-01-07ssh: Improve error reporting when retrieving files.Ludovic Courtès
'guix copy --from' now reports messages much more useful than "failed to retrieve files". * guix/ssh.scm (store-export-channel)[export]: Wrap 'use-modules' in 'catch' and 'with-store' in 'guard'. Check for invalid items. Write a status sexp on stdout. (raise-error): New macro. (retrieve-files): Read the initial status sexp and report errors accordingly.
2017-11-19ssh: Use (guix i18n).Ludovic Courtès
* guix/ssh.scm: Use (guix i18n) instead of (guix ui).
2017-06-04ssh: Improve error reporting when 'send-files' fails.Ludovic Courtès
Fixes <http://bugs.gnu.org/26972>. * guix/ssh.scm (store-import-channel)[import]: Add 'consume-input' procedure. Wrap body in 'catch' and 'guard'. Use 'open-remote-pipe' with OPEN_BOTH instead of 'open-remote-output-pipe'. (send-files): After the 'channel-send-eof' call, do (read port). Interpret the result sexp and raise an error condition if needed.
2017-05-03ui: Rename '_' to 'G_'.Ludovic Courtès
This avoids collisions with '_' when the latter is used as a 'match' pattern for instance. See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00464.html>. * guix/ui.scm: Rename '_' to 'G_'. * po/guix/Makevars (XGETTEXT_OPTIONS): Adjust accordingly. * build-aux/compile-all.scm (warnings): Remove 'format'. * gnu/packages.scm, gnu/services.scm, gnu/services/shepherd.scm, gnu/system.scm, gnu/system/shadow.scm, guix/gnupg.scm, guix/http-client.scm, guix/import/cpan.scm, guix/import/elpa.scm, guix/import/pypi.scm, guix/nar.scm, guix/scripts.scm, guix/scripts/archive.scm, guix/scripts/authenticate.scm, guix/scripts/build.scm, guix/scripts/challenge.scm, guix/scripts/container.scm, guix/scripts/container/exec.scm, guix/scripts/copy.scm, guix/scripts/download.scm, guix/scripts/edit.scm, guix/scripts/environment.scm, guix/scripts/gc.scm, guix/scripts/graph.scm, guix/scripts/hash.scm, guix/scripts/import.scm, guix/scripts/import/cpan.scm, guix/scripts/import/cran.scm, guix/scripts/import/crate.scm, guix/scripts/import/elpa.scm, guix/scripts/import/gem.scm, guix/scripts/import/gnu.scm, guix/scripts/import/hackage.scm, guix/scripts/import/nix.scm, guix/scripts/import/pypi.scm, guix/scripts/import/stackage.scm, guix/scripts/lint.scm, guix/scripts/offload.scm, guix/scripts/pack.scm, guix/scripts/package.scm, guix/scripts/perform-download.scm, guix/scripts/publish.scm, guix/scripts/pull.scm, guix/scripts/refresh.scm, guix/scripts/size.scm, guix/scripts/substitute.scm, guix/scripts/system.scm, guix/ssh.scm, guix/upstream.scm: Use 'G_' instead of '_'. Most of this change was obtained by running: "sed -i -e's/(_ "/(G_ "/g' `find -name \*.scm`".
2017-04-21ssh: Decompose 'connect-to-remote-daemon'.Ludovic Courtès
* guix/ssh.scm (remote-daemon-channel): New procedure. (connect-to-remote-daemon): Implement in terms of it.
2017-04-21ssh: Move 'open-ssh-session' to (guix ssh).Ludovic Courtès
* guix/scripts/copy.scm (%compression, open-ssh-session): Move to... * guix/ssh.scm: ... here. Use '&message' conditions instead of calling 'leave'.