From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 11 Jun 2022 16:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 55912@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16549661924265 (code B ref -1); Sat, 11 Jun 2022 16:50:02 +0000 Received: (at submit) by debbugs.gnu.org; 11 Jun 2022 16:49:52 +0000 Received: from localhost ([127.0.0.1]:53811 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o04J0-00016c-Sj for submit@debbugs.gnu.org; Sat, 11 Jun 2022 12:49:52 -0400 Received: from lists.gnu.org ([209.51.188.17]:49200) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o04Iy-00016U-1Y for submit@debbugs.gnu.org; Sat, 11 Jun 2022 12:49:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42440) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o04Ix-0008Oo-Ji for guix-patches@gnu.org; Sat, 11 Jun 2022 12:49:43 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58464) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o04Ix-0005Am-B9; Sat, 11 Jun 2022 12:49:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=FhnJw00ruLaV2bU8zamM1yICBHZw/fHEJXIoATzMORA=; b=e+Aygpl0lzXv6W Bn5jd44usdbKjLaIqEP32yZOq5Ml1053C15NfpiPvEhCv0uuZ1ZUnMMq6JRAnQj8DpOE0fN7DxrgE kKZuEbZQmpp5ChS53aVLFQIdRiFlDF0E44MJgMepD3iNjhm8aTZP5JWtumQviBJrD58R7YAoDkVRf DZAP5YvMbJ7+gPvBV+KymB5m9P6pvWFcfTBZkLGHxX+tuzuVqSdWFK7DWEN66ccfKKqzDZGYly9tf GWT1yuuq7a1v2I343DlcVpy2iEHb1HZAn9nk15QRmg3xR8xbiI11r0jNFRg42qXaWPbEKDS2LigE+ wak1T+gYcteWQUlxLbGQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:55639 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o04Iu-0002Fc-VK; Sat, 11 Jun 2022 12:49:42 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Sat, 11 Jun 2022 18:49:31 +0200 Message-Id: <20220611164931.21953-1-ludo@gnu.org> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/home/services/ssh.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/guix/POTFILES.in: Add it. * doc/guix.texi (Secure Shell): New section. --- doc/guix.texi | 183 +++++++++++++++++++++++++++- gnu/home/services/ssh.scm | 250 ++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + po/guix/POTFILES.in | 1 + 4 files changed, 434 insertions(+), 1 deletion(-) create mode 100644 gnu/home/services/ssh.scm Hi! Here’s an OpenSSH Home service, loosely inspired by what Julien had implemented at: https://framagit.org/tyreunom/guix-home-manager/-/blob/master/home/ssh.scm One thing I wasn’t sure about was how to handle ~/.ssh/known_hosts. To lower the barrier to entry, I added an option to keep handling it in a stateful way (with ‘ssh’ updating the file as it sees fit), and I made that the default. I toyed with other approaches. In particular, just like Julien’s module had , I tried doing that and going further so one could write: (openssh-host-key ssh-rsa "AAAAE2VjZHNhLX…") and arrange so that (1) the host key algorithm is validated (a typo would be reported at macro-expansion time), and (2) the string is base64-decoded, similar to what is done for origins. But then, while this is perhaps The Right Thing, I though it could be too inconvenient to use: users would have to convert what ‘ssh’ gives them into this format. Sure, that’d give them data validation in return, but that’s probably too little for too high a cost. So I sticked to something simpler that allows users to pass files as-is in ‘known-hosts’ and ‘authorized-keys’ (note that ‘authorized-keys’ in also works that way, so it’s consistent). Thoughts? Thanks, Ludo’. diff --git a/doc/guix.texi b/doc/guix.texi index ea133d519a..831b8fa7c0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -38899,6 +38899,7 @@ services)}. * Shells: Shells Home Services. POSIX shells, Bash, Zsh. * Mcron: Mcron Home Service. Scheduled User's Job Execution. * Shepherd: Shepherd Home Service. Managing User's Daemons. +* SSH: Secure Shell. Setting up the secure shell client. * Desktop: Desktop Home Services. Services for graphical environments. @end menu @c In addition to that Home Services can provide @@ -39219,7 +39220,7 @@ GNU@tie{}mcron, a daemon to run jobs at scheduled times (@pxref{Top,,, mcron, GNU@tie{}mcron}). The information about system's mcron is applicable here (@pxref{Scheduled Job Execution}), the only difference for home services is that they have to be declared in a -@code{home-envirnoment} record instead of an @code{operating-system} +@code{home-environment} record instead of an @code{operating-system} record. @defvr {Scheme Variable} home-mcron-service-type @@ -39287,6 +39288,186 @@ mechanism instead (@pxref{Shepherd Services}). @end table @end deftp +@node Secure Shell +@subsection Secure Shell + +@cindex secure shell client, configuration +@cindex SSH client, configuration +The @uref{https://www.openssh.com, OpenSSH package} includes a client, +the @command{ssh} command, that allows you to connect to remote machines +using the @acronym{SSH, secure shell} protocol. With the @code{(gnu +home services ssh)} module, you can set up OpenSSH so that it works in a +predictable fashion, almost independently of state on the local machine. +To do that, you instantiate @code{home-openssh-service-type} in your +Home configuration, as explained below. + +@defvr {Scheme Variable} home-openssh-service-type +This is the type of the service to set up the OpenSSH client. It takes +care of several things: + +@itemize +@item +adding the @code{openssh} package to your profile so the @command{ssh} +command is readily available; + +@item +providing a @file{~/.ssh/config} file based on your configuration so +that @command{ssh} knows about hosts you regularly connect to and their +associated parameters; + +@item +providing a @file{~/.ssh/authorized_keys}, which lists public keys that +the local SSH server, @command{sshd}, may accept to connect to this user +account; + +@item +optionally providing a @file{~/.ssh/known_hosts} file so that @file{ssh} +can authenticate hosts you connect to. +@end itemize + +Here is a sample configuration you could add to the @code{services} +field of your @code{home-environment}: + +@lisp +(home-openssh-configuration + (hosts (list (openssh-host (name "ci.guix.gnu.org") + (user "charlie")) + (openssh-host (name "chbouib") + (host-name "chbouib.example.org") + (user "supercharlie") + (port 10022)))) + (authorized-keys (list (local-file "alice.pub")))) +@end lisp + +The example above lists two hosts and their parameters. For instance, +running @command{ssh chbouib} will automatically connect to +@code{chbouib.example.org} on port 10022, logging in as user +@samp{supercharlie}. Further, it marks the public key in +@file{alice.pub} as authorized for incoming connections. + +The value associated with a @code{home-openssh-service-type} instance +must be a @code{home-openssh-configuration} record, as describe below. +@end defvr + +@deftp {Data Type} home-openssh-configuration +This is the datatype representing the OpenSSH client and server +configuration in one's home environment. It contains the following +fields: + +@table @asis +@item @code{openssh} (default: @code{openssh}) +The OpenSSH package to add to the environment's profile. + +@item @code{hosts} (default: @code{'()}) +A list of @code{openssh-host} records specifying host names and +associated connection parameters (see below). This host list goes into +@file{~/.ssh/config}, which @command{ssh} reads at startup. + +@item @code{known-hosts} (default: @code{*unspecified*}) +This must be either: + +@itemize +@item +@code{*unspecified*}, in which case @code{home-openssh-service-type} +leaves it up to @command{ssh} and to the user to maintain the list of +known hosts at @file{~/.ssh/known_hosts}, or + +@item +a list of file-like objects, in which case those are concatenated and +emitted as @file{~/.ssh/known_hosts}. +@end itemize + +The @file{~/.ssh/known_hosts} contains a list of host name/host key +pairs that allow @command{ssh} to authenticate hosts you connect to and +to detect possible impersonation attacks. By default, @command{ssh} +updates it in a @dfn{TOFU, trust-on-first-use} fashion, meaning that it +records the host's key in that file the first time you connect to it. +This behavior is preserved when @code{known-hosts} is set to +@code{*unspecified*}. + +If you instead provide a list of host keys upfront in the +@code{known-hosts} field, your configuration becomes self-contained and +stateless: it can be replicated elsewhere or at another point in time. +Preparing this list can be relatively tedious though, which is why +@code{*unspecified*} is kept as a default. + +@item @code{authorized-keys} (default: @code{'()}) +This must be a list of file-like objects, each of which containing an +SSH public key that should be authorized to connect to this machine. + +Concretely, these files are concatenated and made available as +@file{~/.ssh/authorized_keys}. If an OpenSSH server, @command{sshd}, is +running on this machine, then it @emph{may} take this file into account: +this is what @command{sshd} does by default, but be aware that it can +also be configured to ignore it. +@end table +@end deftp + +@c %start of fragment + +@deftp {Data Type} openssh-host +Available @code{openssh-host} fields are: + +@table @asis +@item @code{name} (type: string) +Name of this host declaration. + +@item @code{host-name} (default: @code{disabled}) (type: maybe-string) +Host name---e.g., @code{"foo.example.org"} or @code{"192.168.1.2"}. + +@item @code{address-family} (type: address-family) +Address family to use when connecting to this host: one of +@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only), or +@code{*unspecified*} (allowing any address family). + +@item @code{identity-file} (default: @code{disabled}) (type: maybe-string) +The identity file to use---e.g., @code{"/home/charlie/.ssh/id_ed25519"}. + +@item @code{port} (default: @code{disabled}) (type: maybe-integer) +TCP port number to connect to. + +@item @code{user} (default: @code{disabled}) (type: maybe-string) +User name on the remote host. + +@item @code{forward-x11?} (default: @code{#f}) (type: boolean) +Whether to forward remote client connections to the local X11 graphical +display. + +@item @code{forward-x11-trusted?} (default: @code{#f}) (type: boolean) +Whether remote X11 clients have full access to the original X11 +graphical display. + +@item @code{forward-agent?} (default: @code{#f}) (type: boolean) +Whether the authentication agent (if any) is forwarded to the remote +machine. + +@item @code{compression?} (default: @code{#f}) (type: boolean) +Whether to compress data in transit. + +@item @code{proxy-command} (default: @code{disabled}) (type: maybe-string) +The command to use to connect to the server. As an example, a command +to connect via an HTTP proxy at 192.0.2.0 would be: @code{"nc -X connect +-x 192.0.2.0:8080 %h %p"}. + +@item @code{host-key-algorithms} (default: @code{disabled}) (type: maybe-string-list) +The list of accepted host key algorithms---e.g., +@code{'("ssh-ed25519")}. + +@item @code{accepted-key-types} (default: @code{disabled}) (type: maybe-string-list) +The list of accepted user public key types. + +@item @code{extra-content} (default: @code{""}) (type: raw-configuration-string) +Extra content appended as-is to this @code{Host} block in +@file{~/.ssh/config}. + +@end table + +@end deftp + + +@c %end of fragment + + @node Desktop Home Services @subsection Desktop Home Services diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm new file mode 100644 index 0000000000..162d7df960 --- /dev/null +++ b/gnu/home/services/ssh.scm @@ -0,0 +1,250 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu home services ssh) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (guix diagnostics) + #:use-module (guix i18n) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (guix modules) + #:use-module (gnu home services) + #:use-module ((gnu home services utils) + #:select (object->camel-case-string)) + #:autoload (gnu packages ssh) (openssh) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (ice-9 match) + #:export (home-openssh-configuration + home-openssh-configuration-authorized-keys + home-openssh-configuration-known-hosts + home-openssh-configuration-hosts + + openssh-host + openssh-host-host-name + openssh-host-identity-file + openssh-host-name + openssh-host-port + openssh-host-user + openssh-host-forward-x11? + openssh-host-forward-x11-trusted? + openssh-host-forward-agent? + openssh-host-compression? + openssh-host-proxy-command + openssh-host-host-key-algorithms + openssh-host-accepted-key-types + openssh-host-extra-content + + home-openssh-service-type)) + +(define (serialize-field-name name) + (match name + ('accepted-key-types "PubkeyAcceptedKeyTypes") + (_ + (let ((name (let ((str (symbol->string name))) + (if (string-suffix? "?" str) + (string->symbol (string-drop-right str 1)) + name)))) + (object->camel-case-string name 'upper))))) + +(define (serialize-string field value) + (string-append " " (serialize-field-name field) + " " value "\n")) + +(define (address-family? obj) + (memv obj (list *unspecified* AF_INET AF_INET6))) + +(define (serialize-address-family field family) + (if (unspecified? family) + "" + (string-append " " (serialize-field-name field) " " + (cond ((= family AF_INET) "inet") + ((= family AF_INET6) "inet6") + (else + (raise + (formatted-message + (G_ "~s: unsupported address family") + family)))) + "\n"))) + +(define (serialize-integer field value) + (string-append " " (serialize-field-name field) " " + (number->string value) "\n")) + +(define (serialize-boolean field value) + (string-append " " (serialize-field-name field) " " + (if value "yes" "no") "\n")) + +(define-maybe string) +(define-maybe integer) + +(define (serialize-raw-configuration-string field value) + (string-append value "\n")) +(define raw-configuration-string? string?) + +(define (string-list? lst) + (and (pair? lst) (every string? lst))) +(define (serialize-string-list field lst) + (string-append " " (serialize-field-name field) " " + (string-join lst ",") "\n")) + +(define-maybe string-list) + +(define-configuration openssh-host + (name + (string) + "Name of this host declaration.") + (host-name + (maybe-string 'disabled) + "Host name---e.g., @code{\"foo.example.org\"} or @code{\"192.168.1.2\"}.") + (address-family + (address-family *unspecified*) + "Address family to use when connecting to this host: one of +@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only), or +@code{*unspecified*} (allowing any address family).") + (identity-file + (maybe-string 'disabled) + "The identity file to use---e.g., +@code{\"/home/charlie/.ssh/id_ed25519\"}.") + (port + (maybe-integer 'disabled) + "TCP port number to connect to.") + (user + (maybe-string 'disabled) + "User name on the remote host.") + (forward-x11? + (boolean #f) + "Whether to forward remote client connections to the local X11 graphical +display.") + (forward-x11-trusted? + (boolean #f) + "Whether remote X11 clients have full access to the original X11 graphical +display.") + (forward-agent? + (boolean #f) + "Whether the authentication agent (if any) is forwarded to the remote +machine.") + (compression? + (boolean #f) + "Whether to compress data in transit.") + (proxy-command + (maybe-string 'disabled) + "The command to use to connect to the server. As an example, a command +to connect via an HTTP proxy at 192.0.2.0 would be: @code{\"nc -X +connect -x 192.0.2.0:8080 %h %p\"}.") + (host-key-algorithms + (maybe-string-list 'disabled) + "The list of accepted host key algorithms---e.g., +@code{'(\"ssh-ed25519\")}.") + (accepted-key-types + (maybe-string-list 'disabled) + "The list of accepted user public key types.") + (extra-content + (raw-configuration-string "") + "Extra content appended as-is to this @code{Host} block in +@file{~/.ssh/config}.")) + +(define (serialize-openssh-host config) + (define (openssh-host-name-field? field) + (eq? (configuration-field-name field) 'name)) + + (string-append + "Host " (openssh-host-name config) "\n" + (string-concatenate + (map (lambda (field) + ((configuration-field-serializer field) + (configuration-field-name field) + ((configuration-field-getter field) config))) + (remove openssh-host-name-field? + openssh-host-fields))))) + +(define-record-type* + home-openssh-configuration make-home-openssh-configuration + home-openssh-configuration? + (openssh home-openssh-configuration-openssh ;file-like + (default openssh)) + (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like + (default '())) + (known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like + (default *unspecified*)) + (hosts home-openssh-configuration-hosts ;list of + (default '()))) + +(define (openssh-configuration->string config) + (string-join (map serialize-openssh-host + (home-openssh-configuration-hosts config)) + "\n")) + +(define* (file-join name files #:optional (delimiter " ")) + "Return a file in the store called @var{name} that is the concatenation +of all the file-like objects listed in @var{files}, with @var{delimited} +inserted after each of them." + (computed-file name + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (call-with-output-file #$output + (lambda (output) + (for-each (lambda (file) + (call-with-input-file file + (lambda (input) + (dump-port input output))) + (display #$delimiter output)) + '#$files))))))) + +(define (openssh-configuration-files config) + (let ((config (plain-file "config" (openssh-configuration->string config))) + (known-hosts (home-openssh-configuration-known-hosts config)) + (authorized-keys (file-join + "authorized_keys" + (home-openssh-configuration-authorized-keys config) + "\n"))) + `((".ssh/authorized_keys" ,authorized-keys) + ,@(if (unspecified? known-hosts) + '() + `((".ssh/known_hosts" + ,(file-join "known_hosts" known-hosts "\n")))) + (".ssh/config" ,config)))) + +(define openssh-activation + (with-imported-modules (source-module-closure + '((gnu build activation))) + #~(begin + (use-modules (gnu build activation)) + + ;; Make sure ~/.ssh is #o700. + (let* ((home (getenv "HOME")) + (dot-ssh (string-append home "/.ssh"))) + (mkdir-p/perms dot-ssh (getpw (getuid)) #o700))))) + +(define home-openssh-service-type + (service-type + (name 'home-openssh) + (extensions + (list (service-extension home-files-service-type + openssh-configuration-files) + (service-extension home-profile-service-type + (compose + list + home-openssh-configuration-openssh)) + (service-extension home-activation-service-type + (const openssh-activation)))) + (description "Configure the OpenSSH @acronym{SSH, secure shell} +client and add it to the user profile.") + (default-value (home-openssh-configuration)))) diff --git a/gnu/local.mk b/gnu/local.mk index d49af0d898..f3b08ffdab 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -85,6 +85,7 @@ GNU_SYSTEM_MODULES = \ %D%/home/services/fontutils.scm \ %D%/home/services/shells.scm \ %D%/home/services/shepherd.scm \ + %D%/home/services/ssh.scm \ %D%/home/services/mcron.scm \ %D%/home/services/utils.scm \ %D%/home/services/xdg.scm \ diff --git a/po/guix/POTFILES.in b/po/guix/POTFILES.in index 6b8bd92bb7..201e5dcc87 100644 --- a/po/guix/POTFILES.in +++ b/po/guix/POTFILES.in @@ -6,6 +6,7 @@ gnu/services.scm gnu/system.scm gnu/services/shepherd.scm gnu/home/services.scm +gnu/home/services/ssh.scm gnu/home/services/symlink-manager.scm gnu/system/file-systems.scm gnu/system/image.scm base-commit: 010426e2c34428d69573cdfef88239303edcab2d -- 2.36.1 From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 11 Jun 2022 19:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165497709422628 (code B ref 55912); Sat, 11 Jun 2022 19:52:02 +0000 Received: (at 55912) by debbugs.gnu.org; 11 Jun 2022 19:51:34 +0000 Received: from localhost ([127.0.0.1]:54084 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o078w-0005su-7V for submit@debbugs.gnu.org; Sat, 11 Jun 2022 15:51:34 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:41936) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o078q-0005sg-96 for 55912@debbugs.gnu.org; Sat, 11 Jun 2022 15:51:32 -0400 Received: from [172.20.10.5] ([188.188.151.25]) by albert.telenet-ops.be with bizsmtp id hvrQ2700T0Z7qkC06vrRkW; Sat, 11 Jun 2022 21:51:25 +0200 Message-ID: From: Maxime Devos Date: Sat, 11 Jun 2022 21:51:20 +0200 In-Reply-To: <20220611164931.21953-1-ludo@gnu.org> References: <20220611164931.21953-1-ludo@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-+vqKPRdFOb9aDF4sHSQB" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1654977085; bh=TbFmInsq4oHXhhJmzZpS8vuluF72tCmwytHTTYpTpNc=; h=Subject:From:To:Date:In-Reply-To:References; b=jDajlgD47cq4R5w66EjyBJ+mv6hwI/DRHn02MN1pGMDLF70LfxgwMbW144evLwRYB wsyhHqLkn+JWyN8EWfrUFKuNqudU6XAZJ4djavKsj3r5T/6nuKJv2VqVKU/MJ60ZO2 GSh8d6yHNGL3Ya47j/RXmxOq/J/rH3ZuRD65O5nzH9MWiQlM82he+4/47vxx+8HlAU OTrNZycsJ8zzJZc+KYzC400J2SNJRDd6UZr7wj6oAM81BfPYaAthQpYL5EmfydcFv/ qBdrqjyZMQv21UI9Wp6wrP+/s9kvC+TPYlIbom6RZwPD/BQ1HoqfyzrL+cZdZRR771 P3lwn0qRtE/pw== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-+vqKPRdFOb9aDF4sHSQB Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Some comments on the code. Ludovic Court=C3=A8s schreef op za 11-06-2022 om 18:49 [+0200]: > +=C2=A0 (port > +=C2=A0=C2=A0 (maybe-integer 'disabled) > +=C2=A0=C2=A0 "TCP port number to connect to.") TCP only allows natural numbers up to some bound, and in practice implementations only support non-zero natural numbers, so maybe the predicate can be refined a bit? > + (formatted-message > + (G_ "~s: unsupported address family") Maybe a hint: hint: AF_INET and AF_INET6 are supported. > + (define (serialize-string field value) > + (string-append " " (serialize-field-name field) > + " " value "\n")) > + (name > + (string) > + "Name of this host declaration.") > [...] > + (proxy-command > + (maybe-string 'disabled) Attila Lendvai has a patch series at 54674 that changes 'disabled' -> *unspecified* -- I think it would be better to apply that patch series first. Wouldn't the value need to be escaped? Or at least a check that it doesn't contain special characters like \n or whatever special charaters an OpenSSH configuration has. >+ (define* (file-join name files #:optional (delimiter " ")) >+ "Return a file in the store called @var{name} that is the >+ concatenation >+ of all the file-like objects listed in @var{files}, with @var{delimited} >+ inserted after each of them." Does this work for files with non-ASCII characters and for file names that contain non-ASCII characters? >+ (service-extension home-profile-service-type >+ (compose >+ list >+ home-openssh-configuration-openssh)) >+ (service-extension home-activation-service-type >+ (const openssh-activation)))) >+ (description "Configure the OpenSSH @acronym{SSH, secure shell} >+client and _add it to the user profile_.") (emphasis added). Why is it automagically added to the user profile?=20 This is considered bad practice for system services. Maybe the user keeps all their remote communication things in a single profile, maybe the user only uses openssh things via other tools like 'guix deploy' or 'gnome-shell-extension-gsconnect' and hence has no need for 'openssh' in their home profile. Maybe the user never ssh's _from_ the computer that has the openssh home configuration and only connects _to_ the computer and hence the 'openssh' in the profile isn't necessary. Now there are two ways to add 'openssh' to the environment: the Guix Home equivalent of a 'packages' field and the openssh home service, with AFAICT no mechanism for deciding which one =E2=80=98wins=E2=80=99 and = no mechanism for a proper error message like =E2=80=98only add the openssh package to th= e profile or use the openssh home service, not both!=E2=80=99, which doesn't = seem ideal to me. reetings, Maxime. --=-+vqKPRdFOb9aDF4sHSQB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqTyOBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7hQXAP9llupRGBBOT9Q9QMHXp1Rwhtkj cK7pPfQ+utHxRIZcTgD8ChzYWBGY5kpllAoKkfHcznomkGO+R9YLH0w4M7J0cgw= =LcND -----END PGP SIGNATURE----- --=-+vqKPRdFOb9aDF4sHSQB-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 11 Jun 2022 22:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165498560520118 (code B ref 55912); Sat, 11 Jun 2022 22:14:01 +0000 Received: (at 55912) by debbugs.gnu.org; 11 Jun 2022 22:13:25 +0000 Received: from localhost ([127.0.0.1]:54167 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o09MC-0005EQ-Uw for submit@debbugs.gnu.org; Sat, 11 Jun 2022 18:13:25 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:57372) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o09M9-0005ED-5S for 55912@debbugs.gnu.org; Sat, 11 Jun 2022 18:13:23 -0400 Received: from [172.20.10.5] ([188.188.179.110]) by baptiste.telenet-ops.be with bizsmtp id hyDJ2700H2PJVAL01yDK3V; Sun, 12 Jun 2022 00:13:19 +0200 Message-ID: <433c9db6642f69375d7b4cbc8ad48bd6f0020ff0.camel@telenet.be> From: Maxime Devos Date: Sun, 12 Jun 2022 00:13:14 +0200 In-Reply-To: References: <20220611164931.21953-1-ludo@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-ti4DWYg6/iaoPulGwVhb" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1654985599; bh=vwJFtSLU0aOmdb1MWZPW32oAPdhw5ahQYuZYUgPaMxc=; h=Subject:From:To:Date:In-Reply-To:References; b=gpimOxPTmC1CFotuXnoSJWP9TiXyoQb0MorV4ECBs3zyQ8+DJ3jPRtcUVzuGIKEto vJ4JxDn1RlQBZ0Qa/luKohjOlekWE7dffuEFksnpNspzgx9b0k6R61T/KUuzdW7ZZj CbboQ900hgFU2nXoiUxuY7TJqscVf9Plo6jrRxvvJsK3Yz4HkIPx39IGbfA1AX3gfR Czt7hMePZIS0A/7L5qNzgXCSasVTxLukRyLpzRPImiacaeSHxSyKW+jlk7P8o27uZf f/SCx+osOz8dirUappQ22nSEpc3oj56SeAzrc4P9K9NQQIWpOI9QgIxdAdb8L8L+0J eCEsbf1ZrdNKw== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-ti4DWYg6/iaoPulGwVhb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Maxime Devos schreef op za 11-06-2022 om 21:51 [+0200]: > [remarks about automatically adding openssh the profile] To be clear, automatically adding relevant packages to the profile from a home (or system) service is an option (the downsides seem mild to me), but currently things are rather inconsistent -- there are some services that add the package, some that don't and in the past some of us have asked contributors of services to not do the automagical adding (at least, for System services, though I think (not 100% sure) I've asked this for the git Home service as well?). Greetings, Maxime --=-ti4DWYg6/iaoPulGwVhb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqUTehccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7i1JAP9/0KoO+R2lQeDw/eaAbIq6goF4 8CoGMKs/8UwrUx8UmgD/SHJyB78t4dREoksKFpBd/QprlF9spMu5B8AnR8/Btwo= =TfrH -----END PGP SIGNATURE----- --=-ti4DWYg6/iaoPulGwVhb-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 13 Jun 2022 09:42:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165511330823572 (code B ref 55912); Mon, 13 Jun 2022 09:42:01 +0000 Received: (at 55912) by debbugs.gnu.org; 13 Jun 2022 09:41:48 +0000 Received: from localhost ([127.0.0.1]:57279 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0gZv-000688-V0 for submit@debbugs.gnu.org; Mon, 13 Jun 2022 05:41:48 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59662) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0gZt-00067v-UX for 55912@debbugs.gnu.org; Mon, 13 Jun 2022 05:41:46 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35104) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o0gZo-0000in-EZ; Mon, 13 Jun 2022 05:41:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=mlJu09COZrpGtpj47SJyGPf8bglHcu0FDKlfaQdTFGI=; b=HV4AmskazR6Ts+csr0kg VoJlpULjvVf2js2IjUc6p5IzVOn562C+RQn/orGZHHUqk6ny8o/yYCNW2tFwvO1iyTc3UpoaR0Zo7 3y5b+Xtc+N53rtjrFe3cyLbNsamQxAJ0Yg9Az8PLKjjbY7B2YuEhbGuoTGOOanaT8WNBhhEbr6dkr nSaLwlApo8OPyPTa4chw1TFhlY3WPGQujxRPkTgGYxrHV3b99XW6+3KwxQqHLtrJMpk4hsdfX5c8L UcDw9C9TaTyHf8u5lux4biScg5g2m+HV81o3RRBE5cJEmSzZsIkv8g0usk+nB+8JjWji1UdhmgD5X 1DRepEEoJvz3aQ==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=55302 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o0gZj-0006qP-K2; Mon, 13 Jun 2022 05:41:39 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20220611164931.21953-1-ludo@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quintidi 25 Prairial an 230 de la =?UTF-8?Q?R=C3=A9volution,?= jour de la Tanche X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 13 Jun 2022 11:41:33 +0200 In-Reply-To: (Maxime Devos's message of "Sat, 11 Jun 2022 21:51:20 +0200") Message-ID: <87czfcuche.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op za 11-06-2022 om 18:49 [+0200]: >> +=C2=A0 (port >> +=C2=A0=C2=A0 (maybe-integer 'disabled) >> +=C2=A0=C2=A0 "TCP port number to connect to.") > > TCP only allows natural numbers up to some bound, and in practice > implementations only support non-zero natural numbers, so maybe the > predicate can be refined a bit? We could do that, though that=E2=80=99s more code for little in return=E2= =80=A6 >> + (formatted-message >> + (G_ "~s: unsupported address family") > > Maybe a hint: > > hint: AF_INET and AF_INET6 are supported. Sure, that makes sense. >> + (proxy-command >> + (maybe-string 'disabled) > > Attila Lendvai has a patch series at 54674 that changes 'disabled' -> > *unspecified* -- I think it would be better to apply that patch series > first. I=E2=80=99ll take a look. > Wouldn't the value need to be escaped? Or at least a check that it > doesn't contain special characters like \n or whatever special > charaters an OpenSSH configuration has. Oh right, it needs to be somewhat escaped; I=E2=80=99ll do that. I think =E2=80=98object->string=E2=80=99 will be a good-enough escaping mechanism, = and it=E2=80=99ll take care of newlines. (Doing things The Right Way would require detailed knowledge about the grammar that OpenSSH=E2=80=99s parser expects.) > >>+ (define* (file-join name files #:optional (delimiter " ")) >>+ "Return a file in the store called @var{name} that is the >>+ concatenation >>+ of all the file-like objects listed in @var{files}, with > @var{delimited} >>+ inserted after each of them." > > Does this work for files with non-ASCII characters and for file names > that contain non-ASCII characters? =E2=80=98files=E2=80=99 is a list of =E2=80=9Cfile-like objects=E2=80=9D, w= hich, by definition, have names acceptable for the stores (so ASCII names). That=E2=80=99s not a user-visible limitation since store file names are hin= ts more than anything else. You could have a local file, say =E2=80=9Ccourt=C3=A8s.pub=E2=80=9D, and you=E2=80=99d do: (local-file "court=C3=A8s.pub" "that-guy.pub") This service doesn=E2=80=99t change that. >>+ (description "Configure the OpenSSH @acronym{SSH, secure shell} >>+client and _add it to the user profile_.") > > (emphasis added). Why is it automagically added to the user profile?=20 > This is considered bad practice for system services. Maybe the user > keeps all their remote communication things in a single profile, maybe > the user only uses openssh things via other tools like 'guix deploy' or > 'gnome-shell-extension-gsconnect' and hence has no need for 'openssh' > in their home profile. Maybe the user never ssh's _from_ the computer > that has the openssh home configuration and only connects _to_ the > computer and hence the 'openssh' in the profile isn't necessary. > > Now there are two ways to add 'openssh' to the environment: the Guix > Home equivalent of a 'packages' field and the openssh home service, > with AFAICT no mechanism for deciding which one =E2=80=98wins=E2=80=99 an= d no mechanism > for a proper error message like =E2=80=98only add the openssh package to = the > profile or use the openssh home service, not both!=E2=80=99, which doesn'= t seem > ideal to me. All good points! I=E2=80=99m usually against magically extending the profi= le with new packages. In this case, my reasoning was: if you=E2=80=99re going= to set up OpenSSH config files, that=E2=80=99s probably because you=E2=80=99re= going to need OpenSSH, so why not bring it while we=E2=80=99re at it? (This rationa= le usually doesn=E2=80=99t hold for system services: just because I run ntpd doesn=E2=80=99t mean I need to have it in the system profile.) But you=E2=80=99re right here, so I guess I=E2=80=99ll just remove it. v2 coming soon! Thanks, Ludo=E2=80=99. From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 13 Jun 2022 10:53:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165511752231476 (code B ref 55912); Mon, 13 Jun 2022 10:53:01 +0000 Received: (at 55912) by debbugs.gnu.org; 13 Jun 2022 10:52:02 +0000 Received: from localhost ([127.0.0.1]:57350 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0hft-0008BY-U9 for submit@debbugs.gnu.org; Mon, 13 Jun 2022 06:52:02 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:54562) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0hfp-0008BL-Ok for 55912@debbugs.gnu.org; Mon, 13 Jun 2022 06:52:00 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by michel.telenet-ops.be with bizsmtp id iarv2700M4UW6Th06arvjx; Mon, 13 Jun 2022 12:51:56 +0200 Message-ID: <1b7c6c6f4529e88ed4699ba7299ae2051a3c1240.camel@telenet.be> From: Maxime Devos Date: Mon, 13 Jun 2022 12:51:55 +0200 In-Reply-To: <87czfcuche.fsf@gnu.org> References: <20220611164931.21953-1-ludo@gnu.org> <87czfcuche.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-pPsEmc+pbQ6Bt4XKj9Pk" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1655117516; bh=sH4miuwjhSuBmYJ7pMkLlJL9+XKiXsJjIb4N5t7hnd8=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=P9PMLxgllo1Xsg49zN1CapsyJuxVrr9nhJRxLQk3WzYSRZKQynPgYdm15FYuqxvPg vLZU48LqdG6dDtrenXP5qQiM537sX8N9tQVZkRNdaCN0g+AkYABnZG7HcSaIvBl6r4 pdjR8lO++P9D4PzPSU1wFbUc9hu7CYsY1tTOITX/cX9RqtKqYc5LLsZMPxXEbta6C0 Yr83Ynkp00aw7DphxwmDJAfonUx+LjERsM1gj4sGptTibUVx2njOIhiu7mwKCI2/XS q4n7edDxjDlLuQGTjicZh6g0MImNcTTXG2HcB2pWJ5CdaFXpIpU5htOF0nnkO3PvM+ y2xIbu3jITWAA== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-pPsEmc+pbQ6Bt4XKj9Pk Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op ma 13-06-2022 om 11:41 [+0200]: > =E2=80=98files=E2=80=99 is a list of =E2=80=9Cfile-like objects=E2=80=9D,= which, by definition, have > names acceptable for the stores (so ASCII names). What about (file-append (local-file "foo" #:recursive? #true) "/=C3=A9clipse")? Seems like a file-like object with a non-ASCII name, which is acceptable to the store (the store only cares about /gnu/store/STORE- ITEM-NAME, anything inside can be whatever). Greetings, Maxime. --=-pPsEmc+pbQ6Bt4XKj9Pk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqcWyxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7g0eAP9/PqDVPDtP87Z17BjwIVh8sZ0d cyKOTuX1UKIAFtDPigD/eMUwcjPz2pUPIvnLUaL7ZcdO31+ayUTd33+sz+30UAc= =dqAX -----END PGP SIGNATURE----- --=-pPsEmc+pbQ6Bt4XKj9Pk-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 13 Jun 2022 12:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165512173914682 (code B ref 55912); Mon, 13 Jun 2022 12:03:02 +0000 Received: (at 55912) by debbugs.gnu.org; 13 Jun 2022 12:02:19 +0000 Received: from localhost ([127.0.0.1]:57404 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0ilv-0003ok-EM for submit@debbugs.gnu.org; Mon, 13 Jun 2022 08:02:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:56252) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0ilt-0003oT-Fj for 55912@debbugs.gnu.org; Mon, 13 Jun 2022 08:02:17 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36706) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o0ilm-00061K-RD; Mon, 13 Jun 2022 08:02:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=MMU6ECTI4yvW5kIRMQrfw5PRjxw20pRhoXxIXsABpBY=; b=ioQ/2h3r80oJrvcjMeo5 RiMVGbPXM/BGWBWYP107uDje4JpeIaDud83Gg290FS+CXj3OwryAS4NUZwdMjxSQfARJL1A9xIK21 bYxoaaGfi9K8WQbc4qqhproZqBYXKwBwB8Ei86KHqDkvj6fereBOjV3Z9/pTeRVHFrf5+jkehP3F2 lHYCC8wyXiqxN6NfGNC+1kTTQDtc7SkkF2LSZ1PqiA2I74KjUBWlr/TFaWh39glP9mrAH/f7tRG2P HDVXpTS7nh1pr/hbVAXoL9oM6XqGwbfelaCqz+k3UZ2rSEEWsL2yTXdG2Q3eE5OhA7eA+077hxOLC oVbeXBybNNsZoA==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=44158 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o0ilj-0005LL-4D; Mon, 13 Jun 2022 08:02:08 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20220611164931.21953-1-ludo@gnu.org> <87czfcuche.fsf@gnu.org> <1b7c6c6f4529e88ed4699ba7299ae2051a3c1240.camel@telenet.be> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quintidi 25 Prairial an 230 de la =?UTF-8?Q?R=C3=A9volution,?= jour de la Tanche X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 13 Jun 2022 14:02:03 +0200 In-Reply-To: <1b7c6c6f4529e88ed4699ba7299ae2051a3c1240.camel@telenet.be> (Maxime Devos's message of "Mon, 13 Jun 2022 12:51:55 +0200") Message-ID: <87pmjcrcuc.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op ma 13-06-2022 om 11:41 [+0200]: >> =E2=80=98files=E2=80=99 is a list of =E2=80=9Cfile-like objects=E2=80=9D= , which, by definition, have >> names acceptable for the stores (so ASCII names). > > What about > (file-append (local-file "foo" #:recursive? #true) "/=C3=A9clipse")? That=E2=80=99s fine AFAICS. Ludo=E2=80=99. From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 13 Jun 2022 12:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165512390227103 (code B ref 55912); Mon, 13 Jun 2022 12:39:01 +0000 Received: (at 55912) by debbugs.gnu.org; 13 Jun 2022 12:38:22 +0000 Received: from localhost ([127.0.0.1]:57526 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0jKo-000735-Az for submit@debbugs.gnu.org; Mon, 13 Jun 2022 08:38:22 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:54660) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0jKl-00072v-SM for 55912@debbugs.gnu.org; Mon, 13 Jun 2022 08:38:21 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by albert.telenet-ops.be with bizsmtp id iceH2700T4UW6Th06ceHb3; Mon, 13 Jun 2022 14:38:18 +0200 Message-ID: From: Maxime Devos Date: Mon, 13 Jun 2022 14:38:12 +0200 In-Reply-To: <87pmjcrcuc.fsf@gnu.org> References: <20220611164931.21953-1-ludo@gnu.org> <87czfcuche.fsf@gnu.org> <1b7c6c6f4529e88ed4699ba7299ae2051a3c1240.camel@telenet.be> <87pmjcrcuc.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-1LJii51rQig9kpmzSIQM" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1655123898; bh=gDa4d/jKtUyAYSVpKC0woZPnLsBEtMSA70Zxe49xAc4=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=ThZO5tL9/j0IVuwZySLjKYuRv1xWg6OUaKI+oYKOM/XoxMOvwEpJBOSPfnLXCFNjv xYLVJ+D/sNd8csJGIaVw5PTo2qDVyyxR6s9I0BMcwYHwVBzLM7rhUXTeZBiAvVge/H Q1Ul+0vPc4HIwlJQDMDZBc7efWH4ZOY7jBJezr7GW1uDZBAP1/2fod2hP2DWeNTOWv Z1pWQnVRgAhUYvcBv7rH3y8RgtbLwYyn3znjvMjDoEvIvHEDiogEj8G+5DvfSneBBu 3yD71wHkgSUmoYvL72p3/jUOAAZy2Ygx5kvTMSHLDahu/6ssAvqMHqUny5k77mQE6Z pt2e6op8BpJaw== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-1LJii51rQig9kpmzSIQM Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op ma 13-06-2022 om 14:02 [+0200]: > That=E2=80=99s fine AFAICS. AFACIT it isn't, because we are not setting locale things and aren't using glibc-locales: $ ls $(guix build -e '((@ (guix gexp) computed-file) "foo" #~(begin (mkdir = #$output) (call-with-output-file (string-append #$output "/=C3=A9clipse") i= dentity))))') '?clipse' Greetings, Maxime. --=-1LJii51rQig9kpmzSIQM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqcvtRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7tjiAQCyF/nDVTRhvEHS0wJvIMN+6FyM XA/mgMJNE6VSnBRBCAD/WXU6IkFJ7phtBxq+ixUvaJtWvH/y2D+HDqn6O1KmRwM= =uixy -----END PGP SIGNATURE----- --=-1LJii51rQig9kpmzSIQM-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 13 Jun 2022 21:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165515752328859 (code B ref 55912); Mon, 13 Jun 2022 21:59:02 +0000 Received: (at 55912) by debbugs.gnu.org; 13 Jun 2022 21:58:43 +0000 Received: from localhost ([127.0.0.1]:60650 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0s55-0007VP-4z for submit@debbugs.gnu.org; Mon, 13 Jun 2022 17:58:43 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:48698) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o0s53-0007VE-I0 for 55912@debbugs.gnu.org; Mon, 13 Jun 2022 17:58:42 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by laurent.telenet-ops.be with bizsmtp id ilyf270014UW6Th01lyf5V; Mon, 13 Jun 2022 23:58:39 +0200 Message-ID: <52f35ffdfd2f0f17679662d89c515b7611fbce77.camel@telenet.be> From: Maxime Devos Date: Mon, 13 Jun 2022 23:58:32 +0200 In-Reply-To: <87czfcuche.fsf@gnu.org> References: <20220611164931.21953-1-ludo@gnu.org> <87czfcuche.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-84uCURqCmaKq2W84y7G4" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1655157519; bh=puaXvj5hkQG3r3bpMx0yZEYF3JelHqw9e9ldx16WmYY=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=W6YUQlzj455FtVEtoXDy6nD7PR9TxN+knQtoXJpcbUomiKLjhggEIsRnZr5zsHYZe VyoEVbkqn3KYJ98LO5uhldzPEAQiZHtdrCgHgYqVgXkg8OQp3fC3xUCagPPf9BMUv4 Z/gmNp6F/c1kG2kmHTexpI4L/nRXaZ2z0F9PnTRIPX96zpDMYG+J6Y/dSmPlIfX2b9 W0oPzJVRpmZDrIpZe3KtFcADz3jCLy5R8CTqlkMXSEvJ6i+Q1G+z5R2qv4LkPd+/nW bO84Qv5pR6+xnf4rXtIFNVNVhwvcS1moogrTvjHh+A+x8kxPX+Q8OLkeJk4VzahfxR 2XOTCIpfYa5xw== X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Ludovic =?UTF-8?Q?Court=C3=A8s?= schreef op ma 13-06-2022 om 11:41 [+0200]: > > TCP only allows natural numbers up to some bound, and in practice > > implementations only support non-zero natural numbers, so maybe th [...] Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 ONE_TIME BODY: One Time Rip Off -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (maximedevos[at]telenet.be) -0.0 T_SCC_BODY_TEXT_LINE No description available. X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.2 (/) --=-84uCURqCmaKq2W84y7G4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op ma 13-06-2022 om 11:41 [+0200]: > > TCP only allows natural numbers up to some bound, and in practice > > implementations only support non-zero natural numbers, so maybe the > > predicate can be refined a bit? >=20 > We could do that, though that=E2=80=99s more code for little in return=E2= =80=A6 Input validation is generally considered good practice. This has recently been rediscovered in, say, . The little extra code is trivial (just an new predicate doing some bounds checks and exact-integer?) and: * I believe that simply implementing the tiny procedure is less expensive than doing a proper cost-benefit analysis * the cost is only once, it's not a recurring cost * the cost is trivial * the new predicate can benefit _all_ services handling network ports * it would benefit _all_ users of OpenSSH that might make a typo or such. Likewise for other network services. * the benefit is not only once, it's recurring * cost of not doing checks: error messages that don't appear during "guix home reconfigure" inside Guix, and instead appear later during using the new Home from within external software even though the error was in the Guix Home. Becomes rather complicated. (Slight benefit, multiplied over many uses & much time -> large benefit compared to the tiny one-time investment.) Greetings, Maxime. --=-84uCURqCmaKq2W84y7G4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqezCBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7vwLAQC2psYFbMsijBvGZFo39FLa+TTB GSZx4N33BqtcJOzNCgD/Yz9MxWm8WEdKgFe5WfDR0f5VbraUKgM9CFhbROd5sQg= =dvAh -----END PGP SIGNATURE----- --=-84uCURqCmaKq2W84y7G4-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 14 Jun 2022 08:09:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.16551941111391 (code B ref 55912); Tue, 14 Jun 2022 08:09:01 +0000 Received: (at 55912) by debbugs.gnu.org; 14 Jun 2022 08:08:31 +0000 Received: from localhost ([127.0.0.1]:32833 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o11bD-0000MM-HL for submit@debbugs.gnu.org; Tue, 14 Jun 2022 04:08:31 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44944) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o11bA-0000M8-Cz for 55912@debbugs.gnu.org; Tue, 14 Jun 2022 04:08:30 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59270) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o11b3-0002FR-Rk; Tue, 14 Jun 2022 04:08:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=u+1B7KK7wBAP2P60TvMwi3y/c0Psed7Uce3vsHtS0z8=; b=di3lJosD1EmgrDABSVFY n3Qsz3uhFX4PQkhMnc3YBvQawy8G7CqppvhVgqqcdykSJk0pR2jnujhaIPlkCd3pYzoDGR+3R63UN DJpuuQW5xJ3galRNwSvT1jFPoggvivT/TeP+40QsHsY7D46ZK4XLOyyEDPErSNOzvfPy9jefnSdzQ WmYHz/uxO35LVm00Ec+UyGS7cyvfzZakA3kp58ADCgTTdoCKEGCABvRTjLgUsN5TRwKwEl2/CGheP 1Hh477NCKqIyh52ZGGkLrw+3IyqfyykLR3O7BXCr725QQdHWI4UYy+szc0PRdnM+/hSzOcsD6ViNS x4TrzSMuxyoKJw==; Received: from [193.50.111.69] (port=50936 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o11b3-0002gy-9Y; Tue, 14 Jun 2022 04:08:21 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20220611164931.21953-1-ludo@gnu.org> <87czfcuche.fsf@gnu.org> <52f35ffdfd2f0f17679662d89c515b7611fbce77.camel@telenet.be> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Sextidi 26 Prairial an 230 de la =?UTF-8?Q?R=C3=A9volution,?= jour du Jasmin X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 14 Jun 2022 10:08:17 +0200 In-Reply-To: <52f35ffdfd2f0f17679662d89c515b7611fbce77.camel@telenet.be> (Maxime Devos's message of "Mon, 13 Jun 2022 23:58:32 +0200") Message-ID: <875yl3oefi.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op ma 13-06-2022 om 11:41 [+0200]: >> > TCP only allows natural numbers up to some bound, and in practice >> > implementations only support non-zero natural numbers, so maybe the >> > predicate can be refined a bit? >>=20 >> We could do that, though that=E2=80=99s more code for little in return= =E2=80=A6 > > Input validation is generally considered good practice. I agree with this general statement of course (as I mentioned, I toyed with input validation for things that are much more error-prone: public key and host key algorithms.) Ludo=E2=80=99. From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH v2] home: Add OpenSSH service. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 15 Jun 2022 20:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 55912@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Maxime Devos Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.16553250172373 (code B ref 55912); Wed, 15 Jun 2022 20:31:02 +0000 Received: (at 55912) by debbugs.gnu.org; 15 Jun 2022 20:30:17 +0000 Received: from localhost ([127.0.0.1]:39960 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1Zea-0000cB-D7 for submit@debbugs.gnu.org; Wed, 15 Jun 2022 16:30:17 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39732) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1ZeS-0000ae-NA for 55912@debbugs.gnu.org; Wed, 15 Jun 2022 16:30:14 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45144) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1ZeM-000607-C1; Wed, 15 Jun 2022 16:30:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=rWlNOUCsK2WEFNOpS4GyhdWY0DojCtqXeDNatgrw8Vw=; b=h0S1PT+PLunJKxOPbFPD gyXoyXvGpxVPO2vGcnleAAWswaAf5tQRt5UUbpAcL0slJfPzGY45C5EMZuQa6tBPNn9cQY9VGGlXE Bbl6LU763QDwXL9dQtvBtpsxV+d7HOXJr2PARNbvpCs7l1oeDkhlsxdQUFRfSVQ0zm+hsU3/VoEuq sAl7UjEmKOydzy6LftHOWmX735g8/EnqNVAWhOTfB2GvcnlSW9kkixx9K7CT3UbGqL44mk9/3LnLD Ig4LDuhHUTjSh2DGBi2PY1TN5cxl4WYMbcCnG+N8+rw7hhtKT2lmgEO/qMet2C4oZfw63vJu+wTym XgtOLcdu306zkA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:63755 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o1ZeL-0007Zn-LH; Wed, 15 Jun 2022 16:30:02 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Wed, 15 Jun 2022 22:29:51 +0200 Message-Id: <20220615202951.22501-1-ludo@gnu.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/home/services/ssh.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/guix/POTFILES.in: Add it. * doc/guix.texi (Secure Shell): New section. --- doc/guix.texi | 176 +++++++++++++++++++++++++- gnu/home/services/ssh.scm | 254 ++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + po/guix/POTFILES.in | 1 + 4 files changed, 431 insertions(+), 1 deletion(-) create mode 100644 gnu/home/services/ssh.scm Hello! Changes compared to v1: • Use *unspecified* instead of 'disabled for unspecified field values, relying on the new semantics that Attila introduced. • No longer add the ‘openssh’ package to the profile. • Support non-ASCII file names in ‘file-join’. • Use a “natural number” type for the ‘port’ field. Thoughts? Ludo’. diff --git a/doc/guix.texi b/doc/guix.texi index 143bf36403..35a70ba56d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -39043,6 +39043,7 @@ services)}. * Shells: Shells Home Services. POSIX shells, Bash, Zsh. * Mcron: Mcron Home Service. Scheduled User's Job Execution. * Shepherd: Shepherd Home Service. Managing User's Daemons. +* SSH: Secure Shell. Setting up the secure shell client. * Desktop: Desktop Home Services. Services for graphical environments. @end menu @c In addition to that Home Services can provide @@ -39363,7 +39364,7 @@ GNU@tie{}mcron, a daemon to run jobs at scheduled times (@pxref{Top,,, mcron, GNU@tie{}mcron}). The information about system's mcron is applicable here (@pxref{Scheduled Job Execution}), the only difference for home services is that they have to be declared in a -@code{home-envirnoment} record instead of an @code{operating-system} +@code{home-environment} record instead of an @code{operating-system} record. @defvr {Scheme Variable} home-mcron-service-type @@ -39431,6 +39432,179 @@ mechanism instead (@pxref{Shepherd Services}). @end table @end deftp +@node Secure Shell +@subsection Secure Shell + +@cindex secure shell client, configuration +@cindex SSH client, configuration +The @uref{https://www.openssh.com, OpenSSH package} includes a client, +the @command{ssh} command, that allows you to connect to remote machines +using the @acronym{SSH, secure shell} protocol. With the @code{(gnu +home services ssh)} module, you can set up OpenSSH so that it works in a +predictable fashion, almost independently of state on the local machine. +To do that, you instantiate @code{home-openssh-service-type} in your +Home configuration, as explained below. + +@defvr {Scheme Variable} home-openssh-service-type +This is the type of the service to set up the OpenSSH client. It takes +care of several things: + +@itemize +@item +providing a @file{~/.ssh/config} file based on your configuration so +that @command{ssh} knows about hosts you regularly connect to and their +associated parameters; + +@item +providing a @file{~/.ssh/authorized_keys}, which lists public keys that +the local SSH server, @command{sshd}, may accept to connect to this user +account; + +@item +optionally providing a @file{~/.ssh/known_hosts} file so that @file{ssh} +can authenticate hosts you connect to. +@end itemize + +Here is a sample configuration you could add to the @code{services} +field of your @code{home-environment}: + +@lisp +(home-openssh-configuration + (hosts (list (openssh-host (name "ci.guix.gnu.org") + (user "charlie")) + (openssh-host (name "chbouib") + (host-name "chbouib.example.org") + (user "supercharlie") + (port 10022)))) + (authorized-keys (list (local-file "alice.pub")))) +@end lisp + +The example above lists two hosts and their parameters. For instance, +running @command{ssh chbouib} will automatically connect to +@code{chbouib.example.org} on port 10022, logging in as user +@samp{supercharlie}. Further, it marks the public key in +@file{alice.pub} as authorized for incoming connections. + +The value associated with a @code{home-openssh-service-type} instance +must be a @code{home-openssh-configuration} record, as describe below. +@end defvr + +@deftp {Data Type} home-openssh-configuration +This is the datatype representing the OpenSSH client and server +configuration in one's home environment. It contains the following +fields: + +@table @asis +@item @code{hosts} (default: @code{'()}) +A list of @code{openssh-host} records specifying host names and +associated connection parameters (see below). This host list goes into +@file{~/.ssh/config}, which @command{ssh} reads at startup. + +@item @code{known-hosts} (default: @code{*unspecified*}) +This must be either: + +@itemize +@item +@code{*unspecified*}, in which case @code{home-openssh-service-type} +leaves it up to @command{ssh} and to the user to maintain the list of +known hosts at @file{~/.ssh/known_hosts}, or + +@item +a list of file-like objects, in which case those are concatenated and +emitted as @file{~/.ssh/known_hosts}. +@end itemize + +The @file{~/.ssh/known_hosts} contains a list of host name/host key +pairs that allow @command{ssh} to authenticate hosts you connect to and +to detect possible impersonation attacks. By default, @command{ssh} +updates it in a @dfn{TOFU, trust-on-first-use} fashion, meaning that it +records the host's key in that file the first time you connect to it. +This behavior is preserved when @code{known-hosts} is set to +@code{*unspecified*}. + +If you instead provide a list of host keys upfront in the +@code{known-hosts} field, your configuration becomes self-contained and +stateless: it can be replicated elsewhere or at another point in time. +Preparing this list can be relatively tedious though, which is why +@code{*unspecified*} is kept as a default. + +@item @code{authorized-keys} (default: @code{'()}) +This must be a list of file-like objects, each of which containing an +SSH public key that should be authorized to connect to this machine. + +Concretely, these files are concatenated and made available as +@file{~/.ssh/authorized_keys}. If an OpenSSH server, @command{sshd}, is +running on this machine, then it @emph{may} take this file into account: +this is what @command{sshd} does by default, but be aware that it can +also be configured to ignore it. +@end table +@end deftp + +@c %start of fragment + +@deftp {Data Type} openssh-host +Available @code{openssh-host} fields are: + +@table @asis +@item @code{name} (type: string) +Name of this host declaration. + +@item @code{host-name} (type: maybe-string) +Host name---e.g., @code{"foo.example.org"} or @code{"192.168.1.2"}. + +@item @code{address-family} (type: address-family) +Address family to use when connecting to this host: one of +@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only), or +@code{*unspecified*} (allowing any address family). + +@item @code{identity-file} (type: maybe-string) +The identity file to use---e.g., @code{"/home/charlie/.ssh/id_ed25519"}. + +@item @code{port} (type: maybe-natural-number) +TCP port number to connect to. + +@item @code{user} (type: maybe-string) +User name on the remote host. + +@item @code{forward-x11?} (default: @code{#f}) (type: boolean) +Whether to forward remote client connections to the local X11 graphical +display. + +@item @code{forward-x11-trusted?} (default: @code{#f}) (type: boolean) +Whether remote X11 clients have full access to the original X11 +graphical display. + +@item @code{forward-agent?} (default: @code{#f}) (type: boolean) +Whether the authentication agent (if any) is forwarded to the remote +machine. + +@item @code{compression?} (default: @code{#f}) (type: boolean) +Whether to compress data in transit. + +@item @code{proxy-command} (type: maybe-string) +The command to use to connect to the server. As an example, a command +to connect via an HTTP proxy at 192.0.2.0 would be: @code{"nc -X connect +-x 192.0.2.0:8080 %h %p"}. + +@item @code{host-key-algorithms} (type: maybe-string-list) +The list of accepted host key algorithms---e.g., +@code{'("ssh-ed25519")}. + +@item @code{accepted-key-types} (type: maybe-string-list) +The list of accepted user public key types. + +@item @code{extra-content} (default: @code{""}) (type: raw-configuration-string) +Extra content appended as-is to this @code{Host} block in +@file{~/.ssh/config}. + +@end table + +@end deftp + + +@c %end of fragment + + @node Desktop Home Services @subsection Desktop Home Services diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm new file mode 100644 index 0000000000..ff2992766c --- /dev/null +++ b/gnu/home/services/ssh.scm @@ -0,0 +1,254 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu home services ssh) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (guix diagnostics) + #:use-module (guix i18n) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (guix modules) + #:use-module (gnu home services) + #:use-module ((gnu home services utils) + #:select (object->camel-case-string)) + #:autoload (gnu packages base) (glibc-utf8-locales) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) + #:use-module (ice-9 match) + #:export (home-openssh-configuration + home-openssh-configuration-authorized-keys + home-openssh-configuration-known-hosts + home-openssh-configuration-hosts + + openssh-host + openssh-host-host-name + openssh-host-identity-file + openssh-host-name + openssh-host-port + openssh-host-user + openssh-host-forward-x11? + openssh-host-forward-x11-trusted? + openssh-host-forward-agent? + openssh-host-compression? + openssh-host-proxy-command + openssh-host-host-key-algorithms + openssh-host-accepted-key-types + openssh-host-extra-content + + home-openssh-service-type)) + +(define (serialize-field-name name) + (match name + ('accepted-key-types "PubkeyAcceptedKeyTypes") + (_ + (let ((name (let ((str (symbol->string name))) + (if (string-suffix? "?" str) + (string->symbol (string-drop-right str 1)) + name)))) + (object->camel-case-string name 'upper))))) + +(define (serialize-string field value) + (string-append " " (serialize-field-name field) + " " value "\n")) + +(define (address-family? obj) + (memv obj (list *unspecified* AF_INET AF_INET6))) + +(define (serialize-address-family field family) + (if (unspecified? family) + "" + (string-append " " (serialize-field-name field) " " + (cond ((= family AF_INET) "inet") + ((= family AF_INET6) "inet6") + ;; The 'else' branch is unreachable. + (else (raise (condition (&error))))) + "\n"))) + +(define (natural-number? obj) + (and (integer? obj) (exact? obj) (> obj 0))) + +(define (serialize-natural-number field value) + (string-append " " (serialize-field-name field) " " + (number->string value) "\n")) + +(define (serialize-boolean field value) + (string-append " " (serialize-field-name field) " " + (if value "yes" "no") "\n")) + +(define-maybe string) +(define-maybe natural-number) + +(define (serialize-raw-configuration-string field value) + (string-append value "\n")) +(define raw-configuration-string? string?) + +(define (string-list? lst) + (and (pair? lst) (every string? lst))) +(define (serialize-string-list field lst) + (string-append " " (serialize-field-name field) " " + (string-join lst ",") "\n")) + +(define-maybe string-list) + +(define-configuration openssh-host + (name + (string) + "Name of this host declaration.") + (host-name + maybe-string + "Host name---e.g., @code{\"foo.example.org\"} or @code{\"192.168.1.2\"}.") + (address-family + address-family + "Address family to use when connecting to this host: one of +@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only), or +@code{*unspecified*} (allowing any address family).") + (identity-file + maybe-string + "The identity file to use---e.g., +@code{\"/home/charlie/.ssh/id_ed25519\"}.") + (port + maybe-natural-number + "TCP port number to connect to.") + (user + maybe-string + "User name on the remote host.") + (forward-x11? + (boolean #f) + "Whether to forward remote client connections to the local X11 graphical +display.") + (forward-x11-trusted? + (boolean #f) + "Whether remote X11 clients have full access to the original X11 graphical +display.") + (forward-agent? + (boolean #f) + "Whether the authentication agent (if any) is forwarded to the remote +machine.") + (compression? + (boolean #f) + "Whether to compress data in transit.") + (proxy-command + maybe-string + "The command to use to connect to the server. As an example, a command +to connect via an HTTP proxy at 192.0.2.0 would be: @code{\"nc -X +connect -x 192.0.2.0:8080 %h %p\"}.") + (host-key-algorithms + maybe-string-list + "The list of accepted host key algorithms---e.g., +@code{'(\"ssh-ed25519\")}.") + (accepted-key-types + maybe-string-list + "The list of accepted user public key types.") + (extra-content + (raw-configuration-string "") + "Extra content appended as-is to this @code{Host} block in +@file{~/.ssh/config}.")) + +(define (serialize-openssh-host config) + (define (openssh-host-name-field? field) + (eq? (configuration-field-name field) 'name)) + + (string-append + "Host " (openssh-host-name config) "\n" + (string-concatenate + (map (lambda (field) + ((configuration-field-serializer field) + (configuration-field-name field) + ((configuration-field-getter field) config))) + (remove openssh-host-name-field? + openssh-host-fields))))) + +(define-record-type* + home-openssh-configuration make-home-openssh-configuration + home-openssh-configuration? + (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like + (default '())) + (known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like + (default *unspecified*)) + (hosts home-openssh-configuration-hosts ;list of + (default '()))) + +(define (openssh-configuration->string config) + (string-join (map serialize-openssh-host + (home-openssh-configuration-hosts config)) + "\n")) + +(define* (file-join name files #:optional (delimiter " ")) + "Return a file in the store called @var{name} that is the concatenation +of all the file-like objects listed in @var{files}, with @var{delimited} +inserted after each of them." + (computed-file name + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + ;; Support non-ASCII file names. + (setenv "GUIX_LOCPATH" + #+(file-append glibc-utf8-locales + "/lib/locale")) + (setlocale LC_ALL "en_US.utf8") + + (call-with-output-file #$output + (lambda (output) + (for-each (lambda (file) + (call-with-input-file file + (lambda (input) + (dump-port input output))) + (display #$delimiter output)) + '#$files))))))) + +(define (openssh-configuration-files config) + (let ((config (plain-file "ssh.conf" + (openssh-configuration->string config))) + (known-hosts (home-openssh-configuration-known-hosts config)) + (authorized-keys (file-join + "authorized_keys" + (home-openssh-configuration-authorized-keys config) + "\n"))) + `((".ssh/authorized_keys" ,authorized-keys) + ,@(if (unspecified? known-hosts) + '() + `((".ssh/known_hosts" + ,(file-join "known_hosts" known-hosts "\n")))) + (".ssh/config" ,config)))) + +(define openssh-activation + (with-imported-modules (source-module-closure + '((gnu build activation))) + #~(begin + (use-modules (gnu build activation)) + + ;; Make sure ~/.ssh is #o700. + (let* ((home (getenv "HOME")) + (dot-ssh (string-append home "/.ssh"))) + (mkdir-p/perms dot-ssh (getpw (getuid)) #o700))))) + +(define home-openssh-service-type + (service-type + (name 'home-openssh) + (extensions + (list (service-extension home-files-service-type + openssh-configuration-files) + (service-extension home-activation-service-type + (const openssh-activation)))) + (description "Configure the OpenSSH @acronym{SSH, secure shell} client +by providing a @file{~/.ssh/config} file, which is honored by the OpenSSH +client,@command{ssh}, and by other tools such as @command{guix deploy}.") + (default-value (home-openssh-configuration)))) diff --git a/gnu/local.mk b/gnu/local.mk index 5a9edc16bb..372573d3c4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -85,6 +85,7 @@ GNU_SYSTEM_MODULES = \ %D%/home/services/fontutils.scm \ %D%/home/services/shells.scm \ %D%/home/services/shepherd.scm \ + %D%/home/services/ssh.scm \ %D%/home/services/mcron.scm \ %D%/home/services/utils.scm \ %D%/home/services/xdg.scm \ diff --git a/po/guix/POTFILES.in b/po/guix/POTFILES.in index 6b8bd92bb7..201e5dcc87 100644 --- a/po/guix/POTFILES.in +++ b/po/guix/POTFILES.in @@ -6,6 +6,7 @@ gnu/services.scm gnu/system.scm gnu/services/shepherd.scm gnu/home/services.scm +gnu/home/services/ssh.scm gnu/home/services/symlink-manager.scm gnu/system/file-systems.scm gnu/system/image.scm base-commit: 8a04ac4b2f5d356719d896536dabc95a9520c938 -- 2.36.1 From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH v2] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 15 Jun 2022 20:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165532603811522 (code B ref 55912); Wed, 15 Jun 2022 20:48:01 +0000 Received: (at 55912) by debbugs.gnu.org; 15 Jun 2022 20:47:18 +0000 Received: from localhost ([127.0.0.1]:40010 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1Zv4-0002zW-9J for submit@debbugs.gnu.org; Wed, 15 Jun 2022 16:47:18 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:53880) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1Zv1-0002wS-Eh for 55912@debbugs.gnu.org; Wed, 15 Jun 2022 16:47:16 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by laurent.telenet-ops.be with bizsmtp id jYnD270094UW6Th01YnD05; Wed, 15 Jun 2022 22:47:13 +0200 Message-ID: From: Maxime Devos Date: Wed, 15 Jun 2022 22:47:07 +0200 In-Reply-To: <20220615202951.22501-1-ludo@gnu.org> References: <20220615202951.22501-1-ludo@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-JQ86u7eM/7rAKYtAITQQ" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1655326033; bh=qnU8F2vtAMX6BCpm6AdE1iIKDs0LIYeqTintph/tFgs=; h=Subject:From:To:Date:In-Reply-To:References; b=NaHzel4louncbZpzfsda8dFtOorlqFHOy1AZ0cTa7V6zx0j6PMhYT0t74O5OMIjXa LAgsqgOriYlURxb8+E6vHZ8nplsMbeGatC9p+MFGrX8z0Z4oOP51bgu5yHdX7cY1tX jh+qEbzR1gFo0mnFv+EmiCOMOi+IhpvgM85ooJvNk4bIW9JSBkBQymt9TBc1EGf+zF bElZqFJmBBuFZAtzxcjzoPorgykARJKgptViI/te3NCMAHQDF1/DwUPqGJAxbrGGzt ye6fWpI7j5coKbip/ym9Qc0dkxuThiO9Bx6w2NbJIp6rMonSfRmQrdXJ1OpKPUNa6r wDSZQUJQx66Dw== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-JQ86u7eM/7rAKYtAITQQ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 THVkb3ZpYyBDb3VydMOocyBzY2hyZWVmIG9wIHdvIDE1LTA2LTIwMjIgb20gMjI6MjkgWyswMjAw XToKPiArwqAgKGNvbXB1dGVkLWZpbGUgbmFtZQo+ICvCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoCAod2l0aC1pbXBvcnRlZC1tb2R1bGVzICcoKGd1aXggYnVpbGQgdXRpbHMpKQo+ICvC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgI34oYmVnaW4KPiArwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgKHVzZS1tb2R1bGVzIChndWl4IGJ1 aWxkIHV0aWxzKSkKPiArCj4gK8KgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgIDs7IFN1cHBvcnQgbm9uLUFTQ0lJIGZpbGUgbmFtZXMuCj4gK8KgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIChzZXRlbnYgIkdVSVhfTE9DUEFUSCIKPiAr wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgICMrKGZpbGUtYXBwZW5kIGdsaWJjLXV0ZjgtbG9jYWxlcwo+ICvCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgwqAgIi9saWIvbG9jYWxlIikpCj4gK8KgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIChzZXRsb2NhbGUgTENfQUxMICJlbl9VUy51dGY4IikK CkZvciByb2J1c3RuZXNzLCBJIHRoaW5rIGl0IHdvdWxkIGJlIGJlc3QgdG8gbW92ZSB0aGlzIGxv Y2FsZQppbml0aWFsaXNhdGlvbiBjb2RlIHRvIHRoZSBpbXBsZW1lbnRhdGlvbiBvZiAnY29tcHV0 ZWQtZmlsZScgaXRzZWxmLCB0bwplbGltaW5hdGUgdGhpcyBwb3RlbnRpYWwgcGl0ZmFsbCBlbnRp cmVseS4KCkV4Y2VwdCBmb3IgJ3JhY2tldCcgYW5kIHBhY2thZ2UgdHJhbnNmb3JtYXRpb25zLCB0 aGlzIGRvZXMgbm90IHNlZW0gdG8KdXNlZCBieSBhbnkgcGFja2FnZSBkZWZpbml0aW9uIChleGNl cHQgdmlhIG1lc29uIHdoZW4gY3Jvc3MtY29tcGlsaW5nKSwKc28gaXQgZG9lc24ndCBzZWVtIGxp a2UgdGhpcyB3b3VsZCBlbnRhaWwgYSB3b3JsZC1yZWJ1aWxkCih1bnZlcmlmaWVkISkuCgpHcmVl dGluZ3MsCk1heGltZS4K --=-JQ86u7eM/7rAKYtAITQQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqpFSxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7n7PAP9AWpPWphRBDrOtLDW8FB5Qm+Ec dAd9wvtm3C5fsStligEAjhAaQbJYPSNpi/6nWyZHlfiUp1L621W1zsOQi9TxNwM= =Z72F -----END PGP SIGNATURE----- --=-JQ86u7eM/7rAKYtAITQQ-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH v2] home: Add OpenSSH service. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 16 Jun 2022 10:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165537643217891 (code B ref 55912); Thu, 16 Jun 2022 10:48:02 +0000 Received: (at 55912) by debbugs.gnu.org; 16 Jun 2022 10:47:12 +0000 Received: from localhost ([127.0.0.1]:40819 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1n1s-0004eV-Kv for submit@debbugs.gnu.org; Thu, 16 Jun 2022 06:47:12 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60860) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1n1r-0004eI-BW for 55912@debbugs.gnu.org; Thu, 16 Jun 2022 06:47:11 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:56870) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1n1l-0007wN-40; Thu, 16 Jun 2022 06:47:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=HxDF+A7+Chx82sh6GcJMa5yWGrTmnfEPfrTK8zMc19M=; b=IAuot/mfGBJizipcXkra 94SAyFbF358rCtM/B1hZYFxcFdAaSZEZ9XhSDpXlCkukoTiIlGhh0y27Bc/eb4PxhIoYdMMLDraHX BgfN4fKUkw2xaIYbJ65zvaG9i+FN9VaFIrLJ7iXLcN/0Pfp/ts088j66lgzcmU/OumhDr4feT7Fc7 OO53gU7vnmHAWoIQfTbv0LvSgLsF6Nric0xNEqfOmk3usu6UhuLZhKgR5s9JcLon6zoC6baAC9J7o rfsErQeXZvsO0q1dVFV3JyMzi59z3qrKXSmpmb8TO1XxYF77kySWUTpnWO0/m9Ndiqr05/XUIPFc+ NgyMVPUemAXL2g==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:53293 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1n1k-0006sR-Nz; Thu, 16 Jun 2022 06:47:04 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20220615202951.22501-1-ludo@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Octidi 28 Prairial an 230 de la =?UTF-8?Q?R=C3=A9volution,?= jour du Thym X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 16 Jun 2022 12:47:02 +0200 In-Reply-To: (Maxime Devos's message of "Wed, 15 Jun 2022 22:47:07 +0200") Message-ID: <87wndglwbd.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) TWF4aW1lIERldm9zIDxtYXhpbWVkZXZvc0B0ZWxlbmV0LmJlPiBza3JpYmlzOg0KDQo+IEx1ZG92 aWMgQ291cnTDqHMgc2NocmVlZiBvcCB3byAxNS0wNi0yMDIyIG9tIDIyOjI5IFsrMDIwMF06DQo+ PiArwqAgKGNvbXB1dGVkLWZpbGUgbmFtZQ0KPj4gK8KgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgICh3aXRoLWltcG9ydGVkLW1vZHVsZXMgJygoZ3VpeCBidWlsZCB1dGlscykpDQo+PiAr wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgICN+KGJlZ2luDQo+PiArwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgKHVzZS1tb2R1bGVzIChndWl4 IGJ1aWxkIHV0aWxzKSkNCj4+ICsNCj4+ICvCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoCA7OyBTdXBwb3J0IG5vbi1BU0NJSSBmaWxlIG5hbWVzLg0KPj4gK8KgwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIChzZXRlbnYgIkdVSVhfTE9D UEFUSCINCj4+ICvCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqAgIysoZmlsZS1hcHBlbmQgZ2xpYmMtdXRmOC1sb2NhbGVzDQo+PiArwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgICIvbGliL2xvY2FsZSIpKQ0KPj4gK8KgwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIChzZXRsb2NhbGUgTENfQUxM ICJlbl9VUy51dGY4IikNCj4NCj4gRm9yIHJvYnVzdG5lc3MsIEkgdGhpbmsgaXQgd291bGQgYmUg YmVzdCB0byBtb3ZlIHRoaXMgbG9jYWxlDQo+IGluaXRpYWxpc2F0aW9uIGNvZGUgdG8gdGhlIGlt cGxlbWVudGF0aW9uIG9mICdjb21wdXRlZC1maWxlJyBpdHNlbGYsIHRvDQo+IGVsaW1pbmF0ZSB0 aGlzIHBvdGVudGlhbCBwaXRmYWxsIGVudGlyZWx5Lg0KDQpJ4oCZZCByYXRoZXIgaGF2ZSDigJhj b21wdXRlZC1maWxl4oCZIGRvIGp1c3Qgd2hhdCBpdOKAmXMgZG9jdW1lbnRlZCB0byBkbzsgSQ0K ZG9u4oCZdCB0aGluayB0aGlzIGtpbmQgb2YgdGhpbmcgYmVsb25ncyB0aGVyZS4gIChJdOKAmXMg YmV5b25kIHRoZSBzY29wZSBvZg0KdGhpcyBwYXRjaCBzZXQgdG9vLikNCg0KSWRlYWxseSBHdWls ZSB3b3VsZCBqdXN0IGRvIHRoZSByaWdodCB0aGluZyB3aXRob3V0IHVzIGZpZGRsaW5nIHdpdGgN CmxvY2FsZXMuICBUaGF0IGlzLCBpdCB3b3VsZCBkZWZhdWx0IHRvIFVURi04IHJhdGhlciB0aGFu IEFTQ0lJLg0KDQpUaGFua3MsDQpMdWRv4oCZLg0K From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH v2] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 16 Jun 2022 12:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165538182811276 (code B ref 55912); Thu, 16 Jun 2022 12:18:02 +0000 Received: (at 55912) by debbugs.gnu.org; 16 Jun 2022 12:17:08 +0000 Received: from localhost ([127.0.0.1]:40975 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1oQu-0002vo-Jj for submit@debbugs.gnu.org; Thu, 16 Jun 2022 08:17:08 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:60160) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1oQp-0002vb-6g for 55912@debbugs.gnu.org; Thu, 16 Jun 2022 08:17:07 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by laurent.telenet-ops.be with bizsmtp id joH1270094UW6Th01oH1Ry; Thu, 16 Jun 2022 14:17:01 +0200 Message-ID: <8e5bb981309815ed813fc2e304c556cc8704c622.camel@telenet.be> From: Maxime Devos Date: Thu, 16 Jun 2022 14:16:46 +0200 In-Reply-To: <87wndglwbd.fsf@gnu.org> References: <20220615202951.22501-1-ludo@gnu.org> <87wndglwbd.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-byaHVl0zdOLEqhw2pDbi" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1655381821; bh=6/dIrdOZiS8vrPCDo3TWNgPuHGTb7pDVsNONz1vRMbE=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=eylVpZ6mdYdPnuen5rzRCZAQaX7GmJAbZ7ODa/BHb1wgYf3x5jYKBUImh3C71hRiN zK7W/JA5Aj/T8D7P4CodgvFEVDbeRC0Suq0abr5Ti3zSOUzWpIKuV+FFGz9IUymhuD u21EvsoQ+8Lk+7F3/BR8DVA6xV6KpaPNvu9KgSnnhlGlgbdOS7lCkGrrCuGq0ek16C dpV/hlp1RQ1Bk3Y67z8RLQJj8Pz2EEXqbub4F82PWxEBu8g/UOk6K+sWl87xXNq3bv 4AxU1pWX/6v1a+J6/6s/YvwS56nuWQmCfN4f7NfgOwgzr+f52G/7UEUDoL7W2eDtNb Eoeuxq6K7NYwQ== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-byaHVl0zdOLEqhw2pDbi Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > I=E2=80=99d rather have =E2=80=98computed-file=E2=80=99 do just what it= =E2=80=99s documented to do; > I don=E2=80=99t think this kind of thing belongs there (It=E2=80=99s beyo= nd the scope > of this patch set too.) The documentation of =E2=80=98computed-file=E2=80=99 can be modified to doc= ument it uses a non-broken file name encoding instead of the broken default.=20 Though something for a separate patch I suppose. Ludovic Court=C3=A8s schreef op do 16-06-2022 om 12:47 [+0200]: > Ideally Guile would just do the right thing without us fiddling with > locales.=C2=A0 That is, it would default to UTF-8 rather than ASCII. I did a quick test, and apparently Guile calls nl_langinfo to determine the encoding, which returns ANSI_X3.4-1968, because glibc defaults to the C locale. =C2=A0So unless you want to change the encoding of the C locale or change the default locale or override glibc's choice of default locale in Guile, I don't think there's anything to change in Guile? Greetins, Maxime. --=-byaHVl0zdOLEqhw2pDbi Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqsfLhccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7k1JAP9H27kOHWwODgTFTm21oXTSZCXR 32fEMqi/6USZAv6sdQD/eMVdB3gj9wHS5dSnWS6Xz5Un5Gj0GNleq8QChprb3w0= =LBjy -----END PGP SIGNATURE----- --=-byaHVl0zdOLEqhw2pDbi-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH v2] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 16 Jun 2022 12:32:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165538269412644 (code B ref 55912); Thu, 16 Jun 2022 12:32:01 +0000 Received: (at 55912) by debbugs.gnu.org; 16 Jun 2022 12:31:34 +0000 Received: from localhost ([127.0.0.1]:40990 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1oes-0003Hs-JG for submit@debbugs.gnu.org; Thu, 16 Jun 2022 08:31:34 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:54568) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1oep-0003Hi-TB for 55912@debbugs.gnu.org; Thu, 16 Jun 2022 08:31:33 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by laurent.telenet-ops.be with bizsmtp id joXW270034UW6Th01oXWKK; Thu, 16 Jun 2022 14:31:30 +0200 Message-ID: <74707ec9078da6445803cb00904a739b71ac0d82.camel@telenet.be> From: Maxime Devos Date: Thu, 16 Jun 2022 14:31:26 +0200 In-Reply-To: <8e5bb981309815ed813fc2e304c556cc8704c622.camel@telenet.be> References: <20220615202951.22501-1-ludo@gnu.org> <87wndglwbd.fsf@gnu.org> <8e5bb981309815ed813fc2e304c556cc8704c622.camel@telenet.be> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-fTyFU3ujm1DNVAwrrICu" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1655382690; bh=9jYm76045rc+7Kkn6f7K/qOEYZsmsL7a2NYNPnjHkgo=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=bJFD1ZOJE0b0Qxz1Ga8RnZq4P+Q/44yYVEKYi1a1WFQ8Ke4PNymOf89W0pKPGZrYZ rbdpEI28uPMQ0hFhEUW0qihvAEf+MXV6/eLUxUCgkr6jTdJ5JbhU8TYCv0EMIc3r8O bpwBwLQT0rsJKAmit8plGYQl/pNM7wG/wlIp10hbzS2ApuIZsWnv90uUydJ1ozS23c Sujx1HILxhbqWOI0Xrk+T11Z/hddgcpXjOqt6HoQr9NK33W5yZI57JpSEwOzCpTE89 kHSn640X+JJgO/G+mBtCzneqx8y/ct/J3jhXr10nlI2Yj4n9fLtQc18quYJ3+bzlRk iOcPxXc/0PyhA== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-fTyFU3ujm1DNVAwrrICu Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Maxime Devos schreef op do 16-06-2022 om 14:16 [+0200]: > Ludovic Court=C3=A8s schreef op do 16-06-2022 om 12:47 [+0200]: > > Ideally Guile would just do the right thing without us fiddling > > with locales.=C2=A0 That is, it would default to UTF-8 rather than > > ASCII. Somewhat related, I could look into separating locales from the file name encoding in Guile (with a parameter object or something) later?=20 Not a solution as-is, but would be convenient in many places ... Greetings, Maxime. --=-fTyFU3ujm1DNVAwrrICu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqsinhccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kjaAP0YgG8RroelnOJYgG/ot6Xybq3/ Xps5QsgDoE/VRnq9nAEAiQmmL094D0toAZcVGByytdYUqUWScAruNKvijvjAGg0= =JcBG -----END PGP SIGNATURE----- --=-fTyFU3ujm1DNVAwrrICu-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 16 Jun 2022 16:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165539634321671 (code B ref 55912); Thu, 16 Jun 2022 16:20:02 +0000 Received: (at 55912) by debbugs.gnu.org; 16 Jun 2022 16:19:03 +0000 Received: from localhost ([127.0.0.1]:42970 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1sD0-0005dT-Vt for submit@debbugs.gnu.org; Thu, 16 Jun 2022 12:19:03 -0400 Received: from eggs.gnu.org ([209.51.188.92]:54476) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1sCz-0005co-7L for 55912@debbugs.gnu.org; Thu, 16 Jun 2022 12:19:01 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:44814) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1sCs-000227-S8; Thu, 16 Jun 2022 12:18:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=j4zF5Cmkmm7mgSNT1Ghlec1VN78npVoOLTtmWasOo/Y=; b=fZFtx2lYNAWVlhSNJefG YQNtS/1VMPa3mMg7apXk4GEBNwIx7N92WmIwxKAMdBNsfhvXUN/dbeszMRGTLMNkqj0wUhBpgehf6 3SwAIyfR6MkKpi0niqCZca2NotrEeV63Fdh5aKvhOit4pvLV9hWfOWg+WISkJP0SAgNfgBCtwz2Su ha8kPNHT6FNV3ewKQAWAmM/SFJDjSMHYLzRCiupWm/Z/rkcoSN3WEvRJ7xLbaGZbvl99WteaAw6Zn NPtBbS41vti75StAUS7yAaSEyVki6PVnIQCLLF7ZzuGXz8MPNeYfZ1j2T3NATph4mIGs1ykWDfFPC H19+HVnO+ZmsWA==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=53832 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1sCr-0003x5-EY; Thu, 16 Jun 2022 12:18:53 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20220615202951.22501-1-ludo@gnu.org> <87wndglwbd.fsf@gnu.org> <8e5bb981309815ed813fc2e304c556cc8704c622.camel@telenet.be> Date: Thu, 16 Jun 2022 18:18:50 +0200 In-Reply-To: <8e5bb981309815ed813fc2e304c556cc8704c622.camel@telenet.be> (Maxime Devos's message of "Thu, 16 Jun 2022 14:16:46 +0200") Message-ID: <87tu8kk2dx.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > I did a quick test, and apparently Guile calls nl_langinfo to determine > the encoding, which returns ANSI_X3.4-1968, because glibc defaults to > the C locale. =C2=A0So unless you want to change the encoding of the C > locale or change the default locale or override glibc's choice of > default locale in Guile, I don't think there's anything to change in > Guile? Glibc 2.35 includes the =E2=80=9CC.UTF-8=E2=80=9D locale; I don=E2=80=99t k= now if it=E2=80=99s the default, but it will likely help. > Somewhat related, I could look into separating locales from the file > name encoding in Guile (with a parameter object or something) later?=20 > Not a solution as-is, but would be convenient in many places ... Yes, that too. In (guix build syscalls), there=E2=80=99s a variant of =E2= =80=98scandir=E2=80=99 for instance that is locale-independent and decodes file names as UTF-8. Nowadays that=E2=80=99s probably the most sensible option. In Guile proper, it would be nice if there were a =E2=80=98%file-name-encod= ing=E2=80=99 fluid. Thanks, Ludo=E2=80=99. From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 16 Jun 2022 16:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165539793524557 (code B ref 55912); Thu, 16 Jun 2022 16:46:01 +0000 Received: (at 55912) by debbugs.gnu.org; 16 Jun 2022 16:45:35 +0000 Received: from localhost ([127.0.0.1]:42986 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1sch-0006O0-Di for submit@debbugs.gnu.org; Thu, 16 Jun 2022 12:45:35 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:52728) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1sce-0006Nq-7Y for 55912@debbugs.gnu.org; Thu, 16 Jun 2022 12:45:33 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by laurent.telenet-ops.be with bizsmtp id jslW2700D4UW6Th01slW9l; Thu, 16 Jun 2022 18:45:30 +0200 Message-ID: <623fb4e4eea75f728248bb706fbed9e5677bcc22.camel@telenet.be> From: Maxime Devos Date: Thu, 16 Jun 2022 18:45:30 +0200 In-Reply-To: <87tu8kk2dx.fsf_-_@gnu.org> References: <20220615202951.22501-1-ludo@gnu.org> <87wndglwbd.fsf@gnu.org> <8e5bb981309815ed813fc2e304c556cc8704c622.camel@telenet.be> <87tu8kk2dx.fsf_-_@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-D4t6U7cjDezi9xiyAFRG" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1655397930; bh=GzhbC4fGi3UaQFDvLzzZnbRc2kVhE7mFBONlsKBkYdk=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=iR2Mw/hWB6MtZxu6JvnHPgnVyisFjToUge0/T4oPikKXVtSG2kIDJks5nzJGP1N8I C10rTmTu/NDphIC6iOaCf7zgIwqVPGybdGYuDxQWb6A3Xf7FaWL2KFIwilpzPn8b0b vZLpQQSMnl+/K0uST0Y8/kCQdFQkO7BtgPZWdTomrw6OKvR1qMrsfs2T8hNhcc/YGI vca/au4eN0O8hwWkLRjizehOYS9XUcN10CIzboFSDpbFKA8yJmgv43/uJeYX0jMIc2 Vbqyo3NDqXQ2C4xKe3KtblbQCSA7Hf53KwlPphh+bJSvcRJnTNzNS6sAYfaVhkU1Kw Fd4SZio88p4Sw== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-D4t6U7cjDezi9xiyAFRG Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op do 16-06-2022 om 18:18 [+0200]: > In Guile proper, it would be nice if there were a =E2=80=98%file-name-enc= oding=E2=80=99 > fluid. I was more thinking of a %file-name-encoding parameter (instead of a fluid), but that's what I had in mind. Greetings, Maxime. --=-D4t6U7cjDezi9xiyAFRG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqteKhccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7mp3AP9Y1wcNHwBnHK1T9KFuDDNGeuBX LIfP+efu4AtyHDYsSAD7B8woV3W8w0LmuSwbpcbV7+HEHHbzdnK5HVS/fZ1orQo= =J6vo -----END PGP SIGNATURE----- --=-D4t6U7cjDezi9xiyAFRG-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 17 Jun 2022 12:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165546918721141 (code B ref 55912); Fri, 17 Jun 2022 12:34:02 +0000 Received: (at 55912) by debbugs.gnu.org; 17 Jun 2022 12:33:07 +0000 Received: from localhost ([127.0.0.1]:44183 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o2B9u-0005Uu-MV for submit@debbugs.gnu.org; Fri, 17 Jun 2022 08:33:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38124) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o2B9t-0005UQ-4V for 55912@debbugs.gnu.org; Fri, 17 Jun 2022 08:33:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:56974) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o2B9l-0007qG-EJ; Fri, 17 Jun 2022 08:32:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=3cRB0g8vrJ53uFqgAvsopS2Aq4RmYeg2vJsB0ZWxtIs=; b=D+vzI6oTIpi1RVFA66sU oHw2jg8QUEqLbEs6bVtkWnteAGbLui6h1oySPhew+nDZJudl3PaX62xHhhUMSOw9gkAlIKlitwtTT 1WMdf9/KSJeZBoJbPKxD4coSjUxV3wecU+HFAs0ayKmY8D95xM7NPZMZmOAhEEt7Pf7iaN5hjUx3d 0bqhqGmTuEkEt+IONhr/mu+Zf7dtwCg5usBRqA+9xxWwpTXHohilYUYOKWXW/4n4U1z8qJk57NVqe xUZ8TdsYmGUnhzZGPIoxRhkYtN0QPyfZgIE8UrI2jiDjdqjieJkoU/HynAUrkA9DAY8tdE69xQtqj XstPvERFQibNAA==; Received: from [193.50.110.205] (port=59782 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o2B9l-00036K-0m; Fri, 17 Jun 2022 08:32:57 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20220615202951.22501-1-ludo@gnu.org> <87wndglwbd.fsf@gnu.org> <8e5bb981309815ed813fc2e304c556cc8704c622.camel@telenet.be> <87tu8kk2dx.fsf_-_@gnu.org> <623fb4e4eea75f728248bb706fbed9e5677bcc22.camel@telenet.be> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Nonidi 29 Prairial an 230 de la =?UTF-8?Q?R=C3=A9volution,?= jour de la Pivoine X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 17 Jun 2022 14:32:55 +0200 In-Reply-To: <623fb4e4eea75f728248bb706fbed9e5677bcc22.camel@telenet.be> (Maxime Devos's message of "Thu, 16 Jun 2022 18:45:30 +0200") Message-ID: <874k0jii6g.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op do 16-06-2022 om 18:18 [+0200]: >> In Guile proper, it would be nice if there were a =E2=80=98%file-name-en= coding=E2=80=99 >> fluid. > > I was more thinking of a %file-name-encoding parameter (instead of a > fluid), but that's what I had in mind. Yeah, could be (for =E2=80=9Chistorical reasons=E2=80=9D, similar interface= s such as =E2=80=98%default-port-encoding=E2=80=99 were fluids, that=E2=80=99s why I = mentioned that). Ludo=E2=80=99. From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Philip McGrath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 17 Jun 2022 13:20:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: ludo@gnu.org, 55912@debbugs.gnu.org Cc: maximedevos@telenet.be X-Debbugs-Original-To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , debbugs-submit@debbugs.gnu.org X-Debbugs-Original-Cc: 55912@debbugs.gnu.org, Maxime Devos Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165547198218568 (code B ref 55912); Fri, 17 Jun 2022 13:20:01 +0000 Received: (at 55912) by debbugs.gnu.org; 17 Jun 2022 13:19:42 +0000 Received: from localhost ([127.0.0.1]:44351 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o2Bt0-0004pP-3D for submit@debbugs.gnu.org; Fri, 17 Jun 2022 09:19:42 -0400 Received: from wout3-smtp.messagingengine.com ([64.147.123.19]:36013) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o2Bsv-0004od-C4; Fri, 17 Jun 2022 09:19:37 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 86D9C32009A7; Fri, 17 Jun 2022 09:19:31 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Fri, 17 Jun 2022 09:19:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= philipmcgrath.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; t=1655471971; x= 1655558371; bh=3izRdKwNO5lIN4dTTUcpGpmcp3uZW/x9Oqezi+64IcY=; b=S NUb+alNPCfUdaZJNXwFUi4eYANKzBs0pceIFglXk9wA2g/zb7KsKwVwzlY8Rwy8G oRaI4lD0LGyAxIkDO2yKl0cHpbXcV5HDqGzvRCM6enuD296HlKfY45Xp3YtZC5ji mo1sKbzpIf6XNWIfk2NIifzGgBA8vkLfdvembnCjKefHPdjiOJWeZJABgWoSQYin 9S+b9K96ZzFdKZCwizQuGnccXq+4xI+LdNMs2XR/g8r0i3RmdgqH+iHnqeCPcaun J+LNa79bOSNLI9N+DRtny0F3aN+AjhYD8PQyzrwvriyKFJipWbnBEw+uEGl0qxcf HAUV0urIcYkI9wse5WzhQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1655471971; x=1655558371; bh=3izRdKwNO5lIN4dTTUcpGpmcp3uZ W/x9Oqezi+64IcY=; b=VH/XQnBGOhzDyo/vzM4lUNsce6a3jRuS5x3Z2Wk7RO5S QHPWGTcgyk+hX9O9LKCp6qxk5Y/g441/oVHaj67u3XwTJj1hfPN8f9VCv4Q+PZuz W7MUDnWq4Fsfk5+m8oQ+xx3RL7wapnlFaNpPQ2QfvJ8ZU/RgDBP5CRtKnu1pwQzz eYW/SxjayhJw/c1NDJlGYHsQOzENaokm6od0vaMNT8KlxuisZxJl/sDcEu6ggyXq yXplvls0K69cBC4KkssOhYv3TV618sEy8O7/jdZVfRdLV5xsfljpFvGWGm5E04OA m+VHUFNdXRLt1+ba5wADJakGJTA7cJe74sHUMO0ZMw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedruddvhedgiedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne goufhushhpvggtthffohhmrghinhculdegledmnecujfgurhephffvvefufffkjghfgggt sehgtderredttdejnecuhfhrohhmpefrhhhilhhiphcuofgtifhrrghthhcuoehphhhilh hiphesphhhihhlihhpmhgtghhrrghthhdrtghomheqnecuggftrfgrthhtvghrnhepteei hffhjeetheeujefgtefhleevieeuheekgeeijeetveelgeekffevvddvuedvnecuffhomh grihhnpehgihhthhhusgdrihhopdhrrggtkhgvthdqlhgrnhhgrdhorhhgpdhgihhthhhu sgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehphhhilhhiphesphhhihhlihhpmhgtghhrrghthhdrtghomh X-ME-Proxy: Feedback-ID: i2b1146f3:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 17 Jun 2022 09:19:30 -0400 (EDT) From: Philip McGrath Date: Fri, 17 Jun 2022 08:42:41 -0400 Message-ID: <22679917.6Emhk5qWAg@avalon> In-Reply-To: <623fb4e4eea75f728248bb706fbed9e5677bcc22.camel@telenet.be> References: <87tu8kk2dx.fsf_-_@gnu.org> <623fb4e4eea75f728248bb706fbed9e5677bcc22.camel@telenet.be> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2514343.Lt9SDvczpP"; micalg="pgp-sha512"; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --nextPart2514343.Lt9SDvczpP Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Philip McGrath Cc: 55912@debbugs.gnu.org, Maxime Devos Subject: Re: bug#55912: [PATCH] home: Add OpenSSH service. Date: Fri, 17 Jun 2022 08:42:41 -0400 Message-ID: <22679917.6Emhk5qWAg@avalon> On Thursday, June 16, 2022 12:45:30 PM EDT Maxime Devos wrote: > Ludovic Court=C3=A8s schreef op do 16-06-2022 om 18:18 [+0200]: > > In Guile proper, it would be nice if there were a =E2=80=98%file-name-e= ncoding=E2=80=99 > > fluid. >=20 > I was more thinking of a %file-name-encoding parameter (instead of a > fluid), but that's what I had in mind. >=20 I think the problem goes deeper than that: an R6RS string is a fixed-length= =20 sequence of Unicode scalar values, but a path on a Unix-like system is a=20 sequence of non-null bytes, and on Windows is a sequence of UTF-16 code uni= ts=20 with possibly unpaired surrogates (aka WTF-16 [1]). That is, there are some= =20 valid paths that can not be represented as Scheme strings. Racket has a really nice path datatype that handles these subtleties (there= =20 are many bad headaches if you want to be portable to Windows) while allowin= g=20 an ergonomic use of strings for the common case. [2] Zuo has a more minimal path API which takes advantage of the fact that a Zu= o=20 string is like a Scheme bytevector. [3] It doesn't handle all of the=20 complexity managed by the Racket path type, but focuses on the subset of pa= ths=20 applicable to a build environment. The implementation of all of Zuo is a=20 single C file. [4] =2DPhilip [1]: https://simonsapin.github.io/wtf-8/ [2]: https://docs.racket-lang.org/reference/pathutils.html [3]: https://docs.racket-lang.org/zuo/zuo-base.html#%28part._.Paths%29 [4]: https://github.com/racket/racket/blob/master/racket/src/zuo/zuo.c --nextPart2514343.Lt9SDvczpP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE9GWrrNY3rqwUFVXPygNjjfo/HHoFAmKsdsEACgkQygNjjfo/ HHqk5g/+Ir5WMAvJZP7SCprHMGjm48Qf9VpddQf/NyDi6qA7rpXj0wSOzJP3g72M oFK30U83BMgr6RUTyXntUfDwS7S5xZcVyCCw9xsIjL95zwDtI5WtcgAg3GzANk1M 240s1JuwRI3RGX9db/1UI/5jlFb/hoFwbjkU7Glry0y2KA67itBOfGzGmiPgmaNd LXnPwEWvhJXbTKUcjd1vrp9moz26PhmECEKygsJmJhAV6nWWQXImhWguVc6ymHLd FFCUyvwPXXyBSolsYPVdLzIcvlj6LtQIfFjVQEaPAhdzNHYTjfXvqdDstsmDdjps OQT85ujcVtsvCWMxK7okbP2lCQgjQ6eTQ3JimZyO9Uk6Gn6MBL95HjSBldyyLmOz KvyCbeaAS4XImwjncj3kq5sLtc6qtVC6iRJXAhL8f1phH6Ab43k7UeZpx+ltHoDk KRzN/VsHlN3y24JVxLqlUYlEfjyV7Y042DkEyWyCWtSExcYlumPh/8dTPeBLlDux HiUeJZ8mH3KSpS/bxZhNbA065U243HSMVSp58+VB+5mlCGhqyfctVX0sbCAFIdUu VomBGz74Mq+LOxCRBUPGOjJ/+/6OMQ+UMRVrhbhLY/sE8f73xgoDcqShqQdhdjR5 CV5LLaUXyt5l/0+10cGdpHtU1A+bUDpRBEQkMNtvEVZRYq3Ivqc= =ArPA -----END PGP SIGNATURE----- --nextPart2514343.Lt9SDvczpP-- From unknown Tue Jun 17 20:39:51 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55912] [PATCH] home: Add OpenSSH service. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 17 Jun 2022 20:58:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55912 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: philip@philipmcgrath.com, ludo@gnu.org, 55912@debbugs.gnu.org X-Debbugs-Original-To: Philip McGrath , Ludovic =?UTF-8?Q?Court=C3=A8s?= , debbugs-submit@debbugs.gnu.org X-Debbugs-Original-Cc: 55912@debbugs.gnu.org Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.16554994253428 (code B ref 55912); Fri, 17 Jun 2022 20:58:01 +0000 Received: (at 55912) by debbugs.gnu.org; 17 Jun 2022 20:57:05 +0000 Received: from localhost ([127.0.0.1]:47096 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o2J1d-0000tE-EI for submit@debbugs.gnu.org; Fri, 17 Jun 2022 16:57:05 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:45102) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o2J1X-0000s2-E3 for 55912@debbugs.gnu.org; Fri, 17 Jun 2022 16:57:01 -0400 Received: from [172.20.10.5] ([213.119.205.252]) by michel.telenet-ops.be with bizsmtp id kLww270035TFlZ906Lwwtu; Fri, 17 Jun 2022 22:56:57 +0200 Message-ID: From: Maxime Devos Date: Fri, 17 Jun 2022 22:56:52 +0200 In-Reply-To: <22679917.6Emhk5qWAg@avalon> References: <87tu8kk2dx.fsf_-_@gnu.org> <623fb4e4eea75f728248bb706fbed9e5677bcc22.camel@telenet.be> <22679917.6Emhk5qWAg@avalon> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-tUKWaJDp8ScCrSX+I0tl" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1655499417; bh=CI09o/D2SUxQaxarH6e/uvUFGnmxddVkjZ8kzwBPyfg=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=VFvgPl8iRdSfmaqtsxEfSxcsaEqSsfhY/0U5lg7ashViyUEdmjBwwJns5naKSOg48 J01lA/LMR8cLgFTwpWUBvAwvhfyb1z9gpxIMLm1aobQT2CY22xm4ty42E6JCvztp6C EXLitghuHt/UXCC3EYauTf+pKe+fu4YKAnEzB/ylw2UIctth2npcq2NKLvglQIsgag 5c11ZTMr5vJl0V50W+cdSrbbBBMVqYCYJi0eVEHyaCkxO39KsRXFQoLHL0cLttk5Zz NeO8JW0ghgn7SCVrV1SXlrYu21+5VRO8FwHSkTbmp5MTP2snVTmeMvMLdlAK8Zvi5i KREC2QyyTtxpw== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-tUKWaJDp8ScCrSX+I0tl Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Philip McGrath schreef op vr 17-06-2022 om 08:42 [-0400]: > I think the problem goes deeper than that: an R6RS string is a fixed- > length sequence of Unicode scalar values, but a path on a Unix-like > system is a sequence of non-null bytes, That's one of the possibilities I know about. Treating that case as =E2=80=98ISO-88591-1=E2=80=99 would be sufficient for Guix, albeit conceptu= ally incorrect. > and on Windows is a sequence of UTF-16 code units=20 > with possibly unpaired surrogates (aka WTF-16 [1]). =20 > That is, there are some > valid paths that can not be represented as Scheme strings. Nasty. Didn't know about that. I'll skip that one for now though (I don't think Guile uses the right Windows APIs for that, it just calls 'open' and 'stat' and the like). > Racket has a really nice path datatype that handles these subtleties > (there are many bad headaches if you want to be portable to Windows) > while allowing an ergonomic use of strings for the common case. [2] For now(later), I'll just stick to support overriding the file name encoding, a proper separate path datatype can be added later. E.g., open-file can be changed to support both filenames as strings (to be encoded by the file name encoding) or as an instance of the path datatype. Except for rebase conflicts, this seems rather orthogonal to me. Greetings, Maxime. --=-tUKWaJDp8ScCrSX+I0tl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqzqlBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7tAUAP9Rw/tcj9PRlYS1q3e3nWDX3Vxy l2Zc39svxCXPhuDSPgEAt+z0AwzviY33ALH7FbV/sBjcvXltOjTrcdNZV9ISQQo= =7ep8 -----END PGP SIGNATURE----- --=-tUKWaJDp8ScCrSX+I0tl-- From unknown Tue Jun 17 20:39:51 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#55912: closed (Re: bug#55912: [PATCH] home: Add OpenSSH service.) Message-ID: References: <87r13ld4yw.fsf_-_@gnu.org> <20220611164931.21953-1-ludo@gnu.org> X-Gnu-PR-Message: they-closed 55912 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 55912@debbugs.gnu.org Date: Sat, 18 Jun 2022 21:42:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1655588522-17708-1" This is a multi-part message in MIME format... ------------=_1655588522-17708-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #55912: [PATCH] home: Add OpenSSH service. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 55912@debbugs.gnu.org. --=20 55912: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D55912 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1655588522-17708-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 55912-done) by debbugs.gnu.org; 18 Jun 2022 21:41:53 +0000 Received: from localhost ([127.0.0.1]:50295 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o2gCX-0004b9-BE for submit@debbugs.gnu.org; Sat, 18 Jun 2022 17:41:53 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35890) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o2gCV-0004ao-Kw for 55912-done@debbugs.gnu.org; Sat, 18 Jun 2022 17:41:51 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45112) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o2gCP-0007g0-EZ; Sat, 18 Jun 2022 17:41:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=Hn/kd9wk+/Cx0F8OkpTWs99oByESn4BlfEoNoHxOrnk=; b=Mn2xfvk0k4Ss75nSJPoF S1wRYI6r2tg9X1hLUxC0dW2MzSYKD6nw0ui/bSfNp78ZxnkgjDKMJ7t7TRJSqlnfVi1B5qdkRiluu kZFL5X5WUR3AT2h3TYYx8EzkZP5J2249qj9m5Li/Dd56JdGABroVh48Ym7TLDutwd8ccEot7sbyQH 94IzlWnuurDySYCKzBRtq8ayoLOKzeqzKVTh+Pb/8/eCw2SPId/9UVRMYcTzT3pcL74PNsfUZ9k3a IVwDb93FlobNuD/DVcsljF6sJJXtdUCU204pCxxrwO1A/PeZfC0/RaxfW3dBAXgKBIF4VH7F+T6KZ eDFs2sKiMde8GQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:58567 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o2gCP-0005ML-1y; Sat, 18 Jun 2022 17:41:45 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 55912-done@debbugs.gnu.org Subject: Re: bug#55912: [PATCH] home: Add OpenSSH service. References: <20220615202951.22501-1-ludo@gnu.org> Date: Sat, 18 Jun 2022 23:41:43 +0200 In-Reply-To: <20220615202951.22501-1-ludo@gnu.org> ("Ludovic =?utf-8?Q?Cou?= =?utf-8?Q?rt=C3=A8s=22's?= message of "Wed, 15 Jun 2022 22:29:51 +0200") Message-ID: <87r13ld4yw.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 55912-done Cc: Maxime Devos X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: > * gnu/home/services/ssh.scm: New file. > * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. > * po/guix/POTFILES.in: Add it. > * doc/guix.texi (Secure Shell): New section. Pushed yesterday as 7f208f68dea828fe02718ca8ce81d5975136cff8. Thanks, Maxime! Ludo=E2=80=99. ------------=_1655588522-17708-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 11 Jun 2022 16:49:52 +0000 Received: from localhost ([127.0.0.1]:53811 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o04J0-00016c-Sj for submit@debbugs.gnu.org; Sat, 11 Jun 2022 12:49:52 -0400 Received: from lists.gnu.org ([209.51.188.17]:49200) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o04Iy-00016U-1Y for submit@debbugs.gnu.org; Sat, 11 Jun 2022 12:49:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42440) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o04Ix-0008Oo-Ji for guix-patches@gnu.org; Sat, 11 Jun 2022 12:49:43 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58464) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o04Ix-0005Am-B9; Sat, 11 Jun 2022 12:49:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=FhnJw00ruLaV2bU8zamM1yICBHZw/fHEJXIoATzMORA=; b=e+Aygpl0lzXv6W Bn5jd44usdbKjLaIqEP32yZOq5Ml1053C15NfpiPvEhCv0uuZ1ZUnMMq6JRAnQj8DpOE0fN7DxrgE kKZuEbZQmpp5ChS53aVLFQIdRiFlDF0E44MJgMepD3iNjhm8aTZP5JWtumQviBJrD58R7YAoDkVRf DZAP5YvMbJ7+gPvBV+KymB5m9P6pvWFcfTBZkLGHxX+tuzuVqSdWFK7DWEN66ccfKKqzDZGYly9tf GWT1yuuq7a1v2I343DlcVpy2iEHb1HZAn9nk15QRmg3xR8xbiI11r0jNFRg42qXaWPbEKDS2LigE+ wak1T+gYcteWQUlxLbGQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:55639 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o04Iu-0002Fc-VK; Sat, 11 Jun 2022 12:49:42 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH] home: Add OpenSSH service. Date: Sat, 11 Jun 2022 18:49:31 +0200 Message-Id: <20220611164931.21953-1-ludo@gnu.org> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/home/services/ssh.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/guix/POTFILES.in: Add it. * doc/guix.texi (Secure Shell): New section. --- doc/guix.texi | 183 +++++++++++++++++++++++++++- gnu/home/services/ssh.scm | 250 ++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + po/guix/POTFILES.in | 1 + 4 files changed, 434 insertions(+), 1 deletion(-) create mode 100644 gnu/home/services/ssh.scm Hi! Here’s an OpenSSH Home service, loosely inspired by what Julien had implemented at: https://framagit.org/tyreunom/guix-home-manager/-/blob/master/home/ssh.scm One thing I wasn’t sure about was how to handle ~/.ssh/known_hosts. To lower the barrier to entry, I added an option to keep handling it in a stateful way (with ‘ssh’ updating the file as it sees fit), and I made that the default. I toyed with other approaches. In particular, just like Julien’s module had , I tried doing that and going further so one could write: (openssh-host-key ssh-rsa "AAAAE2VjZHNhLX…") and arrange so that (1) the host key algorithm is validated (a typo would be reported at macro-expansion time), and (2) the string is base64-decoded, similar to what is done for origins. But then, while this is perhaps The Right Thing, I though it could be too inconvenient to use: users would have to convert what ‘ssh’ gives them into this format. Sure, that’d give them data validation in return, but that’s probably too little for too high a cost. So I sticked to something simpler that allows users to pass files as-is in ‘known-hosts’ and ‘authorized-keys’ (note that ‘authorized-keys’ in also works that way, so it’s consistent). Thoughts? Thanks, Ludo’. diff --git a/doc/guix.texi b/doc/guix.texi index ea133d519a..831b8fa7c0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -38899,6 +38899,7 @@ services)}. * Shells: Shells Home Services. POSIX shells, Bash, Zsh. * Mcron: Mcron Home Service. Scheduled User's Job Execution. * Shepherd: Shepherd Home Service. Managing User's Daemons. +* SSH: Secure Shell. Setting up the secure shell client. * Desktop: Desktop Home Services. Services for graphical environments. @end menu @c In addition to that Home Services can provide @@ -39219,7 +39220,7 @@ GNU@tie{}mcron, a daemon to run jobs at scheduled times (@pxref{Top,,, mcron, GNU@tie{}mcron}). The information about system's mcron is applicable here (@pxref{Scheduled Job Execution}), the only difference for home services is that they have to be declared in a -@code{home-envirnoment} record instead of an @code{operating-system} +@code{home-environment} record instead of an @code{operating-system} record. @defvr {Scheme Variable} home-mcron-service-type @@ -39287,6 +39288,186 @@ mechanism instead (@pxref{Shepherd Services}). @end table @end deftp +@node Secure Shell +@subsection Secure Shell + +@cindex secure shell client, configuration +@cindex SSH client, configuration +The @uref{https://www.openssh.com, OpenSSH package} includes a client, +the @command{ssh} command, that allows you to connect to remote machines +using the @acronym{SSH, secure shell} protocol. With the @code{(gnu +home services ssh)} module, you can set up OpenSSH so that it works in a +predictable fashion, almost independently of state on the local machine. +To do that, you instantiate @code{home-openssh-service-type} in your +Home configuration, as explained below. + +@defvr {Scheme Variable} home-openssh-service-type +This is the type of the service to set up the OpenSSH client. It takes +care of several things: + +@itemize +@item +adding the @code{openssh} package to your profile so the @command{ssh} +command is readily available; + +@item +providing a @file{~/.ssh/config} file based on your configuration so +that @command{ssh} knows about hosts you regularly connect to and their +associated parameters; + +@item +providing a @file{~/.ssh/authorized_keys}, which lists public keys that +the local SSH server, @command{sshd}, may accept to connect to this user +account; + +@item +optionally providing a @file{~/.ssh/known_hosts} file so that @file{ssh} +can authenticate hosts you connect to. +@end itemize + +Here is a sample configuration you could add to the @code{services} +field of your @code{home-environment}: + +@lisp +(home-openssh-configuration + (hosts (list (openssh-host (name "ci.guix.gnu.org") + (user "charlie")) + (openssh-host (name "chbouib") + (host-name "chbouib.example.org") + (user "supercharlie") + (port 10022)))) + (authorized-keys (list (local-file "alice.pub")))) +@end lisp + +The example above lists two hosts and their parameters. For instance, +running @command{ssh chbouib} will automatically connect to +@code{chbouib.example.org} on port 10022, logging in as user +@samp{supercharlie}. Further, it marks the public key in +@file{alice.pub} as authorized for incoming connections. + +The value associated with a @code{home-openssh-service-type} instance +must be a @code{home-openssh-configuration} record, as describe below. +@end defvr + +@deftp {Data Type} home-openssh-configuration +This is the datatype representing the OpenSSH client and server +configuration in one's home environment. It contains the following +fields: + +@table @asis +@item @code{openssh} (default: @code{openssh}) +The OpenSSH package to add to the environment's profile. + +@item @code{hosts} (default: @code{'()}) +A list of @code{openssh-host} records specifying host names and +associated connection parameters (see below). This host list goes into +@file{~/.ssh/config}, which @command{ssh} reads at startup. + +@item @code{known-hosts} (default: @code{*unspecified*}) +This must be either: + +@itemize +@item +@code{*unspecified*}, in which case @code{home-openssh-service-type} +leaves it up to @command{ssh} and to the user to maintain the list of +known hosts at @file{~/.ssh/known_hosts}, or + +@item +a list of file-like objects, in which case those are concatenated and +emitted as @file{~/.ssh/known_hosts}. +@end itemize + +The @file{~/.ssh/known_hosts} contains a list of host name/host key +pairs that allow @command{ssh} to authenticate hosts you connect to and +to detect possible impersonation attacks. By default, @command{ssh} +updates it in a @dfn{TOFU, trust-on-first-use} fashion, meaning that it +records the host's key in that file the first time you connect to it. +This behavior is preserved when @code{known-hosts} is set to +@code{*unspecified*}. + +If you instead provide a list of host keys upfront in the +@code{known-hosts} field, your configuration becomes self-contained and +stateless: it can be replicated elsewhere or at another point in time. +Preparing this list can be relatively tedious though, which is why +@code{*unspecified*} is kept as a default. + +@item @code{authorized-keys} (default: @code{'()}) +This must be a list of file-like objects, each of which containing an +SSH public key that should be authorized to connect to this machine. + +Concretely, these files are concatenated and made available as +@file{~/.ssh/authorized_keys}. If an OpenSSH server, @command{sshd}, is +running on this machine, then it @emph{may} take this file into account: +this is what @command{sshd} does by default, but be aware that it can +also be configured to ignore it. +@end table +@end deftp + +@c %start of fragment + +@deftp {Data Type} openssh-host +Available @code{openssh-host} fields are: + +@table @asis +@item @code{name} (type: string) +Name of this host declaration. + +@item @code{host-name} (default: @code{disabled}) (type: maybe-string) +Host name---e.g., @code{"foo.example.org"} or @code{"192.168.1.2"}. + +@item @code{address-family} (type: address-family) +Address family to use when connecting to this host: one of +@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only), or +@code{*unspecified*} (allowing any address family). + +@item @code{identity-file} (default: @code{disabled}) (type: maybe-string) +The identity file to use---e.g., @code{"/home/charlie/.ssh/id_ed25519"}. + +@item @code{port} (default: @code{disabled}) (type: maybe-integer) +TCP port number to connect to. + +@item @code{user} (default: @code{disabled}) (type: maybe-string) +User name on the remote host. + +@item @code{forward-x11?} (default: @code{#f}) (type: boolean) +Whether to forward remote client connections to the local X11 graphical +display. + +@item @code{forward-x11-trusted?} (default: @code{#f}) (type: boolean) +Whether remote X11 clients have full access to the original X11 +graphical display. + +@item @code{forward-agent?} (default: @code{#f}) (type: boolean) +Whether the authentication agent (if any) is forwarded to the remote +machine. + +@item @code{compression?} (default: @code{#f}) (type: boolean) +Whether to compress data in transit. + +@item @code{proxy-command} (default: @code{disabled}) (type: maybe-string) +The command to use to connect to the server. As an example, a command +to connect via an HTTP proxy at 192.0.2.0 would be: @code{"nc -X connect +-x 192.0.2.0:8080 %h %p"}. + +@item @code{host-key-algorithms} (default: @code{disabled}) (type: maybe-string-list) +The list of accepted host key algorithms---e.g., +@code{'("ssh-ed25519")}. + +@item @code{accepted-key-types} (default: @code{disabled}) (type: maybe-string-list) +The list of accepted user public key types. + +@item @code{extra-content} (default: @code{""}) (type: raw-configuration-string) +Extra content appended as-is to this @code{Host} block in +@file{~/.ssh/config}. + +@end table + +@end deftp + + +@c %end of fragment + + @node Desktop Home Services @subsection Desktop Home Services diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm new file mode 100644 index 0000000000..162d7df960 --- /dev/null +++ b/gnu/home/services/ssh.scm @@ -0,0 +1,250 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu home services ssh) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (guix diagnostics) + #:use-module (guix i18n) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (guix modules) + #:use-module (gnu home services) + #:use-module ((gnu home services utils) + #:select (object->camel-case-string)) + #:autoload (gnu packages ssh) (openssh) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (ice-9 match) + #:export (home-openssh-configuration + home-openssh-configuration-authorized-keys + home-openssh-configuration-known-hosts + home-openssh-configuration-hosts + + openssh-host + openssh-host-host-name + openssh-host-identity-file + openssh-host-name + openssh-host-port + openssh-host-user + openssh-host-forward-x11? + openssh-host-forward-x11-trusted? + openssh-host-forward-agent? + openssh-host-compression? + openssh-host-proxy-command + openssh-host-host-key-algorithms + openssh-host-accepted-key-types + openssh-host-extra-content + + home-openssh-service-type)) + +(define (serialize-field-name name) + (match name + ('accepted-key-types "PubkeyAcceptedKeyTypes") + (_ + (let ((name (let ((str (symbol->string name))) + (if (string-suffix? "?" str) + (string->symbol (string-drop-right str 1)) + name)))) + (object->camel-case-string name 'upper))))) + +(define (serialize-string field value) + (string-append " " (serialize-field-name field) + " " value "\n")) + +(define (address-family? obj) + (memv obj (list *unspecified* AF_INET AF_INET6))) + +(define (serialize-address-family field family) + (if (unspecified? family) + "" + (string-append " " (serialize-field-name field) " " + (cond ((= family AF_INET) "inet") + ((= family AF_INET6) "inet6") + (else + (raise + (formatted-message + (G_ "~s: unsupported address family") + family)))) + "\n"))) + +(define (serialize-integer field value) + (string-append " " (serialize-field-name field) " " + (number->string value) "\n")) + +(define (serialize-boolean field value) + (string-append " " (serialize-field-name field) " " + (if value "yes" "no") "\n")) + +(define-maybe string) +(define-maybe integer) + +(define (serialize-raw-configuration-string field value) + (string-append value "\n")) +(define raw-configuration-string? string?) + +(define (string-list? lst) + (and (pair? lst) (every string? lst))) +(define (serialize-string-list field lst) + (string-append " " (serialize-field-name field) " " + (string-join lst ",") "\n")) + +(define-maybe string-list) + +(define-configuration openssh-host + (name + (string) + "Name of this host declaration.") + (host-name + (maybe-string 'disabled) + "Host name---e.g., @code{\"foo.example.org\"} or @code{\"192.168.1.2\"}.") + (address-family + (address-family *unspecified*) + "Address family to use when connecting to this host: one of +@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only), or +@code{*unspecified*} (allowing any address family).") + (identity-file + (maybe-string 'disabled) + "The identity file to use---e.g., +@code{\"/home/charlie/.ssh/id_ed25519\"}.") + (port + (maybe-integer 'disabled) + "TCP port number to connect to.") + (user + (maybe-string 'disabled) + "User name on the remote host.") + (forward-x11? + (boolean #f) + "Whether to forward remote client connections to the local X11 graphical +display.") + (forward-x11-trusted? + (boolean #f) + "Whether remote X11 clients have full access to the original X11 graphical +display.") + (forward-agent? + (boolean #f) + "Whether the authentication agent (if any) is forwarded to the remote +machine.") + (compression? + (boolean #f) + "Whether to compress data in transit.") + (proxy-command + (maybe-string 'disabled) + "The command to use to connect to the server. As an example, a command +to connect via an HTTP proxy at 192.0.2.0 would be: @code{\"nc -X +connect -x 192.0.2.0:8080 %h %p\"}.") + (host-key-algorithms + (maybe-string-list 'disabled) + "The list of accepted host key algorithms---e.g., +@code{'(\"ssh-ed25519\")}.") + (accepted-key-types + (maybe-string-list 'disabled) + "The list of accepted user public key types.") + (extra-content + (raw-configuration-string "") + "Extra content appended as-is to this @code{Host} block in +@file{~/.ssh/config}.")) + +(define (serialize-openssh-host config) + (define (openssh-host-name-field? field) + (eq? (configuration-field-name field) 'name)) + + (string-append + "Host " (openssh-host-name config) "\n" + (string-concatenate + (map (lambda (field) + ((configuration-field-serializer field) + (configuration-field-name field) + ((configuration-field-getter field) config))) + (remove openssh-host-name-field? + openssh-host-fields))))) + +(define-record-type* + home-openssh-configuration make-home-openssh-configuration + home-openssh-configuration? + (openssh home-openssh-configuration-openssh ;file-like + (default openssh)) + (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like + (default '())) + (known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like + (default *unspecified*)) + (hosts home-openssh-configuration-hosts ;list of + (default '()))) + +(define (openssh-configuration->string config) + (string-join (map serialize-openssh-host + (home-openssh-configuration-hosts config)) + "\n")) + +(define* (file-join name files #:optional (delimiter " ")) + "Return a file in the store called @var{name} that is the concatenation +of all the file-like objects listed in @var{files}, with @var{delimited} +inserted after each of them." + (computed-file name + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (call-with-output-file #$output + (lambda (output) + (for-each (lambda (file) + (call-with-input-file file + (lambda (input) + (dump-port input output))) + (display #$delimiter output)) + '#$files))))))) + +(define (openssh-configuration-files config) + (let ((config (plain-file "config" (openssh-configuration->string config))) + (known-hosts (home-openssh-configuration-known-hosts config)) + (authorized-keys (file-join + "authorized_keys" + (home-openssh-configuration-authorized-keys config) + "\n"))) + `((".ssh/authorized_keys" ,authorized-keys) + ,@(if (unspecified? known-hosts) + '() + `((".ssh/known_hosts" + ,(file-join "known_hosts" known-hosts "\n")))) + (".ssh/config" ,config)))) + +(define openssh-activation + (with-imported-modules (source-module-closure + '((gnu build activation))) + #~(begin + (use-modules (gnu build activation)) + + ;; Make sure ~/.ssh is #o700. + (let* ((home (getenv "HOME")) + (dot-ssh (string-append home "/.ssh"))) + (mkdir-p/perms dot-ssh (getpw (getuid)) #o700))))) + +(define home-openssh-service-type + (service-type + (name 'home-openssh) + (extensions + (list (service-extension home-files-service-type + openssh-configuration-files) + (service-extension home-profile-service-type + (compose + list + home-openssh-configuration-openssh)) + (service-extension home-activation-service-type + (const openssh-activation)))) + (description "Configure the OpenSSH @acronym{SSH, secure shell} +client and add it to the user profile.") + (default-value (home-openssh-configuration)))) diff --git a/gnu/local.mk b/gnu/local.mk index d49af0d898..f3b08ffdab 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -85,6 +85,7 @@ GNU_SYSTEM_MODULES = \ %D%/home/services/fontutils.scm \ %D%/home/services/shells.scm \ %D%/home/services/shepherd.scm \ + %D%/home/services/ssh.scm \ %D%/home/services/mcron.scm \ %D%/home/services/utils.scm \ %D%/home/services/xdg.scm \ diff --git a/po/guix/POTFILES.in b/po/guix/POTFILES.in index 6b8bd92bb7..201e5dcc87 100644 --- a/po/guix/POTFILES.in +++ b/po/guix/POTFILES.in @@ -6,6 +6,7 @@ gnu/services.scm gnu/system.scm gnu/services/shepherd.scm gnu/home/services.scm +gnu/home/services/ssh.scm gnu/home/services/symlink-manager.scm gnu/system/file-systems.scm gnu/system/image.scm base-commit: 010426e2c34428d69573cdfef88239303edcab2d -- 2.36.1 ------------=_1655588522-17708-1--