From debbugs-submit-bounces@debbugs.gnu.org Wed May 11 03:37:43 2022 Received: (at submit) by debbugs.gnu.org; 11 May 2022 07:37:43 +0000 Received: from localhost ([127.0.0.1]:35944 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nogul-0006Pc-CD for submit@debbugs.gnu.org; Wed, 11 May 2022 03:37:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:55146) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1noguj-0006PT-6T for submit@debbugs.gnu.org; Wed, 11 May 2022 03:37:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46374) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1noguV-0005jz-5Y; Wed, 11 May 2022 03:37:31 -0400 Received: from mail-lj1-x236.google.com ([2a00:1450:4864:20::236]:39578) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1noguP-0007nd-6m; Wed, 11 May 2022 03:37:23 -0400 Received: by mail-lj1-x236.google.com with SMTP id t25so1468186ljd.6; Wed, 11 May 2022 00:37:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=Ik5j4HfgHrpGi78Xn2Y7yrDWoJA5FJHekFwwUMY+thc=; b=CSdnrj+PfPorl51C6Mac/M4JHslGMoanyXeDh6ATnyx5H2owkBAYJHKWWvLur+zj3Y gLlCqzZlIe2keG08aPU9ziOtOU72eYC6rg+SPff8EviH+nyZa6yvRAVm/Mvq9/LYRU97 EokeIb2uS4jdDiwoEKy5DkANE5elcwFvZcqPE2ksTXBbRfB4+GPTTAXOismihgCcYIxf 69RD5C8HznRCbo8Khjzp2w61mvIBosYH9e4+TYY5AIQzCraTZqFZJ2yxIaXNeWHLFYyc CnL3069gfjQ760zJVkkR2GiZqVxLpC1PVxwCaP0upD9VHz5hSMeqWw0K1KeGFWk/Jv0O +8TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=Ik5j4HfgHrpGi78Xn2Y7yrDWoJA5FJHekFwwUMY+thc=; b=oTSsz/kKFIyteHYqbbRQGjXUIBZMUX5rTsGa0vxUv4RtGQ+VrnOrtKlbkQa2RVmgSF T6USpr91m/FJRTa1HzJ0lLd725TujBDn1NCsBpZUOsUy1gN/spIY9Qe2rLpeMbvm+gp+ xpf6RZgMr3DQ+l2yFv//Q62u6Jw8cIeb5mf3eEaKpQ9pgADVRLvtELO8IAtt/rIg6ILy WT7tJdDwi6XbFoDF7iSDQKJ8ISavdh+hcvjiJtXfCNvB/vZhAUZGL2T0ApVXnMT8yiGj zsE94wrxwbjR156b4g2jjrVFvxZLzeWX2wp89N+7kjTGjBKDlX0Z5EYangWpTUpET9+H vPNg== X-Gm-Message-State: AOAM530MOvvA6kHrV1Q4iD0BoBrBymH6kEp2FkrA92TKef3N9D5U01dQ +MMZRzYminlwH5x1GsqQRwc18m/0Z4s= X-Google-Smtp-Source: ABdhPJw+Enl0Dn6kMQdgTgcX79Kj+I5Poyv/gUNbpKaJk6/7RyA4WrphClPFD7WRboaoiU8Rk69b6g== X-Received: by 2002:a2e:944a:0:b0:24f:10bd:b7e8 with SMTP id o10-20020a2e944a000000b0024f10bdb7e8mr16143554ljh.238.1652254628350; Wed, 11 May 2022 00:37:08 -0700 (PDT) Received: from guixsd ([88.201.161.72]) by smtp.gmail.com with ESMTPSA id d17-20020ac25ed1000000b0047255d2116bsm158453lfq.154.2022.05.11.00.37.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 00:37:07 -0700 (PDT) From: Oleg Pykhalov To: Edouard Klein Subject: Re: How do I extend openssh-service-type ? References: <87tu9xum2c.fsf@rdklein.fr> Date: Wed, 11 May 2022 10:37:04 +0300 In-Reply-To: <87tu9xum2c.fsf@rdklein.fr> (Edouard Klein's message of "Tue, 10 May 2022 23:07:10 +0200") Message-ID: <87r150o6zj.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a00:1450:4864:20::236; envelope-from=go.wigust@gmail.com; helo=mail-lj1-x236.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: bug-guix , help-guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Edouard Klein writes: > I'm trying to make sense of: > https://guix.gnu.org/manual/en/guix.html#index-openssh_002dservice_002dty= pe > > #+begin_quote > This service can be extended with extra authorized keys, as in this examp= le: > > (service-extension openssh-service-type > (const `(("charlie" > ,(local-file "charlie.pub"))))) > #+end_quote [=E2=80=A6] Seems like extend-openssh-authorized-keys procedure does not use keys argument. We could fix it like: =2D-8<---------------cut here---------------start------------->8--- diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 7fbbe383e5..4bb3969b95 100644 =2D-- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -558,7 +558,7 @@ (define (extend-openssh-authorized-keys config keys) (openssh-configuration (inherit config) (authorized-keys =2D (match (openssh-configuration-authorized-keys config) + (match (append (openssh-configuration-authorized-keys config) keys) (((users _ ...) ...) ;; Build a user/key-list mapping. (let ((user-keys (alist->vhash =2D-8<---------------cut here---------------end--------------->8--- Oleg. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAmJ7Z6AUHGdvLndpZ3Vz dEBnbWFpbC5jb20ACgkQFn+OpQAa+pzHPw//VzB3SKSjJRFcqWPZUljqh4n3XTOH aX7USRHFUwfgUxXECz3+FoRCtCok/qqUCTFYOZIElpEpzp1J+qFM1Y6WKZ96JMAU 31TXjFT3vUNisrbGCaiyOKRAlwq38Ew+oL1uo9mf1VfC8LR6YEpB5YXnyHiy8oVQ LvOtUZ2+2ae9Tq6nUKhW1cEGhP+LghCuxD3IlITnCMIF8W7DKCBbZd+7z5V71XL9 TD6/vEk7ygovb3Mtlip0DtYKz+288Js1xG0myASl7G0uULKCBx/mz97/FEiOQBvR Kg4GESPwIGMKNHW6+uh1gU/+ZjC1W/sozXIDu95v3n9iLn/ZNzFoKNzayF/tYDCC ui3090wP4IwlpBgYI/7ROy00Y4MTNPgrP00l5/GPqjNQLOvi6KX7bFtgsDfEqgar RvUIKUmJkcbCLILYQl3JxFGv2uvh4NijTRUYRnIZcpCMsjHYahnfWYwTAiruOZ1y hN42gJ1uQHyk2bcji55L2BM1qcCoeWfY2l6JH2V+B3/QGDzjmrE3JJ7qDwmfUaeE mChPJkXIrLxCGlzEoXQiYMAs6/41hN6rIoYTaZciXRrF5oGvcheZAHSlMahaiRaR 205SlgkyZ4dRX8bhEWMNQ+21B/Ha/k5dVDd6R5uZJVIWQGuzssrQ7jKfvVbbF/I0 9zalSc1b7vIHS7g= =1LmA -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed May 25 08:06:32 2022 Received: (at 55359) by debbugs.gnu.org; 25 May 2022 12:06:32 +0000 Received: from localhost ([127.0.0.1]:54515 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ntpmZ-0006Nn-Re for submit@debbugs.gnu.org; Wed, 25 May 2022 08:06:32 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43816) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ntpmX-0006NX-7e for 55359@debbugs.gnu.org; Wed, 25 May 2022 08:06:30 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59444) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ntpmR-0001r9-MG; Wed, 25 May 2022 08:06:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=vrO1r6mxkaYlS7r4PW6PeXPAXSqRSgXUJi8tI5wvVEY=; b=VQ9ATMHXNG4R/lJmCQzZ uLJuM7P9zrWdgIEF0qQDQug8HyxmFhSV4LjglRpx1R+8qraVuvNw1hWR2aEcuklkkAh03hzxequ4a DSuL0Ux4nAwJuZVkjlCPku7mqqEAnFKRH/dIt5dcHtDz6l3hZ4L8MKCBiPsugdj6LD2+zduwEHMvW 5AV++DMxYi8aToe9D9Z29CD2IndHkED1qupJUwe+fVbzlmgK2/v16QD2jHJ9uYIyhoBj7lBUvq8El 8F0Zbyb90aQefE/dsPs7thEJZId4zlb3mJarH5yFdfFxyg9+Rj3DJ0ZjUmmQRhL6vhmbUuO+m96Da 9sGR7G5laDtR2Q==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:65474 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ntpmO-0007cM-Rg; Wed, 25 May 2022 08:06:22 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Oleg Pykhalov Subject: Re: bug#55359: How do I extend openssh-service-type ? References: <87tu9xum2c.fsf@rdklein.fr> <87r150o6zj.fsf@gmail.com> Date: Wed, 25 May 2022 14:06:18 +0200 In-Reply-To: <87r150o6zj.fsf@gmail.com> (Oleg Pykhalov's message of "Wed, 11 May 2022 10:37:04 +0300") Message-ID: <874k1dizph.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 55359 Cc: 55359@debbugs.gnu.org, help-guix@gnu.org, Edouard Klein X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Oleg Pykhalov skribis: > Seems like extend-openssh-authorized-keys procedure does not use keys > argument. We could fix it like: > > diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm > index 7fbbe383e5..4bb3969b95 100644 > --- a/gnu/services/ssh.scm > +++ b/gnu/services/ssh.scm > @@ -558,7 +558,7 @@ (define (extend-openssh-authorized-keys config keys) > (openssh-configuration > (inherit config) > (authorized-keys > - (match (openssh-configuration-authorized-keys config) > + (match (append (openssh-configuration-authorized-keys config) keys) > (((users _ ...) ...) > ;; Build a user/key-list mapping. > (let ((user-keys (alist->vhash Indeed. Please push! Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu May 26 01:43:31 2022 Received: (at 55359-done) by debbugs.gnu.org; 26 May 2022 05:43:31 +0000 Received: from localhost ([127.0.0.1]:56907 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nu6HT-0006DX-GJ for submit@debbugs.gnu.org; Thu, 26 May 2022 01:43:31 -0400 Received: from mail-lf1-f54.google.com ([209.85.167.54]:39862) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nu6HP-0006DF-MR for 55359-done@debbugs.gnu.org; Thu, 26 May 2022 01:43:30 -0400 Received: by mail-lf1-f54.google.com with SMTP id y32so876255lfa.6 for <55359-done@debbugs.gnu.org>; Wed, 25 May 2022 22:43:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=CYopaX5oV+dEW1TyYp37UnMhHhrkAHVLk9Uqxv1qwic=; b=EzmWEbwQ4PcQV3yraRKtZ0+9btC2W2a9fnLwZlkWmDfioLAF6fy4nxVU8WI9Eoh0Jy bEu21nB6mrJMP7fK4JC43xbnMT7ucifaoc1DI0TA9QsNT921KblF9jmbwCaDWZhdh2T0 /C4qDEzt9LsL82S/aaak9hbGJi+eF73QK0+gerAYoNqTi+vmTwKDNmPRkosCrUcG+wiy 7LGM8DMXdLP+Ic06gklEQQibgMIS9OidduPSCQC6Fhfpv4Swk/imcTciPniXHccZPcdZ Ekk7O0EQO5Gq+MKgLkuTuZCHLJOyGXBqxbupkpNfj9AqqOQZX058EmxqhsOYwSEPz4TU EGIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=CYopaX5oV+dEW1TyYp37UnMhHhrkAHVLk9Uqxv1qwic=; b=OZoLt6ieYluGIgc3NS8PlO5m7NJKemT6UsnOY39V29nuvLfvHSWCZMVFQ8ZX4UFBvM rPeRpZjhWvSbn6l939gqdY5oOanhYl3KjiWN352yHXiLNBDzguPV0zN/rvAUC9n4RRdd 93UJ9HG7slUSBgK8pJolB+LJ239qtMFfL1Fz/exz0fWFpMhyg2HIB22prG3z+d+P+zWR uG+fibI20SRHlws7HlbbkSOALf4BLNXFUInlfhVP++odmhdvnAnR9lLFtqcF2ltJ36nR 4v9f+JrL2wCKTf1OvhTR3OM1Aww+CB4wI4Kd1/jz0LGn/BbGUPpIq61HbkPT5tKSnWZI +jvA== X-Gm-Message-State: AOAM533Oy4rl/AsAM9B6KCIoM2S8K68PFhHjrBxqAtRYYHynHaC/LZiO VSymyE/BdqDzV6EyxRkFidk= X-Google-Smtp-Source: ABdhPJxqsLGcgMNrcKOBMQn/inkt6ilM3VY1IN8wlyfdwAFV5BJg+nBJQF59G8gK3E1G3POUARdDbQ== X-Received: by 2002:a05:6512:3448:b0:478:807b:e946 with SMTP id j8-20020a056512344800b00478807be946mr10129025lfr.411.1653543801168; Wed, 25 May 2022 22:43:21 -0700 (PDT) Received: from guixsd ([88.201.161.72]) by smtp.gmail.com with ESMTPSA id v10-20020ac2558a000000b0047255d211e1sm141682lfg.272.2022.05.25.22.43.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 May 2022 22:43:20 -0700 (PDT) From: Oleg Pykhalov To: 55359-done@debbugs.gnu.org Subject: Re: bug#55359: How do I extend openssh-service-type ? References: <87tu9xum2c.fsf@rdklein.fr> <87r150o6zj.fsf@gmail.com> <874k1dizph.fsf@gnu.org> Date: Thu, 26 May 2022 08:40:07 +0300 In-Reply-To: <874k1dizph.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Wed, 25 May 2022 14:06:18 +0200") Message-ID: <87bkvk3l8o.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 55359-done Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , Edouard Klein X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Ludovic Court=C3=A8s writes: > Oleg Pykhalov skribis: > >> Seems like extend-openssh-authorized-keys procedure does not use keys >> argument. We could fix it like: >> >> diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm >> index 7fbbe383e5..4bb3969b95 100644 >> --- a/gnu/services/ssh.scm >> +++ b/gnu/services/ssh.scm >> @@ -558,7 +558,7 @@ (define (extend-openssh-authorized-keys config keys) >> (openssh-configuration >> (inherit config) >> (authorized-keys >> - (match (openssh-configuration-authorized-keys config) >> + (match (append (openssh-configuration-authorized-keys config) keys) >> (((users _ ...) ...) >> ;; Build a user/key-list mapping. >> (let ((user-keys (alist->vhash > > Indeed. Please push! Pushed as 1f29ed4a812f86c45e2d9c37fd9f80f6d0418293. > Edouard Klein writes: > > I'm trying to make sense of: > https://guix.gnu.org/manual/en/guix.html#index-openssh_002dservice_002dty= pe > > #+begin_quote > This service can be extended with extra authorized keys, as in this examp= le: > > (service-extension openssh-service-type > (const `(("charlie" > ,(local-file "charlie.pub"))))) > #+end_quote Edouard, you should be able to extend the service after the =E2=80=98guix p= ull=E2=80=99. Oleg. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAmKPErcUHGdvLndpZ3Vz dEBnbWFpbC5jb20ACgkQFn+OpQAa+pyRkw/7BmSy7ZA2A9JUrX1Dzy3eejH/dwhu rXf/VQtFcthmiOz4NcApvfC7XeMg5gnVD78PseHeu+q3j/thjimw8+UJvnNblYqw XSjhRDBqvldbs29Gs5H49TAAlaXEkORZ+9bTyoHLRl/wJv0u+wghc7uSTPKsV3SC GpAQteyUDe864QENymVq04QHeqtAfemmL5EGCqeKHEUbnDnY06qRXq3+k4Y2UWaL L6QbU//Gu0/FbpMwakfwVloIqdSRuCE7KKZZhI29AX3tY1j8xc3SHuNDB3HJLpUe klUv2wu5DRNH3xJaYGtttJ1L9pJI/iYqToVGmKDYPQGlJU/KoHJZBMNY2giQpc0t uKEIJ0g61pPQt9GRD1W7jsAD4I5CIFFeyNptfORLYJop+SMTfKyFlObsyIzyHvlV rPACui4yRf7YsIJB7Ylj3JMO1FGTF/8cAXBs8EdXyTSWm1kf3SwDkA4rfSgKK4U0 WAYzp4o75/somRJ5OfR2hxA8GGJb/64U9SMqBtcTYtzDbai3F31G9tO8SEJaLBo7 +Se+cz01GQq5btkozijK+1YK5LZ4wQpK6+WcenyTIUMVYti1EEHD9VTxeoCih1Lq +9raZHAcOn6l6cuYB3IKu4vGncwB33IkII8YRIhd42m9EEjogVp3y0NZnfDPJ8Sa qq0GnMQYRLdH478= =/2xT -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu May 26 10:44:58 2022 Received: (at 55359) by debbugs.gnu.org; 26 May 2022 14:44:58 +0000 Received: from localhost ([127.0.0.1]:59731 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nuEjS-0006kR-9u for submit@debbugs.gnu.org; Thu, 26 May 2022 10:44:58 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48840) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nuEjO-0006kC-4k for 55359@debbugs.gnu.org; Thu, 26 May 2022 10:44:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36186) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nuEjI-00065Y-G4; Thu, 26 May 2022 10:44:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=e4mqZHqJS69oMEgIXfLwmBEESYsal6H33XNAfGxI02I=; b=NWpc8pqzKqKvyresASlH nmhpjM5MhxoO8C24kEvnCo9c6TaiS46muvrRJdXlqtFvyy3cGDB1XLM3L0IpghXyhGJYDa79Ssgq7 /wVzqiEMz9tl98+Nniv21LVh6+YOpoccGRU7E3oYlx9CHPwVm+JjasuTODoOZ74tRhqnzkN5C/TOE zFwPBh2FhvggcDoFgP0FDKbgf0HFohtSnOJwkOrfFD0aE0UFerwcF6fXz9c2n7Qf/p6u+ItrObAS/ VsZXARzSRbrplWot3HlJuaaXJNCx+4ilx1h46//FdNZUgXnFhBAuUtoBR2ymQtP63JHZoOhKKFlX2 nnBlJp59Gxg3og==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64216 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nuEjH-0001y8-Ef; Thu, 26 May 2022 10:44:48 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Oleg Pykhalov Subject: Re: bug#55359: How do I extend openssh-service-type ? References: <87tu9xum2c.fsf@rdklein.fr> <87r150o6zj.fsf@gmail.com> Date: Thu, 26 May 2022 16:44:44 +0200 In-Reply-To: <87r150o6zj.fsf@gmail.com> (Oleg Pykhalov's message of "Wed, 11 May 2022 10:37:04 +0300") Message-ID: <87ee0gfj4z.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 55359 Cc: 55359@debbugs.gnu.org, help-guix@gnu.org, Edouard Klein X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Oleg Pykhalov skribis: >> (service-extension openssh-service-type >> (const `(("charlie" >> ,(local-file "charlie.pub"))))) >> #+end_quote > > [=E2=80=A6] > > Seems like extend-openssh-authorized-keys procedure does not use keys > argument. We could fix it like: For the record, this bug (dismissing the =E2=80=98keys=E2=80=99 argument) w= as introduced in b4b2bbf4fb74c9f3e93d64863ab9b38957494b49 (Oct. 2021). How come nobody noticed then? The reason is that starting from b4b2bbf4fb74c9f3e93d64863ab9b38957494b49, =E2=80=98authorized-key-directory= =E2=80=99 would create an empty directory. That directory would then be copied by =E2=80=98openssh-activation=E2=80=99 to /etc/ssh/authorized_keys.d; since /etc/ssh/authorized_keys.d would typically already contain the relevant keys, nothing bad would happen. Oleg=E2=80=99s commit 1f29ed4a812f86c45e2d9c37fd9f80f6d0418293 introduced another bug though: we=E2=80=99d create an authorized-key directory that included keys brought by extensions, but each of these files would be empty (because =E2=80=98extend-openssh-authorized-keys=E2=80=99 would dismi= ss key files associated with user names), which could lock yourself out. Fixed in 0dc63ce519c5f98b2186d1871176e2fac3a6926b. Reconfiguration recommended before you=E2=80=99re locked out! Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue May 31 13:07:46 2022 Received: (at 55359) by debbugs.gnu.org; 31 May 2022 17:07:46 +0000 Received: from localhost ([127.0.0.1]:48785 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nw5LN-00062R-TK for submit@debbugs.gnu.org; Tue, 31 May 2022 13:07:46 -0400 Received: from sender4-op-o11.zoho.com ([136.143.188.11]:17174) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nw5LJ-00062C-VT for 55359@debbugs.gnu.org; Tue, 31 May 2022 13:07:45 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1654016846; cv=none; d=zohomail.com; s=zohoarc; b=REgn1XqHW5U45PPSAsMrYK37nAvQIYBSaXiSXMGouDV4ndEHOt/9pPHNRu8UC+5ml2R55Iu1EYGsGWj1q5YTjX2NdDohXxEmjLskMD2pZ8SapmF+gMfXNUqyHJfiu/V2VuIdwVNma4oSuKhfkQfx5DGQryNGYIEq2jD5zzSV8a0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654016846; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=QYVoDkf7A4iHB4G+TNcJNDtRs9+KVvAOl7dF5YkZCZo=; b=fYcRyC5VErjYNM/9dKDXVWF+4GxCLC+YWIcpUyT5sZbv1v46MCQQ5EAmdUJO2n7gHP1P/kFaFIWfipo4VPg6QKfF3OCUS9u2asGEcBqhoPYGOyqs+B4r7HUuWLblGtwKbct+pyHQPPT8a4MJ7WfJIOf3A+gAYa9e4SVGMVs8VvU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=rdklein.fr; spf=pass smtp.mailfrom=edou@rdklein.fr; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1654016846; s=zoho; d=rdklein.fr; i=edou@rdklein.fr; h=References:From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:In-reply-to:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Reply-To; bh=QYVoDkf7A4iHB4G+TNcJNDtRs9+KVvAOl7dF5YkZCZo=; b=X4qMvHipEbpm24OLVJtlDa1ngUYf6n+/yXQwlxtIY9PAouB2AqXpvFYTFBv+ckkc Y0K255rZNOUbjLbIsrYYuCtrBhfH42+VK88hzxePJrH/pKJY0dBbXpPq9NeQzIx5hGI pQujZz1b4MKFmzfICkOM3FHkwydTz/Jvbv9yrsz0= Received: from schwarzy (lfbn-idf3-1-598-152.w86-252.abo.wanadoo.fr [86.252.175.152]) by mx.zohomail.com with SMTPS id 1654016843808787.2304397554389; Tue, 31 May 2022 10:07:23 -0700 (PDT) References: <87tu9xum2c.fsf@rdklein.fr> <87r150o6zj.fsf@gmail.com> <87ee0gfj4z.fsf@gnu.org> User-agent: mu4e 1.6.10; emacs 27.2 From: Edouard Klein To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#55359: How do I extend openssh-service-type ? Date: Tue, 31 May 2022 19:05:41 +0200 In-reply-to: <87ee0gfj4z.fsf@gnu.org> Message-ID: <87v8tl7hrz.fsf@rdklein.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 55359 Cc: 55359@debbugs.gnu.org, Oleg Pykhalov , help-guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Thank you both for solving this. I used a workaround for a while (rsyncing the keys to /home/user/.ssh/authorized_keys). Now I can confirm that the fixes work and I'm back to a declarative configuration of my server, which is awesome ! Cheers, Edouard. Ludovic Court=C3=A8s writes: > Hi, > > Oleg Pykhalov skribis: > >>> (service-extension openssh-service-type >>> (const `(("charlie" >>> ,(local-file "charlie.pub"))))) >>> #+end_quote >> >> [=E2=80=A6] >> >> Seems like extend-openssh-authorized-keys procedure does not use keys >> argument. We could fix it like: > > For the record, this bug (dismissing the =E2=80=98keys=E2=80=99 argument)= was introduced > in b4b2bbf4fb74c9f3e93d64863ab9b38957494b49 (Oct. 2021). > > How come nobody noticed then? > > The reason is that starting from > b4b2bbf4fb74c9f3e93d64863ab9b38957494b49, =E2=80=98authorized-key-directo= ry=E2=80=99 > would create an empty directory. That directory would then be copied by > =E2=80=98openssh-activation=E2=80=99 to /etc/ssh/authorized_keys.d; since > /etc/ssh/authorized_keys.d would typically already contain the relevant > keys, nothing bad would happen. > > Oleg=E2=80=99s commit 1f29ed4a812f86c45e2d9c37fd9f80f6d0418293 introduced > another bug though: we=E2=80=99d create an authorized-key directory that > included keys brought by extensions, but each of these files would be > empty (because =E2=80=98extend-openssh-authorized-keys=E2=80=99 would dis= miss key files > associated with user names), which could lock yourself out. > > Fixed in 0dc63ce519c5f98b2186d1871176e2fac3a6926b. Reconfiguration > recommended before you=E2=80=99re locked out! > > Thanks, > Ludo=E2=80=99. From unknown Sat Aug 16 11:41:45 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 29 Jun 2022 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator