From unknown Sun Jun 22 00:34:34 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#62966] [PATCH 1/2] home: services: openssh: Add configuration option for jump proxies Resent-From: Saku Laesvuori Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Apr 2023 11:31:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 62966 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 62966@debbugs.gnu.org Cc: Saku Laesvuori X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16819902596082 (code B ref -1); Thu, 20 Apr 2023 11:31:01 +0000 Received: (at submit) by debbugs.gnu.org; 20 Apr 2023 11:30:59 +0000 Received: from localhost ([127.0.0.1]:36727 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppSV8-0001a1-CN for submit@debbugs.gnu.org; Thu, 20 Apr 2023 07:30:58 -0400 Received: from lists.gnu.org ([209.51.188.17]:39846) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppSV6-0001Zs-B5 for submit@debbugs.gnu.org; Thu, 20 Apr 2023 07:30:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppSV2-0004IY-9E for guix-patches@gnu.org; Thu, 20 Apr 2023 07:30:56 -0400 Received: from vmi571514.contaboserver.net ([75.119.130.101] helo=mail.laesvuori.fi) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppSUz-0006oZ-HF for guix-patches@gnu.org; Thu, 20 Apr 2023 07:30:51 -0400 Received: from X-kone.lan (88-113-24-127.elisa-laajakaista.fi [88.113.24.127]) by mail.laesvuori.fi (Postfix) with ESMTPSA id AF707340163; Thu, 20 Apr 2023 13:31:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1681990283; bh=Z62uhFsSSY52Z3CQ7dhOImcXR/plIbYj7XOVCPJGQtE=; h=From:To:Cc:Subject:Date; b=fyvA2Qs+hgFFhJ0id8o1qANYRguJ9ydHTlSNhG5xdVibMUf4oe0xAQ5mCP0tW80Fp sb6aPFEz7r0A+XAOtbFBuJz+o2+N9GQoZO8TMcmqVYfuDYWyy6mLGueZ1/GtmXPaTt rg/NmJqYILRfjifhWmqMdyUzCCYDkymRZTRdxhvs= From: Saku Laesvuori Date: Thu, 20 Apr 2023 14:30:24 +0300 Message-Id: <20230420113024.7999-1-saku@laesvuori.fi> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=75.119.130.101; envelope-from=saku@laesvuori.fi; helo=mail.laesvuori.fi X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) Add a new 'proxy' field to openssh-host to allow ProxyCommand or ProxyJump, but not both, to be configured. Configuring both would cause the serialization order to determine which one is used. Deprecate the 'proxy-command' field because the 'proxy' field replaces it. * gnu/home/services/ssh.scm (proxy-jump->string, proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list, sanitize-proxy-command): New procedure. (proxy-jump, proxy-command): New record type. (openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH can't have ProxyCommand and ProxyJump configured at the same time. * doc/guix.texi (Secure Shell): Update to match the changes to the service. --- doc/guix.texi | 29 ++++++++++++++--- gnu/home/services/ssh.scm | 65 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 89 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index adb1975935..da25bba770 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -42618,10 +42618,31 @@ machine. @item @code{compression?} (default: @code{#f}) (type: boolean) Whether to compress data in transit. -@item @code{proxy-command} (type: maybe-string) -The command to use to connect to the server. As an example, a command -to connect via an HTTP proxy at 192.0.2.0 would be: @code{"nc -X connect --x 192.0.2.0:8080 %h %p"}. +@item @code{proxy} (type: maybe-proxy-command-or-jump-list) +The command to use to connect to the server or a list of SSH hosts to +jump through before connecting to the server. The field may be set to either a +@code{proxy-command} or a list of @code{proxy-jump} records. + +As an example, a @code{proxy-command} to connect via an HTTP proxy at 192.0.2.0 +would be constructed with: @code{(proxy-command "nc -X connect -x +192.0.2.0:8080 %h %p")}. + +@deftp {Data Type} proxy-jump +Available @code{proxy-jump} fields are: + +@table @asis +@item @code{user} (type: maybe-string) +User name on the remote host. + +@item @code{host-name} (type: string) +Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}. + +@item @code{port} (type: maybe-natural-number) +TCP port number to connect to. + +@end table + +@end deftp @item @code{host-key-algorithms} (type: maybe-string-list) The list of accepted host key algorithms---e.g., diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index 01917a29cd..6aeb6ad5a7 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -20,6 +20,7 @@ (define-module (gnu home services ssh) #:use-module (guix gexp) #:use-module (guix records) + #:use-module (guix deprecation) #:use-module (guix diagnostics) #:use-module (guix i18n) #:use-module (gnu services) @@ -32,6 +33,8 @@ (define-module (gnu home services ssh) #:autoload (gnu packages base) (glibc-utf8-locales) #:use-module (gnu packages ssh) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-9) + #:use-module (srfi srfi-9 gnu) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) #:use-module (ice-9 match) @@ -55,6 +58,12 @@ (define-module (gnu home services ssh) openssh-host-host-key-algorithms openssh-host-accepted-key-types openssh-host-extra-content + proxy-jump + proxy-jump-host-name + proxy-jump-port + proxy-jump-user + proxy-command + proxy-command->string home-openssh-service-type home-ssh-agent-service-type)) @@ -114,6 +123,54 @@ (define (serialize-string-list field lst) (define-maybe string-list) +(define-record-type + (proxy-command command) + proxy-command? + (command proxy-command->string)) + +(set-record-type-printer! + (lambda (obj port) + (format port "#" (proxy-command->string obj)))) + +(define-configuration/no-serialization proxy-jump + (user + maybe-string + "User name on the remote host.") + (host-name + (string) + "Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}.") + (port + maybe-natural-number + "TCP port number to connect to.")) + +(define (proxy-jump->string proxy-jump) + (match-record proxy-jump + (host-name user port) + (string-append + (if (maybe-value-set? user) (string-append user "@") "") + host-name + (if (maybe-value-set? port) (string-append ":" (number->string port)) "")))) + +(define (proxy-command-or-jump-list? x) + (or (proxy-command? x) + (and (list? x) + (every proxy-jump? x)))) + +(define (serialize-proxy-command-or-jump-list field value) + (if (proxy-command? value) + (serialize-string 'proxy-command (proxy-command->string value)) + (serialize-string-list 'proxy-jump (map proxy-jump->string value)))) + +(define-maybe proxy-command-or-jump-list) + +(define (sanitize-proxy-command properties) + (lambda (value) + (when (maybe-value-set? value) + (warn-about-deprecation 'proxy-command properties #:replacement 'proxy)) + (unless (maybe-string? value) + (configuration-field-error (source-properties->location properties) 'proxy-command value)) + value)) + (define-configuration openssh-host (name (string) @@ -155,7 +212,13 @@ (define-configuration openssh-host maybe-string "The command to use to connect to the server. As an example, a command to connect via an HTTP proxy at 192.0.2.0 would be: @code{\"nc -X -connect -x 192.0.2.0:8080 %h %p\"}.") +connect -x 192.0.2.0:8080 %h %p\"}. Using 'proxy-command' is deprecated, use +'proxy' instead." + (sanitizer (sanitize-proxy-command (current-source-location)))) + (proxy + maybe-proxy-command-or-jump-list + "The command to use to connect to the server or a list of SSH hosts to jump +through before connecting to the server.") (host-key-algorithms maybe-string-list "The list of accepted host key algorithms---e.g., base-commit: a9f4b6ecd00112ae4fb04dfbe0f9cc86b042dbc5 -- 2.39.2 From unknown Sun Jun 22 00:34:34 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#62966] [PATCH 2/2] doc: Update openssh-host documentation. References: <20230420113024.7999-1-saku@laesvuori.fi> In-Reply-To: <20230420113024.7999-1-saku@laesvuori.fi> Resent-From: Saku Laesvuori Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 20 Apr 2023 11:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62966 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 62966@debbugs.gnu.org Cc: Saku Laesvuori Received: via spool by 62966-submit@debbugs.gnu.org id=B62966.16819903486247 (code B ref 62966); Thu, 20 Apr 2023 11:33:01 +0000 Received: (at 62966) by debbugs.gnu.org; 20 Apr 2023 11:32:28 +0000 Received: from localhost ([127.0.0.1]:36732 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppSWa-0001ch-1Y for submit@debbugs.gnu.org; Thu, 20 Apr 2023 07:32:28 -0400 Received: from vmi571514.contaboserver.net ([75.119.130.101]:51630 helo=mail.laesvuori.fi) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppSWY-0001cZ-HC for 62966@debbugs.gnu.org; Thu, 20 Apr 2023 07:32:26 -0400 Received: from X-kone.lan (88-113-24-127.elisa-laajakaista.fi [88.113.24.127]) by mail.laesvuori.fi (Postfix) with ESMTPSA id 7D31B340163; Thu, 20 Apr 2023 13:33:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1681990382; bh=Htbb3KAXuBgNwjZiAgs0CrhjRWS5jTkJYk6vKzE2HrM=; h=From:To:Cc:Subject:Date; b=ZpGUpADx9VM1rhfCZREVgkJ41t9or1Z3FbKpO80ZjVHVC73KdYRydwUD6pX2qYpFc ExRSsWGh2mDW89tqnyZExUyAhAWS4BBSjlVvPorCSRq63Y1ZmfcKu49+sR6gQbFuSI 4Ssm54+LT/7+xKcfTNeugVRMyfWItrh3SfAlwxl0= From: Saku Laesvuori Date: Thu, 20 Apr 2023 14:32:12 +0300 Message-Id: <20230420113212.11941-1-saku@laesvuori.fi> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * doc/guix.texi (Secure Shell): Update openssh-host documentation to match the code. --- doc/guix.texi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index da25bba770..10e2acc434 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -42589,10 +42589,10 @@ Name of this host declaration. @item @code{host-name} (type: maybe-string) Host name---e.g., @code{"foo.example.org"} or @code{"192.168.1.2"}. -@item @code{address-family} (type: address-family) +@item @code{address-family} (type: maybe-address-family) Address family to use when connecting to this host: one of -@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only), or -@code{*unspecified*} (allowing any address family). +@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only). +Additionally, the field can be left unset to allow any address family. @item @code{identity-file} (type: maybe-string) The identity file to use---e.g., @code{"/home/charlie/.ssh/id_ed25519"}. -- 2.39.2 From unknown Sun Jun 22 00:34:34 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Saku Laesvuori Subject: bug#62966: closed (Re: bug#62966: [PATCH 1/2] home: services: openssh: Add configuration option for jump proxies) Message-ID: References: <87leilgtbq.fsf@gnu.org> <20230420113024.7999-1-saku@laesvuori.fi> X-Gnu-PR-Message: they-closed 62966 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 62966@debbugs.gnu.org Date: Fri, 21 Apr 2023 15:16:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1682090162-13324-1" This is a multi-part message in MIME format... ------------=_1682090162-13324-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #62966: [PATCH 1/2] home: services: openssh: Add configuration option for j= ump proxies which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 62966@debbugs.gnu.org. --=20 62966: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D62966 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1682090162-13324-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 62966-done) by debbugs.gnu.org; 21 Apr 2023 15:15:33 +0000 Received: from localhost ([127.0.0.1]:40965 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppsU1-0003Rv-3b for submit@debbugs.gnu.org; Fri, 21 Apr 2023 11:15:33 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36806) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppsTy-0003Ri-4A for 62966-done@debbugs.gnu.org; Fri, 21 Apr 2023 11:15:31 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppsTs-00035w-Sp; Fri, 21 Apr 2023 11:15:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=6B981oflGLxPaxGcHx+mNgAzBs5weZ82+D07DBt7MXY=; b=P9Q/sX/BNqYOxSwC67n8 fUjRJPvv3nJRhtPfCZ1Hgwf0VhdLnGZ/Y84XSh/FdWHzjIbrZpZRn/09MMAix5dO9Qowb08ctReBz qkWo5VOW1EpPzS9SWVoC/7E5ALYDbfbbHvOzn+d6qTDy3C1YO3DDmaMDSh62f7FTB7VEAC4t5cRis BKhdl+Ug7u0rjPFj45hoKJWhnJ5oeXmJiXgkyYOerqa46B38CAEIhkXQ09qLK4KTsedbFh8Li3ZZr DB7Yrw99K/r8LdIip2OQyRxllMdf6c00RFhRZET4K7MlTqAsDrsDyvbWA6nV5Az66QlD9dLgopoBY r+2BX4FA2TxHRg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppsTr-0005lj-Rm; Fri, 21 Apr 2023 11:15:24 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Saku Laesvuori Subject: Re: bug#62966: [PATCH 1/2] home: services: openssh: Add configuration option for jump proxies References: <20230420113024.7999-1-saku@laesvuori.fi> Date: Fri, 21 Apr 2023 17:15:21 +0200 In-Reply-To: <20230420113024.7999-1-saku@laesvuori.fi> (Saku Laesvuori's message of "Thu, 20 Apr 2023 14:30:24 +0300") Message-ID: <87leilgtbq.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 62966-done Cc: 62966-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Saku, Saku Laesvuori skribis: > Add a new 'proxy' field to openssh-host to allow ProxyCommand or > ProxyJump, but not both, to be configured. Configuring both would cause > the serialization order to determine which one is used. Deprecate the > 'proxy-command' field because the 'proxy' field replaces it. > > * gnu/home/services/ssh.scm (proxy-jump->string, > proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list, > sanitize-proxy-command): New procedure. > (proxy-jump, proxy-command): New record type. > (openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH > can't have ProxyCommand and ProxyJump configured at the same time. > * doc/guix.texi (Secure Shell): Update to match the changes to the > service. Nice improvement. > * doc/guix.texi (Secure Shell): Update openssh-host documentation to > match the code. Applied, thanks! Ludo=E2=80=99. ------------=_1682090162-13324-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 20 Apr 2023 11:30:59 +0000 Received: from localhost ([127.0.0.1]:36727 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppSV8-0001a1-CN for submit@debbugs.gnu.org; Thu, 20 Apr 2023 07:30:58 -0400 Received: from lists.gnu.org ([209.51.188.17]:39846) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppSV6-0001Zs-B5 for submit@debbugs.gnu.org; Thu, 20 Apr 2023 07:30:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppSV2-0004IY-9E for guix-patches@gnu.org; Thu, 20 Apr 2023 07:30:56 -0400 Received: from vmi571514.contaboserver.net ([75.119.130.101] helo=mail.laesvuori.fi) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppSUz-0006oZ-HF for guix-patches@gnu.org; Thu, 20 Apr 2023 07:30:51 -0400 Received: from X-kone.lan (88-113-24-127.elisa-laajakaista.fi [88.113.24.127]) by mail.laesvuori.fi (Postfix) with ESMTPSA id AF707340163; Thu, 20 Apr 2023 13:31:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1681990283; bh=Z62uhFsSSY52Z3CQ7dhOImcXR/plIbYj7XOVCPJGQtE=; h=From:To:Cc:Subject:Date; b=fyvA2Qs+hgFFhJ0id8o1qANYRguJ9ydHTlSNhG5xdVibMUf4oe0xAQ5mCP0tW80Fp sb6aPFEz7r0A+XAOtbFBuJz+o2+N9GQoZO8TMcmqVYfuDYWyy6mLGueZ1/GtmXPaTt rg/NmJqYILRfjifhWmqMdyUzCCYDkymRZTRdxhvs= From: Saku Laesvuori To: guix-patches@gnu.org Subject: [PATCH 1/2] home: services: openssh: Add configuration option for jump proxies Date: Thu, 20 Apr 2023 14:30:24 +0300 Message-Id: <20230420113024.7999-1-saku@laesvuori.fi> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=75.119.130.101; envelope-from=saku@laesvuori.fi; helo=mail.laesvuori.fi X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: Saku Laesvuori X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) Add a new 'proxy' field to openssh-host to allow ProxyCommand or ProxyJump, but not both, to be configured. Configuring both would cause the serialization order to determine which one is used. Deprecate the 'proxy-command' field because the 'proxy' field replaces it. * gnu/home/services/ssh.scm (proxy-jump->string, proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list, sanitize-proxy-command): New procedure. (proxy-jump, proxy-command): New record type. (openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH can't have ProxyCommand and ProxyJump configured at the same time. * doc/guix.texi (Secure Shell): Update to match the changes to the service. --- doc/guix.texi | 29 ++++++++++++++--- gnu/home/services/ssh.scm | 65 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 89 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index adb1975935..da25bba770 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -42618,10 +42618,31 @@ machine. @item @code{compression?} (default: @code{#f}) (type: boolean) Whether to compress data in transit. -@item @code{proxy-command} (type: maybe-string) -The command to use to connect to the server. As an example, a command -to connect via an HTTP proxy at 192.0.2.0 would be: @code{"nc -X connect --x 192.0.2.0:8080 %h %p"}. +@item @code{proxy} (type: maybe-proxy-command-or-jump-list) +The command to use to connect to the server or a list of SSH hosts to +jump through before connecting to the server. The field may be set to either a +@code{proxy-command} or a list of @code{proxy-jump} records. + +As an example, a @code{proxy-command} to connect via an HTTP proxy at 192.0.2.0 +would be constructed with: @code{(proxy-command "nc -X connect -x +192.0.2.0:8080 %h %p")}. + +@deftp {Data Type} proxy-jump +Available @code{proxy-jump} fields are: + +@table @asis +@item @code{user} (type: maybe-string) +User name on the remote host. + +@item @code{host-name} (type: string) +Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}. + +@item @code{port} (type: maybe-natural-number) +TCP port number to connect to. + +@end table + +@end deftp @item @code{host-key-algorithms} (type: maybe-string-list) The list of accepted host key algorithms---e.g., diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index 01917a29cd..6aeb6ad5a7 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -20,6 +20,7 @@ (define-module (gnu home services ssh) #:use-module (guix gexp) #:use-module (guix records) + #:use-module (guix deprecation) #:use-module (guix diagnostics) #:use-module (guix i18n) #:use-module (gnu services) @@ -32,6 +33,8 @@ (define-module (gnu home services ssh) #:autoload (gnu packages base) (glibc-utf8-locales) #:use-module (gnu packages ssh) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-9) + #:use-module (srfi srfi-9 gnu) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) #:use-module (ice-9 match) @@ -55,6 +58,12 @@ (define-module (gnu home services ssh) openssh-host-host-key-algorithms openssh-host-accepted-key-types openssh-host-extra-content + proxy-jump + proxy-jump-host-name + proxy-jump-port + proxy-jump-user + proxy-command + proxy-command->string home-openssh-service-type home-ssh-agent-service-type)) @@ -114,6 +123,54 @@ (define (serialize-string-list field lst) (define-maybe string-list) +(define-record-type + (proxy-command command) + proxy-command? + (command proxy-command->string)) + +(set-record-type-printer! + (lambda (obj port) + (format port "#" (proxy-command->string obj)))) + +(define-configuration/no-serialization proxy-jump + (user + maybe-string + "User name on the remote host.") + (host-name + (string) + "Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}.") + (port + maybe-natural-number + "TCP port number to connect to.")) + +(define (proxy-jump->string proxy-jump) + (match-record proxy-jump + (host-name user port) + (string-append + (if (maybe-value-set? user) (string-append user "@") "") + host-name + (if (maybe-value-set? port) (string-append ":" (number->string port)) "")))) + +(define (proxy-command-or-jump-list? x) + (or (proxy-command? x) + (and (list? x) + (every proxy-jump? x)))) + +(define (serialize-proxy-command-or-jump-list field value) + (if (proxy-command? value) + (serialize-string 'proxy-command (proxy-command->string value)) + (serialize-string-list 'proxy-jump (map proxy-jump->string value)))) + +(define-maybe proxy-command-or-jump-list) + +(define (sanitize-proxy-command properties) + (lambda (value) + (when (maybe-value-set? value) + (warn-about-deprecation 'proxy-command properties #:replacement 'proxy)) + (unless (maybe-string? value) + (configuration-field-error (source-properties->location properties) 'proxy-command value)) + value)) + (define-configuration openssh-host (name (string) @@ -155,7 +212,13 @@ (define-configuration openssh-host maybe-string "The command to use to connect to the server. As an example, a command to connect via an HTTP proxy at 192.0.2.0 would be: @code{\"nc -X -connect -x 192.0.2.0:8080 %h %p\"}.") +connect -x 192.0.2.0:8080 %h %p\"}. Using 'proxy-command' is deprecated, use +'proxy' instead." + (sanitizer (sanitize-proxy-command (current-source-location)))) + (proxy + maybe-proxy-command-or-jump-list + "The command to use to connect to the server or a list of SSH hosts to jump +through before connecting to the server.") (host-key-algorithms maybe-string-list "The list of accepted host key algorithms---e.g., base-commit: a9f4b6ecd00112ae4fb04dfbe0f9cc86b042dbc5 -- 2.39.2 ------------=_1682090162-13324-1--