From unknown Sat Jun 21 03:31:18 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean options in ssh-config. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: , guix-patches@gnu.org Resent-Date: Mon, 29 May 2023 14:54:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 63786 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63786@debbugs.gnu.org Cc: Efraim Flashner , ( , Andrew Tropin , Ludovic =?UTF-8?Q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: ( , Andrew Tropin , Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by submit@debbugs.gnu.org id=B.16853719896396 (code B ref -1); Mon, 29 May 2023 14:54:01 +0000 Received: (at submit) by debbugs.gnu.org; 29 May 2023 14:53:09 +0000 Received: from localhost ([127.0.0.1]:58858 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3eFA-0001f6-ER for submit@debbugs.gnu.org; Mon, 29 May 2023 10:53:08 -0400 Received: from lists.gnu.org ([209.51.188.17]:51830) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3eF8-0001ex-Hh for submit@debbugs.gnu.org; Mon, 29 May 2023 10:53:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3eF8-0005QR-8g for guix-patches@gnu.org; Mon, 29 May 2023 10:53:06 -0400 Received: from mail-wm1-x32c.google.com ([2a00:1450:4864:20::32c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3eF6-0005HH-Bx for guix-patches@gnu.org; Mon, 29 May 2023 10:53:06 -0400 Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-3f601c57d8dso24046905e9.0 for ; Mon, 29 May 2023 07:53:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685371983; x=1687963983; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:from:to:cc:subject:date:message-id:reply-to; bh=mfz2j4EUPbyb5zR1RBOIN2ip7BWttDFzarYVEHjcWXw=; b=OXdVAiyffWFwK1pQ2amAwWNKUAwyWeIrhb76PvQy9glfOssIsHtrd3UQDNuExeYp9B elH2NQRpXIXDP7ci+und3M8MB1HL1ssAk8nXNXQSNX+UVENWGI9O1SK0HqXUiVSp58Zz mukNu6dv7JBCtToxvXi3rkUPXa73od89zFUlZvPYcEikrOrZA+xMGvxXhrkGlkvKCcGM jFySl8EFhlOfDMNk1O1f78Bl6Mum02tqN4Dn2K4zUjDkQQPy6/CCJWpB0BM+HrkLIPy4 eHnVQHuecCWWO6NGr+h41kspnrk0uWaznMtPCiyewOiJTA69oUcPEKIjN+hM/vCQYbpX qL7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685371983; x=1687963983; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mfz2j4EUPbyb5zR1RBOIN2ip7BWttDFzarYVEHjcWXw=; b=XML9t7nDzFyFeADXQ/ZGrUzTrq8N7H6TMjYVBI0lP1rxjuVBtq7QCWSwwBJzVajxHr GgOTkkReYZLGMftD4RtsjOLX4GRRz2Xm90jVrHT2AKBaVI6BdY/7O4+RQOVZNacZNmPc 89QREesx462QapR1i96H8oU4fXD982q5s8qH7vuEZ+wcRDnSFpa+MOozJzgDojC+zNjn Irw4j7NkJyIbxXj55u8LxTFUMfh17vBTTU4lT540l1xmK4I6D3XxVaqMr9hRc9B9t+ke 91eJJjfu9ZwWjKMjpWRAq3Rbyi4dEEULPz9gD1By8PFtPsaT7FyJusEzAjKO8Z+kGNKl h4Pg== X-Gm-Message-State: AC+VfDwODtHjQB6rbS4y0PJn8xzU3UQhmgRLt8uNMHHsiI+CM1K+G8Fb jZ8hKu9Y8YwyUOz3vMDX2S7tcNXGLieT6A== X-Google-Smtp-Source: ACHHUZ4D6bACvD/Q89gz8k5wSVxcwrFL3isc94jw39fGrztQPqLSXmtPyiGLhrIx2weyKAffyJYBHw== X-Received: by 2002:a7b:c4c3:0:b0:3f5:fa76:8dd0 with SMTP id g3-20020a7bc4c3000000b003f5fa768dd0mr7540835wmk.0.1685371982706; Mon, 29 May 2023 07:53:02 -0700 (PDT) Received: from localhost ([37.46.46.3]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b003f6050d35c9sm14387367wmc.20.2023.05.29.07.53.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 May 2023 07:53:02 -0700 (PDT) From: Efraim Flashner Date: Mon, 29 May 2023 17:52:59 +0300 Message-Id: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::32c; envelope-from=efraim.flashner@gmail.com; helo=mail-wm1-x32c.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.1 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) >From man 5 ssh_config: Unless noted otherwise, for each parameter, the first obtained value will be used. We want to allow falling through to the first actual user defined value. * gnu/home/services.ssh.scm (define-maybe boolean): New configuration. (openssh-host)[forward-x11?, forward-x11-trusted?, forward-agent?, compression?]: Replace default value with maybe-boolean. * doc/guix.texi (Secure Shell): Update documentation to match the changes in the code. --- doc/guix.texi | 10 +++++----- gnu/home/services/ssh.scm | 11 +++++++---- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 31dc33fb97..d22924e522 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -33,7 +33,7 @@ Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ricardo Wurmus@* Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@* -Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@* +Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* Copyright @copyright{} 2016, 2017 Nikita Gillmann@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Jan Nieuwenhuizen@* @@ -43017,19 +43017,19 @@ Secure Shell @item @code{user} (type: maybe-string) User name on the remote host. -@item @code{forward-x11?} (default: @code{#f}) (type: boolean) +@item @code{forward-x11?} (type: maybe-boolean) Whether to forward remote client connections to the local X11 graphical display. -@item @code{forward-x11-trusted?} (default: @code{#f}) (type: boolean) +@item @code{forward-x11-trusted?} (type: maybe-boolean) Whether remote X11 clients have full access to the original X11 graphical display. -@item @code{forward-agent?} (default: @code{#f}) (type: boolean) +@item @code{forward-agent?} (type: maybe-boolean) Whether the authentication agent (if any) is forwarded to the remote machine. -@item @code{compression?} (default: @code{#f}) (type: boolean) +@item @code{compression?} (type: maybe-boolean) Whether to compress data in transit. @item @code{proxy} (type: maybe-proxy-command-or-jump-list) diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index 628dc743ae..0a4b37d84e 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2022 Ludovic Courtès ;;; Copyright © 2023 Janneke Nieuwenhuizen +;;; Copyright © 2023 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -104,6 +105,8 @@ (define (serialize-natural-number field value) (string-append " " (serialize-field-name field) " " (number->string value) "\n")) +(define-maybe boolean) + (define (serialize-boolean field value) (string-append " " (serialize-field-name field) " " (if value "yes" "no") "\n")) @@ -194,19 +197,19 @@ (define-configuration openssh-host maybe-string "User name on the remote host.") (forward-x11? - (boolean #f) + maybe-boolean "Whether to forward remote client connections to the local X11 graphical display.") (forward-x11-trusted? - (boolean #f) + maybe-boolean "Whether remote X11 clients have full access to the original X11 graphical display.") (forward-agent? - (boolean #f) + maybe-boolean "Whether the authentication agent (if any) is forwarded to the remote machine.") (compression? - (boolean #f) + maybe-boolean "Whether to compress data in transit.") (proxy-command maybe-string base-commit: 7b400e7f8751e6b0cc6e66d3f7ecfb7f5bd51309 -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted From unknown Sat Jun 21 03:31:18 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean options in ssh-config. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 08 Jun 2023 20:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63786 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Efraim Flashner Cc: , 63786@debbugs.gnu.org Received: via spool by 63786-submit@debbugs.gnu.org id=B63786.168625786922049 (code B ref 63786); Thu, 08 Jun 2023 20:58:02 +0000 Received: (at 63786) by debbugs.gnu.org; 8 Jun 2023 20:57:49 +0000 Received: from localhost ([127.0.0.1]:57654 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q7MhY-0005jX-Uc for submit@debbugs.gnu.org; Thu, 08 Jun 2023 16:57:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:49170) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q7MhW-0005jI-E3 for 63786@debbugs.gnu.org; Thu, 08 Jun 2023 16:57:47 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q7MhQ-00022t-KA; Thu, 08 Jun 2023 16:57:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=qqskzcG9qkm1lv9nKiBmqVzIdpcULbZ16/Jx5QZUutw=; b=j52OHDpfQ0CenGMMU2it V7ZQQA1D0/ayi9nVs56bIs5765O38L97PTYfQHm7aXdNbbbCyaj9W9M56XVQxEaOBdW1lkrZmMx/O c94jkmySg9wOkdaSmhYeqgaA8zlbmK4mb8g2B9ulyMn2Wruv4B/M3GJuR92M1go5AbKIMCAL+W29o Vujt3Xiu47nz/GjT5hwJfPqe0TtubLEvFRNQLCK/hFvIApE4pUhMuJvTnhNjHKJuCZxZjf6GHVfuA c3SOanrnEFBaxe90nme+XXuCuqH1DHjW1adqQ5Cb2mjd1aFv/h01BE4WS5SOGocv0gT14aLCJbd2q P2W+Nv2UhvlZxg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q7MhQ-0004d6-7X; Thu, 08 Jun 2023 16:57:40 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> Date: Thu, 08 Jun 2023 22:57:37 +0200 In-Reply-To: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> (Efraim Flashner's message of "Mon, 29 May 2023 17:52:59 +0300") Message-ID: <87ilbx1xku.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! Efraim Flashner skribis: >>>From man 5 ssh_config: > Unless noted otherwise, for each parameter, the first obtained value > will be used. > > We want to allow falling through to the first actual user defined value. What do you mean by =E2=80=9Cfirst actual user-defined value=E2=80=9D? Thi= s service is what generates all the =E2=80=9Cuser-defined values=E2=80=9D, no? Overall my take is that default values should be specified in our code (as default values of configuration record fields) rather than left unspecified. I think this is clearer and more predictable than relying on upstream=E2=80=99s default values. Thanks, Ludo=E2=80=99. From unknown Sat Jun 21 03:31:18 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean References: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> In-Reply-To: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 11 Jun 2023 07:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63786 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63786@debbugs.gnu.org Received: via spool by 63786-submit@debbugs.gnu.org id=B63786.168646980831844 (code B ref 63786); Sun, 11 Jun 2023 07:51:01 +0000 Received: (at 63786) by debbugs.gnu.org; 11 Jun 2023 07:50:08 +0000 Received: from localhost ([127.0.0.1]:36628 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q8Fpw-0008HY-0a for submit@debbugs.gnu.org; Sun, 11 Jun 2023 03:50:08 -0400 Received: from mail-wr1-f43.google.com ([209.85.221.43]:53335) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q8Fpt-0008Gt-Pk for 63786@debbugs.gnu.org; Sun, 11 Jun 2023 03:50:07 -0400 Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-30ae95c4e75so3195942f8f.2 for <63786@debbugs.gnu.org>; Sun, 11 Jun 2023 00:50:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686469800; x=1689061800; h=content-disposition:mime-version:mail-followup-to:message-id :subject:to:from:date:sender:from:to:cc:subject:date:message-id :reply-to; bh=nd/W853paCWRf5rZHB2L0x/Rl2QUeQddpUQMTjIV4VI=; b=YRw5rahUYJsNMwNIfzwbNWF+QWuNGm/oD8uxvg5q1qDX2cgQ6yDrfGBHd1mioqR+CZ RRcGqaL6OaJIsnJD+n4cdxQhg/fA3WUE4afF8b+hZBtfQTm0kWVzaGQDkZiunJmcnOZs byYuqSp+5rh+QN8CYWzaGmOHlwPsRy66b3GWWGoKQWYSVFhfwVukCQjox7302t5zYX51 ybExFOtUy54gYv4WoFI0K5UdsyAcS4EV7CvHS4nsBRMBoA1WffCxkZKUwvDFYb3R2OAr K0mquaDtbOL7/HYcqFSr++L92q6+n+Qq/XidhOHKNz84QHEwNiT5p32nkxg7hgmHdmtn TJXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686469800; x=1689061800; h=content-disposition:mime-version:mail-followup-to:message-id :subject:to:from:date:sender:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=nd/W853paCWRf5rZHB2L0x/Rl2QUeQddpUQMTjIV4VI=; b=Mla1vq0wNpzrOUte7CRt2K+GXr2Zszivr75Q7tL1rJ3Ocrs+lB6hWUArGyRB4aN0iU cJcanUo/T7ofGLybE4DPUv9shnAAtfMRBEtY6fveOtX4kMzAn7wG8gVournHpyXqdbIY DPfW3Sil4i7t1EtNXoDqzz9XL+Q30lRvLDtRzuUdD5kNcyKMWgkUL5TPpXdbAwD8uIjG H6li5dMba/Ko2Rcrq1AyEtCxb1POO/xTN5ELCM9cnjjxz8eGeE1PfCfOjbzJrON0HfL4 BUzBGRFeNnGaxFUe3K5ybMl9Rpfg8aZxx6pvUeaSOm4pBp91bHi4QVZ5ou3ZaTW5vpNk ZLhw== X-Gm-Message-State: AC+VfDy1Z6pNHM2n8IiRH+ag7Lt8udz7LX7jC4fPJZh6g+mjyhjaEcWd pNrhDTKA8gWpxv00g9WuBtNEq+SANuO4nw== X-Google-Smtp-Source: ACHHUZ6sLbmUB6TOEbkGlTGamiV9h5dTtmk5FgQ+cKpfiruEpbfdDT6jaRAcaSyuova1u/JWpwPUNg== X-Received: by 2002:adf:f4cc:0:b0:30f:b9a2:92c5 with SMTP id h12-20020adff4cc000000b0030fb9a292c5mr1434148wrp.49.1686469799473; Sun, 11 Jun 2023 00:49:59 -0700 (PDT) Received: from localhost ([37.46.46.3]) by smtp.gmail.com with ESMTPSA id p5-20020a5d6385000000b0030fba9ef241sm1596509wru.30.2023.06.11.00.49.58 for <63786@debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 11 Jun 2023 00:49:58 -0700 (PDT) Date: Sun, 11 Jun 2023 10:49:58 +0300 From: Efraim Flashner Message-ID: Mail-Followup-To: Efraim Flashner , 63786@debbugs.gnu.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SfYGIGq4gp1+hgm/" Content-Disposition: inline X-Spam-Score: 0.2 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) --SfYGIGq4gp1+hgm/ Content-Type: multipart/mixed; boundary="KAQj+y0XgLOZuTqc" Content-Disposition: inline --KAQj+y0XgLOZuTqc Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable options in ssh-config. Reply-To:=20 X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 For some reason this didn't get sent to the bug. --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --KAQj+y0XgLOZuTqc Content-Type: message/rfc822 Content-Disposition: inline Date: Fri, 9 Jun 2023 16:24:26 +0300 From: Efraim Flashner To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#63786: [PATCH] home: services: ssh: Allow unset boolean options in ssh-config. Message-ID: References: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> <87ilbx1xku.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="/+KKtAVMmHMtW/th" Content-Disposition: inline In-Reply-To: <87ilbx1xku.fsf@gnu.org> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 --/+KKtAVMmHMtW/th Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 08, 2023 at 10:57:37PM +0200, Ludovic Court=C3=A8s wrote: > Hello! >=20 > Efraim Flashner skribis: >=20 > >>From man 5 ssh_config: > > Unless noted otherwise, for each parameter, the first obtained value > > will be used. > > > > We want to allow falling through to the first actual user defined value. >=20 > What do you mean by =E2=80=9Cfirst actual user-defined value=E2=80=9D? T= his service is > what generates all the =E2=80=9Cuser-defined values=E2=80=9D, no? Right now my ~/.ssh/config has Host do1-tor Hostname IdentityFile ~/.ssh/id_ed25519 Host *.onion *-tor #ProxyCommand /gnu/store/dgvybjrj154f4cyfbkrbqyirv5gd8ic2-netcat-openbs= d-1.218-2/bin/nc -X 5 -x localhost:9050 %h %p ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h = %p ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p Compression yes The way the ssh config is read is that `ssh do1-tor` first matches do1-tor and then also matches *-tor, so I can factor our ProxyCommand, ControlPath and Compression for use with the other *-tor Hosts I have listed. This configuration could be (openssh-host (name "do1-tor") (host-name ) (identity-file "~/.ssh/id_ed25519")) (openssh-host (name "*-onion *-tor) (compression? #t) (proxy (proxy-command ...)) (extra-content " ControlPath ...\n")) If this is all I enter, then my .ssh/config is generated like this: Host do1-tor Hostname IdentityFile ~/.ssh/id_ed25519 ForwardX11 no ForwardX11Trusted no ForwardAgent no Compression no Host *.onion *-tor ForwardX11 no ForwardX11Trusted no ForwardAgent no Compression yes ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p Compression might default to no, but in my hand crafted .ssh/config I've set it to yes for *-tor Hosts. Forward* might all default to no, and it's not set anywhere, but being explicit about the default here could cause problems if I want X11 forwarding across an entire range of hosts, not just individual ones. > Overall my take is that default values should be specified in our code > (as default values of configuration record fields) rather than left > unspecified. I think this is clearer and more predictable than relying > on upstream=E2=80=99s default values. In general this is a good plan, but here it actually interferes with the expected configuration output. 'Fall through' is the default, not the actual default for each of the individual configuration options. They only get set if that field isn't set by any of the possibly multiple configuration matches set it first. --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --/+KKtAVMmHMtW/th Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmSDKAQACgkQQarn3Mo9 g1GEVBAAshjlsAjh/+PR650tR4unLPpp7yCTbMmsiNjizrxNIFIRaMc1y7S/8Mcj 5iu0+b8p8Z+4sVWNdEemZLgZAUf6rafv2Ujlk9Ky1HCbWgTXVqe0KNCjDP9Q8t3D Lu3y+jreMjuJ/PLvFXR0ZOLoqh8kzn5RdrHc25nc92ev1KDzUKH9jlCbanSDRx4x vISV8euOFA+P2JZvhvs6hn/aF2gcZzuivTiAoGY5PgVOU52dbLebUAAe79fe1fJb sRjH+tglhEvxqV8D8BWABbASp0VmV3LjV4yJg3dHWRcsqwRmmKxIqtbKjkYIAd5f MTP6w858BCXLTx0Am5MpfadzSS4FIFOgq885Ze5PCGcEP0Ut9LnDd9jYHicW19MO td7zvpQUUmiu70viWD/P2m0c+yWmg+S0AhmjArwnTG1yP4ua+mjmOmca8HqYjTiU DsunVxyiXlffJOi/wstk//idsVPH8IV7CpJsxwUfDdwFZ5cnS3Tbb3Z9ILNhWc/d olnndyctzU3avX2r7zWaC/ISbap9o90eXBS4tEfSGy/sL6pHwChBKr6i7jVX5xL/ p8YX8YmwvNiDXUHq9pYc+0KHTlNz6lsKY1jDNpH+5gxI1fjkXDw377YT8vXR8Vzl R2ERChBH+gh5eF2OtvycAzO5vqRw7zy6yOshh1D+MeNGqddBx2g= =luXe -----END PGP SIGNATURE----- --/+KKtAVMmHMtW/th-- --KAQj+y0XgLOZuTqc-- --SfYGIGq4gp1+hgm/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmSFfKIACgkQQarn3Mo9 g1ExXA/6AmsOp4Wdu/ViKVikV+E/iMR07+MDOSrKdcWQtsrtvCwCV0MqNSP90/s0 KkrQdtQwNmi9q2pgwOrjywSMLb+dWf9sqbFXJ7hAGmdsJPhQas52toy2nDPNLSk6 0xT27zAHEeM3IBM9pRweT0mYqBnvNYQ0n0y2CXTilK27F1NBjZm1eTqjmv6AezH3 lnAMq18x08NGp2FW8vmrrpbPuVhUGfl7rZdZaLE8jCvwW0grmAIZia3JQRBK2uWl me8f0Y/WDVZqnlddKNxMQYXvkmPqn4XN9AssgfVWu9usUTo16XGK/gO6Z3XOijMM as9mPDjp9cI+1tFTm+gut96lGDwA+652R8WEM9ZxtMmyYk8/cznz/duaBArVj4UT 0vB/IUmp8DQn8jxeEOKtTD/g5hTbSE7Gpi90Tv4+gKvUSjDbRvD8jGLDrb6XcJfd yNFGi1I9XYZ7iuwoZwuI96I9ibPD0vAFdwc4gk0O0dmghTuR8NSmR4ENebAEq/AX XxG1DsRbT+W9uJ2J178E3/PgfQIy4TfZYDtbYgPNbMAqBL1QhZGf/Rx18DYSQqaL QNRC/uIZIGWKl+jta4RCq9ld39/nXCN5doTSIFldf0EvNx3WuNEO6CvuOIJahx22 8eVF1Y49kku+lGumrAzKEbNYA6PLHeCgzct5UZlPiXa85sSI5+s= =R2m0 -----END PGP SIGNATURE----- --SfYGIGq4gp1+hgm/-- From unknown Sat Jun 21 03:31:18 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean Resent-From: Andrew Tropin Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 12 Jun 2023 04:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63786 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Efraim Flashner , 63786@debbugs.gnu.org Received: via spool by 63786-submit@debbugs.gnu.org id=B63786.168654591312757 (code B ref 63786); Mon, 12 Jun 2023 04:59:02 +0000 Received: (at 63786) by debbugs.gnu.org; 12 Jun 2023 04:58:33 +0000 Received: from localhost ([127.0.0.1]:38570 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q8ZdQ-0003Jg-MU for submit@debbugs.gnu.org; Mon, 12 Jun 2023 00:58:33 -0400 Received: from relay8-d.mail.gandi.net ([217.70.183.201]:41679) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q8ZdM-0003JP-Ry for 63786@debbugs.gnu.org; Mon, 12 Jun 2023 00:58:30 -0400 X-GND-Sasl: andrew@trop.in DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1; t=1686545902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=33z+pI9Q0OqCZgS9rNkHXWcY96oqxgpdfJ+9+zgeqCk=; b=nJnVI4FpnAQwtksWtV4O6dkYwwX0q8PRvImjZgX0ML2mYW+MbhMX3OxdXoC4DF2S6IoQbF oGITkgX7og7SfNmsVfQv6eEALlu7423jLhEtbNfPYu5w5/ObKbplG0VVGWYYOT2CvF02GC 9IYPBvEgDmCrRWwuSc3LgEooR/y5nsXJ18oZHHFNfWLXVvF4Jj5GPR7VE1orkNeQuIPnAF 17xuZzbgmOVRmtCDj/DRp6s6kmzhBLd4C+89ESdzSkgaFDx3dDeg2JOS03y9g5JGE7fCFj FhRTyv7MdTeb9hqrdUM0u2BpUuxF7cUt/rQ7e9LWqx+uMn2aR87rvmpoEfYzYw== X-GND-Sasl: andrew@trop.in Received: by mail.gandi.net (Postfix) with ESMTPSA id CA52B1BF204; Mon, 12 Jun 2023 04:58:21 +0000 (UTC) From: Andrew Tropin In-Reply-To: References: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> Date: Mon, 12 Jun 2023 08:58:18 +0400 Message-ID: <87r0qhmg45.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2023-06-11 10:49, Efraim Flashner wrote: > options in ssh-config. > Reply-To:=20 > X-PGP-Key-ID: 0x41AAE7DCCA3D8351 > X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc > X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > > For some reason this didn't get sent to the bug. > > --=20 > Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7= =A4 =D7=9D=D7=99=D7=A8=D7=A4=D7=90 > GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > Confidentiality cannot be guaranteed on emails sent or received unencrypt= ed > From: Efraim Flashner > Subject: Re: bug#63786: [PATCH] home: services: ssh: Allow unset boolean = options in ssh-config. > To: Ludovic Court=C3=A8s > Date: Fri, 09 Jun 2023 16:24:26 +0300 > > On Thu, Jun 08, 2023 at 10:57:37PM +0200, Ludovic Court=C3=A8s wrote: >> Hello! >>=20 >> Efraim Flashner skribis: >>=20 >> >>From man 5 ssh_config: >> > Unless noted otherwise, for each parameter, the first obtained value >> > will be used. >> > >> > We want to allow falling through to the first actual user defined valu= e. >>=20 >> What do you mean by =E2=80=9Cfirst actual user-defined value=E2=80=9D? = This service is >> what generates all the =E2=80=9Cuser-defined values=E2=80=9D, no? > > Right now my ~/.ssh/config has > > Host do1-tor > Hostname > IdentityFile ~/.ssh/id_ed25519 > Host *.onion *-tor > #ProxyCommand /gnu/store/dgvybjrj154f4cyfbkrbqyirv5gd8ic2-netcat-open= bsd-1.218-2/bin/nc -X 5 -x localhost:9050 %h %p > ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %= h %p > ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p > Compression yes > > The way the ssh config is read is that `ssh do1-tor` first matches > do1-tor and then also matches *-tor, so I can factor our ProxyCommand, > ControlPath and Compression for use with the other *-tor Hosts I have > listed. > > This configuration could be > (openssh-host (name "do1-tor") > (host-name ) > (identity-file "~/.ssh/id_ed25519")) > (openssh-host (name "*-onion *-tor) > (compression? #t) > (proxy > (proxy-command ...)) > (extra-content " ControlPath ...\n")) > > If this is all I enter, then my .ssh/config is generated like this: > > Host do1-tor > Hostname > IdentityFile ~/.ssh/id_ed25519 > ForwardX11 no > ForwardX11Trusted no > ForwardAgent no > Compression no > Host *.onion *-tor > ForwardX11 no > ForwardX11Trusted no > ForwardAgent no > Compression yes > ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h = %p > ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p > > Compression might default to no, but in my hand crafted .ssh/config I've > set it to yes for *-tor Hosts. Forward* might all default to no, and > it's not set anywhere, but being explicit about the default here could > cause problems if I want X11 forwarding across an entire range of hosts, > not just individual ones. > >> Overall my take is that default values should be specified in our code >> (as default values of configuration record fields) rather than left >> unspecified. I think this is clearer and more predictable than relying >> on upstream=E2=80=99s default values. > > In general this is a good plan, but here it actually interferes with the > expected configuration output. 'Fall through' is the default, not the > actual default for each of the individual configuration options. They > only get set if that field isn't set by any of the possibly multiple > configuration matches set it first. A few years ago, when we were implementing the first version of ssh home service in rde we went a slightly different way and didn't hardcode any record fields and let user set an alist of key/value pairs: https://git.sr.ht/~abcdw/rde/tree/19c2d2f0996624eea8b7a87b14bbc31e4a9b943b/= src/gnu/home-services/ssh.scm#L204 It's not a perfect solution either, but quite flexible. Also, it's relatively easy to implement default values: we can provide %default-host-options and ask people to do something like this on user side configuration: (merge %default-host-options '((compression . #f))) Of course "asking people" won't work, so it's possible to set a default value of options field to %default-host-options https://git.sr.ht/~abcdw/rde/tree/19c2d2f0996624eea8b7a87b14bbc31e4a9b943b/= src/gnu/home-services/ssh.scm#L100 and let people override it with '((compression . #f)) or enrich with (merge %default-host-options '((compression . #f))). It's not a proposal or something, just sharing how it's implemented in rde. P.S. Note that (gnu home-services *) modules are subject to deprecation and when (rde home services ssh) appear, it will have a slightly different interface. =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmSGpeoACgkQIgjSCVjB 3rBLcg/+IeVr8QYWi6VvEuih68CzTxghn4JiIUC3xKnkCqQ9emdq6TA+ZobHrUMD 3G7CZzB+WNl0JfU6msbr02/FxvLIb4DLjQuKhAnYmMGFzVR/ei3xN3H0EYwAM2cg HubwTRYZlcYnTaFavaV1o558OKmhxPCRkMn7ge8JDXUA5ccJZ8ZH9u9i9TsPl5dJ HSGTGUZeyLFNGC7B12p9xYiiAGQGNiOSODW9qonJ3xWxjtBEpsekUU9C1xH8YD37 LRhVK9bw7cry0VEgKFMKYUKojmPGrgXNAPd5bjr0YN3wR/ZwEjYch5iNj8QDQ4um EvAIQVe7Vw7BYFyybCP3LOElidIzn4DyuwPFQIRwEylV2v3u8AFLsobmghrlZE0s s061eNrjeSH8FBa0zO/SEF57M6VErXfIrJVCYZjoSWetxzkNj/ZUunm1/NR83rVF W5zkZxQASfHpZ2dAMhkervngtgYAi1mVz1GQnmTZiEy38mOEBUahADquZPGUcmNo qStWD3WdykrAHDtxbrl5s5JDjDJ2ojhsM77JqjrmZmUXdHUfHBGnbGi6Q+y/kqwm 5C0/fZTjNiPZhILoAVmXEwyJ3We8CVTr8BZQBUVwbV5U+1bXMn9JHlL9YpVF1YSq 6MSUFiJJ5fqaZHi3NIktf/yjwYtPlmhJ9Sydne6k3u+/lpKt/rc= =bz5h -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Jun 21 03:31:18 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Efraim Flashner Subject: bug#63786: closed (Re: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean) Message-ID: References: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> X-Gnu-PR-Message: they-closed 63786 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 63786@debbugs.gnu.org Date: Wed, 14 Jun 2023 19:17:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1686770222-7195-1" This is a multi-part message in MIME format... ------------=_1686770222-7195-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #63786: [PATCH] home: services: ssh: Allow unset boolean options in ssh-con= fig. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 63786@debbugs.gnu.org. --=20 63786: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D63786 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1686770222-7195-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 63786-done) by debbugs.gnu.org; 14 Jun 2023 19:16:57 +0000 Received: from localhost ([127.0.0.1]:45479 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q9VzF-0001rk-3O for submit@debbugs.gnu.org; Wed, 14 Jun 2023 15:16:57 -0400 Received: from mail-wm1-f43.google.com ([209.85.128.43]:54301) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q9VzD-0001rO-0W for 63786-done@debbugs.gnu.org; Wed, 14 Jun 2023 15:16:55 -0400 Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-3f7368126a6so9517545e9.0 for <63786-done@debbugs.gnu.org>; Wed, 14 Jun 2023 12:16:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686770209; x=1689362209; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date:message-id:reply-to; bh=jLiFYHAJWw1q+e8vlPQZGgDuYgBpRobxofdM4syKk4w=; b=jDy/f40+gJKoh6wJ3ty4RLTnZqRoyYf0Jhmo3QkAuRFESzSAMU1vL85ySdpxP2zFBt ubYE6BQklrdrvxqLXPJvMjl7Vpg77P5t94HNXm7WGzk2RV1SMcXL5E7WhsDrB9CeeuVx AJ15+7z5QucbnyOR2VBs4Tg1wViNHOqavU3JdfV/TcY5pKXo47g6BCuOvj9wmgGtltKO oRNQRl9IuFLKJIUgUI/yp6GVLP/9QWpSamy2uClg2h7hWC7/V/3wwxT9Fl50wlL1McgE AEQQNgS099mk60+LNUEQrsZt5SToMbhoGGsxpo18XYoCp6lqIZQW4AhB470Ztz/vQDAg OZUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686770209; x=1689362209; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jLiFYHAJWw1q+e8vlPQZGgDuYgBpRobxofdM4syKk4w=; b=WPfmhNNF0LQWVesvZiW5QzdRXkEI9a4sA3R9sz92LuZ2hmJYmzyf1/Ex1GhdroMC/H +/T2+rvmZyYirI3Uqv2MyiYehdrB2eavDhEvZce0994HvLpNhjUrm0m77mveFttia3J9 alHVhbGJOaVJdEvYJsiWFpNt0NZ4/8oKbgFx7gebrOUdjBShW5nKmgz4d798TJ9ByP2F ZETNrtlSOdXMUDfWYmB9zg55UBGj2OqOSrtqcGHqDKBeyEvGnPb56LhbWGS3uflj3Nrd KYY2QtD1oT0o0TRrW+a2DVLOy6jDCvmNnsnUwpqupRMnx9Zmu+n+EE7rfcXjcdJ/PJ6u +W7A== X-Gm-Message-State: AC+VfDyjJtliFvIcV57tF57M0BHmIl5JddmnveT0e7gRhSkMTY65kyBT A2rZmLqgoxNI4nO4c8IUi9jAKv6i0jUchg== X-Google-Smtp-Source: ACHHUZ72XUJbAuKpdSIRMhH9X1UVSaosedLkh2PI0xNWyag6QApZh5COyJJBq19c44vGuFwF90AY7g== X-Received: by 2002:a7b:cd8a:0:b0:3f7:e605:287c with SMTP id y10-20020a7bcd8a000000b003f7e605287cmr10189151wmj.40.1686770209104; Wed, 14 Jun 2023 12:16:49 -0700 (PDT) Received: from localhost ([37.46.46.3]) by smtp.gmail.com with ESMTPSA id k7-20020adfe3c7000000b0030fce98f40dsm5099142wrm.42.2023.06.14.12.16.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jun 2023 12:16:48 -0700 (PDT) Date: Wed, 14 Jun 2023 22:16:47 +0300 From: Efraim Flashner To: Andrew Tropin Subject: Re: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean Message-ID: Mail-Followup-To: Efraim Flashner , Andrew Tropin , 63786-done@debbugs.gnu.org References: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> <87r0qhmg45.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="D21NRbksaTQGHQVl" Content-Disposition: inline In-Reply-To: <87r0qhmg45.fsf@trop.in> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: 63786-done Cc: 63786-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) --D21NRbksaTQGHQVl Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 12, 2023 at 08:58:18AM +0400, Andrew Tropin wrote: >=20 > A few years ago, when we were implementing the first version of ssh home > service in rde we went a slightly different way and didn't hardcode any > record fields and let user set an alist of key/value pairs: > https://git.sr.ht/~abcdw/rde/tree/19c2d2f0996624eea8b7a87b14bbc31e4a9b943= b/src/gnu/home-services/ssh.scm#L204 >=20 > It's not a perfect solution either, but quite flexible. Also, it's > relatively easy to implement default values: we can provide > %default-host-options and ask people to do something like this on user > side configuration: >=20 > (merge %default-host-options '((compression . #f))) >=20 > Of course "asking people" won't work, so it's possible to set a default > value of options field to %default-host-options > https://git.sr.ht/~abcdw/rde/tree/19c2d2f0996624eea8b7a87b14bbc31e4a9b943= b/src/gnu/home-services/ssh.scm#L100 > and let people override it with '((compression . #f)) or enrich with > (merge %default-host-options '((compression . #f))). >=20 > It's not a proposal or something, just sharing how it's implemented in > rde. I'm still undecided about the alist as a comparison. It would make it easier to add arbitrary fields, but then I feel like maybe we should be adding something to validate the configurations. > P.S. Note that (gnu home-services *) modules are subject to deprecation > and when (rde home services ssh) appear, it will have a slightly > different interface. I went ahead and pushed the patch. I believe that, after having added to a .ssh/config file over a period of time, line by line or entry by entry, people will be surprised to see a bunch of fields filled in automatically, and with different results from what they had before. --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --D21NRbksaTQGHQVl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmSKEh8ACgkQQarn3Mo9 g1Ff4w//UZ9gZTeQxswem6oCK7bch5wu+14xAqxEZF4FJAEW4Je1GNKzArejtoxF 794Muah3ml58tEoixuV9IiF490VIYAdHqaCtLfCHUgv24DnjIVYk0oGbQ4A9+kBj ukMIVJH0R+5dEq7e/shx/po54vsa2rx/7a51MZ8O91+gFZ8DqNlM8uGiU39iLPtj HfJkxkx8A1z+yTJFyDYEX7AoTqa47ugTNzfQromq63CFR8iqLqU5WDiD3QmXKLyO HgG/CEbTMbrVF/bnS7fP+QF/mDaTwYjQfXabFbEHhMTGOidS2NdWuYo6fHQWIEI+ FJItfPiMlajjOwo4miuK4wOpHcoCQEgpv8hw1rbvtQfzxf/wTu6qbnNHnfMXmqEA /NTnDUYivD+l7iSe4BoDwzOl5WJfN3HWt5ULcFl0iYFfCnAoZS9L7S4rjf8NsDRg On5ncn6BF+EJ/X9xyB8THmHqxNBc5TEhsyotn/VnL3tsk3QM5qUaYbprpfnRdjy3 Fa5I4bB7NTDsxgsJIcFTC0QqbkFWRZEF7R1WRJmyt+drFJpZUZCNWGR1DABNcVaS CpNpLaFxM1j9TwGCkmBvK1dybUluvaF+WfE4O5v5xMWJoinS+BkXNca70uUzVR9j 5d10lhpAvn7DTZumSJXdXVZfp2ht061Sd7IlRbrqZpzM3oNmY/Q= =Rsg/ -----END PGP SIGNATURE----- --D21NRbksaTQGHQVl-- ------------=_1686770222-7195-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 29 May 2023 14:53:09 +0000 Received: from localhost ([127.0.0.1]:58858 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3eFA-0001f6-ER for submit@debbugs.gnu.org; Mon, 29 May 2023 10:53:08 -0400 Received: from lists.gnu.org ([209.51.188.17]:51830) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3eF8-0001ex-Hh for submit@debbugs.gnu.org; Mon, 29 May 2023 10:53:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3eF8-0005QR-8g for guix-patches@gnu.org; Mon, 29 May 2023 10:53:06 -0400 Received: from mail-wm1-x32c.google.com ([2a00:1450:4864:20::32c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3eF6-0005HH-Bx for guix-patches@gnu.org; Mon, 29 May 2023 10:53:06 -0400 Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-3f601c57d8dso24046905e9.0 for ; Mon, 29 May 2023 07:53:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685371983; x=1687963983; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:from:to:cc:subject:date:message-id:reply-to; bh=mfz2j4EUPbyb5zR1RBOIN2ip7BWttDFzarYVEHjcWXw=; b=OXdVAiyffWFwK1pQ2amAwWNKUAwyWeIrhb76PvQy9glfOssIsHtrd3UQDNuExeYp9B elH2NQRpXIXDP7ci+und3M8MB1HL1ssAk8nXNXQSNX+UVENWGI9O1SK0HqXUiVSp58Zz mukNu6dv7JBCtToxvXi3rkUPXa73od89zFUlZvPYcEikrOrZA+xMGvxXhrkGlkvKCcGM jFySl8EFhlOfDMNk1O1f78Bl6Mum02tqN4Dn2K4zUjDkQQPy6/CCJWpB0BM+HrkLIPy4 eHnVQHuecCWWO6NGr+h41kspnrk0uWaznMtPCiyewOiJTA69oUcPEKIjN+hM/vCQYbpX qL7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685371983; x=1687963983; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mfz2j4EUPbyb5zR1RBOIN2ip7BWttDFzarYVEHjcWXw=; b=XML9t7nDzFyFeADXQ/ZGrUzTrq8N7H6TMjYVBI0lP1rxjuVBtq7QCWSwwBJzVajxHr GgOTkkReYZLGMftD4RtsjOLX4GRRz2Xm90jVrHT2AKBaVI6BdY/7O4+RQOVZNacZNmPc 89QREesx462QapR1i96H8oU4fXD982q5s8qH7vuEZ+wcRDnSFpa+MOozJzgDojC+zNjn Irw4j7NkJyIbxXj55u8LxTFUMfh17vBTTU4lT540l1xmK4I6D3XxVaqMr9hRc9B9t+ke 91eJJjfu9ZwWjKMjpWRAq3Rbyi4dEEULPz9gD1By8PFtPsaT7FyJusEzAjKO8Z+kGNKl h4Pg== X-Gm-Message-State: AC+VfDwODtHjQB6rbS4y0PJn8xzU3UQhmgRLt8uNMHHsiI+CM1K+G8Fb jZ8hKu9Y8YwyUOz3vMDX2S7tcNXGLieT6A== X-Google-Smtp-Source: ACHHUZ4D6bACvD/Q89gz8k5wSVxcwrFL3isc94jw39fGrztQPqLSXmtPyiGLhrIx2weyKAffyJYBHw== X-Received: by 2002:a7b:c4c3:0:b0:3f5:fa76:8dd0 with SMTP id g3-20020a7bc4c3000000b003f5fa768dd0mr7540835wmk.0.1685371982706; Mon, 29 May 2023 07:53:02 -0700 (PDT) Received: from localhost ([37.46.46.3]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b003f6050d35c9sm14387367wmc.20.2023.05.29.07.53.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 May 2023 07:53:02 -0700 (PDT) From: Efraim Flashner To: guix-patches@gnu.org Subject: [PATCH] home: services: ssh: Allow unset boolean options in ssh-config. Date: Mon, 29 May 2023 17:52:59 +0300 Message-Id: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Debbugs-Cc: ( , Andrew Tropin , Ludovic Courtès Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::32c; envelope-from=efraim.flashner@gmail.com; helo=mail-wm1-x32c.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: submit Cc: Efraim Flashner X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) >From man 5 ssh_config: Unless noted otherwise, for each parameter, the first obtained value will be used. We want to allow falling through to the first actual user defined value. * gnu/home/services.ssh.scm (define-maybe boolean): New configuration. (openssh-host)[forward-x11?, forward-x11-trusted?, forward-agent?, compression?]: Replace default value with maybe-boolean. * doc/guix.texi (Secure Shell): Update documentation to match the changes in the code. --- doc/guix.texi | 10 +++++----- gnu/home/services/ssh.scm | 11 +++++++---- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 31dc33fb97..d22924e522 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -33,7 +33,7 @@ Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ricardo Wurmus@* Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@* -Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@* +Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* Copyright @copyright{} 2016, 2017 Nikita Gillmann@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Jan Nieuwenhuizen@* @@ -43017,19 +43017,19 @@ Secure Shell @item @code{user} (type: maybe-string) User name on the remote host. -@item @code{forward-x11?} (default: @code{#f}) (type: boolean) +@item @code{forward-x11?} (type: maybe-boolean) Whether to forward remote client connections to the local X11 graphical display. -@item @code{forward-x11-trusted?} (default: @code{#f}) (type: boolean) +@item @code{forward-x11-trusted?} (type: maybe-boolean) Whether remote X11 clients have full access to the original X11 graphical display. -@item @code{forward-agent?} (default: @code{#f}) (type: boolean) +@item @code{forward-agent?} (type: maybe-boolean) Whether the authentication agent (if any) is forwarded to the remote machine. -@item @code{compression?} (default: @code{#f}) (type: boolean) +@item @code{compression?} (type: maybe-boolean) Whether to compress data in transit. @item @code{proxy} (type: maybe-proxy-command-or-jump-list) diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index 628dc743ae..0a4b37d84e 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2022 Ludovic Courtès ;;; Copyright © 2023 Janneke Nieuwenhuizen +;;; Copyright © 2023 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -104,6 +105,8 @@ (define (serialize-natural-number field value) (string-append " " (serialize-field-name field) " " (number->string value) "\n")) +(define-maybe boolean) + (define (serialize-boolean field value) (string-append " " (serialize-field-name field) " " (if value "yes" "no") "\n")) @@ -194,19 +197,19 @@ (define-configuration openssh-host maybe-string "User name on the remote host.") (forward-x11? - (boolean #f) + maybe-boolean "Whether to forward remote client connections to the local X11 graphical display.") (forward-x11-trusted? - (boolean #f) + maybe-boolean "Whether remote X11 clients have full access to the original X11 graphical display.") (forward-agent? - (boolean #f) + maybe-boolean "Whether the authentication agent (if any) is forwarded to the remote machine.") (compression? - (boolean #f) + maybe-boolean "Whether to compress data in transit.") (proxy-command maybe-string base-commit: 7b400e7f8751e6b0cc6e66d3f7ecfb7f5bd51309 -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted ------------=_1686770222-7195-1--