From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 04:51:29 2019 Received: (at submit) by debbugs.gnu.org; 22 Nov 2019 09:51:29 +0000 Received: from localhost ([127.0.0.1]:53786 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iY5b4-00010T-Ow for submit@debbugs.gnu.org; Fri, 22 Nov 2019 04:51:28 -0500 Received: from lists.gnu.org ([209.51.188.17]:60482) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iY5b1-00010K-Gz for submit@debbugs.gnu.org; Fri, 22 Nov 2019 04:51:25 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:55616) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iY5b0-0004XW-Cl for bug-guix@gnu.org; Fri, 22 Nov 2019 04:51:23 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iY5ay-0000kE-TY for bug-guix@gnu.org; Fri, 22 Nov 2019 04:51:22 -0500 Received: from mail-wm1-f46.google.com ([209.85.128.46]:38108) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iY5ay-0000jf-O4 for bug-guix@gnu.org; Fri, 22 Nov 2019 04:51:20 -0500 Received: by mail-wm1-f46.google.com with SMTP id z19so6846601wmk.3 for ; Fri, 22 Nov 2019 01:51:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:from:to:subject:date:message-id :mime-version:content-transfer-encoding; bh=pDFOJ+Mwkx2/mJ1RCddWQvffARrH43NQpHzwhzby2HE=; b=t+OuPXEZsIFs92wNQFS7stIraPl+1FKh2LbkB6b7QYB6NbPBHl3P8OV0ud1vdGow4e 5Lr6PsAdgCCqVpjcj5uR43f5uKukpzPXWcykKt02H7Si0i7PfE9xdvaR0mVyD/+Xak2p TgTOQQooGjL87kOoK72dgp8e3/2iPu9Z3wa1xjJbj36rZfjJQ7Ow6sWVmYk15b/JOdEG WRQ3VjDk9pbfWC2rRCQiS/8Hd7Sd19B3aG60vkf4sWOTfXpmrtZ4l6ssIWMfFbtUe2un 1ItmJwS9pJ+pY42qaaw/KQkGZmbw7Oy27QTaqAxORPu7Y7C05lKXQT+T/rxyZhspSpeq zOIQ== X-Gm-Message-State: APjAAAWd1G+32VwtXkqEIwPPe4Iind3UbcqhdbzOO7lFYlg6Wwp5D9tn kNMaqFpuR2J2XxNt+8moULpZF6waV2E= X-Google-Smtp-Source: APXvYqx6plRmDDnp3Yh+qCHpMgmq2XloO0R4YhPY2+UbmgzeoUdgGkqNnvDvlRElP4bQ7M0qV8HfJw== X-Received: by 2002:a05:600c:212:: with SMTP id 18mr15971148wmi.93.1574416278570; Fri, 22 Nov 2019 01:51:18 -0800 (PST) Received: from rodion ([2a01:e35:8bf7:6530:c8f5:5b28:a8a5:abe1]) by smtp.gmail.com with ESMTPSA id d16sm5254790wrg.27.2019.11.22.01.51.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2019 01:51:17 -0800 (PST) User-agent: mu4e 1.2.0; emacs 26.3 From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur To: bug-guix@gnu.org Subject: Cuirass: Allow to use authenticated Git repositories as inputs Date: Fri, 22 Nov 2019 10:51:16 +0100 Message-ID: <875zjc8ciz.fsf@lassieur.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.85.128.46 X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, I'd like to use private Git repositories as inputs, authenticated with SSH. I think it is important because it would encourage users to use Cuirass for other purposes than just a CI tool to build Guix packages. I'd like to see it as an alternative to Jenkins, it would make it [...] Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (clement.lassieur[at]gmail.com) -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [209.51.188.17 listed in list.dnswl.org] 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 2.0 SPOOFED_FREEMAIL No description available. X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) Hi, I'd like to use private Git repositories as inputs, authenticated with SSH. I think it is important because it would encourage users to use Cuirass for other purposes than just a CI tool to build Guix packages. I'd like to see it as an alternative to Jenkins, it would make its user base broader. My use of Cuirass, for example, is to do continuous integration on my own personal projects. So each of my inputs is a personnal private repository, and each time one of those inputs has a new commit, the 'proc' will give Cuirass a derivation of the Guix package corresponding to the updated input, with a modified 'origin' so that it matches the new input. My workaround for authentication is to use local repositories, updated with an external cron task. I think there are small modifications to do to (guix git) and (git clone). Cheers, Cl=C3=A9ment From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 04:52:31 2019 Received: (at control) by debbugs.gnu.org; 22 Nov 2019 09:52:31 +0000 Received: from localhost ([127.0.0.1]:53792 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iY5c7-00012i-Br for submit@debbugs.gnu.org; Fri, 22 Nov 2019 04:52:31 -0500 Received: from mail-wr1-f65.google.com ([209.85.221.65]:43506) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iY5c5-00012R-N8 for control@debbugs.gnu.org; Fri, 22 Nov 2019 04:52:30 -0500 Received: by mail-wr1-f65.google.com with SMTP id n1so7790526wra.10 for ; Fri, 22 Nov 2019 01:52:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:to:from:subject:mime-version :content-transfer-encoding; bh=lRaiavHP02Yf3jLTILC5sn8Oij0T0PyNyCU0SYEr5xY=; b=hdOs7boEHLsw8C/x/IWMmcxtgZHBQR9UcJu2iqhdPgRH1TwBjBn46FLUfFPVDDCute xkuEL6CD0HEC9M0E/lZgRak/OCyGwJTZW1SDOAuigY9daC/2E0b1ahad151awleL0Ccd RXouFEZxTkjM+JE39Z+u+uRPavr6acUx7h6DYEWNw5+gcS5KlRq8pJQWlELNH9raquiT EGbqCZixh9N+SYtjPNyLDKD9tIQMxAtbOPrs2UWzqk0UngMORz6T6RW0Z4LKMXDEpSzg Mv2qBWFO5IzFLidmUiMN2nHkyFN/46j4otIta5wq+RBgDKidO6PLFU4RlKyW/aUFXaaf +RPg== X-Gm-Message-State: APjAAAWZfNPEZFm2N9wGxRcDuHea4vAP2pL10kdLUfhfZLw9mszTvwEx IUj/kbyVPnK8Q2ml6FWuCOR4hDRWCo4= X-Google-Smtp-Source: APXvYqwNZuFNeNg4Jo9/iVorZCuLEdMJfD2XN787LfJ8ulPpTdNNHp5fMBpfmCtmWeKz60nNUlhnjg== X-Received: by 2002:adf:df8e:: with SMTP id z14mr16037118wrl.190.1574416343705; Fri, 22 Nov 2019 01:52:23 -0800 (PST) Received: from rodion ([2a01:e35:8bf7:6530:c8f5:5b28:a8a5:abe1]) by smtp.gmail.com with ESMTPSA id f19sm7600022wrf.23.2019.11.22.01.52.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2019 01:52:23 -0800 (PST) Date: Fri, 22 Nov 2019 10:52:22 +0100 Message-Id: <874kyw8ch5.fsf@lassieur.org> To: control@debbugs.gnu.org From: clement@lassieur.org (=?utf-8?Q?Cl=C3=A9ment?= Lassieur) Subject: control message for bug #38320 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 1.6 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: severity 38320 wishlist quit Content analysis details: (1.6 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (clement.lassieur[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.65 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.65 listed in wl.mailspike.net] 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 1.1 MALFORMED_FREEMAIL Bad headers on message from free email service X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.6 (/) severity 38320 wishlist quit From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 25 08:42:24 2019 Received: (at submit) by debbugs.gnu.org; 25 Nov 2019 13:42:24 +0000 Received: from localhost ([127.0.0.1]:47971 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iZEdE-0006iV-Dp for submit@debbugs.gnu.org; Mon, 25 Nov 2019 08:42:24 -0500 Received: from lists.gnu.org ([209.51.188.17]:40346) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iZEdA-0006iF-RP for submit@debbugs.gnu.org; Mon, 25 Nov 2019 08:42:21 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:44501) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iZEd8-0004Hp-WB for bug-guix@gnu.org; Mon, 25 Nov 2019 08:42:20 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iZEd6-0001UR-TU for bug-guix@gnu.org; Mon, 25 Nov 2019 08:42:18 -0500 Received: from mail-wm1-x329.google.com ([2a00:1450:4864:20::329]:54684) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iZEd5-0001Rl-0m for bug-guix@gnu.org; Mon, 25 Nov 2019 08:42:16 -0500 Received: by mail-wm1-x329.google.com with SMTP id b11so6048399wmj.4 for ; Mon, 25 Nov 2019 05:42:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version:content-transfer-encoding; bh=TfI1rZzA1ewLe79xhOTx/OKXYJhsHJPi9T1Uw2fjDvU=; b=eh8oodxAkfoyt+Fky8jUa0TSh9hpzO8MsJNSOTc2UG2UbeyLP9tci6iIGEcFn940me 1ZQ3bddxTlXGFTeahdsUo6GvOyFYFGQNGGDMDfu4SfnJwVSCTfg8OFhpbLac2L8CpYg8 14wj+uyZKUUp0fTJyj0ShFKYbaT7zw3+oazaB8IbtsJLqdMJ+ua+cLp10jdpa8nzJptT c8yrrPR1K6m0j3EU5ElgDl45BHi4XKqFVHsWFH5k4a7Tv0j1LKGdqhg6ugGi/ZTZLfq7 dhXiNEGKsJqz9Fa6sFWCnhSS4/7qoNV8/ZmwgpFYWQP8gjuQ6NxSo7qfmezWrJqLm860 qxSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version:content-transfer-encoding; bh=TfI1rZzA1ewLe79xhOTx/OKXYJhsHJPi9T1Uw2fjDvU=; b=eDBwpVsKW3mGZ3bmvhU28wAdTgC+PaNcWOD5Rinzq35dDFCd/EZNV7xNGBsaK61z22 VAAgryR3Iy1DlTgqStTs11kB+xu898TUrCJGYM68e2AhZcunWskcok1CtSocgMsNFima C4omWgKKrkMrici0FUGQz0ZVm3WLe9qi+5rY6HhJPMk0SvmL7JNgI0LITWIcFKpkekSj /hRygaL1PEh4pOIl9FWkwN8F8XjkHLCK3LGtIq6DDIUeWtCMz2emunS0GdvHjmK+10ks y0EixFjBlMzFiFayRyzpYAVcsIR/AuV0dnP3F0DgXdsBD3SUoEfTqjzg0p3ti3pF2uO2 yJ7w== X-Gm-Message-State: APjAAAUuyx4FXtI7gjiyllwBAB1Ft/3eiHrTNfWMEFOAWao2PYDhFd25 a6xl2Aj7S1MyWYOxwHj6hs+qIqvw X-Google-Smtp-Source: APXvYqwsLPu/pcGcxIwl/SKtzfTgS4tX2AxWPLqpNcIXf4ncJ/xGv/qnRF/j0DUcavYGm2TPgFuYsg== X-Received: by 2002:a1c:7d01:: with SMTP id y1mr10016311wmc.157.1574689333576; Mon, 25 Nov 2019 05:42:13 -0800 (PST) Received: from meru (lfbn-ann-1-237-90.w86-200.abo.wanadoo.fr. [86.200.196.90]) by smtp.gmail.com with ESMTPSA id g184sm8723588wma.8.2019.11.25.05.42.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Nov 2019 05:42:12 -0800 (PST) References: <875zjc8ciz.fsf@lassieur.org> User-agent: mu4e 1.2.0; emacs 26.3 From: Mathieu Othacehe To: bug-guix@gnu.org Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs In-reply-to: <875zjc8ciz.fsf@lassieur.org> Date: Mon, 25 Nov 2019 14:42:11 +0100 Message-ID: <878so4t6mk.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::329 X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: 38320@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Hello Cl=C3=A9ment, > I think there are small modifications to do to (guix git) and (git > clone). I did integrate a part of libgit2 ssh authentification mechanism in Guile-Git in 2017. You can find it in (git fetch) module. It is currently broken, because of a regression. See https://lists.gnu.org/archive/html/guix-devel/2019-11/msg00415.html. What would be missing to have support for authenticated Git repositories as Cuirass inputs is: * Fix the regression mentionned above. * Add support for a fetch-options argument in clone method of (git clone). * In (guix git), "latest-repository-commit" method would take parameters to setup ssh authentication (such as ssh private key path at least) and pass them to "fetch" and "clone" methods of Guile-Git. * Finally in Cuirass, the ssh authentication parameters could be specified in the specification file (maybe for each input?) and passed to "latest-repository-commit" method accordingly. So there's still some work to do :) Mathieu From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 25 08:46:57 2019 Received: (at submit) by debbugs.gnu.org; 25 Nov 2019 13:46:57 +0000 Received: from localhost ([127.0.0.1]:47984 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iZEhd-0006r4-Ff for submit@debbugs.gnu.org; Mon, 25 Nov 2019 08:46:57 -0500 Received: from lists.gnu.org ([209.51.188.17]:33780) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iZEhY-0006qf-Be for submit@debbugs.gnu.org; Mon, 25 Nov 2019 08:46:52 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:45287) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iZEhW-0007vO-Ct for bug-guix@gnu.org; Mon, 25 Nov 2019 08:46:52 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iZEhU-0004z5-Hr for bug-guix@gnu.org; Mon, 25 Nov 2019 08:46:49 -0500 Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]:39629) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iZEhT-0004xy-6f for bug-guix@gnu.org; Mon, 25 Nov 2019 08:46:48 -0500 Received: by mail-wr1-x435.google.com with SMTP id y11so14997579wrt.6 for ; Mon, 25 Nov 2019 05:46:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version; bh=LfjA7deBz31kz43CyGWUZvkN2MpPGhzMuS5+l1nBkdQ=; b=ukJ6cKockTbU2yksgvJ06dcDFs8V4ycqMi4FG+Oqb2xlKKF70sQQ0JsV77v1SHx6yh YT3VjgsYmCQHJ1vlt/ImENSuP5+qO0oOp8o5uA5nnj5SKNfXPIyEhf5hmtvfzqpD8exO y/KtFu1KFWDJzavnENso/sBwd/O4Fl/oJLFElAM4+aBMFine58QkOlNLAiykcbgrliO0 CwyXEU9tUj4en0D9zqjzuxtUd5pfjswwLJcn3CH+F2Tbj0juy/9sXtxYt2tiRMHMXmbs Ce0DmKlHtBqpPchkASbewcK09NJgxjKh1I1AxqdX6hDiWSqRTEC0QTcbe3pcgS2AuDeF pzmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version; bh=LfjA7deBz31kz43CyGWUZvkN2MpPGhzMuS5+l1nBkdQ=; b=XSngy/T8+gA/eVJRqok2Qcao3CteoEdSQztsW5y0O90lRfKQfFJqZBNtclfFz2KXcM 4l8ErKh8CFTs8ua6jzXgQueprICBmkJbRz79YNVzGilrpk9cNhlSZwP+BqdyDJ811Xcr qI+SrDNM7dlTBeoK9szbzF69zjnum+QKFdiQHxW103xoR6IiKGyZAWPAKCcovGdSrvqh CgkSpsQFxykFlxsRCA61gdceCOS+PBaQdKB8ay+c8GUXgK8840Behp3aIhG7LPu+fWz2 9KXcj3NH15eQco7LQ2fPmOfu33fxwS4qzK6lb0PiR/bfAMZZQ+hzM8jPAVxjKuSe2kOk m/+Q== X-Gm-Message-State: APjAAAXaiTPaiU1TviEoPG1tRLnAITcFqx6BAUzjuI3GuAIpVIzLuJOS qZ51Eq4lWOIe0Yf9cH/9cMI= X-Google-Smtp-Source: APXvYqzO8/VUfUfabYbqkgxeahiqyLMyAbkgNblvV7ayO9PX4BwIUDA3+jcDkdeLNDV0TIDSmhQV/w== X-Received: by 2002:adf:9d88:: with SMTP id p8mr32411771wre.286.1574689606010; Mon, 25 Nov 2019 05:46:46 -0800 (PST) Received: from meru (lfbn-ann-1-237-90.w86-200.abo.wanadoo.fr. [86.200.196.90]) by smtp.gmail.com with ESMTPSA id b8sm10265694wrt.39.2019.11.25.05.46.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Nov 2019 05:46:45 -0800 (PST) References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> User-agent: mu4e 1.2.0; emacs 26.3 From: Mathieu Othacehe To: bug-guix@gnu.org Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs In-reply-to: <878so4t6mk.fsf@gmail.com> Date: Mon, 25 Nov 2019 14:46:43 +0100 Message-ID: <877e3ot6f0.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::435 X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: 38320@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) > * Fix the regression mentionned above. I would need some help for this regression I don't understand, but I will take care of the work needed in Guile-Git and (guix git) once this is fixed. I think too that extending Cuirass to support new use-cases would be really great :). Thanks, Mathieu From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 26 05:05:19 2019 Received: (at 38320) by debbugs.gnu.org; 26 Nov 2019 10:05:19 +0000 Received: from localhost ([127.0.0.1]:50554 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iZXig-0007LE-RZ for submit@debbugs.gnu.org; Tue, 26 Nov 2019 05:05:19 -0500 Received: from eggs.gnu.org ([209.51.188.92]:47411) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iZXif-0007L0-7T for 38320@debbugs.gnu.org; Tue, 26 Nov 2019 05:05:17 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:53705) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1iZXia-0001Hc-5K; Tue, 26 Nov 2019 05:05:12 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=35816 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1iZXiY-00041D-WB; Tue, 26 Nov 2019 05:05:11 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 6 Frimaire an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 26 Nov 2019 11:05:09 +0100 In-Reply-To: <878so4t6mk.fsf@gmail.com> (Mathieu Othacehe's message of "Mon, 25 Nov 2019 14:42:11 +0100") Message-ID: <87r21v9cmi.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Mathieu, Mathieu Othacehe skribis: >> I think there are small modifications to do to (guix git) and (git >> clone). > > I did integrate a part of libgit2 ssh authentification mechanism in > Guile-Git in 2017. You can find it in (git fetch) module. > > It is currently broken, because of a regression. See > https://lists.gnu.org/archive/html/guix-devel/2019-11/msg00415.html. Oh I missed that message of yours. Do you have a complete example using that functionality that I could use as a test? It would be great to have a test for that in Guile-Git. We could use Guile-SSH, when it=E2=80=99s available, to spawn an SSH server. > What would be missing to have support for authenticated Git repositories > as Cuirass inputs is: > > * Fix the regression mentionned above. > > * Add support for a fetch-options argument in clone method of (git clone). > > * In (guix git), "latest-repository-commit" method would take parameters > to setup ssh authentication (such as ssh private key path at least) and > pass them to "fetch" and "clone" methods of Guile-Git. > > * Finally in Cuirass, the ssh authentication parameters could be > specified in the specification file (maybe for each input?) and passed > to "latest-repository-commit" method accordingly. I=E2=80=99d like to see that happen! Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 28 18:46:47 2019 Received: (at 38320) by debbugs.gnu.org; 28 Nov 2019 23:46:47 +0000 Received: from localhost ([127.0.0.1]:59265 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iaTUl-0005e2-Jg for submit@debbugs.gnu.org; Thu, 28 Nov 2019 18:46:47 -0500 Received: from mail-wr1-f46.google.com ([209.85.221.46]:42561) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iaTUj-0005dk-4a for 38320@debbugs.gnu.org; Thu, 28 Nov 2019 18:46:45 -0500 Received: by mail-wr1-f46.google.com with SMTP id a15so32939692wrf.9 for <38320@debbugs.gnu.org>; Thu, 28 Nov 2019 15:46:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=h81Wj7USI98TFX3V3SI4Hfpo9gHPZ1ebOmtaJKq3ee8=; b=RF3HZ73Y2cyM5MzMtyhPDOdOFqMzYEydaqIv/jINqteNzupxmBmSHAzjHffS6ViXbs kGI2GE8rZNm+enqM5LZjln92NVJPhQQAWvRdOBr9rQ0FA7faAx5cYDj7bm7vqDlYQHVi 0rQ20bd2au3FjEh7mnV5chfK5nMp9hpnRJwxnhigYwqOhM/8AvbdtSPcklWLq9xeSIPe 5oTnFeHGbNnY16tf3JPgnQ7BKikAv1Lyh32sUbxb6mdvbXHH/M1U+sRV38nW9zqpc5iT TG/odP7R8zDG8MjnShLWLKC7vVqHpj50VreRr/s7W8uvaf3iock/unRrN+8laQYs/rVk enKg== X-Gm-Message-State: APjAAAU6zm0pBlq6EcOyjyi6SEbjJmeexnmzNiiNcJfHzsRAs8xv8bLJ hZElLY75OiTf8Uqc0spSMaVcE5VD20Y= X-Google-Smtp-Source: APXvYqxob77GI18edhlLTmcdk+Pd9YrjZ02YxByqk4zFWIxrrpNoYMAe6/aN3t58svRnWczwdaLL3A== X-Received: by 2002:adf:f709:: with SMTP id r9mr49303706wrp.8.1574984797949; Thu, 28 Nov 2019 15:46:37 -0800 (PST) Received: from rodion ([2a01:e35:8bf7:6530:d1d8:4e5:a3ef:2f24]) by smtp.gmail.com with ESMTPSA id 60sm25368341wrn.86.2019.11.28.15.46.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Nov 2019 15:46:37 -0800 (PST) From: clement@lassieur.org (=?utf-8?Q?Cl=C3=A9ment?= Lassieur) To: Mathieu Othacehe Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <877e3ot6f0.fsf@gmail.com> Date: Fri, 29 Nov 2019 00:46:36 +0100 In-Reply-To: <877e3ot6f0.fsf@gmail.com> (Mathieu Othacehe's message of "Mon, 25 Nov 2019 14:46:43 +0100") Message-ID: <87eexrtvhf.fsf@lassieur.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) Mathieu Othacehe writes: >> * Fix the regression mentionned above. > > I would need some help for this regression I don't understand, but I > will take care of the work needed in Guile-Git and (guix git) once this > is fixed. Thank you Mathieu for your replies! I'm looking forward to your work :) > I think too that extending Cuirass to support new use-cases would be > really great :). And some of the new use-cases are low-hanging fruits actually. From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 09 11:42:11 2019 Received: (at 38320) by debbugs.gnu.org; 9 Dec 2019 16:42:11 +0000 Received: from localhost ([127.0.0.1]:54349 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ieM6n-00009w-TM for submit@debbugs.gnu.org; Mon, 09 Dec 2019 11:42:11 -0500 Received: from mail-wm1-f50.google.com ([209.85.128.50]:34012) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ieM6k-00009R-Vo for 38320@debbugs.gnu.org; Mon, 09 Dec 2019 11:42:04 -0500 Received: by mail-wm1-f50.google.com with SMTP id f4so298487wmj.1 for <38320@debbugs.gnu.org>; Mon, 09 Dec 2019 08:42:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version; bh=pJP/drmfOfp8A5Ad1lzY/VOsRrRc2mSUD3cgrtfcIhE=; b=WRRPxZnGSUcWOAgjGcyTQ3WIbyP2uOqiXXihXZHm9x4Ui1dfDoluRLiQjPHBae+Q5P eacQzt9mYzWwpfHijuEH2sWG1hTAAK0ZEHkTZriSzW4BVc68+UDVLrxvaqx5643bDdvj WLGHj800tG1k1GtAFClo/fVf9Vok6YTrxdIuH8r2s/v/q/UMAdF2b0eVJ7FKD4xXg8/G urdJOdTSyDHut03b1r2VjIC+6pAZYRpEcdDgSFtm+55Ahv85FiDJ1X0WYTGqZcDzNJF4 QBMtLFwgJZbeYTZi21Po5OyB7REnvRqt9SgD8OEQgyst45kLQuJqW63iKRUJShIwxlnL 3Uig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version; bh=pJP/drmfOfp8A5Ad1lzY/VOsRrRc2mSUD3cgrtfcIhE=; b=lvMGsUUGjI82kXNwfP4rj1kvVcoyeYxlebftdj/aVSggUVFVriw0i7g3B9zgEhaCI/ js5wP794h36bfCPXaTtptqDAZ3CJ/5hus0m3HHDR+Q3gaR6osyTL0XWmhBAEbWwj1p9f 7O1UapvJpVgudMJmPaoOf18nnnKWu3uutp974r+YBKrsEQd6f3QLWhQ+FgESR43Fz38U wIRGcj0efTtnayk5ITXIOSzeX7SIm7fRZv4xd72D5p2PQzdlJTOPbm+OjNZ34lYP8lM1 w1tIu5UuDyocJvmlyGkP8u3Q758A7kNYRQxchyu31A+lCZT2IFI+AMNgEszFzBzJIIsn 0DLA== X-Gm-Message-State: APjAAAUR6esPeKXHsz5sPcoZricpJhRYo2TucjMG0Flp/1LhPyMSWmzT vxkap95JmEFTd4bD0tQje5E= X-Google-Smtp-Source: APXvYqxeJv7kk6PnXctp/jsoek4oTVlE+l2HPRgNdld47adOCKkpD2a0pj8n2hZ4vvldwFFP2aHUpQ== X-Received: by 2002:a05:600c:389:: with SMTP id w9mr4640398wmd.5.1575909717076; Mon, 09 Dec 2019 08:41:57 -0800 (PST) Received: from meru (lfbn-ann-1-237-90.w86-200.abo.wanadoo.fr. [86.200.196.90]) by smtp.gmail.com with ESMTPSA id v20sm302784wmj.32.2019.12.09.08.41.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2019 08:41:55 -0800 (PST) References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.3 From: Mathieu Othacehe To: Ludovic =?utf-8?Q?Court=C3=A8s?= , =?utf-8?Q?Cl=C3=A9men?= =?utf-8?Q?t?= Lassieur Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs In-reply-to: <87r21v9cmi.fsf@gnu.org> Date: Mon, 09 Dec 2019 17:41:52 +0100 Message-ID: <87h829sb73.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Hello, Here's a patch that add support for ssh authenticated repositories in "clone" and "remote-fetch" methods of Guile-Git. At first, I used Guile-SSH in the tests to start an SSH server, but as "make-server" call of Guile-SSH is really low level, this is not very realistic. I just ended up with a half-broken ssh server, poorly implemented, after (too many hours) spent reading ssh dumps. So the strategy is to spawn an openssh server for the tests. It seems to work alright, using key based or ssh-agent authentication. WDYT? Mathieu --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0001-Add-ssh-authentication-support.patch Content-Transfer-Encoding: quoted-printable >From ae3c5a9851b02e78096963616d4e2f999119fc4d Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 9 Dec 2019 16:16:45 +0100 Subject: [PATCH] Add ssh authentication support. * Makefile.am (SOURCES): Add git/auth.scm, (TESTS): add tests/clone.scm. * configure.ac: Check for git and ssh binaries. * git.scm (%public-modules): Add (git auth) and (git bindings). * git/auth.scm: New file. * git/clone.scm (clone): Add an auth-method argument. Pass it to new init-fetch-options call, before proceeding to clone. * git/remote.scm (remote-fetch): Add an auth-method. Pass it to init-fetch-options before proceeding to fetch. * git/structs.scm (clone-options-fetch-options): Do not return a copy of fetch-options nested inside clone-options. Instead, find the offset of fetch-options and use it to create a pointer to fetch-options. * git/fetch.scm (init-fetch-options): New exported procedure, (make-fetch-options): call the procedure above to initialize fetch-options, (set-fetch-auth-with-ssh-agent!): handle the case where username is not set and libgit2 asks for one. (set-fetch-auth-with-default-ssh-key!): remove this procedure, (set-fetch-auth-with-ssh-key): new procedure. * tests/.ssh/id_rsa_client: New file. * tests/.ssh/id_rsa_client.pub: New file. * tests/.ssh/id_rsa_server: New file. * tests/clone.scm: New file. * tests/ssh.scm.in: New file. --- .gitignore | 4 ++ Makefile.am | 2 + configure.ac | 9 ++- git.scm | 3 +- git/auth.scm | 38 ++++++++++++ git/clone.scm | 17 ++++-- git/fetch.scm | 77 +++++++++++++++-------- git/remote.scm | 11 ++-- git/structs.scm | 13 +++- guix.scm | 5 +- tests/.ssh/id_rsa_client | 27 ++++++++ tests/.ssh/id_rsa_client.pub | 1 + tests/.ssh/id_rsa_server | 27 ++++++++ tests/clone.scm | 68 +++++++++++++++++++++ tests/ssh.scm.in | 115 +++++++++++++++++++++++++++++++++++ 15 files changed, 378 insertions(+), 39 deletions(-) create mode 100644 git/auth.scm create mode 100644 tests/.ssh/id_rsa_client create mode 100644 tests/.ssh/id_rsa_client.pub create mode 100644 tests/.ssh/id_rsa_server create mode 100644 tests/clone.scm create mode 100644 tests/ssh.scm.in diff --git a/.gitignore b/.gitignore index 5d6d9c7..d32d05a 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,7 @@ doc/guile-git.info doc/version.texi doc/.dirstamp doc/stamp-vti + +tests/ssh.scm +tests/.ssh/authorized_keys +tests/.ssh/sshd.conf diff --git a/Makefile.am b/Makefile.am index fba200a..facf9fa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -28,6 +28,7 @@ SOURCES =3D \ git.scm \ git/annotated.scm \ git/attr.scm \ + git/auth.scm \ git/bindings.scm \ git/blame.scm \ git/blob.scm \ @@ -75,6 +76,7 @@ TESTS_UTILS =3D \ =20 TESTS =3D \ tests/branch.scm \ + tests/clone.scm \ tests/commit.scm \ tests/describe.scm \ tests/oid.scm \ diff --git a/configure.ac b/configure.ac index 5171aba..933679c 100644 --- a/configure.ac +++ b/configure.ac @@ -42,7 +42,14 @@ AS_IF([test "x$LIBGIT2_LIBDIR" =3D "x"], [ ]) AC_SUBST([LIBGIT2_LIBDIR]) =20 -AC_CONFIG_FILES([Makefile git/config.scm]) +dnl Those binaries are required for ssh authentication tests. +AC_PATH_PROG([SSHD], [sshd]) +AC_PATH_PROG([SSH_AGENT], [ssh-agent]) +AC_PATH_PROG([SSH_ADD], [ssh-add]) +AC_PATH_PROG([GIT_UPLOAD_PACK], [git-upload-pack]) +AC_SUBST([SSHD]) + +AC_CONFIG_FILES([Makefile git/config.scm tests/ssh.scm]) AC_CONFIG_FILES([pre-inst-env], [chmod +x pre-inst-env]) =20 AC_OUTPUT diff --git a/git.scm b/git.scm index 1559504..873101e 100644 --- a/git.scm +++ b/git.scm @@ -23,7 +23,8 @@ (eval-when (eval load compile) (begin (define %public-modules - '((git bindings) + '((git auth) + (git bindings) (git branch) (git clone) (git commit) diff --git a/git/auth.scm b/git/auth.scm new file mode 100644 index 0000000..c43af6e --- /dev/null +++ b/git/auth.scm @@ -0,0 +1,38 @@ +;;; Guile-Git --- GNU Guile bindings of libgit2 +;;; Copyright =C2=A9 2019 Mathieu Othacehe +;;; +;;; This file is part of Guile-Git. +;;; +;;; Guile-Git is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or +;;; (at your option) any later version. +;;; +;;; Guile-Git is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with Guile-Git. If not, see . + +(define-module (git auth) + #:use-module (srfi srfi-9) + #:export (%make-auth-ssh-credentials + auth-ssh-credentials? + auth-ssh-credentials-public-key + auth-ssh-credentials-private-key + auth-ssh-credentials-password-key + + %make-auth-ssh-agent + auth-ssh-agent?)) + +(define-record-type + (%make-auth-ssh-credentials public-key private-key) + auth-ssh-credentials? + (public-key auth-ssh-credentials-public-key) + (private-key auth-ssh-credentials-private-key)) + +(define-record-type + (%make-auth-ssh-agent) + auth-ssh-agent?) diff --git a/git/clone.scm b/git/clone.scm index 7f06528..a42c1f7 100644 --- a/git/clone.scm +++ b/git/clone.scm @@ -21,6 +21,7 @@ #:use-module (rnrs bytevectors) #:use-module (system foreign) #:use-module (git bindings) + #:use-module (git fetch) #:use-module (git structs) #:use-module (git types) #:use-module (git repository) @@ -34,11 +35,17 @@ =20 (define clone (let ((proc (libgit2->procedure* "git_clone" '(* * * *)))) - (lambda* (url directory #:optional (clone-options (make-clone-options)= )) - "Clones a remote repository found at URL into DIRECTORY. - -Returns the repository on success or throws an error on failure." - (let ((out (make-double-pointer))) + (lambda* (url directory + #:optional (clone-options (make-clone-options)) + #:key (auth-method #f)) + "Clones a remote repository found at URL into DIRECTORY. An +authentication method from (git auth) can be passed optionally if the +repository is protected. Returns the repository on success or throws an e= rror +on failure." + (let* ((out (make-double-pointer)) + (fetch-options + (clone-options-fetch-options clone-options))) + (init-fetch-options fetch-options auth-method) (proc out (string->pointer url) (string->pointer directory) diff --git a/git/fetch.scm b/git/fetch.scm index da18bbe..1ac0bf8 100644 --- a/git/fetch.scm +++ b/git/fetch.scm @@ -1,5 +1,5 @@ ;;; Guile-Git --- GNU Guile bindings of libgit2 -;;; Copyright =C2=A9 2017 Mathieu Othacehe +;;; Copyright =C2=A9 2017, 2019 Mathieu Othacehe ;;; ;;; This file is part of Guile-Git. ;;; @@ -18,25 +18,37 @@ =20 (define-module (git fetch) #:use-module (system foreign) + #:use-module (git auth) #:use-module (git bindings) #:use-module (git cred) #:use-module (git structs) #:use-module (git types) #:use-module (srfi srfi-26) =20 - #:export (make-fetch-options + #:export (init-fetch-options + make-fetch-options fetch-init-options ;deprecated! set-fetch-auth-with-ssh-agent! + set-fetch-auth-with-ssh-key! set-fetch-auth-with-default-ssh-key!)) =20 (define FETCH-OPTIONS-VERSION 1) =20 -(define make-fetch-options - (let ((proc (libgit2->procedure* "git_fetch_init_options" `(* ,unsigned-= int)))) - (lambda () - (let ((fetch-options (make-fetch-options-bytestructure))) - (proc (fetch-options->pointer fetch-options) FETCH-OPTIONS-VERSION) - fetch-options)))) +(define init-fetch-options + (let ((proc (libgit2->procedure* "git_fetch_init_options" + `(* ,unsigned-int)))) + (lambda* (fetch-options #:optional auth-method) + (proc (fetch-options->pointer fetch-options) FETCH-OPTIONS-VERSION) + (cond + ((auth-ssh-credentials? auth-method) + (set-fetch-auth-with-ssh-key! fetch-options auth-method)) + ((auth-ssh-agent? auth-method) + (set-fetch-auth-with-ssh-agent! fetch-options))) + fetch-options))) + +(define* (make-fetch-options #:optional auth-method) + (let ((fetch-options (make-fetch-options-bytestructure))) + (init-fetch-options fetch-options auth-method))) =20 (define fetch-init-options ;; Deprecated alias for compatibility with 0.2. @@ -52,20 +64,37 @@ fetch-options (cred-acquire-cb (lambda (cred url username allowed payload) - (cred-ssh-key-from-agent cred - (pointer->string username)))))) + (let ((username (if (eq? username %null-pointer) + "" + (pointer->string username)))) + (cond + ;; If no username were specified in URL, we will be asked for + ;; one. Try with the current user login. + ((=3D allowed CREDTYPE-SSH-USERNAME) + (cred-username-new cred (getlogin))) + (else + (cred-ssh-key-from-agent cred username)))))))) =20 -(define (set-fetch-auth-with-default-ssh-key! fetch-options) - (let* ((home (getenv "HOME")) - (ssh-dir (in-vicinity home ".ssh")) - (pub-key (in-vicinity ssh-dir "id_rsa.pub")) - (pri-key (in-vicinity ssh-dir "id_rsa"))) - (set-fetch-auth-callback - fetch-options - (cred-acquire-cb - (lambda (cred url username allowed payload) - (cred-ssh-key-new cred - (pointer->string username) - pub-key - pri-key - "")))))) +(define* (set-fetch-auth-with-ssh-key! fetch-options + auth-ssh-credentials) + (set-fetch-auth-callback + fetch-options + (cred-acquire-cb + (lambda (cred url username allowed payload) + (cond + ;; Same as above. + ((=3D allowed CREDTYPE-SSH-USERNAME) + (cred-username-new cred (getlogin))) + (else + (let* ((pri-key-file + (auth-ssh-credentials-private-key auth-ssh-credentials)) + (pub-key-file + (auth-ssh-credentials-public-key auth-ssh-credentials)) + (username (if (eq? username %null-pointer) + "" + (pointer->string username)))) + (cred-ssh-key-new cred + username + pub-key-file + pri-key-file + ""))) ))))) diff --git a/git/remote.scm b/git/remote.scm index b889dd2..e39aaf6 100644 --- a/git/remote.scm +++ b/git/remote.scm @@ -21,6 +21,7 @@ #:use-module (srfi srfi-9 gnu) #:use-module (system foreign) #:use-module (git bindings) + #:use-module (git fetch) #:use-module (git structs) #:use-module (git types) #:export (remote-name @@ -99,13 +100,15 @@ =20 (define remote-fetch (let ((proc (libgit2->procedure* "git_remote_fetch" '(* * * *)))) - (lambda* (remote #:key (reflog-message "") (fetch-options #f)) + (lambda* (remote #:key + (reflog-message "") + (fetch-options (make-fetch-options)) + (auth-method #f)) + (init-fetch-options fetch-options auth-method) (proc (remote->pointer remote) ;; FIXME https://libgit2.github.com/libgit2/#HEAD/type/git_str= array %null-pointer - (if fetch-options - (fetch-options->pointer fetch-options) - %null-pointer) + (fetch-options->pointer fetch-options) (string->pointer reflog-message))))) =20 ;; FIXME https://libgit2.github.com/libgit2/#HEAD/group/reset/git_reset_de= fault diff --git a/git/structs.scm b/git/structs.scm index e854d51..9e1597a 100644 --- a/git/structs.scm +++ b/git/structs.scm @@ -53,7 +53,7 @@ fetch-options-download-tags set-fetch-options-download-tags! set-fetch-options-callbacks! set-remote-callbacks-credentials! =20 - make-clone-options-bytestructure clone-options->pointer clone-= options-fetch-options + make-clone-options-bytestructure clone-options-bytestructure c= lone-options->pointer clone-options-fetch-options =20 make-describe-options-bytestructure describe-options->pointer = describe-options->bytestructure set-describe-options-max-candidates-tag! set-describe-options-= strategy! @@ -466,8 +466,15 @@ tag policy in FETCH-OPTIONS." (bytestructure->pointer (clone-options-bytestructure clone-options))) =20 (define (clone-options-fetch-options clone-options) - (%make-fetch-options - (bytestructure-ref (clone-options-bytestructure clone-options) 'fetch-o= pts))) + (let* ((fetch-options-bs + (bytestructure-ref + (clone-options-bytestructure clone-options) 'fetch-opts)) + (fetch-options-offset (bytestructure-offset fetch-options-bs)) + (fetch-options-pointer (bytevector->pointer + (bytestructure-bytevector fetch-options-b= s) + fetch-options-offset))) + (%make-fetch-options + (pointer->bytestructure fetch-options-pointer %fetch-options)))) =20 ;; git remote head =20 diff --git a/guix.scm b/guix.scm index aad396f..e388296 100644 --- a/guix.scm +++ b/guix.scm @@ -7,6 +7,7 @@ (gnu packages compression) (gnu packages guile) (gnu packages pkg-config) + (gnu packages ssh) (gnu packages texinfo) (gnu packages tls) (gnu packages version-control)) @@ -20,7 +21,9 @@ `(("autoconf" ,autoconf) ("automake" ,automake) ("pkg-config" ,pkg-config) - ("texinfo" ,texinfo))) + ("texinfo" ,texinfo) + ("openssh" ,openssh) + ("git" ,git))) (inputs `(("guile" ,guile-2.2) ("libgit2" ,libgit2) diff --git a/tests/.ssh/id_rsa_client b/tests/.ssh/id_rsa_client new file mode 100644 index 0000000..7e16000 --- /dev/null +++ b/tests/.ssh/id_rsa_client @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA6kWDytF6KQO46BPJj7nJQfATeae2l/U/lyE3HuZhCg3sitCN +Lf8GaICsHvPT1SpMHnfjgqsT/ZbYhIXvfbFjDKimNru9d8TwcOynUR/w3+eIOvKl +EVzp+nYfCUOahe0qKLAm+21iYt1UinhfkqpnnF2fa9Zhf+CROIMZCjX9/Fhd2WV5 +1YMsD3NUiRUK4Xx7gnm3pSAFW9EldqVozB2JwydCXx/WboU7wJqtcUZbxeMK27+D +DRu4Kufnf11bJTb6+9dSEtKuKhahKbcRpQUlcgReCul8x8M8ufskkBatxMgyUuC1 +ey8gv1fC2FvQ6ct3skBFO8B3cIF2nYhb6+s75wIDAQABAoIBAQDU7WXB++8aRCXV +2dZDactAwSISWpsdNm0bwbbFwQLGDq3F5ZPMEJUUeo72ews4Hf+dWb5RT4kV3frh +SJLKHWY3ZTndWXn11+vp106j73IRL/GkElJxm4+Wc7H1y5owy8Sbwq9LqrnXve9P +A+Vp+rO9bWKusuVfQw763DzwCO7WYQWHVfS/XpSJW3pgofuTLq8Esd/AMRrB0H3m +EQ4zd+HR2f+cCux0geuOS0Yt3Ki7h6JKs+Nzhas26FBpyOTYJEQaJQhY5NNHO2p7 +ulk6H6AHHajgW9RBzNLXqpQuGR1ISNSZKvXVzPo/LxK8lPNTFY2iDmyzzjoPD51O +Y05zFHEhAoGBAPfel/Nlz2nu9hVtTCMrm/4wFKzlTSQ1c2psUsOzYcr1PmmM0yrv +IPnOZ0HbyKr9QomOQsgAzZm/iPS9Q7Owxzy1IrFHK+H68c853cod9N+L2pIkouSr +CYUafjsdc+y+eCzYmX4pJMCU4E/AipJXSOUSWiv5ac7KAtzdio9W9nHJAoGBAPH0 +vJMOtGuqO3DBdi5aF8z/DH9sqJXkaoE5e3a9IXWC91L42RnmmKWeYet/VjV2kGgO +ZTrZPjbGz9pqUTir5gZmOqFEwdjPiqb68SUgV/V8I5cu5WtZMLGLOxaSQMj6Y9+L +sdAyZ9NnuJqXQ6jdPFGO7CWKhzckIu+/fX++tZgvAoGBAMYjZYvngpnHr2cJa6dh +oNzcSmq7EaM0JwKXfMF7j1zSFgYB0Hutk8qct+Xpbstgj+OtmKyQF8ojVbNt58So +N1vL3+OeZPHLy6g/NY/vymM4RIw2RRBNuNpxhx5yOMyypRYUPv6enQZk+7pEy4CX +zWlv9izYvz/SM9+iKLTUa0QhAoGAI4flCVNne0gMYoqGaFgilp/9ndi/CQP5//AJ +CW7Msw0AdNbGSt9qGygfCQ4yArfejOlQREwSrsiTTWe/dasIpHfutC/8p3IS0mKX +dvRA9nO8Zj8kwZbfZ7MigjYH/XuHnxRMkF5WkNzyZwE/llSmvvNWCk1Ffft4heyA +6XmAAVECgYBGNlXFaSgwDXX00LkRCSaC5zT7iKn6b7AJS+YT5lxDnaJZcM2C+2LG +fF91Jxmvbhv5Fc3V2jzb24ypS8Y8GgV2C6ki8GzQnzZu5gtm0hwGItFPeZYgttyp +g6I/2tV/hgctBOQQxKO2ZC0bJFgFZxHP3sPrFQFXyuEjHoem0QYwkQ=3D=3D +-----END RSA PRIVATE KEY----- diff --git a/tests/.ssh/id_rsa_client.pub b/tests/.ssh/id_rsa_client.pub new file mode 100644 index 0000000..fc0f530 --- /dev/null +++ b/tests/.ssh/id_rsa_client.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqRYPK0XopA7joE8mPuclB8BN5p7aX9T+XIT= ce5mEKDeyK0I0t/wZogKwe89PVKkwed+OCqxP9ltiEhe99sWMMqKY2u713xPBw7KdRH/Df54g68= qURXOn6dh8JQ5qF7SoosCb7bWJi3VSKeF+SqmecXZ9r1mF/4JE4gxkKNf38WF3ZZXnVgywPc1SJ= FQrhfHuCebelIAVb0SV2pWjMHYnDJ0JfH9ZuhTvAmq1xRlvF4wrbv4MNG7gq5+d/XVslNvr711I= S0q4qFqEptxGlBSVyBF4K6XzHwzy5+ySQFq3EyDJS4LV7LyC/V8LYW9Dpy3eyQEU7wHdwgXadiF= vr6zvn mathieu@meru diff --git a/tests/.ssh/id_rsa_server b/tests/.ssh/id_rsa_server new file mode 100644 index 0000000..192b703 --- /dev/null +++ b/tests/.ssh/id_rsa_server @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAzBpyIyno1lg4Qn4FuutRaP+2r8HTSjDij1hzj6zOBhyuGMG1 +C8cK9gkEbDsnKU4J3e4boZ/AYvMe/oXcsVq20VvWelOcrYtZAa+oi+RdXWQOzxCg +5VJRl5L+bon3uuNTRLicj2a0F1fcskqgget1XzkSiOyUFKA+lwjk8UScm2s8teaI +yTNJTkZiQ1JO3H5oHTgY0fV1tst7RS5HOZcH3CQXCBHm0/ss4d3Pn3QO9ahsO3sD +flGtXJdfbf/Twjg0CeZQBhb9x9D0s8RC37k2eJprU6yhhJzsGdMeH2xfrARWOm9P +EzcTRWGLPuAR+wG/OpHdk06SYkF9T/SXqcZ2fQIDAQABAoIBABJQuTdQlnVNm1bU +Kj14ymhqsgEZmpVIx7vnSw90iVRhFHpiP5Xb+a7UZlI0CLKbLyV8LXyWclQuzvQ2 +HPTJWCh3XkrB4AhuvcD5+1z6VCqCRRXtvxJ1DZ9VcIGI3fMmXR2Il3wC0lxZ5RMW +wUqHT5QI8hHZcPxc2OECylCgQJFtqA2UTs/KufT1YEsSWoPQ+zwUGgOtA4CV0W11 +3z2OYrBwtMAsnI6qS5ptUQkVAqZl/kL+1Yo6WaFdX49fcUo/9nUUCDYT5hd8aWH7 +aQ9DcLyeNhqnBwFkPd6Pa7fgMVNUYODkJglt0VFWPo7DOZ961OKCIHMLhEnwRt8g +I20usSECgYEA6xA6zIG+6Rkpz8VeWmkWYNucEuiq78ZvRLF08Y5q46tB3tDMo275 +UFvchiE1OCIUY+Gqc8bCq7lAmD0BJQYRNeqt7xxmVKuYANhCfoT/zRxZv02P9Pjs +lQoNUFnbXMFW0NZ9JYutkK1Coy/M7lbNRP5n2fl1Hh1izr3eSGFCv6kCgYEA3khI +g3fWJ7gfWOHepKckVkK6At+2mbgP3GoNfb27hL+DqgIxE7eXEhPUTOonhMxTA3nZ +PnzBHZjC0qac4qLZsjQuLhClB9u7jF6Vs7JUEt0ajUELwXchxJd8kv5KOQuZcdVt +cT3kBSJN1h/MvAJiV50mAtp+M2O1P+ZcXnYV1LUCgYA4mFC/2mE/uCpD9w4vkGut +6FIcj15QmqNBk8RHQHXl2N7kKbuLgfWO7n8a4DXzDOmB3txuQaWvOMwfm1iCNILC +S32TO3A75JCVa3wfACCinrfRAnitj51OiPwJo4jYPUiMwYeiGY4xbjXEGocpv0Zu +3R3d8lzLYmHeywIQxTIP+QKBgAWiNVxHpEDbdMfu6ZKovc4F4OsDuoAI3zYJ5g+i +yGbj57VeWtoSFB0cLYxJfvjpqMz0wKHJzacvYPivylggIn5WvjjiqRwa4JT9LLQi +N+lGe07LMD4WA+AUqs6a7Uym05vD+gMdu3K53NkpcynssYtg6z61RO+OfmCBOSQX +wBPlAoGADTtG5KbjnOBa+7DcdbBKz5lHxutJkjXKnFFKsLeQcKkmF9UEs13XoTTa +dMdolZBk/MmWEwVLFZmC0Gaio4iYMI4KcVMbKM357HnOqKt8mRNi4mGxHIxGUtGQ +I9jDlrUelBFWHdBEUHUzmtY96ye6y37SD6iCydT3prj4kjpWwyY=3D +-----END RSA PRIVATE KEY----- diff --git a/tests/clone.scm b/tests/clone.scm new file mode 100644 index 0000000..6ec7320 --- /dev/null +++ b/tests/clone.scm @@ -0,0 +1,68 @@ +;;; Guile-Git --- GNU Guile bindings of libgit2 +;;; Copyright =C2=A9 2019 Mathieu Othacehe +;;; +;;; This file is part of Guile-Git. +;;; +;;; Guile-Git is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or +;;; (at your option) any later version. +;;; +;;; Guile-Git is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with Guile-Git. If not, see . + +(define-module (tests clone) + #:use-module (git) + #:use-module (tests helpers) + #:use-module (tests ssh) + #:use-module (srfi srfi-64)) + +(test-begin "clone") + +(libgit2-init!) + +(define (make-ssh-url dir port) + (format #f "ssh://localhost:~a/~a" port dir)) + +(define ssh-server-port 8899) + +(define (clone-test directory auth-method) + (let* ((repo-dir (in-vicinity (getcwd) directory)) + (clone-dir (in-vicinity repo-dir "out"))) + (clone (make-ssh-url repo-dir ssh-server-port) + clone-dir + #:auth-method auth-method) + (let* ((repository (repository-open clone-dir)) + (oid (reference-target (repository-head repository)))) + (oid->string (commit-id (commit-lookup repository oid)))))) + +(with-sshd-server ssh-server-port + (with-repository "simple-bare" directory + (test-equal "clone-auth-ssh-credentials" + "3f848a1a52416ac99a5c5bf2e6bd55eb7b99d55b" + (clone-test directory (make-client-ssh-auth)))) + + (with-repository "simple-bare" directory + (test-equal "clone-auth-ssh-agent" + "3f848a1a52416ac99a5c5bf2e6bd55eb7b99d55b" + (with-ssh-agent + (clone-test directory (%make-auth-ssh-agent))))) + + (with-repository "simple-bare" directory + (test-assert "clone-and-fetch-auth-ssh-credentials" + (let* ((auth (make-client-ssh-auth)) + (do-clone (clone-test directory auth)) + (clone-dir (in-vicinity directory "out")) + (repository (repository-open clone-dir)) + (remote (remote-lookup repository "origin"))) + (remote-fetch remote #:auth-method auth) + #t)))) + +(libgit2-shutdown!) + +(test-end) diff --git a/tests/ssh.scm.in b/tests/ssh.scm.in new file mode 100644 index 0000000..ef71524 --- /dev/null +++ b/tests/ssh.scm.in @@ -0,0 +1,115 @@ +;;; Guile-Git --- GNU Guile bindings of libgit2 +;;; Copyright =C2=A9 2019 Mathieu Othacehe +;;; +;;; This file is part of Guile-Git. +;;; +;;; Guile-Git is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or +;;; (at your option) any later version. +;;; +;;; Guile-Git is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with Guile-Git. If not, see . + +(define-module (tests ssh) + #:use-module (git auth) + #:use-module (tests helpers) + #:use-module (ice-9 popen) + #:use-module (ice-9 rdelim) + #:use-module (ice-9 regex) + #:export (with-sshd-server + with-ssh-agent + make-client-ssh-auth)) + +(define sshd "@SSHD@") +(define %ssh-dir (path-join (getenv "srcdir") "/tests/.ssh")) +(define (in-ssh-folder . args) + (apply path-join %ssh-dir args)) + +(define (start-sshd port) + (define (write-authorized-keys file) + (call-with-output-file file + (lambda (port) + ;; We need to pass PATH so that git binary (git-upload-pack) can be + ;; found from sshd. + (format port "environment=3D\"PATH=3D~a\" ~a" + (getenv "PATH") + (call-with-input-file (in-ssh-folder "id_rsa_client.pub") + read-string))))) + + (define (write-sshd-conf conf authorized-keys) + (call-with-output-file conf + (lambda (port) + (format port "AuthorizedKeysFile ~a +PidFile ~a +PermitUserEnvironment yes~%" + authorized-keys + (in-ssh-folder "sshd_pid"))))) + + (let ((sshd-conf (in-ssh-folder "sshd.conf")) + (sshd-key (in-ssh-folder "id_rsa_server")) + (authorized-keys (in-ssh-folder "authorized_keys"))) + (write-authorized-keys authorized-keys) + (write-sshd-conf sshd-conf authorized-keys) + (system* sshd "-p" (number->string port) "-f" sshd-conf "-h" sshd-key)= )) + +(define (stop-sshd) + (define (read-pid port) + (string-trim-right (read-string port) #\newline)) + + (let ((pid + (call-with-input-file (in-ssh-folder "sshd_pid") + read-pid))) + (system* "kill" pid))) + +(define-syntax-rule (with-sshd-server port body ...) + (dynamic-wind + (lambda () + (start-sshd port)) + (lambda () + body ...) + (lambda () + (stop-sshd)))) + +(define %ssh-auth-sock-regexp + (make-regexp "SSH_AUTH_SOCK=3D(.*); export SSH_AUTH_SOCK;")) + +(define %ssh-agent-pid-regexp + (make-regexp "SSH_AGENT_PID=3D(.*); export SSH_AGENT_PID;")) + +(define (start-ssh-agent) + (let* ((p (open-input-pipe "ssh-agent -s")) + (ssh-auth-sock-data (read-line p)) + (ssh-agent-pid-data (read-line p)) + (sock + (let ((match (regexp-exec %ssh-auth-sock-regexp + ssh-auth-sock-data))) + (match:substring match 1))) + (pid (let ((match (regexp-exec %ssh-agent-pid-regexp + ssh-agent-pid-data))) + (match:substring match 1)))) + (setenv "SSH_AUTH_SOCK" sock) + pid)) + +(define (ssh-agent-add-client-key) + (system* "ssh-add" (in-ssh-folder "id_rsa_client"))) + +(define-syntax-rule (with-ssh-agent body ...) + (let ((pid (start-ssh-agent))) + (dynamic-wind + (const #f) + (lambda () + (ssh-agent-add-client-key) + body ...) + (lambda () + (system* "kill" pid))))) + +(define (make-client-ssh-auth) + (%make-auth-ssh-credentials + (in-ssh-folder "id_rsa_client.pub") + (in-ssh-folder "id_rsa_client"))) --=20 2.24.0 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hi Mathieu, > > Mathieu Othacehe skribis: > >>> I think there are small modifications to do to (guix git) and (git >>> clone). >> >> I did integrate a part of libgit2 ssh authentification mechanism in >> Guile-Git in 2017. You can find it in (git fetch) module. >> >> It is currently broken, because of a regression. See >> https://lists.gnu.org/archive/html/guix-devel/2019-11/msg00415.html. > > Oh I missed that message of yours. Do you have a complete example using > that functionality that I could use as a test? > > It would be great to have a test for that in Guile-Git. We could use > Guile-SSH, when it=E2=80=99s available, to spawn an SSH server. > >> What would be missing to have support for authenticated Git repositories >> as Cuirass inputs is: >> >> * Fix the regression mentionned above. >> >> * Add support for a fetch-options argument in clone method of (git clone= ). >> >> * In (guix git), "latest-repository-commit" method would take parameters >> to setup ssh authentication (such as ssh private key path at least) and >> pass them to "fetch" and "clone" methods of Guile-Git. >> >> * Finally in Cuirass, the ssh authentication parameters could be >> specified in the specification file (maybe for each input?) and passed >> to "latest-repository-commit" method accordingly. > > I=E2=80=99d like to see that happen! > > Thanks, > Ludo=E2=80=99. --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 10 09:28:20 2019 Received: (at 38320) by debbugs.gnu.org; 10 Dec 2019 14:28:20 +0000 Received: from localhost ([127.0.0.1]:55116 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iegUu-0004VF-Ed for submit@debbugs.gnu.org; Tue, 10 Dec 2019 09:28:20 -0500 Received: from eggs.gnu.org ([209.51.188.92]:45534) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iegUt-0004V3-5U for 38320@debbugs.gnu.org; Tue, 10 Dec 2019 09:28:19 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52614) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1iegUn-0005oM-Rp; Tue, 10 Dec 2019 09:28:13 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=48382 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1iegUm-0006wQ-MI; Tue, 10 Dec 2019 09:28:13 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 20 Frimaire an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 10 Dec 2019 15:28:09 +0100 In-Reply-To: <87h829sb73.fsf@gmail.com> (Mathieu Othacehe's message of "Mon, 09 Dec 2019 17:41:52 +0100") Message-ID: <877e34z24m.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Mathieu Othacehe skribis: > Here's a patch that add support for ssh authenticated repositories in > "clone" and "remote-fetch" methods of Guile-Git. Woow, awesome! > At first, I used Guile-SSH in the tests to start an SSH server, but as > "make-server" call of Guile-SSH is really low level, this is not very > realistic. I just ended up with a half-broken ssh server, poorly > implemented, after (too many hours) spent reading ssh dumps. Oh, I thought it=E2=80=99d be easier to scrap bits from the example SSH ser= ver that=E2=80=99s in Guile-SSH, perhaps a wishlist item for them. > So the strategy is to spawn an openssh server for the tests. It seems to > work alright, using key based or ssh-agent authentication. Anyway, if it works with sshd, that=E2=80=99s great. > From ae3c5a9851b02e78096963616d4e2f999119fc4d Mon Sep 17 00:00:00 2001 > From: Mathieu Othacehe > Date: Mon, 9 Dec 2019 16:16:45 +0100 > Subject: [PATCH] Add ssh authentication support. > > * Makefile.am (SOURCES): Add git/auth.scm, > (TESTS): add tests/clone.scm. > * configure.ac: Check for git and ssh binaries. > * git.scm (%public-modules): Add (git auth) and (git bindings). > * git/auth.scm: New file. > * git/clone.scm (clone): Add an auth-method argument. Pass it to > new init-fetch-options call, before proceeding to clone. > * git/remote.scm (remote-fetch): Add an auth-method. Pass it to > init-fetch-options before proceeding to fetch. > * git/structs.scm (clone-options-fetch-options): Do not return a copy of > fetch-options nested inside clone-options. Instead, find the offset of > fetch-options and use it to create a pointer to fetch-options. > * git/fetch.scm (init-fetch-options): New exported procedure, > (make-fetch-options): call the procedure above to initialize fetch-option= s, > (set-fetch-auth-with-ssh-agent!): handle the case where username is not s= et > and libgit2 asks for one. > (set-fetch-auth-with-default-ssh-key!): remove this procedure, > (set-fetch-auth-with-ssh-key): new procedure. > * tests/.ssh/id_rsa_client: New file. > * tests/.ssh/id_rsa_client.pub: New file. > * tests/.ssh/id_rsa_server: New file. > * tests/clone.scm: New file. > * tests/ssh.scm.in: New file. [...] > (define-module (git fetch) > #:use-module (system foreign) > + #:use-module (git auth) > #:use-module (git bindings) > #:use-module (git cred) > #:use-module (git structs) > #:use-module (git types) > #:use-module (srfi srfi-26) >=20=20 > - #:export (make-fetch-options > + #:export (init-fetch-options > + make-fetch-options I think we should keep =E2=80=98init-fetch-options=E2=80=99 private. > fetch-init-options ;deprecated! =E2=80=98init-fetch-options=E2=80=99, =E2=80=98fetch-init-options=E2=80=99,= hmm=E2=80=A6 o_O > new file mode 100644 > index 0000000..7e16000 > --- /dev/null > +++ b/tests/.ssh/id_rsa_client I wonder if we should generate those upon =E2=80=98make check=E2=80=99. Th= oughts? (It shouldn=E2=80=99t be a blocker though.) > +(with-sshd-server ssh-server-port > + (with-repository "simple-bare" directory > + (test-equal "clone-auth-ssh-credentials" > + "3f848a1a52416ac99a5c5bf2e6bd55eb7b99d55b" > + (clone-test directory (make-client-ssh-auth)))) > + > + (with-repository "simple-bare" directory > + (test-equal "clone-auth-ssh-agent" > + "3f848a1a52416ac99a5c5bf2e6bd55eb7b99d55b" > + (with-ssh-agent > + (clone-test directory (%make-auth-ssh-agent))))) > + > + (with-repository "simple-bare" directory > + (test-assert "clone-and-fetch-auth-ssh-credentials" > + (let* ((auth (make-client-ssh-auth)) > + (do-clone (clone-test directory auth)) > + (clone-dir (in-vicinity directory "out")) > + (repository (repository-open clone-dir)) > + (remote (remote-lookup repository "origin"))) > + (remote-fetch remote #:auth-method auth) > + #t)))) I think we should add something like: (define (sshd-available?) ;; Return #t if sshd is available (it does not support ;; =E2=80=98--version=E2=80=99 or anything similar though). (not (=3D 127 (system* sshd "--something-not-supported")))) (unless (sshd-available?) (test-skip 1)) ;; =E2=80=A6 Apart from this detail, it looks great to me! You have push access, right? Speaking of which, we really need to push a release at some point. Erik, would you be available to do that, or would you like to delegate? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 10 21:17:00 2019 Received: (at 38320) by debbugs.gnu.org; 11 Dec 2019 02:17:00 +0000 Received: from localhost ([127.0.0.1]:56779 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ierYh-0000be-5n for submit@debbugs.gnu.org; Tue, 10 Dec 2019 21:17:00 -0500 Received: from mail-yw1-f47.google.com ([209.85.161.47]:42074) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ieprj-00063j-Lm for 38320@debbugs.gnu.org; Tue, 10 Dec 2019 19:28:32 -0500 Received: by mail-yw1-f47.google.com with SMTP id w11so8165321ywj.9 for <38320@debbugs.gnu.org>; Tue, 10 Dec 2019 16:28:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:autocrypt:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=nFv0sThf11F64dwCHbr5GuMqHtx2D5u82/ko66PgjAE=; b=Ph98fCz8RGolP0/rX4mVS96Fob7ofaQPyNLGd/WJ8TzndLQsnKEVyOEovWceyd3o6m 0gskcY+GVcTAGNcYR9iC/kvhs34CeTBPtKNFzHjoJBSYsH1O8CptmDX4wDwyIMrcBFVk Nl9FnX52XTc/FduhozhEeNZCkLjX44E2iGk1NneMvOrDBjGzxP0MXkRHUrlmwFjclj+h CVRQiTDH8fHWD2mGC70iWysTL3cs5MfkQMKj1ebSf7GB9BslwqX/BdWpdbK4Hcp/x3zi uMapnQIfDEWUvgOvGmPmyP0v+SR8bQEdmUMavnHGStUMGvQwJ5MKpPX6Eeasc2ibpR2N gegw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=nFv0sThf11F64dwCHbr5GuMqHtx2D5u82/ko66PgjAE=; b=NUdT0pbvGYatU2q4fM4HzaeV6KnuUuKc/Fx6DUTG5hWpepafIWymoURp4VZ4hB+E1B VDv1Oiucle2D/xJBl/5MkcY7njAyAozNJKQtxcadAn5p53M9rLgMLt5M5yfeng91SQrS YfRtMAwBEI46FjvAMZllqTqC4QS7E94zOGK3taJ5R2RJFBFm+wVRbgyal/R/o0+AlCUL 27SSeGyngu1cEibljZHBWeZ5+dezAWMaMJ6JIN4/eXTurrPkuaJtzQLHpHDV/yOA2TaZ 69CJf+WFM2CJVQ5TyHJ5N5fSQqp82jTTyD5cgiVWGVxPuW8+EN0fZGVU++7doUx/lKT3 RbtQ== X-Gm-Message-State: APjAAAWYdXM7HOeYKraP8jfh9YlYPzklixLWNYPYDbbeLMAqheTevpQL KNYL7cMetce6Sgk4K4c4qeozg1ZEL8M= X-Google-Smtp-Source: APXvYqxYVXD/hB+FL1uTzqVzOkDbjKvdfN8MBKuIeSV7S6V13/lzt/uHgLnW58UGM7xoaMAb8znPcg== X-Received: by 2002:a81:ee08:: with SMTP id l8mr267175ywm.328.1576024105804; Tue, 10 Dec 2019 16:28:25 -0800 (PST) Received: from ?IPv6:2602:306:c5c9:a3e0:a0d7:d2f3:b61:7cb5? ([2602:306:c5c9:a3e0:a0d7:d2f3:b61:7cb5]) by smtp.googlemail.com with ESMTPSA id n129sm184975ywb.75.2019.12.10.16.28.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 10 Dec 2019 16:28:25 -0800 (PST) Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= , Mathieu Othacehe References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> From: Erik Edrosa Autocrypt: addr=erik.edrosa@gmail.com; prefer-encrypt=mutual; keydata= mQINBFnixt0BEACl7pRyNYegXncFcDyNr1x8vK35U/gzQmAIaaHjz735JyeGXvOkpLb3LpjV FnDg04COItdfDyVMVbbnnyN4sW+KcT/Tq3qhFC7rqEIxVTAceqPjc5Ra3BZVUMUeMSdyI/C5 MocKbQkQlJaR5v1hthDVi/Bnbw7TxsoR6NvebuzAheVhw7RwermsTZA1PwLIxjjMdCg8fTYF 37YyjJBY8CRpQduwaU0IGpg5W7Cal26nncNmH/H/vQl+n+QSjMmYM3Td4CMfiE8nWt7i81vW CD5Nu+Ke0ogEJNHRd+BT3fDCzVqz5LYrGVLq69I5+cAGLe7TIGgLLk+z0u5T86HL9O50D6sj RvMP33RVxaplaoel3/rM+eGy10SQKE4sFJXop12nAG2I5PaXbSHd2ETUNSjQeStQKmvDENsJ jSI3XQ+1yHHiYbPavdRJbUlUlLcnagnU7bR6VIeq+JftJ25ms6a4NbfPkoD2TviX19388CGm K/eFC6ZtOklhRBDEXHc7RWsKhexIp1pzbl9DL0I1Lvq7ywAxy6zYd/xcBtFcpb4swmb2qpOi 20engifFgDpHcvSleHmnmkWjWCwxApB/anEdaV/d43GGesqzBof32/C/jejKw5gbKH/wbdCM T3ealSFiGdV1njNUPDamXnveabzS2gJSPcU5X7u2sw5mp7KNMQARAQABtCNFcmlrIEVkcm9z YSA8ZXJpay5lZHJvc2FAZ21haWwuY29tPokCUQQTAQgAOwIbAwULCQgHAgYVCAkKCwIEFgID AQIeAQIXgBYhBOwUkeF18cx2fyr1Mre6nRtRaNE0BQJZ4s5qAhkBAAoJELe6nRtRaNE08gIQ AJJ9eHYk+SD2wOFyqX4L6RbE11XkuDTxKnbJKbiF+I40L3RpJ5fIFBZOXtGEmpTCMKB2K+mc qXdj9/5yValRjl5hYvxIVn3KgU0vZmgzh7RGMOCmVCsOg+OiOjOOMWU4akG69vk+pzbeJjo/ U2PwA9Q6W/4+B64e2qAZHJ5TawWT6ZEK8yQOMgQLYfVhdRz4uY5HykRK0BzqcN54+6Pvm7Fc NsuOSKbxATMWuxCTtJp5fS9tWBReRV3+MWhbEZxo4QflcWYPIQVyvtxK66GkxiuqHkVxMI+/ eAnS13VNiW1mW/Y64fntLYk2D8K59+UK3T7XqALSp17zoCJRZYx7BSWCISDN+FzwTCE0r1M6 SjoIe2aWdloUHeUgcuGRmLmvN5zH7utE2wf/WKoDSMM3LZHTvz2iqTQIFxbmPnjMpdGC8sPI SfQcIUNm8jsxxL/I8xHz8ByNgvjR0d3eQ4WBBhxhZMtuOsYLK7Hl2flsEJMRficFE29PuxWy +N7B0ev8f+aqyCi75hJqjwtQL2JKyLJM4IU1eZtzMIWwhYmlsDPC6hz/szbEbWPjyALSjIin Sn+t8+kRCYjq7ZyiPu3f/c9Jgga7zx/r2CMCraS6J7drISZ73gVZCr7LrNc3pCDwtBZ5QOZv 2DhVyowEi3ORSlpL/4eVk5Z/X4TD4ya84sqcuQENBFni0FsBCADoMMpbVw+AwqYNEiwHdG1V APiPzJhMgUwnfD/kFPTTI5Na6IqufAEe+cFbwNoENQdr2eLp9TkffFuRJni02pQL4PBHM+y6 +5xrMrjOix4GdLt0AI2hjd2YDwWapqoWLcR+C7ZM133btVkC3pZvSdQYcRTeX79WD0FkfdHj h4QItof067mGZYlve+OU26B1/EQ46s6hAIRiDhEYWhJnp1O/YPGK6YqVXaTeN5KxNnRFCvJW IPjuBumsBjRWO9W6vuRALDbkSfx5US5wWfNP199v9jjhchpAqeP3KzyqmkWrfwEOAWPbUlWR YvdWKy64UJEK9YwLEUh/m56b6eDasfNRABEBAAGJA2wEGAEIACAWIQTsFJHhdfHMdn8q9TK3 up0bUWjRNAUCWeLQWwIbAgFACRC3up0bUWjRNMB0IAQZAQgAHRYhBGBwwT1KPrZf19KAN2on epIQHAnxBQJZ4tBbAAoJEGonepIQHAnxkSoIAIxcVHPT2xYw28Lh1Y1u/EZkpb4+DamAHVMf IkdCyY5ZZ2OzMIFYqOjiZJBrDThUxByBh/bc/vGz8lvjFhZzXXImRSAOXP5cUiU/dcGf2nnS n9NJ72shrIe/hBEE10LszK2/w9IH38j5mzgEEfxn25pqNcsXu7iRiw1Qc/bL6nT0uTpKCYpi /0UHT9rPRBIhQdcg7jibcADZZN5qN3kZvK8VptXqWK2jaC7CTzWgjTcDPu66j5p2OdKNuSdU FzVFaKU9nJ+b2OTBLwgLC8Q6LlWU9dWtHK9r9/JOJsV9jsMH6kTfJMb48V4bD4bZG2HOWnYj +DnY8mjE0seGNMjq0+oh7A/+Pdx3ELtlGpgOL7Maq6MKaNAHFwT+UNvra+6huIvFH1a2YxIe oZOlCql8p1GElpFIU/0/xwTEalytOL03/dfIKpU1pZKk42g4lK9Dut2V0E6Eg+yUGTeFWc/4 ZgjMU57ieKqZ+I8ERApKBSYMmwtAmDwh/FjQA/mRi85GI4IbB5k1V0Jq4iF+SMd+Eycnihrf ihyI/ZphTaq9ANL1TW6Wj+/qYt4Eauf/5DcC1jaKsULO0C1iY8akzjRT4OLKmuZZ5WcsUb5L Tl5n8901Ad/raxJ3p11cuuW9yBp2jbBQQpRO5FbU+tOsfWGDPNwkZvQRUmIq6Tk7ivzD2iSz mUbsajS6/lJbEeWGJNUNUofeRloIAk0MtrKadIJduMwwd8nr+JlmAV5y0IJboW0QkQfQRt1e g0SG502SIpssRef+iIzdFdzTCUG0BslpMEYsseWUcxNQXsxzzSlGhv0+9LBzZWjGidpT7NyA cwJc0sM/5szgHyIvPkqlrOTB0xowKfv2d2EJtzJtO8Sztm/aKX0nwta/myo+XkVPyKV9dAN6 JKSBJx04LYjRT3SpPw0/Vs2og5XP0f6tehvXmvhlSMWJhFCx/FuB30fAJzEU9kWprDOLHzV8 VjUFy3q60prjGM26IUHsrA3WiECE+lXB1Tj/nsiEIg1/0IuZw6iX98hfDgK5AQ0EWeLQnwEI ANKGc5WAaB/7lTwQJ195vITd3yStZZ71mtIB+n0mHk9yScHfqLHllM9Q3/mwiLSlql5Sk5nu InbuYaxDYwHEevNhdwnP4Jg9MeYWeCFLn6l3Fpp3XMQYEaGS5e3zhVpjUKu3dCv2BXuVu9Cy jBdLrM2RZ28xkIYxZyR9tsSqLbXT1KD8dGDzO83VHYW/3XnSi7Xkactrpo6qhB2A1COJWbHZ iJ2DV1l1auMWRmtPiikRwnNRYodoUfhT7RUzs54wJgnF3sLlw2pRBME94OblteoZyUIvPPoW f203/y2BijIpJozHkp+c0D3UySP2HFgF5fb2XscuA8KwjxfBknNt5QEAEQEAAYkCNgQYAQgA IBYhBOwUkeF18cx2fyr1Mre6nRtRaNE0BQJZ4tCfAhsMAAoJELe6nRtRaNE0Qe8P/1OKty0V GldVDzkw68WVerynJqCDl6wJii0tWWdArc2/XX9FK232So3t20SiwB2TNVU1oa0tlZekiz8r NZFH0uyxR6TqhooH0lFUPkv0seULbWttIFWGE7CoVF8A74YA+pLRrIhA0FP+6/uN+DtPhELj V1mZopzqpO0TeiKT3n4EPcicrrZXKym0gcUJASBJ7aJRbN7xiLNnlfyK48ZhjGxKe8WbkqwO to5AHSGhC6QZ5Za7JnKTZKOOlE5FdfEgWqpBONOB/UBZy9zFFxr5rhCrGd67PcuKTDJd7wqH l5W81uqoSneRm9pZhbPMy8UjTeePHhaKVucI1NKiQNndeat/oFTayj4SoDuTgYc4r8pX4cnf oNPjduQksAAWvim/W+Eg+XJAP8nOf7gHhj1MQYCyNRlPKAzkuSPqio5sqfUrq/mdMkn0agS6 pRK2rtsoLQGkX5u6Wt/k9cvy28QmQsHPVCzdVXO+YxYLUd5sXopQvhY+c2fttJ5D7pRh3bcM LGynXOa0m3kR40dest1HW0gm5xo74sWjm4PyqktlOIKduoL31CckA9eh98OUUNdFvL3T/nhJ m1QMG7j958MAOMl+BR+BkR1BwVE2Mir/H24+bv1E/GxwpaPHctiYk2OxTYXGU6yuSdXvlHd8 zRF2WC/CIK9yg89vBbdguAin7ktd Message-ID: Date: Tue, 10 Dec 2019 19:28:24 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <877e34z24m.fsf@gnu.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38320 X-Mailman-Approved-At: Tue, 10 Dec 2019 21:16:57 -0500 Cc: 38320@debbugs.gnu.org, =?UTF-8?Q?Cl=c3=a9ment_Lassieur?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) > > Speaking of which, we really need to push a release at some point. > Erik, would you be available to do that, or would you like to delegate? > > Thanks, > Ludo’. > Sure, I was planning on creating a release soon. So once this is in I can start testing on some different distros to make sure there isn't any issues. From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 11 06:53:36 2019 Received: (at 38320) by debbugs.gnu.org; 11 Dec 2019 11:53:36 +0000 Received: from localhost ([127.0.0.1]:56971 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1if0Yi-0001Io-3o for submit@debbugs.gnu.org; Wed, 11 Dec 2019 06:53:36 -0500 Received: from mail-wm1-f41.google.com ([209.85.128.41]:40675) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1if0Yf-0001II-U4 for 38320@debbugs.gnu.org; Wed, 11 Dec 2019 06:53:34 -0500 Received: by mail-wm1-f41.google.com with SMTP id t14so6640826wmi.5 for <38320@debbugs.gnu.org>; Wed, 11 Dec 2019 03:53:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:message-id:in-reply-to :date:mime-version; bh=jJilPaySxztiJVAjCJaR86N54gqC4fD4FbBKdWfO9xo=; b=unXnO+b6AmCrpEb7VrYGigNDM6whad1JojJkfzyVAaNU5gYTvnH/zUTleebvs+HNZA Tg6Y0TFduM8c4hNqzuy/5o7kcI3ehT2j55m5qhjEkcTkB4iYyy/+144iOTFP+Pfis6xm 8/Yj/SSrN0hThxJCZD/apwfgIIAbaUkH5tSFZDTA4T9J0d8Lj3UBRQqMWaP5DELYaNnU MOqy3W7d/+1oQ4tqfHpxRlXdFh7VLDeK5uc832jy088HIJjEQnmVEDPuRc4k3cy2EMRd hsF5oVTAuT/O8kWU2OlUHAB+2P06Hqot5cmLcOg19ezAPWy+hFChEYVVs4W9Nc8xmORP 9i3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :message-id:in-reply-to:date:mime-version; bh=jJilPaySxztiJVAjCJaR86N54gqC4fD4FbBKdWfO9xo=; b=UqJTLfuhkptNF2xGqGlhT9ujUYcxe0EEXAw/OYHOQKiRs3dU++QMCubsq54tI7Pnqf DXOZ1j+Dtl2kUI3Eb2s5vUDHlLbjnXQIKUriaV8mH3VwrFL01yIlM1dTuu34+twa0kUK jenKZsxBf14/XP3zhE7BSJcom4exmnnDYntW8SA6rmCpCV6v+mRB5SEkJ7ydbLZ7rwSy eejIAFr3k9jV8X40cKWagN/qp7sT15eXsZzqchYyUkkSgAxaO9twWWy0pB1mEs3CoVeh +eFwm8naCcMX/xvjjiU1UwMKOnD9P+uS7PpS/jxkC4Cd4717xxWJdyNDm9IRlf725sD7 T3LQ== X-Gm-Message-State: APjAAAXY/ZedFmaD5CHkaWN238959NTlnvY71Q164ufkZ0nK5wajmVEd 3pls4lY6Gl+AYwxzMVSvP30= X-Google-Smtp-Source: APXvYqzW1UMOv0uXfCjCG0WpoGBg8psXF9ZFQ8ieUysnA0BsSLqfeq1iTQhf1lGDV+lPxZrq4QMulg== X-Received: by 2002:a7b:c759:: with SMTP id w25mr3349597wmk.15.1576065207911; Wed, 11 Dec 2019 03:53:27 -0800 (PST) Received: from meru (lfbn-ann-1-237-90.w86-200.abo.wanadoo.fr. [86.200.196.90]) by smtp.gmail.com with ESMTPSA id p17sm1983171wmk.30.2019.12.11.03.53.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Dec 2019 03:53:26 -0800 (PST) References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.3 From: Mathieu Othacehe To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs Message-ID: <87wob3xepy.fsf@gmail.com> In-reply-to: <877e34z24m.fsf@gnu.org> Date: Wed, 11 Dec 2019 12:53:15 +0100 MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hey! > Apart from this detail, it looks great to me! > > You have push access, right? > > Speaking of which, we really need to push a release at some point. > Erik, would you be available to do that, or would you like to delegate? Great, thanks for reviewing :). I couldn't get it to work with a generated client rsa key for an unknown reason, but pushed anyway. Now regarding (guix git) integration, I have a question. It would be nice to have "guix pull" and Cuirass support ssh authenticated directories. So "latest-repository-commit" could be call with ssh authentication parameters. However, the guix-daemon won't be able to communicate with the user ssh-agent, and storing an unencrypted private ssh key in the store doesn't feel great to me. Do you see any workaround? Thanks, Mathieu From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 11 10:37:07 2019 Received: (at 38320) by debbugs.gnu.org; 11 Dec 2019 15:37:07 +0000 Received: from localhost ([127.0.0.1]:58524 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1if431-00028T-JX for submit@debbugs.gnu.org; Wed, 11 Dec 2019 10:37:07 -0500 Received: from mail-wm1-f67.google.com ([209.85.128.67]:51741) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1if42z-00027Z-Jk for 38320@debbugs.gnu.org; Wed, 11 Dec 2019 10:37:06 -0500 Received: by mail-wm1-f67.google.com with SMTP id d73so4319245wmd.1 for <38320@debbugs.gnu.org>; Wed, 11 Dec 2019 07:37:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version:content-transfer-encoding; bh=88At9KEZFJcF5PSKKqSm5meXZRmTeenO0DRY9kn5Xb0=; b=BhfXmOURUtiDjuzAxsAlAbSTh+ad/00WK3F826W+QShStZfmyVGWooXOaQkBkF9LvI FXCGgL5MwJRXpOUX1TJn4qHIKcHp9mPMk37GGcmNSevQl/OlMKQgu5sxm74gVYE8HFY5 YKARPcwfmsrQomcwlobHpWPbR2f0EyHaiXt1AOo7GPCbzVLXr4oIs6qQve+kHIzdTEbh ixSp/4+MSocJ9JwF21v+OUZjyctO9a4Qwl0/+HthaTez8ub99pKaTVI/DBXFVI+EnuXZ X1SrRcxWeQ73XbH0LoStdk2jXjOArk6lygygWt4cKz15N2yWtDRNyP3yU/8giOdv0Scg F7bA== X-Gm-Message-State: APjAAAU6KIjU7Bcx8V6ZO8msxCiOe49d2hXBUqdyaMeT04a6GtQMZGpR e9wCUrbaTt5PDjnwIVBPsDQ= X-Google-Smtp-Source: APXvYqyMBZePZM1+sMgVJf2LQIz3+mKMmOudiYl9V7eT7FsVt5Bjz2NXpzeFn2PWFt72CD1Lt3nNPA== X-Received: by 2002:a1c:7d93:: with SMTP id y141mr414054wmc.111.1576078619665; Wed, 11 Dec 2019 07:36:59 -0800 (PST) Received: from newt (smtp.parrot.biz. [62.23.167.188]) by smtp.gmail.com with ESMTPSA id x11sm2700977wmg.46.2019.12.11.07.36.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Dec 2019 07:36:58 -0800 (PST) References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com> User-agent: mu4e 1.2.0; emacs 26.3 From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur To: Mathieu Othacehe Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs In-reply-to: <87wob3xepy.fsf@gmail.com> Date: Wed, 11 Dec 2019 16:36:57 +0100 Message-ID: <87zhfyvppi.fsf@lassieur.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Ludovic =?utf-8?Q?Court=C3=A8s?= , Erik Edrosa X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) Hi everyone, Whoo, nice, thank you so much Mathieu! I'll test everything this week-end probably, and start working on the (guix git) / Cuirass counterpart (which is 1% of the work :D). Mathieu Othacehe writes: > Now regarding (guix git) integration, I have a question. It would be nice > to have "guix pull" and Cuirass support ssh authenticated > directories. Indeed :) Almost there! > So "latest-repository-commit" could be call with ssh authentication > parameters. However, the guix-daemon won't be able to communicate with the > user ssh-agent, and storing an unencrypted private ssh key in the store > doesn't feel great to me. > > Do you see any workaround? As far as I understand, LATEST-REPOSITORY-COMMIT is never called by the daemon, it downloads stuff first and then calls ADD-TO-STORE. So both using the SSH agent or passing a private SSH key should be straightforward. Cl=C3=A9ment From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 12 08:14:08 2019 Received: (at 38320) by debbugs.gnu.org; 12 Dec 2019 13:14:08 +0000 Received: from localhost ([127.0.0.1]:59176 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ifOIC-00026m-H8 for submit@debbugs.gnu.org; Thu, 12 Dec 2019 08:14:08 -0500 Received: from eggs.gnu.org ([209.51.188.92]:40758) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ifOIB-00026Z-41 for 38320@debbugs.gnu.org; Thu, 12 Dec 2019 08:14:07 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36508) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ifOI5-0003tb-Hq; Thu, 12 Dec 2019 08:14:01 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=43168 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ifOI5-0002BA-3P; Thu, 12 Dec 2019 08:14:01 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Erik Edrosa Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 22 Frimaire an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 12 Dec 2019 14:13:59 +0100 In-Reply-To: (Erik Edrosa's message of "Tue, 10 Dec 2019 19:28:24 -0500") Message-ID: <87a77x8z54.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Mathieu Othacehe , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Erik, Erik Edrosa skribis: >>=20 >> Speaking of which, we really need to push a release at some point. >> Erik, would you be available to do that, or would you like to delegate? >>=20 >> Thanks, >> Ludo=E2=80=99. >>=20 > > Sure, I was planning on creating a release soon. So once this is in I > can start testing on some different distros to make sure there isn't any > issues. Awesome, sounds great! I was interested in getting support for progress reports (for =E2=80=98clon= e=E2=80=99 in particular), but I don=E2=80=99t think I=E2=80=99ll work on it soon enough,= and that can surely wait until the next release. Thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 12 08:15:35 2019 Received: (at 38320) by debbugs.gnu.org; 12 Dec 2019 13:15:35 +0000 Received: from localhost ([127.0.0.1]:59180 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ifOJa-00029K-Tt for submit@debbugs.gnu.org; Thu, 12 Dec 2019 08:15:35 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55537) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ifOJZ-000297-8E for 38320@debbugs.gnu.org; Thu, 12 Dec 2019 08:15:33 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36592) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ifOJU-0006IO-3a; Thu, 12 Dec 2019 08:15:28 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=43170 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ifOJT-0002Kr-Ih; Thu, 12 Dec 2019 08:15:27 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: =?utf-8?Q?Cl=C3=A9ment?= Lassieur Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com> <87zhfyvppi.fsf@lassieur.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 22 Frimaire an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 12 Dec 2019 14:15:26 +0100 In-Reply-To: <87zhfyvppi.fsf@lassieur.org> (=?utf-8?Q?=22Cl=C3=A9ment?= Lassieur"'s message of "Wed, 11 Dec 2019 16:36:57 +0100") Message-ID: <8736dp8z2p.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Mathieu Othacehe , Erik Edrosa X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hey ho! Cl=C3=A9ment Lassieur skribis: > Whoo, nice, thank you so much Mathieu! I'll test everything this > week-end probably, and start working on the (guix git) / Cuirass > counterpart (which is 1% of the work :D). Neat! >> So "latest-repository-commit" could be call with ssh authentication >> parameters. However, the guix-daemon won't be able to communicate with t= he >> user ssh-agent, and storing an unencrypted private ssh key in the store >> doesn't feel great to me. >> >> Do you see any workaround? > > As far as I understand, LATEST-REPOSITORY-COMMIT is never called by the > daemon, it downloads stuff first and then calls ADD-TO-STORE. So both > using the SSH agent or passing a private SSH key should be > straightforward. Indeed. =E2=80=98guix pull --url=E2=80=99 and =E2=80=98guix build --with-g= it-url=E2=80=99 (and similar) should work just fine. Thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 04 04:16:58 2020 Received: (at 38320) by debbugs.gnu.org; 4 Feb 2020 09:16:58 +0000 Received: from localhost ([127.0.0.1]:42592 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iyuKI-0007rm-DV for submit@debbugs.gnu.org; Tue, 04 Feb 2020 04:16:58 -0500 Received: from mail-wr1-f45.google.com ([209.85.221.45]:33438) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iyuKG-0007rZ-N7 for 38320@debbugs.gnu.org; Tue, 04 Feb 2020 04:16:57 -0500 Received: by mail-wr1-f45.google.com with SMTP id u6so8688508wrt.0 for <38320@debbugs.gnu.org>; Tue, 04 Feb 2020 01:16:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version; bh=2JeyEHPVQKDdrlArPfqVBVEhVPXh6FxQUFu3VQyT6Gg=; b=cnpgnq+D6qvTu5wDZW5Uunx1nptvNjP7WekKhNs6vk9VEDSaCwCKRap5FpKJy9+BUB sOsvOFHYIAqHFd2UfchN92ntO3Qw1h7VOFrupCmXHQ9Jf8xvh9BCdQ9h1SUCr5DC3ou6 CVXwUs3a3158HKWR/D3RXWLTY18iajqMt19liojUo8wfKn8q56YJGdeYJBfMETpsHfTZ AXO/8ry5UnhAt1aLK6mwnMD1lHwRp8fASVNlwDUs5S78nA4gkdwDGjgIaKX7ueKtjs8j JdGSd7aVeW09W6+9wz5bRLHiyzeEoTDzy+2jdU2D6QrlBmckeoGNGz8LS+FvNvbDGxNR I9VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version; bh=2JeyEHPVQKDdrlArPfqVBVEhVPXh6FxQUFu3VQyT6Gg=; b=qAahmhFK5WgCh1l6OhZiIu8wR18sSkB5bCjbEBr36fZajNTByOpUaDB6DZOu968+BF ffbIz13C8326nbLE9UcVzc5LKeIx3yZwkPGwQQeXhLqHUTtNhZGz3o0AcpbvnMpSGDrg kPqffyehl1DNz4DS5leMSQ1KZ5KLrnG1YJWfCOQ36kgT8s6hyJ1AVLMCKdaj+0SMzKUv /cvtRy9MXG82kSBPdOvAAVYNwA537+H4AaRQiZyMiRjiDy26d8W8DiT1MfoHzqvwhgdo 4Jqrb1n1L70XClS/r6JdJTyhq4SeTZ9eWCKc0Bfle91rkmA91qE9OxfV2ioesKWNeexc NDAQ== X-Gm-Message-State: APjAAAVSIv5vUHlA3H3LNcLRX92bBZci5uUnDxqp5mCOP6HVGR2yVMqf JJ4wK5pGN1zrODKoc7k0OXU= X-Google-Smtp-Source: APXvYqwHbDoUHgTyHLQLc6AE+5OuLZLcWzP7uoFGnMBvL2YlR/JOuCMmgrM/ZCvibC2bJn5J4JzkDQ== X-Received: by 2002:a05:6000:108b:: with SMTP id y11mr16405341wrw.187.1580807810621; Tue, 04 Feb 2020 01:16:50 -0800 (PST) Received: from meru (lfbn-ann-1-237-90.w86-200.abo.wanadoo.fr. [86.200.196.90]) by smtp.gmail.com with ESMTPSA id x17sm28634893wrt.74.2020.02.04.01.16.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2020 01:16:49 -0800 (PST) References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com> <87zhfyvppi.fsf@lassieur.org> <8736dp8z2p.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.3 From: Mathieu Othacehe To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs In-reply-to: <8736dp8z2p.fsf@gnu.org> Date: Tue, 04 Feb 2020 10:16:47 +0100 Message-ID: <87tv4667b4.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Hello, Here's a small patch to (guix git) so that cloning/fetching from ssh authenticated repositories is supported using ssh agent. I tested: * guix pull --url=git@gitlab.com:mothacehe/private.git * guix pull with the following channel configuration --8<---------------cut here---------------start------------->8--- (cons* (channel (name 'gitlab) (url "git@gitlab.com:mothacehe/test-channel.git")) %default-channels) --8<---------------cut here---------------end--------------->8--- This works fine, but we still need to see how it works for Cuirass inputs and (guix git-download) module. Mathieu --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0001-git-Add-ssh-authentication-support.patch Content-Transfer-Encoding: quoted-printable >From ae380c15f1c37e2c94e0954975f5f712e76340ac Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 3 Feb 2020 18:05:02 +0100 Subject: [PATCH] git: Add ssh authentication support. SSH agent authentication method is used. * guix/git.scm (auth-method): New variable, (clone*): pass previous variable in clone options, (update-cached-checkout): pass previous variable in fetch options. --- guix/git.scm | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/guix/git.scm b/guix/git.scm index a12f1eec8e..aee7b325e0 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright =C2=A9 2017 Mathieu Othacehe +;;; Copyright =C2=A9 2017, 2020 Mathieu Othacehe ;;; Copyright =C2=A9 2018, 2019, 2020 Ludovic Court=C3=A8s ;;; ;;; This file is part of GNU Guix. @@ -108,6 +108,9 @@ the 'SSL_CERT_FILE' and 'SSL_CERT_DIR' environment vari= ables." (string-append "R:" url) url)))))) =20 +;; Default authentication method. +(define auth-method (%make-auth-ssh-agent)) + (define (clone* url directory) "Clone git repository at URL into DIRECTORY. Upon failure, make sure no empty directory is left behind." @@ -119,7 +122,9 @@ make sure no empty directory is left behind." ;; value in Guile-Git: . (if (module-defined? (resolve-interface '(git)) 'clone-init-options) - (clone url directory (clone-init-options)) + (clone url directory + (make-clone-options + #:fetch-options (make-fetch-options auth-method))) (clone url directory))) (lambda _ (false-if-exception (rmdir directory))))) @@ -281,7 +286,8 @@ When RECURSIVE? is true, check out submodules as well, = if any." ;; Only fetch remote if it has not been cloned just before. (when (and cache-exists? (not (reference-available? repository ref))) - (remote-fetch (remote-lookup repository "origin"))) + (remote-fetch (remote-lookup repository "origin") + #:fetch-options (make-fetch-options auth-method))) (when recursive? (update-submodules repository #:log-port log-port)) (let ((oid (switch-to-ref repository canonical-ref))) --=20 2.25.0 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hey ho! > > Cl=C3=A9ment Lassieur skribis: > >> Whoo, nice, thank you so much Mathieu! I'll test everything this >> week-end probably, and start working on the (guix git) / Cuirass >> counterpart (which is 1% of the work :D). > > Neat! > >>> So "latest-repository-commit" could be call with ssh authentication >>> parameters. However, the guix-daemon won't be able to communicate with = the >>> user ssh-agent, and storing an unencrypted private ssh key in the store >>> doesn't feel great to me. >>> >>> Do you see any workaround? >> >> As far as I understand, LATEST-REPOSITORY-COMMIT is never called by the >> daemon, it downloads stuff first and then calls ADD-TO-STORE. So both >> using the SSH agent or passing a private SSH key should be >> straightforward. > > Indeed. =E2=80=98guix pull --url=E2=80=99 and =E2=80=98guix build --with= -git-url=E2=80=99 (and similar) > should work just fine. > > Thanks! > > Ludo=E2=80=99. --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 04 07:58:29 2020 Received: (at 38320) by debbugs.gnu.org; 4 Feb 2020 12:58:29 +0000 Received: from localhost ([127.0.0.1]:42764 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iyxmf-0006fY-2f for submit@debbugs.gnu.org; Tue, 04 Feb 2020 07:58:29 -0500 Received: from eggs.gnu.org ([209.51.188.92]:43955) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iyxmd-0006fF-Iv for 38320@debbugs.gnu.org; Tue, 04 Feb 2020 07:58:27 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57727) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1iyxmY-0001Wg-Ai; Tue, 04 Feb 2020 07:58:22 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=50236 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1iyxmW-0004Mm-SP; Tue, 04 Feb 2020 07:58:21 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com> <87zhfyvppi.fsf@lassieur.org> <8736dp8z2p.fsf@gnu.org> <87tv4667b4.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 16 =?utf-8?Q?Pluvi=C3=B4se?= an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 04 Feb 2020 13:58:19 +0100 In-Reply-To: <87tv4667b4.fsf@gmail.com> (Mathieu Othacehe's message of "Tue, 04 Feb 2020 10:16:47 +0100") Message-ID: <87v9omy0es.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hello! Mathieu Othacehe skribis: > Here's a small patch to (guix git) so that cloning/fetching from ssh > authenticated repositories is supported using ssh agent. > > I tested: > > * guix pull --url=3Dgit@gitlab.com:mothacehe/private.git > * guix pull with the following channel configuration > > (cons* (channel > (name 'gitlab) > (url "git@gitlab.com:mothacehe/test-channel.git")) > %default-channels) Woohoo! Really nice. > This works fine, but we still need to see how it works for Cuirass > inputs and (guix git-download) module. Ah yes, =E2=80=98git-fetch=E2=80=99. > From ae380c15f1c37e2c94e0954975f5f712e76340ac Mon Sep 17 00:00:00 2001 > From: Mathieu Othacehe > Date: Mon, 3 Feb 2020 18:05:02 +0100 > Subject: [PATCH] git: Add ssh authentication support. > > SSH agent authentication method is used. > > * guix/git.scm (auth-method): New variable, > (clone*): pass previous variable in clone options, > (update-cached-checkout): pass previous variable in fetch options. [...] > +;; Default authentication method. > +(define auth-method (%make-auth-ssh-agent)) > + > (define (clone* url directory) > "Clone git repository at URL into DIRECTORY. Upon failure, > make sure no empty directory is left behind." > @@ -119,7 +122,9 @@ make sure no empty directory is left behind." > ;; value in Guile-Git: . > (if (module-defined? (resolve-interface '(git)) > 'clone-init-options) > - (clone url directory (clone-init-options)) > + (clone url directory > + (make-clone-options > + #:fetch-options (make-fetch-options auth-method))) > (clone url directory))) > (lambda _ > (false-if-exception (rmdir directory))))) > @@ -281,7 +286,8 @@ When RECURSIVE? is true, check out submodules as well= , if any." > ;; Only fetch remote if it has not been cloned just before. > (when (and cache-exists? > (not (reference-available? repository ref))) > - (remote-fetch (remote-lookup repository "origin"))) > + (remote-fetch (remote-lookup repository "origin") > + #:fetch-options (make-fetch-options auth-method))) It LGTM, and I like that it=E2=80=99s actually a small patch. Until now, we had conditionals like the =E2=80=98module-defined?=E2=80=99 t= hing above to allow for a smooth transition from older Guile-Git versions. Do we want to keep doing that? If we do, then perhaps you should arrange so that uses of the new Guile-Git APIs that appeared in 0.3.0 are conditional. I=E2=80=99d say we should do it if it=E2=80=99s easy to do and not too intr= usive. Otherwise, let=E2=80=99s just require 0.3.0 and be done with it. (=E2=80= =98guix pull=E2=80=99 gets 0.3.0 anyway.) Thoughts? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 05 03:45:20 2020 Received: (at 38320) by debbugs.gnu.org; 5 Feb 2020 08:45:20 +0000 Received: from localhost ([127.0.0.1]:45111 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1izGJD-0005WE-O2 for submit@debbugs.gnu.org; Wed, 05 Feb 2020 03:45:20 -0500 Received: from mail-wr1-f52.google.com ([209.85.221.52]:40469) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1izGJC-0005Vw-5A for 38320@debbugs.gnu.org; Wed, 05 Feb 2020 03:45:18 -0500 Received: by mail-wr1-f52.google.com with SMTP id t3so1569648wru.7 for <38320@debbugs.gnu.org>; Wed, 05 Feb 2020 00:45:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version; bh=LbMhcpGJwgu3P2j8ZYjXX60gdJ4j0XIjvOYq0eObRvM=; b=MknCRZzex4xP+Lm0HLOOfTMq8NELLQAcZ8r+8YDIsgU/OMAcaM6gEgyi/9IDhvuyCk ubbyseeoyIlznsCOZxcgzUtkOx4c/4Sg/wh0NXhLQ7Gw00CbLBey4Ge6lGxcglJt147v aTiSspkC4MIEPrTjpHpg/SdRPU+10s/VrxdKfofy+Hg9ML6C3UnmtMNnfIv3LMHK8RZY KaimPlDW/lc/GoEwWCSvD81G2GjQiW5ws/v7faNLo0SfrFoTh7BDiC3aq5ZnshD4kQef ldfYsMIO3VSDBUioFr+Yg+eb98ZC3UgMugoKfTDbhaxJrMTDs6HlMLR84ci/NmSiBrC5 wQNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version; bh=LbMhcpGJwgu3P2j8ZYjXX60gdJ4j0XIjvOYq0eObRvM=; b=WMB4mbsU9fARys96sZJ2zXBny1haMlMJvi8YrkQcAlPDFBjuhUsXp698XvHuPGV0z0 wSR4ergAbaQ/kXGDFCOQ+STN10e73KFANpNQPSP+0nif8ZlbZimnZjx04as/W0f7gryJ wRmWQUlA1xB3o9XEKMJdwRnRv85OyFr+dAYz67+++YcJelDXv6jHBnzhKGn6LgwTnePb aC7hLV4xuLtlfnQE9DICXRngSrebiTSGWUf2EoBV3+7oFTCH6wqoLt23ZxJ1BmyYmzQ+ CuboDKTEUNJ+RCnN6Scxy8/Vdt75o8pffNKuze4B7EoGYkGuHU1kdEu71kwjHqJ7hZYY bF3Q== X-Gm-Message-State: APjAAAWLpVD5p1t26gFB8uhYYg05DabjAwfplCG7sBwPkk62VxeKP66Q xB1zr8QJ3+8nCYvKDBW2xXk= X-Google-Smtp-Source: APXvYqwl3QtKonbBp7MBjVIDlgYoIPQaIO+wDJSHMpxtmKaOuNI9f0LCwh9TK0WQBEQVpGz6yPG+kw== X-Received: by 2002:a5d:5708:: with SMTP id a8mr26740782wrv.79.1580892312169; Wed, 05 Feb 2020 00:45:12 -0800 (PST) Received: from meru (lfbn-ann-1-237-90.w86-200.abo.wanadoo.fr. [86.200.196.90]) by smtp.gmail.com with ESMTPSA id v17sm33247125wrt.91.2020.02.05.00.45.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Feb 2020 00:45:10 -0800 (PST) References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com> <87zhfyvppi.fsf@lassieur.org> <8736dp8z2p.fsf@gnu.org> <87tv4667b4.fsf@gmail.com> <87v9omy0es.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.3 From: Mathieu Othacehe To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs In-reply-to: <87v9omy0es.fsf@gnu.org> Date: Wed, 05 Feb 2020 09:45:09 +0100 Message-ID: <87v9oltobu.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hey Ludo, Thanks for reviewing :) > It LGTM, and I like that it=E2=80=99s actually a small patch. > > Until now, we had conditionals like the =E2=80=98module-defined?=E2=80=99= thing above to > allow for a smooth transition from older Guile-Git versions. Do we want > to keep doing that? > > If we do, then perhaps you should arrange so that uses of the new > Guile-Git APIs that appeared in 0.3.0 are conditional. > > I=E2=80=99d say we should do it if it=E2=80=99s easy to do and not too in= trusive. > Otherwise, let=E2=80=99s just require 0.3.0 and be done with it. (=E2=80= =98guix pull=E2=80=99 > gets 0.3.0 anyway.) Here's a version with optional authentication support. I do not find it too intrusive, but let me know what you think! Thanks, Mathieu --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0001-git-Add-ssh-authentication-support.patch Content-Transfer-Encoding: quoted-printable >From 4554baf59564eb0c31cfe235acd078d54afef6d7 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 3 Feb 2020 18:05:02 +0100 Subject: [PATCH] git: Add ssh authentication support. SSH agent authentication method is used. * guix/git.scm (auth-method): New variable, (clone*): pass previous variable in clone options, (update-cached-checkout): pass previous variable in fetch options. --- guix/git.scm | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/guix/git.scm b/guix/git.scm index a12f1eec8e..2165e612f1 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright =C2=A9 2017 Mathieu Othacehe +;;; Copyright =C2=A9 2017, 2020 Mathieu Othacehe ;;; Copyright =C2=A9 2018, 2019, 2020 Ludovic Court=C3=A8s ;;; ;;; This file is part of GNU Guix. @@ -108,6 +108,14 @@ the 'SSL_CERT_FILE' and 'SSL_CERT_DIR' environment var= iables." (string-append "R:" url) url)))))) =20 +;; Authentication appeared in Guile-Git 0.3.0, check if it is available. +(define auth-supported? + (false-if-exception (resolve-interface '(git auth)))) + +;; Default authentication method. +(define auth-method (and auth-supported? + (%make-auth-ssh-agent))) + (define (clone* url directory) "Clone git repository at URL into DIRECTORY. Upon failure, make sure no empty directory is left behind." @@ -119,7 +127,11 @@ make sure no empty directory is left behind." ;; value in Guile-Git: . (if (module-defined? (resolve-interface '(git)) 'clone-init-options) - (clone url directory (clone-init-options)) + (clone url directory + (if auth-supported? + (make-clone-options + #:fetch-options (make-fetch-options auth-method)) + (clone-init-options))) (clone url directory))) (lambda _ (false-if-exception (rmdir directory))))) @@ -281,7 +293,10 @@ When RECURSIVE? is true, check out submodules as well,= if any." ;; Only fetch remote if it has not been cloned just before. (when (and cache-exists? (not (reference-available? repository ref))) - (remote-fetch (remote-lookup repository "origin"))) + (if auth-supported? + (remote-fetch (remote-lookup repository "origin") + #:fetch-options (make-fetch-options auth-method)) + (remote-fetch (remote-lookup repository "origin")))) (when recursive? (update-submodules repository #:log-port log-port)) (let ((oid (switch-to-ref repository canonical-ref))) --=20 2.25.0 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 05 16:25:00 2020 Received: (at 38320) by debbugs.gnu.org; 5 Feb 2020 21:25:00 +0000 Received: from localhost ([127.0.0.1]:46878 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1izSAO-0000Hd-H2 for submit@debbugs.gnu.org; Wed, 05 Feb 2020 16:25:00 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54966) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1izSAM-0000HQ-VF for 38320@debbugs.gnu.org; Wed, 05 Feb 2020 16:24:59 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35983) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1izSAH-0005yL-MC; Wed, 05 Feb 2020 16:24:53 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38968 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1izSA8-0005DE-Dp; Wed, 05 Feb 2020 16:24:46 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com> <87zhfyvppi.fsf@lassieur.org> <8736dp8z2p.fsf@gnu.org> <87tv4667b4.fsf@gmail.com> <87v9omy0es.fsf@gnu.org> <87v9oltobu.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 =?utf-8?Q?Pluvi=C3=B4se?= an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 05 Feb 2020 22:24:42 +0100 In-Reply-To: <87v9oltobu.fsf@gmail.com> (Mathieu Othacehe's message of "Wed, 05 Feb 2020 09:45:09 +0100") Message-ID: <87mu9wlobp.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi! Mathieu Othacehe skribis: > Here's a version with optional authentication support. I do not find it > too intrusive, but let me know what you think! Yup, looks good! > From 4554baf59564eb0c31cfe235acd078d54afef6d7 Mon Sep 17 00:00:00 2001 > From: Mathieu Othacehe > Date: Mon, 3 Feb 2020 18:05:02 +0100 > Subject: [PATCH] git: Add ssh authentication support. > > SSH agent authentication method is used. > > * guix/git.scm (auth-method): New variable, > (clone*): pass previous variable in clone options, > (update-cached-checkout): pass previous variable in fetch options. [...] > +;; Default authentication method. > +(define auth-method (and auth-supported? > + (%make-auth-ssh-agent))) Perhaps we should not call it at the top level, in case it throws an exception or has unwanted side effects? I=E2=80=99d suggest moving it to the procedures where it=E2=80=99s used. Thoughts? Apart from that it LGTM, thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 06 10:17:00 2020 Received: (at 38320) by debbugs.gnu.org; 6 Feb 2020 15:17:00 +0000 Received: from localhost ([127.0.0.1]:48295 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1izito-0004dk-KG for submit@debbugs.gnu.org; Thu, 06 Feb 2020 10:17:00 -0500 Received: from mail-wr1-f51.google.com ([209.85.221.51]:35819) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1izitn-0004dY-PI for 38320@debbugs.gnu.org; Thu, 06 Feb 2020 10:17:00 -0500 Received: by mail-wr1-f51.google.com with SMTP id w12so7684068wrt.2 for <38320@debbugs.gnu.org>; Thu, 06 Feb 2020 07:16:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version:content-transfer-encoding; bh=iiSrpoMsA5W7ggdwVK9OpOzGjvxw4qduo0cgTlQc8es=; b=rXkatkOFycPPdq9hwhAjT5SG0gXmteYFQcbAu9lLICwLDEfWxpcGkauFqQ1TFXJEig LSR95nfpW2qBBAuYV4dIbCPruy/N5tpXYXdsUDftEhC7w9VRfC2cLYFOrsoFKW7N9giX yR9YoNzXhpYYz7e9/ntrFTRQVeP1ZIQoRGoXBUJTZEdFLRQteIoAMsXDaUqF6rr/Fd0G RV5mz93gu7MDn/nJ1reQjeCyr/5H29zWBmJ5kk221df+pYTIOYpmwrEqp7NtBoLc1p90 foAtCyEooflnO5c1l1pyiMWn0CKd9sj0mVaPhX2GBvL2sIr6aWG0YGnUk05Q6GYjf4t5 JKcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version:content-transfer-encoding; bh=iiSrpoMsA5W7ggdwVK9OpOzGjvxw4qduo0cgTlQc8es=; b=Lylb9hrkLiK+ZwHw1QkHy73VXd9VKwJPPGJqCsaQsoQHz1Pi+C32nMRzlJrM/JoDo0 xM1ssN7jj+TdhRKgHFCEfHktpZX6vAjrYIUbAjEywNPFH10VvGbTMVswAg/0Iis3h+mM +zCDXyFy8AexjL3IwNJHhmjQ+9L/5VAFcBxreXNy2JE+si8FjaNDv6p3ls2nuYA+Nr81 NDDjSQfzHVuV2UE+/eKw9lv9wmOCN0ddXYAFnQnH3cmQ1yQTbI7j74HKn2hx42oMhhOg nN5mMRPiRbD5RJCnRuf4Xi3CdFcP2Ky72eauldMJTc0yc41Je5Y76lkpzAL5h7aQytLt W0EA== X-Gm-Message-State: APjAAAXyF2UsqLc2TA50fBF8L8B+LTM9ysGP1R6kJ7b1G4I4xHvih72b xAXm0P25ylX7IkjB6NhRjWI= X-Google-Smtp-Source: APXvYqxJdROCxtApYgzgoXbyCOmPrnLp5An3ADWbgcDDSPFzGk2Gm2hssGf/K1923lxeF5Fl3jMkEQ== X-Received: by 2002:adf:edd0:: with SMTP id v16mr4242222wro.310.1581002213961; Thu, 06 Feb 2020 07:16:53 -0800 (PST) Received: from meru (lfbn-ann-1-237-90.w86-200.abo.wanadoo.fr. [86.200.196.90]) by smtp.gmail.com with ESMTPSA id s16sm4659056wrn.78.2020.02.06.07.16.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Feb 2020 07:16:53 -0800 (PST) References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com> <87zhfyvppi.fsf@lassieur.org> <8736dp8z2p.fsf@gnu.org> <87tv4667b4.fsf@gmail.com> <87v9omy0es.fsf@gnu.org> <87v9oltobu.fsf@gmail.com> <87mu9wlobp.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.3 From: Mathieu Othacehe To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs In-reply-to: <87mu9wlobp.fsf@gnu.org> Date: Thu, 06 Feb 2020 16:16:52 +0100 Message-ID: <87tv43zqxn.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hey, > Perhaps we should not call it at the top level, in case it throws an > exception or has unwanted side effects? I=E2=80=99d suggest moving it to > the procedures where it=E2=80=99s used. Thoughts? > > Apart from that it LGTM, thanks! Fixed and pushed! Shall we inform users (guix pull news?) that they can now use ssh authenticated repositories for guix pull + channels if they have a running ssh-agent? Mathieu From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 06 12:17:17 2020 Received: (at 38320) by debbugs.gnu.org; 6 Feb 2020 17:17:17 +0000 Received: from localhost ([127.0.0.1]:48369 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1izkmD-0007Uc-BL for submit@debbugs.gnu.org; Thu, 06 Feb 2020 12:17:17 -0500 Received: from eggs.gnu.org ([209.51.188.92]:51955) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1izkmB-0007UQ-Me for 38320@debbugs.gnu.org; Thu, 06 Feb 2020 12:17:16 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52337) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1izkm6-0000HO-Ct; Thu, 06 Feb 2020 12:17:10 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=32938 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1izkm5-0007OT-Vk; Thu, 06 Feb 2020 12:17:10 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com> <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com> <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com> <87zhfyvppi.fsf@lassieur.org> <8736dp8z2p.fsf@gnu.org> <87tv4667b4.fsf@gmail.com> <87v9omy0es.fsf@gnu.org> <87v9oltobu.fsf@gmail.com> <87mu9wlobp.fsf@gnu.org> <87tv43zqxn.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 =?utf-8?Q?Pluvi=C3=B4se?= an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 06 Feb 2020 18:17:07 +0100 In-Reply-To: <87tv43zqxn.fsf@gmail.com> (Mathieu Othacehe's message of "Thu, 06 Feb 2020 16:16:52 +0100") Message-ID: <87a75v7i0c.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 38320 Cc: 38320@debbugs.gnu.org, Erik Edrosa , =?utf-8?Q?Cl=C3=A9ment?= Lassieur X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi! Mathieu Othacehe skribis: >> Perhaps we should not call it at the top level, in case it throws an >> exception or has unwanted side effects? I=E2=80=99d suggest moving it to >> the procedures where it=E2=80=99s used. Thoughts? >> >> Apart from that it LGTM, thanks! > > Fixed and pushed! Shall we inform users (guix pull news?) that they can > now use ssh authenticated repositories for guix pull + channels if they > have a running ssh-agent? Yes, good idea, could you add an entry in etc/news.txt? That=E2=80=99d be = great. (Double-check you got the commit ID and syntax right before pushing, it=E2= =80=99s easy to make mistakes there.) Thank you! Ludo=E2=80=99.