GNU bug report logs - #55912
[PATCH] home: Add OpenSSH service.

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 11 Jun 2022 16:50:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: Ludovic Courtès <ludo <at> gnu.org>, 55912 <at> debbugs.gnu.org
Subject: [bug#55912] [PATCH] home: Add OpenSSH service.
Date: Sat, 11 Jun 2022 21:51:20 +0200

[Message part 1 (text/plain, inline)]
Hi,

Some comments on the code.

Ludovic Courtès schreef op za 11-06-2022 om 18:49 [+0200]:
> +  (port
> +   (maybe-integer 'disabled)
> +   "TCP port number to connect to.")

TCP only allows natural numbers up to some bound, and in practice
implementations only support non-zero natural numbers, so maybe the
predicate can be refined a bit?

> +                             (formatted-message
> +                              (G_ "~s: unsupported address family")

Maybe a hint:

  hint: AF_INET and AF_INET6 are supported.


> + (define (serialize-string field value)
> +   (string-append "  " (serialize-field-name field)
> +                  " " value "\n"))

> +  (name
> +   (string)
> +   "Name of this host declaration.")
> [...]
> +  (proxy-command
> +   (maybe-string 'disabled)

Attila Lendvai has a patch series at 54674 that changes 'disabled' ->
*unspecified* -- I think it would be better to apply that patch series
first.

Wouldn't the value need to be escaped?  Or at least a check that it
doesn't contain special characters like \n or whatever special
charaters an OpenSSH configuration has.


>+ (define* (file-join name files #:optional (delimiter " "))
>+  "Return a file in the store called @var{name} that is the
>+ concatenation
>+ of all the file-like objects listed in @var{files}, with
@var{delimited}
>+ inserted after each of them."

Does this work for files with non-ASCII characters and for file names
that contain non-ASCII characters?

>+          (service-extension home-profile-service-type
>+                             (compose
>+                              list
>+                              home-openssh-configuration-openssh))
>+          (service-extension home-activation-service-type
>+                             (const openssh-activation))))
>+   (description "Configure the OpenSSH @acronym{SSH, secure shell}
>+client and _add it to the user profile_.")

(emphasis added).  Why is it automagically added to the user profile? 
This is considered bad practice for system services.  Maybe the user
keeps all their remote communication things in a single profile, maybe
the user only uses openssh things via other tools like 'guix deploy' or
'gnome-shell-extension-gsconnect' and hence has no need for 'openssh'
in their home profile.   Maybe the user never ssh's _from_ the computer
that has the openssh home configuration and only connects _to_ the
computer and hence the 'openssh' in the profile isn't necessary.

Now there are two ways to add 'openssh' to the environment: the Guix
Home equivalent of a 'packages' field and the openssh home service,
with AFAICT no mechanism for deciding which one ‘wins’ and no mechanism
for a proper error message like ‘only add the openssh package to the
profile or use the openssh home service, not both!’, which doesn't seem
ideal to me.

reetings,
Maxime.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 334 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.