From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 07 08:49:49 2019 Received: (at submit) by debbugs.gnu.org; 7 Aug 2019 12:49:49 +0000 Received: from localhost ([127.0.0.1]:38181 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvLO0-0000TJ-MV for submit@debbugs.gnu.org; Wed, 07 Aug 2019 08:49:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:57507) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvLNy-0000TB-El for submit@debbugs.gnu.org; Wed, 07 Aug 2019 08:49:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49430) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvLNw-0002Al-Ib for guix-patches@gnu.org; Wed, 07 Aug 2019 08:49:46 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvLNu-0006kw-ON for guix-patches@gnu.org; Wed, 07 Aug 2019 08:49:44 -0400 Received: from mx.sdf.org ([205.166.94.20]:64671) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvLNu-0006k9-CD for guix-patches@gnu.org; Wed, 07 Aug 2019 08:49:42 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x77CneGQ027546 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO) for ; Wed, 7 Aug 2019 12:49:41 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: guix-patches@gnu.org Subject: [PATCH] machine: Allow non-root users to deploy. Date: Wed, 07 Aug 2019 08:46:29 -0400 Message-ID: <87a7cl3zyy.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 205.166.94.20 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix deploy): Add section describing prerequisites for deploying as a non-root user. * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' argument. (%remote-eval): New optional 'become-command' argument. (remote-eval): New 'become-command' keyword argument. * guix/ssh.scm (remote-inferior): New optional 'become-command' argument. (inferior-remote-eval): New optional 'become-command' argument. (remote-authorize-signing-key): New optional 'become-command' argument. * gnu/machine/ssh.scm (machine-become-command): New variable. (managed-host-remote-eval): Invoke 'remote-eval' with the '#:become-command' keyword. (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the '#:become-command' keyword. =2D-- doc/guix.texi | 10 ++++++++ gnu/machine/ssh.scm | 15 ++++++++++-- guix/remote.scm | 60 ++++++++++++++++++++++++++++----------------- guix/ssh.scm | 30 ++++++++++++++++------- 4 files changed, 82 insertions(+), 33 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 64ca44d494..144981af10 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25514,6 +25514,7 @@ evaluates to. As an example, @var{file} might cont= ain a definition like this: (environment managed-host-environment-type) (configuration (machine-ssh-configuration (host-name "localhost") + (user "alice") (identity "./id_rsa") (port 2222))))) @end example @@ -25530,6 +25531,15 @@ complex deployment may involve, for example, start= ing virtual machines through a Virtual Private Server (VPS) provider. In such a case, a different @var{environment} type would be used. =20 +@code{user}, in this example, specifies the name of the user account to lo= g in +as to perform the deployment. Its default value is @code{root}, but root +login over SSH may be forbidden in some cases. To work around this, +@command{guix deploy} can log in as an unprivileged user and employ +@code{sudo} to escalate privileges. This will only work if @code{sudo} is +currently installed on the remote and can be invoked non-interactively as +@code{user}. That is: the line in @code{sudoers} granting @code{user} the +ability to use @code{sudo} must contain the NOPASSWD tag. + @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 90deff19a8..083e443a16 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -105,6 +105,14 @@ one from the configuration's parameters if one was not= provided." ;;; Remote evaluation. ;;; =20 +(define (machine-become-command machine) + "Return as a list of strings the program and arguments necessary to run a +shell command with escalated privileges for MACHINE's configuration." + (if (string=3D "root" (machine-ssh-configuration-user + (machine-configuration machine))) + '() + '("/run/setuid-programs/sudo" "-n" "--"))) + (define (managed-host-remote-eval machine exp) "Internal implementation of 'machine-remote-eval' for MACHINE instances = with an environment type of 'managed-host." @@ -112,7 +120,9 @@ an environment type of 'managed-host." (remote-eval exp (machine-ssh-session machine) #:build-locally? (machine-ssh-configuration-build-locally? =2D (machine-configuration machine)))) + (machine-configuration machine)) + #:become-command + (machine-become-command machine))) =20 ;;; @@ -335,7 +345,8 @@ environment type of 'managed-host." (remote-authorize-signing-key (call-with-input-file %public-key-file (lambda (port) (string->canonical-sexp (get-string-al= l port)))) =2D (machine-ssh-session machine)) + (machine-ssh-session machine) + (machine-become-command machine)) (mlet %store-monad ((_ (check-deployment-sanity machine)) (boot-parameters (machine-boot-parameters machine))) (let* ((os (machine-operating-system machine)) diff --git a/guix/remote.scm b/guix/remote.scm index d5738ebbfa..d5992763b2 100644 =2D-- a/guix/remote.scm +++ b/guix/remote.scm @@ -27,6 +27,8 @@ #:use-module (guix utils) #:use-module (ssh popen) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (ice-9 match) #:export (remote-eval)) =20 @@ -41,29 +43,41 @@ ;;; ;;; Code: =20 =2D(define (remote-pipe-for-gexp lowered session) =2D "Return a remote pipe for the given SESSION to evaluate LOWERED." +(define* (remote-pipe-for-gexp lowered session #:optional become-command) + "Return a remote pipe for the given SESSION to evaluate LOWERED. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." (define shell-quote (compose object->string object->string)) =20 =2D (apply open-remote-pipe* session OPEN_READ =2D (string-append (derivation-input-output-path =2D (lowered-gexp-guile lowered)) =2D "/bin/guile") =2D "--no-auto-compile" =2D (append (append-map (lambda (directory) =2D `("-L" ,directory)) =2D (lowered-gexp-load-path lowered)) =2D (append-map (lambda (directory) =2D `("-C" ,directory)) =2D (lowered-gexp-load-path lowered)) =2D `("-c" =2D ,(shell-quote (lowered-gexp-sexp lowered)))))) + (define repl-command + (append (or become-command '()) + (list + (string-append (derivation-input-output-path + (lowered-gexp-guile lowered)) + "/bin/guile") + "--no-auto-compile") + (append-map (lambda (directory) + `("-L" ,directory)) + (lowered-gexp-load-path lowered)) + (append-map (lambda (directory) + `("-C" ,directory)) + (lowered-gexp-load-path lowered)) + `("-c" + ,(shell-quote (lowered-gexp-sexp lowered))))) =20 =2D(define (%remote-eval lowered session) + (let ((pipe (apply open-remote-pipe* session OPEN_READ repl-command))) + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) + pipe)) + +(define* (%remote-eval lowered session #:optional become-command) "Evaluate LOWERED, a lowered gexp, in SESSION. This assumes that all the =2Dprerequisites of EXP are already available on the host at SESSION." =2D (let* ((pipe (remote-pipe-for-gexp lowered session)) +prerequisites of EXP are already available on the host at SESSION. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." + (let* ((pipe (remote-pipe-for-gexp lowered session become-command)) (result (read-repl-response pipe))) (close-port pipe) result)) @@ -91,12 +105,14 @@ result to the current output port using the (guix repl= ) protocol." #:key (build-locally? #t) (module-path %load-path) =2D (socket-name "/var/guix/daemon-socket/socket")) + (socket-name "/var/guix/daemon-socket/socket") + (become-command #f)) "Evaluate EXP, a gexp, on the host at SESSION, an SSH session. Ensure t= hat all the elements EXP refers to are built and deployed to SESSION beforehan= d. When BUILD-LOCALLY? is true, said dependencies are built locally and sent = to the remote store afterwards; otherwise, dependencies are built directly on= the =2Dremote store." +remote store. If BECOME-COMMAND is given, use that to invoke the remote G= uile +REPL." (mlet* %store-monad ((system -> (remote-system session)) (lowered (lower-gexp (trampoline exp) #:system system @@ -119,7 +135,7 @@ remote store." (built-derivations inputs) ((store-lift send-files) to-send remote #:recursive? #t) (return (close-connection remote)) =2D (return (%remote-eval lowered session)))) + (return (%remote-eval lowered session become-command)))) (let ((to-send (append (map (compose derivation-file-name derivation-input-derivation) inputs) @@ -128,4 +144,4 @@ remote store." ((store-lift send-files) to-send remote #:recursive? #t) (return (build-derivations remote inputs)) (return (close-connection remote)) =2D (return (%remote-eval lowered session))))))) + (return (%remote-eval lowered session become-command))))))) diff --git a/guix/ssh.scm b/guix/ssh.scm index 5186c646ca..7bc499a2fe 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -100,16 +100,27 @@ specifies; otherwise use them. Throw an error on fai= lure." (message (format #f (G_ "SSH connection to '~a' failed: ~a= ~%") host (get-error session)))))))))) =20 =2D(define (remote-inferior session) =2D "Return a remote inferior for the given SESSION." =2D (let ((pipe (open-remote-pipe* session OPEN_BOTH =2D "guix" "repl" "-t" "machine"))) +(define* (remote-inferior session #:optional become-command) + "Return a remote inferior for the given SESSION. If BECOME-COMMAND is +given, use that to invoke the remote Guile REPL." + (let* ((repl-command (append (or become-command '()) + '("guix" "repl" "-t" "machine"))) + (pipe (apply open-remote-pipe* session OPEN_BOTH repl-command))) + ;; XXX: 'channel-get-exit-status' would be better here, but hangs if t= he + ;; process does succeed. This doesn't reflect the documentation, so it= 's + ;; possible that it's a bug in guile-ssh. + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) (port->inferior pipe))) =20 =2D(define (inferior-remote-eval exp session) +(define* (inferior-remote-eval exp session #:optional become-command) "Evaluate EXP in a new inferior running in SESSION, and close the inferi= or =2Dright away." =2D (let ((inferior (remote-inferior session))) +right away. If BECOME-COMMAND is given, use that to invoke the remote Gui= le +REPL." + (let ((inferior (remote-inferior session become-command))) (dynamic-wind (const #t) (lambda () @@ -291,7 +302,7 @@ the machine on the other end of SESSION." (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-syste= m)) session)) =20 =2D(define (remote-authorize-signing-key key session) +(define* (remote-authorize-signing-key key session #:optional become-comma= nd) "Send KEY, a canonical sexp containing a public key, over SESSION and ad= d it to the system ACL file if it has not yet been authorized." (inferior-remote-eval @@ -310,7 +321,8 @@ to the system ACL file if it has not yet been authorize= d." (mkdir-p (dirname %acl-file)) (with-atomic-file-output %acl-file (cut write-acl acl <>))))) =2D session)) + session + become-command)) =20 (define* (send-files local files remote #:key =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1KyCUACgkQ9Qb9Fp2P 2VqPWA/+KiepqTPgj5D7GSE/zrbAfle0fFiITSS3bCfNPcwCLay4I63JeINzI7e4 4xcES7bp3YdmDJHpbhGXDw3sJsNqiJdaGbTy7QtjHACK/jVmTMydEYSSOBf8VOeu slHcfcC0BbZDlZEliq7kVNcFvf8pP/GS5HH4v8kfCQMXWEdY2E4Vy5DNTWbYtMBe kpdEz5+EkNJnXl7M/zax/Uil/X/GWMgYByDH+Tk4+8uxWIuye8FeqmE0crttSbmM 5165D7cT0ar+6Ka7gZhWnzyUxUjSSoKtt52cEMaJiB8b8NtQjusH+U+GM1raW48G dK49AK1iD3owbTXT4cYTe3zKlQKdD8W8itPlMWXg8Jy6Zs3fDnNkRQTuVP9HnnQ8 2j6lhlJB9I1CqKMRbmsA+7yxfmFixKBFj9HWBuEy206bLGoI2pOcnst/PhZ9Qjlc RsTvwAEcedXVYFl/c29JM//I3oe5qcd5mWm8TL9XZ64j7tjDT6dr6oMNuziaui3e v8gBuONNyVzTSsmToARg6mTSjPTUlvSfS1S5TFcs8Ve2FMiSMRVZl/TE4hSHpR0R AivWkFJ9wYUHst4ydc+j7WGKuZIyMukSLH5wzt7VPH0MZ9tM8Zc2N11y+upPNS7+ TrHWtKo8gq8VW6zuaYDoHXv2qmlSiD4uhUPaNGgVZQqPRZdCND8= =0BJ9 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 07 13:43:32 2019 Received: (at 36957) by debbugs.gnu.org; 7 Aug 2019 17:43:32 +0000 Received: from localhost ([127.0.0.1]:39321 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvPyG-0004JA-0L for submit@debbugs.gnu.org; Wed, 07 Aug 2019 13:43:32 -0400 Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21357) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvPyD-0004J1-4i for 36957@debbugs.gnu.org; Wed, 07 Aug 2019 13:43:30 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1565199805; cv=none; d=zoho.com; s=zohoarc; b=FLpXslx7RgcKj7mC30VM03ryewmBirVOx4II8kkcqEq1zbbWVnVtNZe7Re6S8SlISv6tSv7v/ilpADkWjC2/3EEeqlW3e9p7sdweHU/y+2W4+jiQ7y5KKoUOCp8Im4jXaOfvCkPgNBRoc/AO/s97d6xJuRwsB5fAFoAHm76AVOo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1565199805; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=bjDsVBv6ukaPjh/cH8eFdb3QlkgKobDjZok5Z8Go+1w=; b=AiCr/aYz03SOKKnOmcY26Wiy4aC+S/z4GP6PrqzGVLzGumf94nGjCIsgLjaQE2T/H8JpNw8TkBqr91T1PHmJ6fy/89u77chtvZTXgZzTylvkCf/UfmLKZi3pjtcrGvvJjg7Hs9TsHvS/M3jrCU2I8VlOfOMQpyylacqLomHfaoY= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1565199805; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=256; bh=bjDsVBv6ukaPjh/cH8eFdb3QlkgKobDjZok5Z8Go+1w=; b=MYF7Kx2CCpYlhbIvBkvrOLX0cUbSd3fqcer3T+08EOBGyYSvUnyM/+vYKOHR1FyN akZsb8gyHp9UMnrNBkLxN3zLw9Fo1HO74ScYZhwK4u8JLMNJilxk5AIG4zvFyXNS7JS zvxQWUOX+SnAg8tPqHQ5AT9iRhmqSfrqXea2oe74= Received: from localhost (p54AD4F61.dip0.t-ipconnect.de [84.173.79.97]) by mx.zohomail.com with SMTPS id 1565199803191555.3819022869662; Wed, 7 Aug 2019 10:43:23 -0700 (PDT) References: <87a7cl3zyy.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus To: Jakob L. Kreuze Subject: Re: [bug#36957] [PATCH] machine: Allow non-root users to deploy. In-reply-to: <87a7cl3zyy.fsf@sdf.lonestar.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Wed, 07 Aug 2019 19:43:19 +0200 Message-ID: <878ss4yiq0.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Jakob, I haven=E2=80=99t yet looked over the patches, but when I saw that it menti= ons =E2=80=9Csudo=E2=80=9D I wondered: is it feasible to support =E2=80=9Csu=E2= =80=9D with interactive (or cached) password input as well? --=20 Ricardo From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 07 15:21:15 2019 Received: (at submit) by debbugs.gnu.org; 7 Aug 2019 19:21:15 +0000 Received: from localhost ([127.0.0.1]:39401 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvRUp-00011r-HQ for submit@debbugs.gnu.org; Wed, 07 Aug 2019 15:21:15 -0400 Received: from lists.gnu.org ([209.51.188.17]:53438) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvRUl-00011b-KX for submit@debbugs.gnu.org; Wed, 07 Aug 2019 15:21:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48942) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvRUk-0002Zz-Qs for guix-patches@gnu.org; Wed, 07 Aug 2019 15:21:11 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvRUj-0004s4-TA for guix-patches@gnu.org; Wed, 07 Aug 2019 15:21:10 -0400 Received: from dustycloud.org ([2600:3c02::f03c:91ff:feae:cb51]:52010) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvRUj-0004oa-Oc for guix-patches@gnu.org; Wed, 07 Aug 2019 15:21:09 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 105912661E; Wed, 7 Aug 2019 15:21:06 -0400 (EDT) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <878ss4yiq0.fsf@elephly.net> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber To: guix-patches@gnu.org Subject: Re: [bug#36957] [PATCH] machine: Allow non-root users to deploy. Message-ID: <877e7opz01.fsf@dustycloud.org> In-reply-to: <878ss4yiq0.fsf@elephly.net> Date: Wed, 07 Aug 2019 15:17:22 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2600:3c02::f03c:91ff:feae:cb51 X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: "Jakob L. Kreuze" , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Ricardo Wurmus writes: > Hi Jakob, > > I haven=E2=80=99t yet looked over the patches, but when I saw that it men= tions > =E2=80=9Csudo=E2=80=9D I wondered: is it feasible to support =E2=80=9Csu= =E2=80=9D with interactive (or > cached) password input as well? Maybe a more important question: if this turns out to be desirable, is there a path forward to add it later? If that's true, I'd suggest we move forward with merging the patch and worry about how to add the option at a future time. From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 07 16:23:59 2019 Received: (at 36957) by debbugs.gnu.org; 7 Aug 2019 20:23:59 +0000 Received: from localhost ([127.0.0.1]:39508 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvSTX-00053z-CW for submit@debbugs.gnu.org; Wed, 07 Aug 2019 16:23:59 -0400 Received: from ol.sdf.org ([205.166.94.20]:62452 helo=mx.sdf.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvSTR-00053n-W9 for 36957@debbugs.gnu.org; Wed, 07 Aug 2019 16:23:57 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x77KNpe6027725 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Wed, 7 Aug 2019 20:23:52 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Christopher Lemmer Webber , Ricardo Wurmus Subject: Re: [bug#36957] [PATCH] machine: Allow non-root users to deploy. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <878ss4yiq0.fsf@elephly.net> <877e7opz01.fsf@dustycloud.org> Date: Wed, 07 Aug 2019 16:20:37 -0400 In-Reply-To: <877e7opz01.fsf@dustycloud.org> (Christopher Lemmer Webber's message of "Wed, 07 Aug 2019 15:17:22 -0400") Message-ID: <87wofolobu.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: 36957@debbugs.gnu.org, guix-patches@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ricardo and Chris, Ricardo Wurmus writes: > Hi Jakob, > > I haven=E2=80=99t yet looked over the patches, but when I saw that it men= tions > =E2=80=9Csudo=E2=80=9D I wondered: is it feasible to support =E2=80=9Csu= =E2=80=9D with interactive (or > cached) password input as well? I believe so. This would require two additions: =2D Code to interact with the 'su' prompt. =2D Some way for 'managed-host-environment-type' to obtain root's password, which I imagine would be either a prompt or a field in the configuration record. On the latter addition, I've experimented a bit with both possibilities (albeit for a password-authenticated sudo). Prompting the user for a password feels like a bad idea because then deployments wouldn't really be automated, and we would have to do some sort of thread synchronization when parallel deployments are implemented so we don't mess up the TTY. I could get behind a 'password' field for 'managed-host-environment-type' (and then if users want a prompt they can just call out to 'getpass'), but again, we'd need code to interact with the 'su' prompt. Christopher Lemmer Webber writes: > Maybe a more important question: if this turns out to be desirable, is > there a path forward to add it later? If that's true, I'd suggest we > move forward with merging the patch and worry about how to add the > option at a future time. Yeah. A 'password' field with '(default #f)' shouldn't be too invasive. Aside from that, it would just involve adding the 'su' interaction code to the two procedures that spawn REPLs. Regards, Jakob --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1LMpUACgkQ9Qb9Fp2P 2VrN7A//S0AJo5vM8E0FpaOXrh5pOzHdJL2L4yhi5q4f0d5NZSPa+wNQVFlqJn84 IITMu07p9dIIma9/2BW/J9hdh7RQq1ls5xiHLS3SFBO5mQk07tbPpicgOKscBt8u klraMfeNYh5lIAKKAPgl+F8u3tUrnZId+gKtgiORSZo3sIvtEV3U2ZwXFhbS9DHr fZgpZCFh4Pvd6kB1g9iPV7Uq1FztrTQUYYFAUs0lzA3hhjfGXlGiRG8/3sF7ryxc TaKOJpKOIlI4p2WvpvAGrAlEouIFt9yqGftgxyc98NNU0x2NzPnb72Vm8Emsyw/a sBfFocOFdnIkrKqWdoa2LQlNlIkYOE4G+XYfagtBfPdLCSF6aqI79Zy0GX2DK4Vn qSP1zYgV70QntqdgdGJCSsF/7HXhUX4PktVZFKrzHZ4PVEmEPguo9JnG/QLo1BaQ KAuumF08D8KEow/xaa/1Gt60mW+q2SyplA27xqIb+qrftT0UMJy9bfUL/v+AQJEG Dbr3eKQvp+KkVWdUz5Vjd/g1MmscVuBU6BlAJAsgT/eNAPdBlgmiYUSBCcMO+sez Mg1zmI6BGYP6KQ97Fa6ZaJ0UuDwfCjv1/6x2MbGvv+VlYplyMUJ2nUzctL9q+1zS PVFs5BEXQacgnvRpqiJX1M5gb5wAOsQ6HP4Nolhql9//oxjEfi4= =/vEy -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 07 16:34:59 2019 Received: (at 36957) by debbugs.gnu.org; 7 Aug 2019 20:34:59 +0000 Received: from localhost ([127.0.0.1]:39529 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvSeA-0007WR-Ty for submit@debbugs.gnu.org; Wed, 07 Aug 2019 16:34:59 -0400 Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21305) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvSe9-0007WJ-JG for 36957@debbugs.gnu.org; Wed, 07 Aug 2019 16:34:58 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1565210092; cv=none; d=zoho.com; s=zohoarc; b=QNJzwhlfIUN8d1EFHftDwiSTesEzLRKIZYy0uetjMOt3eJt2PniK2PclDiAO0f2XxgeemlComoX8u8JABrc2xwJBhCtVgm6CDoPHu9bdZ2bexB1AnYRx7C8tq8t4HdY1KAP3cDEdIMQW4XAmVpjAu5RMFGslNNjH9xJ1icesjrU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1565210092; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=iz2Y3t7RuVFsb6XBuYsmE17QhMxlHoE8DIrkqrTFGgQ=; b=BA4be+XQhYSLOS7Q0Z1C1zWZK3HFZTXwi0/MWk/w0NeEb6hnC9MsbtBgIVYT8avL4Ar9mTgPxshWKkrrQkSO9VVm7mzcyyPXYC+IfpB2q6FAZ2q0NDb4pcxVLBorQdOx+TnxJgYwudYahP5kRlVpWyZ9IF4EhWGTjI1kjFvbMIg= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1565210092; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=679; bh=iz2Y3t7RuVFsb6XBuYsmE17QhMxlHoE8DIrkqrTFGgQ=; b=D4H3oSTuAJIDnldhRRZB5A+9Lir3SPkrKAhD+uYwYqWNgCbwvC3ZjZIG143MQhmW mil6Hvy68hMS4mdimMCt0/hAXQduvlquS4BKbp3vBUl4jvRxsMWRr+1wQT2IY0wfZva N3URJYwsMhlucwX1O9mHyNpnCcdgi4TbKdh4oL7Y= Received: from localhost (p54AD4F61.dip0.t-ipconnect.de [84.173.79.97]) by mx.zohomail.com with SMTPS id 156521009097410.432842040802939; Wed, 7 Aug 2019 13:34:50 -0700 (PDT) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <878ss4yiq0.fsf@elephly.net> <877e7opz01.fsf@dustycloud.org> <87wofolobu.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus To: "Jakob L. Kreuze" Subject: Re: [bug#36957] [PATCH] machine: Allow non-root users to deploy. In-reply-to: <87wofolobu.fsf@sdf.lonestar.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Wed, 07 Aug 2019 22:34:47 +0200 Message-ID: <871rxwyas8.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Christopher Lemmer Webber , 36957@debbugs.gnu.org, guix-patches@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Jakob, >> I haven=E2=80=99t yet looked over the patches, but when I saw that it me= ntions >> =E2=80=9Csudo=E2=80=9D I wondered: is it feasible to support =E2=80=9Csu= =E2=80=9D with interactive (or >> cached) password input as well? > > I believe so. This would require two additions: > > - Code to interact with the 'su' prompt. > - Some way for 'managed-host-environment-type' to obtain root's > password, which I imagine would be either a prompt or a field in the > configuration record. Sounds good. IIRC Ansible has support for both sudo and su, so it=E2=80=99s good that there=E2=80=99s a way to do both in the future. Thanks! --=20 Ricardo From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 07 16:42:26 2019 Received: (at submit) by debbugs.gnu.org; 7 Aug 2019 20:42:26 +0000 Received: from localhost ([127.0.0.1]:39540 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvSlO-0007lZ-Er for submit@debbugs.gnu.org; Wed, 07 Aug 2019 16:42:26 -0400 Received: from lists.gnu.org ([209.51.188.17]:37648) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvSlN-0007lS-01 for submit@debbugs.gnu.org; Wed, 07 Aug 2019 16:42:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35080) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvSlL-00052U-1D for guix-patches@gnu.org; Wed, 07 Aug 2019 16:42:24 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvSlK-0001gA-3Z for guix-patches@gnu.org; Wed, 07 Aug 2019 16:42:22 -0400 Received: from mx.sdf.org ([205.166.94.20]:57865) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvSlJ-0001eJ-Pu for guix-patches@gnu.org; Wed, 07 Aug 2019 16:42:22 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x77KgF5x027590 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Wed, 7 Aug 2019 20:42:16 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Ricardo Wurmus Subject: Re: [bug#36957] [PATCH] machine: Allow non-root users to deploy. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <878ss4yiq0.fsf@elephly.net> <877e7opz01.fsf@dustycloud.org> <87wofolobu.fsf@sdf.lonestar.org> <871rxwyas8.fsf@elephly.net> Date: Wed, 07 Aug 2019 16:39:02 -0400 In-Reply-To: <871rxwyas8.fsf@elephly.net> (Ricardo Wurmus's message of "Wed, 07 Aug 2019 22:34:47 +0200") Message-ID: <87imr8lnh5.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 205.166.94.20 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: Christopher Lemmer Webber , 36957@debbugs.gnu.org, guix-patches@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ricardo, Ricardo Wurmus writes: > Sounds good. IIRC Ansible has support for both sudo and su, so it=E2=80= =99s > good that there=E2=80=99s a way to do both in the future. > > Thanks! That's what I modeled this after, albeit without support for a password prompt :) Regards, Jakob --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1LNuYACgkQ9Qb9Fp2P 2VqGeg/9EHwV1Whnk5u6CWWi5lYU856ZequbkS/x+JlR8OPSXhEeREU+xZ7ufnex 0SH5W2/WFCsoOGhWo4UoKa1Dw/MZHCF6bnFSg8aVLw9OJKi72nzEOPt5kYUx8nJO LfOT0SLZpx90Avn9NjiKyx9BbWRze8PVvvlVMZchlWSyCbecPskFi8tjPA9FE1KL H6y9kY2aEwXaAXf0WoWBA1DqneCUJpKCEFB/6KC85GDMcq2Up3AdePn1h4edDlCV BrDtbMewy8qGxlmfkpxD931VKgvlRTTAu9pHPEGjeK6ZsJ+GozNv22uQTVZcP2Eh oE6XAugwR+vzxBvUHux/ZRE6ocYAd1/eGw6IVTbGvEq7yT5h0vAJN0hlECFRJZgh kY45Lud+v9kdpF1HpJP9vLf/w6p8QNYS/hQCG0lymToiK+nQKphm5yhjmdlFW/JF hgnyGFZXIJL1FExiZJ76SpNZ49TO2pZA6kQIHKP2A7IcD/qf0Q0yVSsaHVI3y2+x talGQTVDaw2ytRHk9C1seKOhMQCJcAAQIF83ObsS99AXjzZXuvKQoDHuD8glk/w2 yG3lCOYLXlkIwKZABzBFmdLDiPZJANN5vj3a9uLGrWAY2yGqRegueV9b+hxzjSfC Xj4rpdrxnp1QpW8wkFLKRXmayG0O8WWMsZnvgAzEU1POABLlUv4= =bThF -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 07 18:32:06 2019 Received: (at submit) by debbugs.gnu.org; 7 Aug 2019 22:32:06 +0000 Received: from localhost ([127.0.0.1]:39626 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvUTV-0004pr-Uy for submit@debbugs.gnu.org; Wed, 07 Aug 2019 18:32:06 -0400 Received: from lists.gnu.org ([209.51.188.17]:49279) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvUTT-0004pa-In for submit@debbugs.gnu.org; Wed, 07 Aug 2019 18:32:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50202) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvUTS-0000he-Hq for guix-patches@gnu.org; Wed, 07 Aug 2019 18:32:03 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvUTR-0006dX-O2 for guix-patches@gnu.org; Wed, 07 Aug 2019 18:32:02 -0400 Received: from dustycloud.org ([2600:3c02::f03c:91ff:feae:cb51]:53354) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvUTR-0006dC-K5 for guix-patches@gnu.org; Wed, 07 Aug 2019 18:32:01 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 3FFDC26618; Wed, 7 Aug 2019 18:32:00 -0400 (EDT) References: <87a7cl3zyy.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber To: guix-patches@gnu.org, "Jakob L. Kreuze" Subject: Re: [bug#36957] [PATCH] machine: Allow non-root users to deploy. In-reply-to: <87a7cl3zyy.fsf@sdf.lonestar.org> Date: Wed, 07 Aug 2019 18:31:59 -0400 Message-ID: <87sgqcobds.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2600:3c02::f03c:91ff:feae:cb51 X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) It looks good, but needs a rebase before merge. Jakob, do you mind handling? From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 07 20:24:28 2019 Received: (at submit) by debbugs.gnu.org; 8 Aug 2019 00:24:28 +0000 Received: from localhost ([127.0.0.1]:39698 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvWEE-0008Ts-Pm for submit@debbugs.gnu.org; Wed, 07 Aug 2019 20:24:27 -0400 Received: from lists.gnu.org ([209.51.188.17]:53943) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvWED-0008Tj-2w for submit@debbugs.gnu.org; Wed, 07 Aug 2019 20:24:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35835) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvWEB-0003eW-Ay for guix-patches@gnu.org; Wed, 07 Aug 2019 20:24:25 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvWE9-0006Pv-Lt for guix-patches@gnu.org; Wed, 07 Aug 2019 20:24:23 -0400 Received: from ol.sdf.org ([205.166.94.20]:55558 helo=mx.sdf.org) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvWE9-0006PR-73 for guix-patches@gnu.org; Wed, 07 Aug 2019 20:24:21 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x780O81w020881 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 8 Aug 2019 00:24:12 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Christopher Lemmer Webber Subject: Re: [bug#36957] [PATCH v2] machine: Allow non-root users to deploy. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> Date: Wed, 07 Aug 2019 20:20:56 -0400 In-Reply-To: <87sgqcobds.fsf@dustycloud.org> (Christopher Lemmer Webber's message of "Wed, 07 Aug 2019 18:31:59 -0400") Message-ID: <87pnlgjymv.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 205.166.94.20 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: 36957@debbugs.gnu.org, guix-patches@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix deploy): Add section describe prerequisites for deploying as a non-root user. * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' argument. (%remote-eval): New optional 'become-command' argument. (remote-eval): New 'become-command' keyword argument. * guix/ssh.scm (remote-inferior): New optional 'become-command' argument. (inferior-remote-eval): New optional 'become-command' argument. (remote-authorize-signing-key): New optional 'become-command' argument. * gnu/machine/ssh.scm (machine-become-command): New variable. (managed-host-remote-eval): Invoke 'remote-eval' with the '#:become-command' keyword. (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the '#:become-command' keyword. =2D-- doc/guix.texi | 10 ++++++++ gnu/machine/ssh.scm | 12 ++++++++- guix/remote.scm | 60 ++++++++++++++++++++++++++++----------------- guix/ssh.scm | 25 +++++++++++++------ 4 files changed, 77 insertions(+), 30 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 734206a4b2..1f0750255d 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25514,6 +25514,7 @@ evaluates to. As an example, @var{file} might cont= ain a definition like this: (environment managed-host-environment-type) (configuration (machine-ssh-configuration (host-name "localhost") + (user "alice") (identity "./id_rsa") (port 2222))))) @end example @@ -25546,6 +25547,15 @@ accepts store items it receives from the coordinat= or: # guix archive --authorize < coordinator-public-key.txt @end example =20 +@code{user}, in this example, specifies the name of the user account to lo= g in +as to perform the deployment. Its default value is @code{root}, but root +login over SSH may be forbidden in some cases. To work around this, +@command{guix deploy} can log in as an unprivileged user and employ +@code{sudo} to escalate privileges. This will only work if @code{sudo} is +currently installed on the remote and can be invoked non-interactively as +@code{user}. That is: the line in @code{sudoers} granting @code{user} the +ability to use @code{sudo} must contain the NOPASSWD tag. + @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index ba3e33c922..aba98f8de5 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -99,6 +99,14 @@ one from the configuration's parameters if one was not p= rovided." ;;; Remote evaluation. ;;; =20 +(define (machine-become-command machine) + "Return as a list of strings the program and arguments necessary to run a +shell command with escalated privileges for MACHINE's configuration." + (if (string=3D "root" (machine-ssh-configuration-user + (machine-configuration machine))) + '() + '("/run/setuid-programs/sudo" "-n" "--"))) + (define (managed-host-remote-eval machine exp) "Internal implementation of 'machine-remote-eval' for MACHINE instances = with an environment type of 'managed-host." @@ -106,7 +114,9 @@ an environment type of 'managed-host." (remote-eval exp (machine-ssh-session machine) #:build-locally? (machine-ssh-configuration-build-locally? =2D (machine-configuration machine)))) + (machine-configuration machine)) + #:become-command + (machine-become-command machine))) =20 ;;; diff --git a/guix/remote.scm b/guix/remote.scm index 5fecd954e9..b0b6afba93 100644 =2D-- a/guix/remote.scm +++ b/guix/remote.scm @@ -26,6 +26,8 @@ #:use-module (guix derivations) #:use-module (ssh popen) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (ice-9 match) #:export (remote-eval)) =20 @@ -40,29 +42,41 @@ ;;; ;;; Code: =20 =2D(define (remote-pipe-for-gexp lowered session) =2D "Return a remote pipe for the given SESSION to evaluate LOWERED." +(define* (remote-pipe-for-gexp lowered session #:optional become-command) + "Return a remote pipe for the given SESSION to evaluate LOWERED. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." (define shell-quote (compose object->string object->string)) =20 =2D (apply open-remote-pipe* session OPEN_READ =2D (string-append (derivation-input-output-path =2D (lowered-gexp-guile lowered)) =2D "/bin/guile") =2D "--no-auto-compile" =2D (append (append-map (lambda (directory) =2D `("-L" ,directory)) =2D (lowered-gexp-load-path lowered)) =2D (append-map (lambda (directory) =2D `("-C" ,directory)) =2D (lowered-gexp-load-path lowered)) =2D `("-c" =2D ,(shell-quote (lowered-gexp-sexp lowered)))))) + (define repl-command + (append (or become-command '()) + (list + (string-append (derivation-input-output-path + (lowered-gexp-guile lowered)) + "/bin/guile") + "--no-auto-compile") + (append-map (lambda (directory) + `("-L" ,directory)) + (lowered-gexp-load-path lowered)) + (append-map (lambda (directory) + `("-C" ,directory)) + (lowered-gexp-load-path lowered)) + `("-c" + ,(shell-quote (lowered-gexp-sexp lowered))))) =20 =2D(define (%remote-eval lowered session) + (let ((pipe (apply open-remote-pipe* session OPEN_READ repl-command))) + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) + pipe)) + +(define* (%remote-eval lowered session #:optional become-command) "Evaluate LOWERED, a lowered gexp, in SESSION. This assumes that all the =2Dprerequisites of EXP are already available on the host at SESSION." =2D (let* ((pipe (remote-pipe-for-gexp lowered session)) +prerequisites of EXP are already available on the host at SESSION. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." + (let* ((pipe (remote-pipe-for-gexp lowered session become-command)) (result (read-repl-response pipe))) (close-port pipe) result)) @@ -90,12 +104,14 @@ result to the current output port using the (guix repl= ) protocol." #:key (build-locally? #t) (module-path %load-path) =2D (socket-name "/var/guix/daemon-socket/socket")) + (socket-name "/var/guix/daemon-socket/socket") + (become-command #f)) "Evaluate EXP, a gexp, on the host at SESSION, an SSH session. Ensure t= hat all the elements EXP refers to are built and deployed to SESSION beforehan= d. When BUILD-LOCALLY? is true, said dependencies are built locally and sent = to the remote store afterwards; otherwise, dependencies are built directly on= the =2Dremote store." +remote store. If BECOME-COMMAND is given, use that to invoke the remote G= uile +REPL." (mlet %store-monad ((lowered (lower-gexp (trampoline exp) #:module-path %load-path)) (remote -> (connect-to-remote-daemon session @@ -115,7 +131,7 @@ remote store." (built-derivations inputs) ((store-lift send-files) to-send remote #:recursive? #t) (return (close-connection remote)) =2D (return (%remote-eval lowered session)))) + (return (%remote-eval lowered session become-command)))) (let ((to-send (append (map (compose derivation-file-name derivation-input-derivation) inputs) @@ -124,4 +140,4 @@ remote store." ((store-lift send-files) to-send remote #:recursive? #t) (return (build-derivations remote inputs)) (return (close-connection remote)) =2D (return (%remote-eval lowered session))))))) + (return (%remote-eval lowered session become-command))))))) diff --git a/guix/ssh.scm b/guix/ssh.scm index ede00133c8..0f65f9e65b 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -97,16 +97,27 @@ specifies; otherwise use them. Throw an error on failu= re." (message (format #f (G_ "SSH connection to '~a' failed: ~a= ~%") host (get-error session)))))))))) =20 =2D(define (remote-inferior session) =2D "Return a remote inferior for the given SESSION." =2D (let ((pipe (open-remote-pipe* session OPEN_BOTH =2D "guix" "repl" "-t" "machine"))) +(define* (remote-inferior session #:optional become-command) + "Return a remote inferior for the given SESSION. If BECOME-COMMAND is +given, use that to invoke the remote Guile REPL." + (let* ((repl-command (append (or become-command '()) + '("guix" "repl" "-t" "machine"))) + (pipe (apply open-remote-pipe* session OPEN_BOTH repl-command))) + ;; XXX: 'channel-get-exit-status' would be better here, but hangs if t= he + ;; process does succeed. This doesn't reflect the documentation, so it= 's + ;; possible that it's a bug in guile-ssh. + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) (port->inferior pipe))) =20 =2D(define (inferior-remote-eval exp session) +(define* (inferior-remote-eval exp session #:optional become-command) "Evaluate EXP in a new inferior running in SESSION, and close the inferi= or =2Dright away." =2D (let ((inferior (remote-inferior session))) +right away. If BECOME-COMMAND is given, use that to invoke the remote Gui= le +REPL." + (let ((inferior (remote-inferior session become-command))) (dynamic-wind (const #t) (lambda () =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1LaugACgkQ9Qb9Fp2P 2VrqHg//eKic4Sug8y9rdDzQSXUc3TtrCHcJuuY0w5xPcWt0LSMuiQy33eFaTt5+ RtlmUW/rBg2nYakcRed1KzPd3AxWOju+H4dDNuXwEAFlwO8cbIZ7wYq9EfBEo/SV aYjOfs1Pl45mgLsT8+jqpYbBKNUj3AFbZ2AAf8boc1XBurjTi3nVRhfpQuU6vtCE oMRt4xkr4FEDxD56/4CPQVbej9CR/l2k3Jz2Ht/SpgWLUK4sQB6jOKzyVnUmii5+ dx434M9ku41V2bm0MtGAkt5/GA2Mfglt+PbyVsFVS+gdiX8HA+PV0u5NUPdgiKIg Kp5FwSotgj8cJvebB/szppIaP6KZfbH5YJrivILDL7633qK/1pqlWZtxKSdnNC4w pdAf353cpuTst/zSeHIUZdGdZwku+bTPYInHu1qbmi9fdQbA4eQ7VslmCWGn7Qdi SlnuZWsCvIhoAdKrEefWSQVCfveopeCWSB/H4FsmF8kukh929eOxgvKoX3oxbZ6k LgjPRhvudu6UFeAqQqnbX0p2CkdPHTBSXzp9X/kPhgqB7qzigSCTfGIQ17rwLGYp waecBtz+Rt9BOeSLZmdDd05RKJ1h90UhP5u4a//t6FL37kOqupZFqSRV2cNzJig6 F05UWzIUUAEJV7Mp6ow2pr1n+jMQ3Qoirrm6EMuoaSP1PeEgarg= =pXxD -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 08 04:33:19 2019 Received: (at 36957) by debbugs.gnu.org; 8 Aug 2019 08:33:19 +0000 Received: from localhost ([127.0.0.1]:39878 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvdrL-0008AH-61 for submit@debbugs.gnu.org; Thu, 08 Aug 2019 04:33:19 -0400 Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21338) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvdrI-0008A3-My for 36957@debbugs.gnu.org; Thu, 08 Aug 2019 04:33:17 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1565253189; cv=none; d=zoho.com; s=zohoarc; b=kUz/FhfkShifpzJbsS4ZlNMdpG4BKN5Xz0/xphUFxmCwdB+3n/UhGu0vvCW1Do+7S56Qu3nc2NgqdWnYaxIUT0SP9pyAmN6jhBe5eZw6qjX15HwvWR0nn675QwcdfJ2t3Xrd7LPO0Os8zEmfPQRFh5XUnh/6Ih+FQMxDtttmM1o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1565253189; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=IMYfMnpoNAzta6sqwet3qCK3kGld23WTXBDSP9PZkvQ=; b=nE9Am19tOqGhqLGhdNH/e8HpwqULAX+FgvBwn9DsMsHcBxnhQbtSlfomCODesw1h65Pqd+URnNYLYEFi80Ih/SbgqEVIiNhZEOwx1zpfEzBz5XhKsXjBfQYG2+S68QmOBnM8zVRkwk1h0k5bi9B1IzxUo/AhD8T+sNJfGiHyKH8= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1565253189; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=2203; bh=IMYfMnpoNAzta6sqwet3qCK3kGld23WTXBDSP9PZkvQ=; b=XVx3iphH6g5D3EQFt0nhS0gvBgQp854u3nCgEeXn1UuHFTj3arinjQkwOTlyNnjY ngUlUyKuc2B+lN9QYX0MSWDxX30fPxvQNn4GBkLz5MDNiwuYw4/OO1A0t2M3jdrppfo XPQE1dhStb+BYRk0wZ50HC/7DNY2yh7aBOJovvYw= Received: from localhost (p54AD4F37.dip0.t-ipconnect.de [84.173.79.55]) by mx.zohomail.com with SMTPS id 1565253187744782.3343718351235; Thu, 8 Aug 2019 01:33:07 -0700 (PDT) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus To: Jakob L. Kreuze Subject: Re: [bug#36957] [PATCH v2] machine: Allow non-root users to deploy. In-reply-to: <87pnlgjymv.fsf_-_@sdf.lonestar.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Thu, 08 Aug 2019 10:33:03 +0200 Message-ID: <87y304vyyo.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Christopher Lemmer Webber , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Jakob, > +@code{user}. That is: the line in @code{sudoers} granting @code{user} t= he > +ability to use @code{sudo} must contain the NOPASSWD tag. Perhaps also wrap =E2=80=9CNOPASSWD=E2=80=9D in @code{=E2=80=A6}. > +(define (machine-become-command machine) > + "Return as a list of strings the program and arguments necessary to ru= n a > +shell command with escalated privileges for MACHINE's configuration." > + (if (string=3D "root" (machine-ssh-configuration-user > + (machine-configuration machine))) > + '() > + '("/run/setuid-programs/sudo" "-n" "--"))) > + This is a comment for future changes only: currently, we can assume that the remote machine already runs Guix System. In the future =E2=80=9Cguix deploy=E2=80=9D should probably also be able to initialize a system. In th= at case =E2=80=9Csudo=E2=80=9D may have to be searched on the target or otherw= ise be provided. (What happens if /run/setuid-programs/sudo is not available on the target machine?) > +(define* (%remote-eval lowered session #:optional become-command) > "Evaluate LOWERED, a lowered gexp, in SESSION. This assumes that all = the > -prerequisites of EXP are already available on the host at SESSION." > - (let* ((pipe (remote-pipe-for-gexp lowered session)) > +prerequisites of EXP are already available on the host at SESSION. If > +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." > + (let* ((pipe (remote-pipe-for-gexp lowered session become-command)) > (result (read-repl-response pipe))) > (close-port pipe) > result)) > @@ -90,12 +104,14 @@ result to the current output port using the (guix re= pl) protocol." > #:key > (build-locally? #t) > (module-path %load-path) > - (socket-name "/var/guix/daemon-socket/socket")) > + (socket-name "/var/guix/daemon-socket/socket") > + (become-command #f)) I=E2=80=99m just stumbling upon =E2=80=9Csocket-name=E2=80=9D. =E2=80=9C/v= ar/guix=E2=80=9D is not guaranteed to be the localstatedir. It would be better to use (guix config) to determine the configured value. This doesn=E2=80=99t block this patch, of course, but it would be good to c= hange this in the future. -- Ricardo From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 08 16:24:53 2019 Received: (at 36957) by debbugs.gnu.org; 8 Aug 2019 20:24:53 +0000 Received: from localhost ([127.0.0.1]:41768 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvoxx-00043e-28 for submit@debbugs.gnu.org; Thu, 08 Aug 2019 16:24:53 -0400 Received: from mx.sdf.org ([205.166.94.20]:59289) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvoxv-00043W-MQ for 36957@debbugs.gnu.org; Thu, 08 Aug 2019 16:24:52 -0400 Received: from Upsilon (mobile-107-107-58-85.mycingular.net [107.107.58.85]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x78KOlPA021985 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 8 Aug 2019 20:24:50 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Ricardo Wurmus Subject: Re: [bug#36957] [PATCH v2] machine: Allow non-root users to deploy. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> Date: Thu, 08 Aug 2019 16:24:47 -0400 In-Reply-To: <87y304vyyo.fsf@elephly.net> (Ricardo Wurmus's message of "Thu, 08 Aug 2019 10:33:03 +0200") Message-ID: <87tvarjtgw.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Christopher Lemmer Webber , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hey Ricardo, Ricardo Wurmus writes: > Perhaps also wrap =E2=80=9CNOPASSWD=E2=80=9D in @code{=E2=80=A6}. Got it, thanks! > This is a comment for future changes only: currently, we can assume that > the remote machine already runs Guix System. In the future =E2=80=9Cguix > deploy=E2=80=9D should probably also be able to initialize a system. In = that > case =E2=80=9Csudo=E2=80=9D may have to be searched on the target or othe= rwise be > provided. Ah, that's a good point. I'd imagine that would involve changing a few other things with how the REPL is spawned, too. > (What happens if /run/setuid-programs/sudo is not available on the > target machine?) I'm a bit short on time before boarding this flight, so I can't test it out at the moment, but I'm pretty sure the "failed to run..." message condition would be thrown. I'll check and get back to you. > I=E2=80=99m just stumbling upon =E2=80=9Csocket-name=E2=80=9D. =E2=80=9C= /var/guix=E2=80=9D is not guaranteed to > be the localstatedir. It would be better to use (guix config) to > determine the configured value. > > This doesn=E2=80=99t block this patch, of course, but it would be good to= change > this in the future. Right, yeah. I may submit a separate patch for it shortly since it should be a simple change. Regards, Jakob --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1MhQ8ACgkQ9Qb9Fp2P 2Vq0YA//b+2cc52ULXo1zy5cKcEznL6x+PQazsvaBk+5QW8l7r+Ud1PuslKdrlWq 7eFlD1v6bgkqnD+mkDR3WpdLcKNchBFNKLfyo5qyx023nQauUrFkWY/BGlttqBPh 3yf1dvsNlqrDXaqDymRu1zQI35P6TZ4tQ289Bm5znEq+79oAA1iixfFDPAXwGyti 365vwMxWPtWi54T7ETBqGKMH+SGEMzNHENb3sXYfEyazmuTcb/CsuvVbjyBI09Eg BywCg51taopo6Xlbv8gCT4hXp43nSI9ELfqBHWM2Q63ghbntkvWtvnEVz+YVTfnJ +42jhXg+olE4eR/6ilV4FvB4uuDdsufoPb39DJo16WzWgiP6bPVNGfjiGhMhx4B5 wqer3WkwQLh7CSGNwq0do9qhUmtEHzlpaBMy2kTDC/GWklthaLv23smT1VfpmT9e XO+5AwlpjWx3E5ORJdbFfC1KWyTv2if6MJC3GK5P3Sjtx199ZhVvlvu+ZYCGNA/k vyYxBB+K2xWR8c3yt5R3CEEP5Deho07gBFMC4Exifi7UsBoYuzNGAM//Pn6uPurG 8CuSU5QdHqN5FpCl33Yfzod1WCBUz9wlhKT59a2Uq2kqznX9EmCyfj57EjXECMEC ue1vv6YHDRYNUYB/ah4RRuDZKgn9Rd0s4WLMLgoYaBPI86nWzwU= =6+vz -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 08 16:26:33 2019 Received: (at 36957) by debbugs.gnu.org; 8 Aug 2019 20:26:33 +0000 Received: from localhost ([127.0.0.1]:41772 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvozY-00046m-Ga for submit@debbugs.gnu.org; Thu, 08 Aug 2019 16:26:32 -0400 Received: from mx.sdf.org ([205.166.94.20]:59043) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvozW-00046e-HF for 36957@debbugs.gnu.org; Thu, 08 Aug 2019 16:26:31 -0400 Received: from Upsilon (mobile-107-107-58-85.mycingular.net [107.107.58.85]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x78KQRTq015372 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 8 Aug 2019 20:26:29 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Ricardo Wurmus Subject: Re: [bug#36957] [PATCH v3] machine: Allow non-root users to deploy. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> Date: Thu, 08 Aug 2019 16:26:27 -0400 In-Reply-To: <87y304vyyo.fsf@elephly.net> (Ricardo Wurmus's message of "Thu, 08 Aug 2019 10:33:03 +0200") Message-ID: <87pnlfjte4.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Christopher Lemmer Webber , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix deploy): Add section describing prerequisites for deploying as a non-root user. * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' argument. (%remote-eval): New optional 'become-command' argument. (remote-eval): New 'become-command' keyword argument. * guix/ssh.scm (remote-inferior): New optional 'become-command' argument.=20 (inferior-remote-eval): New optional 'become-command' argument. (remote-authorize-signing-key): New optional 'become-command' argument. * gnu/machine/ssh.scm (machine-become-command): New variable. (managed-host-remote-eval): Invoke 'remote-eval' with the '#:become-command' keyword. (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the '#:become-command' keyword. =2D-- doc/guix.texi | 10 ++++++++ gnu/machine/ssh.scm | 12 ++++++++- guix/remote.scm | 60 ++++++++++++++++++++++++++++----------------- guix/ssh.scm | 25 +++++++++++++------ 4 files changed, 77 insertions(+), 30 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 734206a4b2..1478749d7d 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25514,6 +25514,7 @@ evaluates to. As an example, @var{file} might cont= ain a definition like this: (environment managed-host-environment-type) (configuration (machine-ssh-configuration (host-name "localhost") + (user "alice") (identity "./id_rsa") (port 2222))))) @end example @@ -25546,6 +25547,15 @@ accepts store items it receives from the coordinat= or: # guix archive --authorize < coordinator-public-key.txt @end example =20 +@code{user}, in this example, specifies the name of the user account to lo= g in +as to perform the deployment. Its default value is @code{root}, but root +login over SSH may be forbidden in some cases. To work around this, +@command{guix deploy} can log in as an unprivileged user and employ +@code{sudo} to escalate privileges. This will only work if @code{sudo} is +currently installed on the remote and can be invoked non-interactively as +@code{user}. That is: the line in @code{sudoers} granting @code{user} the +ability to use @code{sudo} must contain the @code{NOPASSWD} tag. + @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index ba3e33c922..aba98f8de5 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -99,6 +99,14 @@ one from the configuration's parameters if one was not p= rovided." ;;; Remote evaluation. ;;; =20 +(define (machine-become-command machine) + "Return as a list of strings the program and arguments necessary to run a +shell command with escalated privileges for MACHINE's configuration." + (if (string=3D "root" (machine-ssh-configuration-user + (machine-configuration machine))) + '() + '("/run/setuid-programs/sudo" "-n" "--"))) + (define (managed-host-remote-eval machine exp) "Internal implementation of 'machine-remote-eval' for MACHINE instances = with an environment type of 'managed-host." @@ -106,7 +114,9 @@ an environment type of 'managed-host." (remote-eval exp (machine-ssh-session machine) #:build-locally? (machine-ssh-configuration-build-locally? =2D (machine-configuration machine)))) + (machine-configuration machine)) + #:become-command + (machine-become-command machine))) =20 ;;; diff --git a/guix/remote.scm b/guix/remote.scm index 5fecd954e9..b0b6afba93 100644 =2D-- a/guix/remote.scm +++ b/guix/remote.scm @@ -26,6 +26,8 @@ #:use-module (guix derivations) #:use-module (ssh popen) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (ice-9 match) #:export (remote-eval)) =20 @@ -40,29 +42,41 @@ ;;; ;;; Code: =20 =2D(define (remote-pipe-for-gexp lowered session) =2D "Return a remote pipe for the given SESSION to evaluate LOWERED." +(define* (remote-pipe-for-gexp lowered session #:optional become-command) + "Return a remote pipe for the given SESSION to evaluate LOWERED. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." (define shell-quote (compose object->string object->string)) =20 =2D (apply open-remote-pipe* session OPEN_READ =2D (string-append (derivation-input-output-path =2D (lowered-gexp-guile lowered)) =2D "/bin/guile") =2D "--no-auto-compile" =2D (append (append-map (lambda (directory) =2D `("-L" ,directory)) =2D (lowered-gexp-load-path lowered)) =2D (append-map (lambda (directory) =2D `("-C" ,directory)) =2D (lowered-gexp-load-path lowered)) =2D `("-c" =2D ,(shell-quote (lowered-gexp-sexp lowered)))))) + (define repl-command + (append (or become-command '()) + (list + (string-append (derivation-input-output-path + (lowered-gexp-guile lowered)) + "/bin/guile") + "--no-auto-compile") + (append-map (lambda (directory) + `("-L" ,directory)) + (lowered-gexp-load-path lowered)) + (append-map (lambda (directory) + `("-C" ,directory)) + (lowered-gexp-load-path lowered)) + `("-c" + ,(shell-quote (lowered-gexp-sexp lowered))))) =20 =2D(define (%remote-eval lowered session) + (let ((pipe (apply open-remote-pipe* session OPEN_READ repl-command))) + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) + pipe)) + +(define* (%remote-eval lowered session #:optional become-command) "Evaluate LOWERED, a lowered gexp, in SESSION. This assumes that all the =2Dprerequisites of EXP are already available on the host at SESSION." =2D (let* ((pipe (remote-pipe-for-gexp lowered session)) +prerequisites of EXP are already available on the host at SESSION. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." + (let* ((pipe (remote-pipe-for-gexp lowered session become-command)) (result (read-repl-response pipe))) (close-port pipe) result)) @@ -90,12 +104,14 @@ result to the current output port using the (guix repl= ) protocol." #:key (build-locally? #t) (module-path %load-path) =2D (socket-name "/var/guix/daemon-socket/socket")) + (socket-name "/var/guix/daemon-socket/socket") + (become-command #f)) "Evaluate EXP, a gexp, on the host at SESSION, an SSH session. Ensure t= hat all the elements EXP refers to are built and deployed to SESSION beforehan= d. When BUILD-LOCALLY? is true, said dependencies are built locally and sent = to the remote store afterwards; otherwise, dependencies are built directly on= the =2Dremote store." +remote store. If BECOME-COMMAND is given, use that to invoke the remote G= uile +REPL." (mlet %store-monad ((lowered (lower-gexp (trampoline exp) #:module-path %load-path)) (remote -> (connect-to-remote-daemon session @@ -115,7 +131,7 @@ remote store." (built-derivations inputs) ((store-lift send-files) to-send remote #:recursive? #t) (return (close-connection remote)) =2D (return (%remote-eval lowered session)))) + (return (%remote-eval lowered session become-command)))) (let ((to-send (append (map (compose derivation-file-name derivation-input-derivation) inputs) @@ -124,4 +140,4 @@ remote store." ((store-lift send-files) to-send remote #:recursive? #t) (return (build-derivations remote inputs)) (return (close-connection remote)) =2D (return (%remote-eval lowered session))))))) + (return (%remote-eval lowered session become-command))))))) diff --git a/guix/ssh.scm b/guix/ssh.scm index ede00133c8..0f65f9e65b 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -97,16 +97,27 @@ specifies; otherwise use them. Throw an error on failu= re." (message (format #f (G_ "SSH connection to '~a' failed: ~a= ~%") host (get-error session)))))))))) =20 =2D(define (remote-inferior session) =2D "Return a remote inferior for the given SESSION." =2D (let ((pipe (open-remote-pipe* session OPEN_BOTH =2D "guix" "repl" "-t" "machine"))) +(define* (remote-inferior session #:optional become-command) + "Return a remote inferior for the given SESSION. If BECOME-COMMAND is +given, use that to invoke the remote Guile REPL." + (let* ((repl-command (append (or become-command '()) + '("guix" "repl" "-t" "machine"))) + (pipe (apply open-remote-pipe* session OPEN_BOTH repl-command))) + ;; XXX: 'channel-get-exit-status' would be better here, but hangs if t= he + ;; process does succeed. This doesn't reflect the documentation, so it= 's + ;; possible that it's a bug in guile-ssh. + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) (port->inferior pipe))) =20 =2D(define (inferior-remote-eval exp session) +(define* (inferior-remote-eval exp session #:optional become-command) "Evaluate EXP in a new inferior running in SESSION, and close the inferi= or =2Dright away." =2D (let ((inferior (remote-inferior session))) +right away. If BECOME-COMMAND is given, use that to invoke the remote Gui= le +REPL." + (let ((inferior (remote-inferior session become-command))) (dynamic-wind (const #t) (lambda () =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1MhXQACgkQ9Qb9Fp2P 2Vr4FBAAhEu/803bWeSG9I+G3jDwFMDHNHsJy9xVtR8q1gtkKs9PgxxIi2L+r2Bb zbHhonNJCWBuKvRvaJAmiYDZNKhVayi2M64o+9aNasf1CXjsMLw5gBmFLlF1iiNF gY5P+KUaHCZI17k/D4tUW2MVPtUwNE3XkDoQq4m9r3LaPZklesZVPqZ97aqkm7pb CyR+FR9dod4StQoA9Y+WgOmnnYyC6KKUBgQJiY//3ElXuqy9gaB6VdhSkGaLfxBA 8G2Mvioyei65lP4iKFe6mLYNiCfdIQ5/yGP1tnOjZYYLy1oxka+Zt+YI91M3xjfh /GPBPlhkLf8GI1gbmhuPbSvA8v3XC5P802oDN5g64hy0HySX/4VA7xy8J6S4Kko4 RBlVLflHH3lmIsoO30MClDt0b8AiEpskZx/ltK1VbWspLPeiCo/qV+oIKhCundT3 Wx9xhBnKJH43zSGK/A5TqF/uD80rlbGsN7FPWMpBmohKdGiw30zIwpiZUGpkVpBN UvvxYbq72Kx31L3CiHEeYxDIjnPsPEjxQNqQ2/cqXNHFmiXidfnHpQvQbZEY3ak7 mEJC6Xt1jm8M1OsOyR/qs+VR4was1jZ/7CXZCG7kI5mZAxKvrh1aaNVcWTsuxprf 3rSePawCLFKgcZm+SntO7AVLht02t+aYufK2iKxC6aNrUULGDnU= =TAPj -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 14 16:52:48 2019 Received: (at 36957) by debbugs.gnu.org; 14 Aug 2019 20:52:48 +0000 Received: from localhost ([127.0.0.1]:49792 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hy0GG-0000kA-6c for submit@debbugs.gnu.org; Wed, 14 Aug 2019 16:52:48 -0400 Received: from dustycloud.org ([50.116.34.160]:40252) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hy0GE-0000jy-LV for 36957@debbugs.gnu.org; Wed, 14 Aug 2019 16:52:46 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 2E86C266C7; Wed, 14 Aug 2019 16:52:46 -0400 (EDT) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber To: "Jakob L. Kreuze" Subject: Re: [bug#36957] [PATCH v2] machine: Allow non-root users to deploy. In-reply-to: <87tvarjtgw.fsf@sdf.lonestar.org> Date: Wed, 14 Aug 2019 16:52:45 -0400 Message-ID: <87h86jxyea.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Ricardo Wurmus , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Jakob L. Kreuze writes: >> (What happens if /run/setuid-programs/sudo is not available on the >> target machine?) > > I'm a bit short on time before boarding this flight, so I can't test it > out at the moment, but I'm pretty sure the "failed to run..." message > condition would be thrown. I'll check and get back to you. Check, and if that's good, let's merge this in the patch series tomorrow. >> I=E2=80=99m just stumbling upon =E2=80=9Csocket-name=E2=80=9D. =E2=80= =9C/var/guix=E2=80=9D is not guaranteed to >> be the localstatedir. It would be better to use (guix config) to >> determine the configured value. >> >> This doesn=E2=80=99t block this patch, of course, but it would be good t= o change >> this in the future. > > Right, yeah. I may submit a separate patch for it shortly since it > should be a simple change. See if you can get it in the patch series (as the last patch)! If you can't, file a bug, and let's not block on it. From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 04:03:58 2019 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:03:58 +0000 Received: from localhost ([127.0.0.1]:50564 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAjm-0004Tp-89 for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:03:58 -0400 Received: from mx.sdf.org ([205.166.94.20]:54866) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAjk-0004Tf-3u for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:03:56 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F83gBl017726 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:03:53 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Christopher Lemmer Webber Subject: Re: [bug#36957] [PATCH 0/5] Consolidated patches for guix deploy In-Reply-To: <87h86jxyea.fsf@dustycloud.org> (Christopher Lemmer Webber's message of "Wed, 14 Aug 2019 16:52:45 -0400") References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) Date: Thu, 15 Aug 2019 04:03:45 -0400 Message-ID: <875zmy26u6.fsf_-_@sdf.lonestar.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Ricardo Wurmus , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Christopher Lemmer Webber writes: > Check, and if that's good, let's merge this in the patch series > tomorrow. As predicted, it handles a missing 'sudo' just fine :] > See if you can get it in the patch series (as the last patch)! If you > can't, file a bug, and let's not block on it. Got it in! Pretty simple change. Jakob L. Kreuze (5): machine: Allow non-root users to deploy. machine: Implement 'roll-back-machine'. machine: Automatically authorize the coordinator's signing key. doc: Add description of 'build-locally?'. remote: Use (%daemon-socket-uri) rather than hard-coded path. doc/guix.texi | 15 ++++++ gnu/machine.scm | 27 +++++++++- gnu/machine/ssh.scm | 113 ++++++++++++++++++++++++++++++++++++---- guix/remote.scm | 57 ++++++++++++-------- guix/scripts/deploy.scm | 17 +++++- guix/ssh.scm | 48 ++++++++++++++--- 6 files changed, 236 insertions(+), 41 deletions(-) =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1VEeEACgkQ9Qb9Fp2P 2Vo9Dw/+JOE8+UZxPmMvPNV6Us5mux/qn0g3Dh2nZbS4BooKda416PhZ6mxXxL3K h3+M8PCtGP0n7eyZQ39aXxMMjltCK0d2jd5M+ta4dl5hmUZP6ehxJdfLv3kbp2K9 xAVuAwUgvfiTAx/JO+koEv99yJdTvAXtq0GF89f9fjmJwCF30NtWZifzSnpn828c gFe/x6qwXryTNJXIAG1s5U2L1pCT0AKyDx+sA3Y0ulRQboCd4/JDKvyiopLVsG87 bpakSIakqFjNpkmgyG+48HcmuyDFMUiHun/InBDeTsX2aqv0pgittFHuZb9ZWacj AERIXrF1RIAa8IzvDWc6wqc0uMvuO7MOiGypnxfSwrufy3t1E6PFk2CLrntywAN5 N2st+S9X+D48lm2uBZyMkpZaGrSuD43W7j1hzoWRfTmoh6VypIVVAJn5hUrqwzZB +Sfus1I7mZrdn+WAha7Qymi3ldRl3eLqrA/SEcKNA2OdYPNkaNBGydFsjfJ/QMcQ PlFR8RRzSRv0XMXj/+4acSaeH4mIFhsv+t1wkvyyB6IjzKt9AqyN8Iu6Rw3OpaSw +EyfEsgYVhFg6yFvdPq/uprm5C+NSpMuVkwTNz0axLMmBqn2dl0moyMDN0UcZYRE fJaUkpiN4ejtxs1HX8eYryoz2Uv9VqUMDRfwuXHVPdQ60loJ1vE= =j12h -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 04:05:13 2019 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:05:13 +0000 Received: from localhost ([127.0.0.1]:50568 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAky-0004WE-ON for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:05:13 -0400 Received: from mx.sdf.org ([205.166.94.20]:54536) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAkw-0004W3-V2 for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:05:11 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F853KI005090 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:05:07 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Christopher Lemmer Webber Subject: Re: [bug#36957] [PATCH 1/5] machine: Allow non-root users to deploy. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:05:04 -0400 In-Reply-To: <875zmy26u6.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:03:45 -0400") Message-ID: <871rxm26rz.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Ricardo Wurmus , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix deploy): Add section describing prerequisites for deploying as a non-root user. * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' argument. (%remote-eval): New optional 'become-command' argument. (remote-eval): New 'become-command' keyword argument. * guix/ssh.scm (remote-inferior): New optional 'become-command' argument.=20=20 (inferior-remote-eval): New optional 'become-command' argument. (remote-authorize-signing-key): New optional 'become-command' argument. * gnu/machine/ssh.scm (machine-become-command): New variable. (managed-host-remote-eval): Invoke 'remote-eval' with the '#:become-command' keyword. (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the '#:become-command' keyword. =2D-- doc/guix.texi | 10 ++++++++ gnu/machine/ssh.scm | 8 +++++++ guix/remote.scm | 57 ++++++++++++++++++++++++++++----------------- guix/ssh.scm | 25 ++++++++++++++------ 4 files changed, 72 insertions(+), 28 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a7facf4701..e5cec7ad25 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25514,6 +25514,7 @@ evaluates to. As an example, @var{file} might cont= ain a definition like this: (environment managed-host-environment-type) (configuration (machine-ssh-configuration (host-name "localhost") + (user "alice") (identity "./id_rsa") (port 2222))))) @end example @@ -25546,6 +25547,15 @@ accepts store items it receives from the coordinat= or: # guix archive --authorize < coordinator-public-key.txt @end example =20 +@code{user}, in this example, specifies the name of the user account to lo= g in +as to perform the deployment. Its default value is @code{root}, but root +login over SSH may be forbidden in some cases. To work around this, +@command{guix deploy} can log in as an unprivileged user and employ +@code{sudo} to escalate privileges. This will only work if @code{sudo} is +currently installed on the remote and can be invoked non-interactively as +@code{user}. That is: the line in @code{sudoers} granting @code{user} the +ability to use @code{sudo} must contain the @code{NOPASSWD} tag. + @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 670990a633..fb15d39e61 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -101,6 +101,14 @@ one from the configuration's parameters if one was not= provided." ;;; Remote evaluation. ;;; =20 +(define (machine-become-command machine) + "Return as a list of strings the program and arguments necessary to run a +shell command with escalated privileges for MACHINE's configuration." + (if (string=3D "root" (machine-ssh-configuration-user + (machine-configuration machine))) + '() + '("/run/setuid-programs/sudo" "-n" "--"))) + (define (managed-host-remote-eval machine exp) "Internal implementation of 'machine-remote-eval' for MACHINE instances = with an environment type of 'managed-host." diff --git a/guix/remote.scm b/guix/remote.scm index bcac64ea7a..d8124e41ab 100644 =2D-- a/guix/remote.scm +++ b/guix/remote.scm @@ -27,6 +27,8 @@ #:use-module (guix utils) #:use-module (ssh popen) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (ice-9 match) #:export (remote-eval)) =20 @@ -41,29 +43,41 @@ ;;; ;;; Code: =20 =2D(define (remote-pipe-for-gexp lowered session) =2D "Return a remote pipe for the given SESSION to evaluate LOWERED." +(define* (remote-pipe-for-gexp lowered session #:optional become-command) + "Return a remote pipe for the given SESSION to evaluate LOWERED. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." (define shell-quote (compose object->string object->string)) =20 =2D (apply open-remote-pipe* session OPEN_READ =2D (string-append (derivation-input-output-path =2D (lowered-gexp-guile lowered)) =2D "/bin/guile") =2D "--no-auto-compile" =2D (append (append-map (lambda (directory) =2D `("-L" ,directory)) =2D (lowered-gexp-load-path lowered)) =2D (append-map (lambda (directory) =2D `("-C" ,directory)) =2D (lowered-gexp-load-path lowered)) =2D `("-c" =2D ,(shell-quote (lowered-gexp-sexp lowered)))))) + (define repl-command + (append (or become-command '()) + (list + (string-append (derivation-input-output-path + (lowered-gexp-guile lowered)) + "/bin/guile") + "--no-auto-compile") + (append-map (lambda (directory) + `("-L" ,directory)) + (lowered-gexp-load-path lowered)) + (append-map (lambda (directory) + `("-C" ,directory)) + (lowered-gexp-load-path lowered)) + `("-c" + ,(shell-quote (lowered-gexp-sexp lowered))))) =20 =2D(define (%remote-eval lowered session) + (let ((pipe (apply open-remote-pipe* session OPEN_READ repl-command))) + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) + pipe)) + +(define* (%remote-eval lowered session #:optional become-command) "Evaluate LOWERED, a lowered gexp, in SESSION. This assumes that all the =2Dprerequisites of EXP are already available on the host at SESSION." =2D (let* ((pipe (remote-pipe-for-gexp lowered session)) +prerequisites of EXP are already available on the host at SESSION. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." + (let* ((pipe (remote-pipe-for-gexp lowered session become-command)) (result (read-repl-response pipe))) (close-port pipe) result)) @@ -92,7 +106,8 @@ result to the current output port using the (guix repl) = protocol." (build-locally? #t) (system (%current-system)) (module-path %load-path) =2D (socket-name "/var/guix/daemon-socket/socket")) + (socket-name "/var/guix/daemon-socket/socket") + (become-command #f)) "Evaluate EXP, a gexp, on the host at SESSION, an SSH session. Ensure t= hat all the elements EXP refers to are built and deployed to SESSION beforehan= d. When BUILD-LOCALLY? is true, said dependencies are built locally and sent = to @@ -119,7 +134,7 @@ remote store." (built-derivations inputs) ((store-lift send-files) to-send remote #:recursive? #t) (return (close-connection remote)) =2D (return (%remote-eval lowered session)))) + (return (%remote-eval lowered session become-command)))) (let ((to-send (append (map (compose derivation-file-name derivation-input-derivation) inputs) @@ -128,4 +143,4 @@ remote store." ((store-lift send-files) to-send remote #:recursive? #t) (return (build-derivations remote inputs)) (return (close-connection remote)) =2D (return (%remote-eval lowered session))))))) + (return (%remote-eval lowered session become-command))))))) diff --git a/guix/ssh.scm b/guix/ssh.scm index 9b5ca68894..90311127a1 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -98,16 +98,27 @@ specifies; otherwise use them. Throw an error on failu= re." (message (format #f (G_ "SSH connection to '~a' failed: ~a= ~%") host (get-error session)))))))))) =20 =2D(define (remote-inferior session) =2D "Return a remote inferior for the given SESSION." =2D (let ((pipe (open-remote-pipe* session OPEN_BOTH =2D "guix" "repl" "-t" "machine"))) +(define* (remote-inferior session #:optional become-command) + "Return a remote inferior for the given SESSION. If BECOME-COMMAND is +given, use that to invoke the remote Guile REPL." + (let* ((repl-command (append (or become-command '()) + '("guix" "repl" "-t" "machine"))) + (pipe (apply open-remote-pipe* session OPEN_BOTH repl-command))) + ;; XXX: 'channel-get-exit-status' would be better here, but hangs if t= he + ;; process does succeed. This doesn't reflect the documentation, so it= 's + ;; possible that it's a bug in guile-ssh. + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) (port->inferior pipe))) =20 =2D(define (inferior-remote-eval exp session) +(define* (inferior-remote-eval exp session #:optional become-command) "Evaluate EXP in a new inferior running in SESSION, and close the inferi= or =2Dright away." =2D (let ((inferior (remote-inferior session))) +right away. If BECOME-COMMAND is given, use that to invoke the remote Gui= le +REPL." + (let ((inferior (remote-inferior session become-command))) (dynamic-wind (const #t) (lambda () =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1VEjIACgkQ9Qb9Fp2P 2VopbQ/+JecFi3jpCgfba9ce2Y8/2HfCUsSDv4Ru7nnk42XjcQ0/5grnPHfTnAEn XC4DbDCmTjxRZ2UFJjZgxuz+OwP3lAFswUb8JuoMpCw3Wr+HOlDjmQiwhYRO09OX xDPURpC3aa/+Xr9Wv4AnIzcKbp3rqqxtv098yg9nb5L5LnHrkFGPxjApcIPpZveh KYDCAeynAbfrOqxNpMDzS0JmccT7DpA3btqYNq2HZ/knTlQQPJQgWPZoUu3kqoxw MPivk+lf2UE7W8jeQfOzViMW6zD73Uul6lzii0LtkRMbAAKx8SpPGp2z0oFBC5ps Hd9TKEL/FsvwvNxGK6V94Idb13nOg0RrUH/MIrMNl81D1hkv5PkIwtyB4SXs4DQU RXTuMs19hDLFviYAPZFMQNx5w0wniS8DUNP51RIuNvn13cpT3vvq4zUj2xOTRnKn VhlwL9eVIgYMrI0CjpK0fxtl28v0vL43/w6Y2IgAtswDn7SLouGekhtu276eZKvi /ivWYr8vWdUMRwO35MCI1RPfDrqkj8hlIuALvRIc757kc2djIlECYZ68QEbhLxiv SsVjRHF+/gF56vdR+kprI50VHcdYA+ty5Mlm002S1KZrlqmOkDfAJkbpb7Lt1v4f 0BwGpibUxaAQD83CzUtUHF+sv1LsPb40PLnIc3Xa+hG4bkWlPJw= =/356 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 04:06:04 2019 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:06:04 +0000 Received: from localhost ([127.0.0.1]:50572 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAlo-0004Xo-AR for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:06:04 -0400 Received: from mx.sdf.org ([205.166.94.20]:54381) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAlm-0004XL-AX for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:06:02 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F85s4N003379 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:05:59 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Christopher Lemmer Webber Subject: Re: [bug#36957] [PATCH 2/5] machine: Implement 'roll-back-machine'. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:05:57 -0400 In-Reply-To: <871rxm26rz.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:05:04 -0400") Message-ID: <87wofezwd6.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Ricardo Wurmus , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * gnu/machine.scm (roll-back-machine, &deploy-error, deploy-error?) (deploy-error-should-roll-back) (deploy-error-captured-args): New variable. * gnu/machine/ssh.scm (roll-back-managed-host): New variable. * guix/scripts/deploy.scm (guix-deploy): Roll-back systems when a deployment fails. =2D-- gnu/machine.scm | 27 +++++++++++++++- gnu/machine/ssh.scm | 72 +++++++++++++++++++++++++++++++++++++++-- guix/scripts/deploy.scm | 17 ++++++++-- 3 files changed, 110 insertions(+), 6 deletions(-) diff --git a/gnu/machine.scm b/gnu/machine.scm index 30ae97f6ec..05b03b21d4 100644 =2D-- a/gnu/machine.scm +++ b/gnu/machine.scm @@ -24,6 +24,7 @@ #:use-module (guix records) #:use-module (guix store) #:use-module ((guix utils) #:select (source-properties->location)) + #:use-module (srfi srfi-35) #:export (environment-type environment-type? environment-type-name @@ -40,7 +41,13 @@ machine-display-name =20 deploy-machine =2D machine-remote-eval)) + roll-back-machine + machine-remote-eval + + &deploy-error + deploy-error? + deploy-error-should-roll-back + deploy-error-captured-args)) =20 ;;; Commentary: ;;; @@ -66,6 +73,7 @@ ;; of the form '(machine-remote-eval machine exp)'. (machine-remote-eval environment-type-machine-remote-eval) ; procedure (deploy-machine environment-type-deploy-machine) ; procedure + (roll-back-machine environment-type-roll-back-machine) ; procedure =20 ;; Metadata. (name environment-type-name) ; symbol @@ -105,3 +113,20 @@ are built and deployed to MACHINE beforehand." MACHINE, activating it on MACHINE and switching MACHINE to the new generat= ion." (let ((environment (machine-environment machine))) ((environment-type-deploy-machine environment) machine))) + +(define (roll-back-machine machine) + "Monadic procedure rolling back to the previous system generation on +MACHINE. Return the number of the generation that was current before switc= hing +and the new generation number." + (let ((environment (machine-environment machine))) + ((environment-type-roll-back-machine environment) machine))) + + +;;; +;;; Error types. +;;; + +(define-condition-type &deploy-error &error + deploy-error? + (should-roll-back deploy-error-should-roll-back) + (captured-args deploy-error-captured-args)) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index fb15d39e61..4b5d5fe3a2 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -17,6 +17,7 @@ ;;; along with GNU Guix. If not, see . =20 (define-module (gnu machine ssh) + #:use-module (gnu bootloader) #:use-module (gnu machine) #:autoload (gnu packages gnupg) (guile-gcrypt) #:use-module (gnu system) @@ -34,6 +35,7 @@ #:use-module (guix store) #:use-module (guix utils) #:use-module (ice-9 match) + #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) @@ -341,6 +343,18 @@ of MACHINE's system profile, ordered from most recent = to oldest." (boot-parameters-kernel-arguments params)))))))) generations)))) =20 +(define-syntax-rule (with-roll-back should-roll-back? mbody ...) + "Catch exceptions that arise when binding MBODY, a monadic expression in +%STORE-MONAD, and collect their arguments in a &deploy-error condition, wi= th +the 'should-roll-back' field set to SHOULD-ROLL-BACK?" + (catch #t + (lambda () + mbody ...) + (lambda args + (raise (condition (&deploy-error + (should-roll-back should-roll-back?) + (captured-args args))))))) + (define (deploy-managed-host machine) "Internal implementation of 'deploy-machine' for MACHINE instances with = an environment type of 'managed-host." @@ -353,9 +367,60 @@ environment type of 'managed-host." (bootloader-configuration (operating-system-bootloader os)) (bootcfg (operating-system-bootcfg os menu-entries))) (mbegin %store-monad =2D (switch-to-system eval os) =2D (upgrade-shepherd-services eval os) =2D (install-bootloader eval bootloader-configuration bootcfg))))) + (with-roll-back #f + (switch-to-system eval os)) + (with-roll-back #t + (mbegin %store-monad + (upgrade-shepherd-services eval os) + (install-bootloader eval bootloader-configuration bootcfg)))))= )) + + +;;; +;;; Roll-back. +;;; + +(define (roll-back-managed-host machine) + "Internal implementation of 'roll-back-machine' for MACHINE instances wi= th +an environment type of 'managed-host." + (define remote-exp + (with-extensions (list guile-gcrypt) + (with-imported-modules (source-module-closure '((guix config) + (guix profiles))) + #~(begin + (use-modules (guix config) + (guix profiles)) + + (define %system-profile + (string-append %state-directory "/profiles/system")) + + (define target-generation + (relative-generation %system-profile -1)) + + (if target-generation + (switch-to-generation %system-profile target-generation) + 'error))))) + + (define roll-back-failure + (condition (&message (message (G_ "could not roll-back machine"))))) + + (mlet* %store-monad ((boot-parameters (machine-boot-parameters machine)) + (_ -> (if (< (length boot-parameters) 2) + (raise roll-back-failure))) + (entries -> (map boot-parameters->menu-entry + (list (second boot-parameters)))) + (old-entries -> (map boot-parameters->menu-entry + (drop boot-parameters 2))) + (bootloader -> (operating-system-bootloader + (machine-operating-system machine))) + (bootcfg (lower-object + ((bootloader-configuration-file-generator + (bootloader-configuration-bootloader + bootloader)) + bootloader entries + #:old-entries old-entries))) + (remote-result (machine-remote-eval machine remote-= exp))) + (when (eqv? 'error remote-result) + (raise roll-back-failure)))) =20 ;;; @@ -366,6 +431,7 @@ environment type of 'managed-host." (environment-type (machine-remote-eval managed-host-remote-eval) (deploy-machine deploy-managed-host) + (roll-back-machine roll-back-managed-host) (name 'managed-host-environment-type) (description "Provisioning for machines that are accessible ove= r SSH and have a known host-name. This entails little more than maintaining an S= SH diff --git a/guix/scripts/deploy.scm b/guix/scripts/deploy.scm index 81f2b33260..6a67985c8b 100644 =2D-- a/guix/scripts/deploy.scm +++ b/guix/scripts/deploy.scm @@ -28,6 +28,8 @@ #:use-module (guix grafts) #:use-module (ice-9 format) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (srfi srfi-37) #:export (guix-deploy)) =20 @@ -88,7 +90,18 @@ Perform the deployment specified by FILE.\n")) (with-store store (set-build-options-from-command-line store opts) (for-each (lambda (machine) =2D (info (G_ "deploying to ~a...") (machine-display-name = machine)) + (info (G_ "deploying to ~a...~%") + (machine-display-name machine)) (parameterize ((%graft? (assq-ref opts 'graft?))) =2D (run-with-store store (deploy-machine machine)))) + (guard (c ((message-condition? c) + (report-error (G_ "failed to deploy ~a: '~a= '~%") + (machine-display-name machine) + (condition-message c))) + ((deploy-error? c) + (when (deploy-error-should-roll-back c) + (info (G_ "rolling back ~a...~%") + (machine-display-name machine)) + (run-with-store store (roll-back-machine = machine))) + (apply throw (deploy-error-captured-args c)= ))) + (run-with-store store (deploy-machine machine))))) machines)))) =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1VEmUACgkQ9Qb9Fp2P 2VoumRAApeAaUtssPZi4IrSnzW3YS6f/Erp9jZBDzfOcRjG2RUtZNgARQ8+vitNH iDIZynwsSR2MxX203/fBG6OuKgMvBzME9nQKGV49+2eWE+8GBroHl19SNT3j0avm 0zU1q4rbxEMCaMkkMyzb2WoZ8iJlUlitOyJFh0TO59XWSgt4HyRWD8/HsfIcT+vo 3TqqnZUVQh50a7V6/+i0GqtuuPWTHkyRiuPO/l0xFBonM0/XRBO4xucM3As0BJ9O kogC78e7Jxk94TGmGFxN/Ob0KUZw1lw+JqKvw0lZyhBxAy+jYnT98dmUqxJmzrOz JPrnNYDlnRj/FZqGwk28/3ypcR60UE59gLxeYuCYpj9t8aCeQbZsRW0tI19qMu76 aK1Wbb767ku0OVOSOk0U1/Um8yosdF7O7DFyFIke7NJKQnlOnsoYmuswYIrE+BgM LpHOPxVF59kFa9jJ85px7L1sTpHdVV1J8fj7L0dr6SO9WWXPcjThUJjsUJxzD4RF peOVqOtxybpkGuIZQxzSkjR1LXyopd9hA8oIZ2oucSMoahvV9y7pE7gwKONqzYm5 3j0azC1wfPmyJfUvM4PrkLNKd8mua7PexBvrspvPymmGFzzjjRcCmjkT+j6EBtY2 QAZKwjiodu4AO0eg67PzcUpPB8PYrIqHWLgJv9DEI2XkbMvwJ9k= =jkYl -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 04:06:46 2019 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:06:46 +0000 Received: from localhost ([127.0.0.1]:50575 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAmT-0004Yj-RR for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:06:46 -0400 Received: from mx.sdf.org ([205.166.94.20]:54231) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAmS-0004Yc-NT for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:06:45 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F86cFR009862 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:06:42 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Christopher Lemmer Webber Subject: Re: [bug#36957] [PATCH 3/5] machine: Automatically authorize the coordinator's signing key. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> <87wofezwd6.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:06:41 -0400 In-Reply-To: <87wofezwd6.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:05:57 -0400") Message-ID: <87sgq2zwby.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Ricardo Wurmus , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. (deploy-managed-host): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. (Invoking guix deploy): Add section describing the 'authorize?' field. =2D-- doc/guix.texi | 3 +++ gnu/machine/ssh.scm | 33 ++++++++++++++++++++++++++------- guix/ssh.scm | 23 +++++++++++++++++++++++ 3 files changed, 52 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index e5cec7ad25..d80f62970d 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25586,6 +25586,9 @@ with an @code{environment} of @code{managed-host-en= vironment-type}. @item @code{system} The Nix system type describing the architecture of the machine being deplo= yed to. This should look something like ``x86_64-linux''. +@item @code{authorize?} (default: @code{#t}) +If true, the coordinator's signing key will be added to the remote's ACL +keyring. @item @code{port} (default: @code{22}) @item @code{user} (default: @code{"root"}) @item @code{identity} (default: @code{#f}) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 4b5d5fe3a2..ac3aa3e370 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -28,13 +28,16 @@ #:use-module (guix i18n) #:use-module (guix modules) #:use-module (guix monads) + #:use-module (guix pki) #:use-module (guix records) #:use-module (guix remote) #:use-module (guix scripts system reconfigure) #:use-module (guix ssh) #:use-module (guix store) #:use-module (guix utils) + #:use-module (gcrypt pk-crypto) #:use-module (ice-9 match) + #:use-module (ice-9 textual-ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) @@ -48,6 +51,7 @@ =20 machine-ssh-configuration-host-name machine-ssh-configuration-build-locally? + machine-ssh-configuration-authorize? machine-ssh-configuration-port machine-ssh-configuration-user machine-ssh-configuration-session)) @@ -70,17 +74,19 @@ make-machine-ssh-configuration machine-ssh-configuration? this-machine-ssh-configuration =2D (host-name machine-ssh-configuration-host-name) ; string =2D (system machine-ssh-configuration-system) ; string =2D (build-locally? machine-ssh-configuration-build-locally? + (host-name machine-ssh-configuration-host-name) ; string + (system machine-ssh-configuration-system) ; string + (build-locally? machine-ssh-configuration-build-locally? ; boolean (default #t)) =2D (port machine-ssh-configuration-port ; integer + (authorize? machine-ssh-configuration-authorize? ; boolean + (default #t)) + (port machine-ssh-configuration-port ; integer (default 22)) =2D (user machine-ssh-configuration-user ; string + (user machine-ssh-configuration-user ; string (default "root")) =2D (identity machine-ssh-configuration-identity ; path to a priva= te key + (identity machine-ssh-configuration-identity ; path to a pri= vate key (default #f)) =2D (session machine-ssh-configuration-session ; session + (session machine-ssh-configuration-session ; session (default #f))) =20 (define (machine-ssh-session machine) @@ -359,6 +365,19 @@ the 'should-roll-back' field set to SHOULD-ROLL-BACK?" "Internal implementation of 'deploy-machine' for MACHINE instances with = an environment type of 'managed-host." (maybe-raise-unsupported-configuration-error machine) + (when (machine-ssh-configuration-authorize? + (machine-configuration machine)) + (unless (file-exists? %public-key-file) + (raise (condition + (&message + (message (format #f (G_ "no signing key '~a'. \ +have you run 'guix archive --generate-key?'") + %public-key-file)))))) + (remote-authorize-signing-key (call-with-input-file %public-key-file + (lambda (port) + (string->canonical-sexp + (get-string-all port)))) + (machine-ssh-session machine))) (mlet %store-monad ((_ (check-deployment-sanity machine)) (boot-parameters (machine-boot-parameters machine))) (let* ((os (machine-operating-system machine)) diff --git a/guix/ssh.scm b/guix/ssh.scm index 90311127a1..24834c6f68 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -21,6 +21,7 @@ #:use-module (guix inferior) #:use-module (guix i18n) #:use-module ((guix utils) #:select (&fix-hint)) + #:use-module (gcrypt pk-crypto) #:use-module (ssh session) #:use-module (ssh auth) #:use-module (ssh key) @@ -40,6 +41,7 @@ remote-daemon-channel connect-to-remote-daemon remote-system + remote-authorize-signing-key send-files retrieve-files retrieve-files* @@ -300,6 +302,27 @@ the machine on the other end of SESSION." (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-syste= m)) session)) =20 +(define (remote-authorize-signing-key key session) + "Send KEY, a canonical sexp containing a public key, over SESSION and ad= d it +to the system ACL file if it has not yet been authorized." + (inferior-remote-eval + `(begin + (use-modules (guix build utils) + (guix pki) + (guix utils) + (gcrypt pk-crypto) + (srfi srfi-26)) + + (define acl (current-acl)) + (define key (string->canonical-sexp ,(canonical-sexp->string key))) + + (unless (authorized-key? key) + (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) + (mkdir-p (dirname %acl-file)) + (with-atomic-file-output %acl-file + (cut write-acl acl <>))))) + session)) + (define* (send-files local files remote #:key recursive? =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1VEpIACgkQ9Qb9Fp2P 2VqaDhAAkmA3DDnBFyTtpSgd5rusOPioMnwbCPqUVFRyBfqVy8NqDv3q78mNyx1j nchOg6iwB/MM1AYE/H9ZedRkCZup9iB4qNN3Ru9RTh9a6hcXp2W2QBQx365j//kh VCd1GqfJag9sH19bVdKVIZhEViD5y/Kn3pIKuJXpSeWtXTo95/d4Dba/yc3jDlMi xi+Uwo6s64xIxh82Y939KMKYif0Hn2eqpGdaCdgaAcgs/etU4DsMSGM9Jvb4by5e GjgVnc7GrBNkRQqdSy6W0YxrGJh7X06rQVoeemJ3+JJQCaQFabpAMrIaXGq2Ssrx gVdG3vGWZ7uJUI+hQhOMthObQiYoztQ63FcAS1CcMAK8QvDXtWERpsnY1JA+NWxc SGpZ9WMa9G65zJn05ui/v9Wqv4hT0kLHVmbSPruss6WWF2Rz90oIFVijnF/2xw3H LrrGA4AMKt3IHfWtcOHjNEt4Gxh4ziY2a/AuttHrM7pGrWCIXIF5d5lE64fTX4dW Cr6tB+b86xVF7/im02o+ueV3mfM+ivs7YVdaLQ+UcVwwoTAjwHeCkb4Yyo9xr5Wg PVppHTJIDwoZelUWopElt5vKRzXrV7wZHKYo76HwuFVmbhiqUoKdtZtt44YkRT15 o0xhSFEzVqwu0UrnIW4Jpya0hqMzn0vLYQ4qgRR40hOY+K01HFw= =oq8Q -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 04:07:35 2019 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:07:35 +0000 Received: from localhost ([127.0.0.1]:50580 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAnH-0004aK-AZ for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:07:35 -0400 Received: from mx.sdf.org ([205.166.94.20]:54066) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAnF-0004aC-LF for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:07:34 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F87KI1015193 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:07:28 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Christopher Lemmer Webber Subject: Re: [bug#36957] [PATCH 4/5] doc: Add description of 'build-locally?'. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> <87wofezwd6.fsf_-_@sdf.lonestar.org> <87sgq2zwby.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:07:19 -0400 In-Reply-To: <87sgq2zwby.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:06:41 -0400") Message-ID: <87o90qzwaw.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Ricardo Wurmus , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix deploy): Add section describing the 'build-locally?' field of 'managed-host-environment-type'. =2D-- doc/guix.texi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index d80f62970d..043851e418 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25583,6 +25583,8 @@ with an @code{environment} of @code{managed-host-en= vironment-type}. =20 @table @asis @item @code{host-name} +@item @code{build-locally?} (default: @code{#t}) +If false, system derivations will be built on the machine being deployed t= o. @item @code{system} The Nix system type describing the architecture of the machine being deplo= yed to. This should look something like ``x86_64-linux''. =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1VErcACgkQ9Qb9Fp2P 2Vroaw/8CIdtnXq70fWIxxz5ym4/e7NZdUc92eX1x+fBcLg05WwR8IhRIGECQmaq ubroxHVgyhpjhhquGb5CIA8DOdtKm1S3NlIV3wgWiHOGctcJoqpNhmzOCYEyaIho 4IpWmIm0SHBIcwdm08K9tCBES89aHOnIVv7p5X0nmZAWYnE6LM+IFqYU7iAGuUbO ua6vC+yUY1ImABV0w+NpMwul6qFrgt1pfJMWnMYpDH2/bK8pAuwB30xVZsmgWpKs klwgJe+vGRYIE2GFEUvMrbgHwJunpVlIKJKhqUOksDyPVqDWq5Ai2wc+vdBUsbtA Xm6G4R0PWmOTC4DaENhZT5SGk4IKSe7NM/Iui1hIWgpJFCXKXJmOfM2498g6Vfzi vwP4d2QAszcwwCs06uF6wJwYN4K1tnGLxbijg2HK0mPPkR6oBn2ngryiZUqV5D0e RCSM/JGWM796ERmkbJncbt2kP76gxY+1zvXOBv0mIrBJhpTSlgBzLwYS96FXtzps qX8sNzWiUtTpf5A7QGnruyzQVGC31w5RC9wNuWnCSwGXWtiKFKc9RMvHKRMl3W/D lDht6IWWkqXT/4awz6AEfSwgigX0us0mWlX6UyocRvFj41691jqL+zq/SWm1ns58 zK8K9xaNgocG7+ay0IJ6PX69cWu8DB4IyYCUAvWOHzprREnEbYo= =UPvQ -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 04:08:25 2019 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:08:25 +0000 Received: from localhost ([127.0.0.1]:50584 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAo5-0004bo-Ky for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:08:25 -0400 Received: from mx.sdf.org ([205.166.94.20]:53838) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAo3-0004bg-WF for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:08:24 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F88IFL007726 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:08:21 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Christopher Lemmer Webber Subject: Re: [bug#36957] [PATCH 5/5] remote: Use (%daemon-socket-uri) rather than hard-coded path. References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> <87wofezwd6.fsf_-_@sdf.lonestar.org> <87sgq2zwby.fsf_-_@sdf.lonestar.org> <87o90qzwaw.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:08:22 -0400 In-Reply-To: <87o90qzwaw.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:07:19 -0400") Message-ID: <87k1bezw95.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Ricardo Wurmus , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * guix/remote.scm (remote-eval): Use (%daemon-socket-uri) as the default value of 'socket-name' rather than hard-coded path. =2D-- guix/remote.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guix/remote.scm b/guix/remote.scm index d8124e41ab..ae2fe17dd2 100644 =2D-- a/guix/remote.scm +++ b/guix/remote.scm @@ -106,7 +106,7 @@ result to the current output port using the (guix repl)= protocol." (build-locally? #t) (system (%current-system)) (module-path %load-path) =2D (socket-name "/var/guix/daemon-socket/socket") + (socket-name (%daemon-socket-uri)) (become-command #f)) "Evaluate EXP, a gexp, on the host at SESSION, an SSH session. Ensure t= hat all the elements EXP refers to are built and deployed to SESSION beforehan= d. =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1VEvYACgkQ9Qb9Fp2P 2Vozmg/6An5sPvBUuz2jwM0QipWLUfU9l2tbdl3On7HmRRKYM+orx0vZYxMjj0f1 nmK3zguYTzCYwoKItyDw2gDpnDJLrRN1ta2YFB4jDqiIPb5QXPKAIey1UGphjCd8 18uJVtFIkZ65la4DTu8irT5tzZjOEFtMOEjGMIFBBhGQGj2p9JRELJmqCXl+vuJ5 DWrLwRE1TZOW6XIFZ8ggzD6V+1st3srzwqJFT3qjCdeHFCglf0B/HFm16cWQWwkW sg9TW34gK+Vw+WvvOjk3HgZtTemRTUU204bkz+JB++El8RLOTQj/gXT94b7kt7lN GehNXUyXztm2WLurMVmW7xi5a3oHhPyYo3RFo2a2CvCw/ENjkgQ2qvdmEj3aAw6E dmpivOieIxCY41ka2lCre42/QodDXYWbjUuzKeid0g5OceAVGK+9GHxLKVv1S0nr su+UY8Mz0GCSmy8Gif4bXJX2bPTmDQmhbWNFMUSjdW+4UtPlZ4QZ4v13AappDU80 2iSfM1kdVYbsVs7M2ORAMFsW0nIEtsi8xX8Cu2oveaOdAhhK6EsDC0Uez4tk1CD1 LyIOOe9ZzBINe8mr7sfXdW2PqwgCOsW4Rxc/S+4+GJIavLtS4Z0SWnzT2hmTPTIf jJeQv2CqTwVS6iRMPFRDYOOoQbqbk+KJ/t0TJzr/6sxL/QPkJdE= =rgLi -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 07:44:14 2019 Received: (at 36957-done) by debbugs.gnu.org; 15 Aug 2019 11:44:14 +0000 Received: from localhost ([127.0.0.1]:50722 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyEAw-0003hT-Du for submit@debbugs.gnu.org; Thu, 15 Aug 2019 07:44:14 -0400 Received: from dustycloud.org ([50.116.34.160]:43292) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyEAv-0003hK-1K for 36957-done@debbugs.gnu.org; Thu, 15 Aug 2019 07:44:13 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 10FFB265C9; Thu, 15 Aug 2019 07:44:12 -0400 (EDT) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> <87wofezwd6.fsf_-_@sdf.lonestar.org> <87sgq2zwby.fsf_-_@sdf.lonestar.org> <87o90qzwaw.fsf_-_@sdf.lonestar.org> <87k1bezw95.fsf_-_@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber To: "Jakob L. Kreuze" Subject: Re: [bug#36957] [PATCH 5/5] remote: Use (%daemon-socket-uri) rather than hard-coded path. In-reply-to: <87k1bezw95.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 07:44:11 -0400 Message-ID: <87ftm2y7p0.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 36957-done Cc: Ricardo Wurmus , 36957-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Merged and pushed! Now to mark all the other issues as done too... From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 11:07:22 2019 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 15:07:22 +0000 Received: from localhost ([127.0.0.1]:52225 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyHLV-0006xA-TV for submit@debbugs.gnu.org; Thu, 15 Aug 2019 11:07:22 -0400 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21258) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyHLS-0006x1-Vq for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 11:07:19 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1565881635; cv=none; d=zoho.com; s=zohoarc; b=B4vgnbWSS9y5ZwZDRxZh5P6EVtolIGPXOwdyn26FDpg70qbG+yMUU0nC4dVk+G7ZKhI9j3KdivYGLo4krWi+MyJ6scFz3r69IWrbMipmCi2X35FXy3UEv78GIU+3zzl7zvN9HpD90jZaIoUMW2fPmVey9q0mMO3Okobh5eYITBE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1565881635; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=MdVSV4vqc/yu/TbKj1GidyaKT0Va36r4mCn4+o6FYv4=; b=L8ZpZw74+xN6Od6SU0j0mLDMf6TcmYLR25I8E0RheyO8Eg824gvzV+aEZOv3DANY8X/P70C1aj/gl+wZGvsDzfpryQdfpIEsiDwYQmki0NJEiNod/NPUaiZFFhT1s+zTluWkrFR1KJAWBfBguvYI1X+wBMMh0A/6y/PvhEezXgM= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1565881635; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=1220; bh=MdVSV4vqc/yu/TbKj1GidyaKT0Va36r4mCn4+o6FYv4=; b=X1ZTICcn/c5h6DXbZf2CzPmeDRuzO2os+Ij8zRPguNAzP8hz0dbD13m7PObOrc6y VT5KGg+uV8u4P01CU1A/eYr3b1MTyficGQOi0gN01BcopICp61PvhCgSgJLPKk/htJW fNTY10nn2n0z4SJc/h5jMIBilS0zfXL3Ch0S38Qc= Received: from localhost (141.80.247.250 [141.80.247.250]) by mx.zohomail.com with SMTPS id 1565881630966559.3385267811652; Thu, 15 Aug 2019 08:07:10 -0700 (PDT) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus To: "Jakob L. Kreuze" Subject: Re: [bug#36957] [PATCH 1/5] machine: Allow non-root users to deploy. In-reply-to: <871rxm26rz.fsf_-_@sdf.lonestar.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Thu, 15 Aug 2019 17:07:07 +0200 Message-ID: <87ef1m79ic.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Christopher Lemmer Webber , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Jakob, > * doc/guix.texi (Invoking guix deploy): Add section describing > prerequisites for deploying as a non-root user. > * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' > argument. > (%remote-eval): New optional 'become-command' argument. > (remote-eval): New 'become-command' keyword argument. > * guix/ssh.scm (remote-inferior): New optional 'become-command' > argument.=20=20 > (inferior-remote-eval): New optional 'become-command' argument. > (remote-authorize-signing-key): New optional 'become-command' argument. > * gnu/machine/ssh.scm (machine-become-command): New variable. > (managed-host-remote-eval): Invoke 'remote-eval' with the > '#:become-command' keyword. > (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the > '#:become-command' keyword. [=E2=80=A6] > -(define (%remote-eval lowered session) > + (let ((pipe (apply open-remote-pipe* session OPEN_READ repl-command))) > + (when (eof-object? (peek-char pipe)) > + (raise (condition > + (&message > + (message (format #f (G_ "failed to run '~{~a~^ ~}'") > + repl-command)))))) > + pipe)) This leads to a compile warning because G_ isn=E2=80=99t available. --=20 Ricardo From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 15 12:13:56 2019 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 16:13:56 +0000 Received: from localhost ([127.0.0.1]:52350 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyINw-0002VZ-Ex for submit@debbugs.gnu.org; Thu, 15 Aug 2019 12:13:56 -0400 Received: from mx.sdf.org ([205.166.94.20]:60786) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyINv-0002VR-1Z for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 12:13:55 -0400 Received: from Upsilon (hsvpn34.hotsplots.net [176.74.57.181]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7FGDj6H017229 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 16:13:52 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: Ricardo Wurmus Subject: Re: [bug#36957] [PATCH 1/5] machine: Allow non-root users to deploy. In-Reply-To: <87ef1m79ic.fsf@elephly.net> (Ricardo Wurmus's message of "Thu, 15 Aug 2019 17:07:07 +0200") References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> <87ef1m79ic.fsf@elephly.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) Date: Thu, 15 Aug 2019 12:13:43 -0400 Message-ID: <87ef1mh0eg.fsf@sdf.lonestar.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36957 Cc: Christopher Lemmer Webber , 36957@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ricardo, Ricardo Wurmus writes: > This leads to a compile warning because G_ isn=E2=80=99t available. Thanks! Surprised I missed that. I've submitted a patch importing '(guix i18n)'. Regards, Jakob --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1VhLcACgkQ9Qb9Fp2P 2Vq6vQ/8D69d6bl07mMoBcd+orKv/EWQmZpPZ8QZPlqxLd8EwghAcUHCpQOOFAcn HO5/vIJNR9XAvvQfljai1coF6n/E2fqGvXfIIFPDodEIJuiCsROsECzqHp8uSKIa sk0Ch1N5uDkw0TEAtecNiO4tGqMugT2+7T5Xwg5lGvmJjP9J8tMJTEjZ9sU9sla4 Xvsq1o9HZNKVqxcNvg3BLzrcGC9+5KDit4aAlnW9XYPBqYeS124fpuezzgzi+WiY ZAVSGJkyTbnF2qqZzrvI9rIS+n54FQzTLBNEFKaiNIS7qXm3TXjYnqp0yZi0NP+G /TNnfA4RciultipdDYOEnYIs2cl4FJ8xs/PEkOmK//IhsdufFeqdMI0+mF2UB4UY AYJnNv8RECWYpH4klxMS32QW4XOBtt4q08MwteVn1KM2tFRSKhWSKYjtm3lArPJd XkbKfIjzBepaUtnpmnITrzCd3eXkm8hh9gJju9t56HWORz8cpPjX88ubf91Ge9ix DjwTqqcillZ45S/4bE5bgN6yFJZfoY2Z78bfQUNDOXPFgyHjaVQ1GBv5ycKwvsk+ 2IoTfhVrQ9HpNZnQAXyNT/y/Kj6OPUctDUj4I5p1kJ1BGemGTxCVXz53RpOjNowW zrY4ZXknWMwSnAct0q2LwmnVBgbxzLA+Uw4gJU+SRfSJ4zyTFw8= =SC1O -----END PGP SIGNATURE----- --=-=-=-- From unknown Thu Sep 11 16:22:16 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 13 Sep 2019 11:24:09 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator