GNU bug report logs - #32855
sshuttle /usr/bin/env

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 32855 in the body.
You can then email your comments to 32855 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Nam Nguyen <namn <at> berkeley.edu>
To: bug-guix <at> gnu.org
Subject: sshuttle /usr/bin/env
Date: Thu, 27 Sep 2018 11:23:23 -0700

sshuttle is a python program that uses /usr/bin/env at line 196 of:
/gnu/store/...-sshuttle-0.78.4/lib/python3.6/site-packages/sshuttle/client.py
['sudo', '-p', '[local sudo] Password: ', '/usr/bin/env',

Trying to run sshuttle on GuixSD results in:
$ sshuttle -r user <at> server.com 0/0 -x server.com
sudo: /usr/bin/env: command not found

Here is a potential fix that I recycled from sshoot's recipe. I tested it,
and it works.

$ diff ~/.config/guix/current/share/guile/site/2.2/gnu/packages/vpn.scm ~/vpn.scm
349a350,357
>     (arguments
>      '(#:phases
>        (modify-phases %standard-phases
>          (add-after 'unpack 'patch-paths
>            (lambda _
>              (substitute* "sshuttle/client.py"
>                (("/usr/bin/env") (which "env")))
>              #t)))))

Cheers,
Nam

Message #8 received at 32855 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Nam Nguyen <namn <at> berkeley.edu>
Cc: 32855 <at> debbugs.gnu.org
Subject: Re: bug#32855: sshuttle /usr/bin/env
Date: Thu, 27 Sep 2018 21:11:45 +0200

Hullo,

Thanks for the report!

Nam Nguyen wrote:
> sshuttle is a python program that uses /usr/bin/env at line 196 
> of:
> /gnu/store/...-sshuttle-0.78.4/lib/python3.6/site-packages/sshuttle/client.py
> ['sudo', '-p', '[local sudo] Password: ', '/usr/bin/env',
>
> Trying to run sshuttle on GuixSD results in:
> $ sshuttle -r user <at> server.com 0/0 -x server.com
> sudo: /usr/bin/env: command not found

This means that sshuttle on vanilla GuixSD has been broken ever 
since I added it in 2016, which saddens me. I guess nobody else 
uses it or, like me, they happen to also have a /usr/bin/env 
symlink.

> Here is a potential fix that I recycled from sshoot's recipe. I 
> tested it,
> and it works.
>
> $ diff 
> ~/.config/guix/current/share/guile/site/2.2/gnu/packages/vpn.scm 
> ~/vpn.scm
> 349a350,357
>>     (arguments
>>      '(#:phases
>>        (modify-phases %standard-phases
>>          (add-after 'unpack 'patch-paths
>>            (lambda _
>>              (substitute* "sshuttle/client.py"
>>                (("/usr/bin/env") (which "env")))
>>              #t)))))

I'll push this soon. Is it all right if I mention your name & 
e-mail in the commit message?

Kind regards,

T G-R

Message #11 received at 32855 <at> debbugs.gnu.org (full text, mbox):

From: Nam Nguyen <namn <at> berkeley.edu>
To: 32855 <at> debbugs.gnu.org
Subject: Re: bug#32855: sshuttle /usr/bin/env
Date: Thu, 27 Sep 2018 12:22:18 -0700

Yes, feel free to mention my name and e-mail. Thank you for your work
packaging it.

Message #16 received at 32855-done <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Nam Nguyen <namn <at> berkeley.edu>
Cc: 32855-done <at> debbugs.gnu.org
Subject: Re: bug#32855: sshuttle /usr/bin/env
Date: Fri, 28 Sep 2018 00:04:10 +0200

Nam Nguyen wrote:
> Yes, feel free to mention my name and e-mail.

Pushed as 6a6f7488df1794828e1845eaaf2c1c911c8e3e54.

Kind regards,

T G-R

Message #19 received at 32855 <at> debbugs.gnu.org (full text, mbox):

From: Nam Nguyen <namn <at> berkeley.edu>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 32855 <at> debbugs.gnu.org
Subject: Re: bug#32855: sshuttle /usr/bin/env
Date: Sat, 29 Sep 2018 15:40:01 -0700

Hi Tobias,

After testing, I think the /bin/sh substitution introduced a regression.

Lines in question:
(substitute* "sshuttle/ssh.py"
  ;; Perhaps this is unreachable, but don't let's take risks.
  (("/bin/sh") (which "sh")))

$ sshuttle -r user <at> server.com 0/0 -x server.com
ksh: /gnu/store/rb...-bash-minimal-4.4.19/bin/sh: not found
client: fatal: server died with error code 127

The server I am sshing to is not running GuixSD. It is trying to find
/gnu/store/.../bin/sh but it doesn't exst. My local client is running
GuixSD. The only requirements on the server side should be Python. Should
those lines should be removed? I tested without, and it seems to work okay,
at least for my particular setup: GuixSD client --> non-GuixSD server.

I suppose we have to state the assumptions of whether the client and
server are running Guix or not, and arrive at good defaults.

Message #22 received at 32855 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Nam Nguyen <namn <at> berkeley.edu>
Cc: 32855 <at> debbugs.gnu.org
Subject: Re: bug#32855: sshuttle /usr/bin/env
Date: Sun, 30 Sep 2018 13:52:56 +0200

Hullo,

Nam Nguyen wrote:
> Hi Tobias,
>
> After testing, I think the /bin/sh substitution introduced a 
> regression.
>
> Lines in question:
> (substitute* "sshuttle/ssh.py"
>   ;; Perhaps this is unreachable, but don't let's take risks.

Oh, the irony.

>   (("/bin/sh") (which "sh")))

This is just wrong: it calls the client's /gnu/store/.../sh on the 
server.

> $ sshuttle -r user <at> server.com 0/0 -x server.com
> ksh: /gnu/store/rb...-bash-minimal-4.4.19/bin/sh: not found
> client: fatal: server died with error code 127
>
> The server I am sshing to is not running GuixSD. It is trying to 
> find
> /gnu/store/.../bin/sh but it doesn't exst.

That's a good point (all my remotes run GuixSD, hiding the bug).

> The only requirements on the server side should be Python.

It's all well & good for upstream to say that (they do), but if 
they explicitly call /bin/sh on the server then it's just not 
true. A POSIX-compliant 'sh' was always an unstated server-side 
dependency, and Guix happens to be very good at finding (and 
breaking :-) those.

The hard-coded '/bin/' kluge was accepted later¹. Can't fathom 
why. If brianmay's last comment is still true they'll accept the 
correct 'exec sh' solution too.

Could you check whether replacing '(which "sh")' with '"sh"' 
works? It does for me.

> Should those lines should be removed? I tested without, and it 
> seems to work okay,
> at least for my particular setup: GuixSD client --> non-GuixSD 
> server.

Wouldn't that break [any client -> vanilla GuixSD server] cases?

No denying that this regression needs to be fixed, 
though. Apologies for breaking your 'flow.

> I suppose we have to state the assumptions of whether the client 
> and
> server are running Guix or not, and arrive at good defaults.

I'd like to avoid such assumptions in general, and entirely on the 
Internet.

Kind regards,

T G-R

1. https://github.com/sshuttle/sshuttle/pull/77

Message #25 received at 32855 <at> debbugs.gnu.org (full text, mbox):

From: Nam Nguyen <namn <at> berkeley.edu>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 32855 <at> debbugs.gnu.org
Subject: Re: bug#32855: sshuttle /usr/bin/env
Date: Sun, 30 Sep 2018 07:45:05 -0700

> This is just wrong: it calls the client's /gnu/store/.../sh on the server.
Thanks for identifying the problem. Your solution sounds good.

> Could you check whether replacing '(which "sh")' with '"sh"' works? It does
> for me.
Yes, this works in my testing.

> A POSIX-compliant 'sh' was always an unstated server-side dependency,
> and Guix happens to be very good at finding (and breaking :-) those.
Guix is great, and I am enjoying learning more about it! I suppose these
are the challenges that come with making software portable.

Message #28 received at 32855 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>, Nam Nguyen <namn <at> berkeley.edu>
Cc: 32855 <at> debbugs.gnu.org
Subject: Re: bug#32855: sshuttle /usr/bin/env
Date: Sat, 06 Oct 2018 16:19:22 +0200

[Message part 1 (text/plain, inline)]

Tobias Geerinckx-Rice <me <at> tobias.gr> writes:

>> Should those lines should be removed? I tested without, and it 
>> seems to work okay,
>> at least for my particular setup: GuixSD client --> non-GuixSD 
>> server.
>
> Wouldn't that break [any client -> vanilla GuixSD server] cases?

Note that /bin/sh is present even on vanilla GuixSD.

[signature.asc (application/pgp-signature, inline)]

Message #31 received at 32855 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 32855 <at> debbugs.gnu.org, Nam Nguyen <namn <at> berkeley.edu>
Subject: Re: bug#32855: sshuttle /usr/bin/env
Date: Sat, 06 Oct 2018 16:49:51 +0200

Marius,

Marius Bakke wrote:
> Note that /bin/sh is present even on vanilla GuixSD.

Thanks. I should probably give this vanilla GuixSD of which you 
speak a try some time :-)

Kind regards,

T G-R

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.