From unknown Fri Sep 05 22:44:11 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#64648: Can't clone a git repo over anonymous SSH
Resent-From: Edouard Klein <edou@rdklein.fr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Sat, 15 Jul 2023 13:31:02 +0000
Resent-Message-ID: <handler.64648.B.168942785821495@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 64648
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 64648@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix <bug-guix@gnu.org>
Received: via spool by submit@debbugs.gnu.org id=B.168942785821495
          (code B ref -1); Sat, 15 Jul 2023 13:31:02 +0000
Received: (at submit) by debbugs.gnu.org; 15 Jul 2023 13:30:58 +0000
Received: from localhost ([127.0.0.1]:44380 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1qKfMQ-0005ac-Dp
	for submit@debbugs.gnu.org; Sat, 15 Jul 2023 09:30:58 -0400
Received: from lists.gnu.org ([2001:470:142::17]:57066)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <edou@rdklein.fr>) id 1qKfMO-0005aO-1f
 for submit@debbugs.gnu.org; Sat, 15 Jul 2023 09:30:57 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <edou@rdklein.fr>) id 1qKfMG-00085P-8f
 for bug-guix@gnu.org; Sat, 15 Jul 2023 09:30:49 -0400
Received: from sender11-op-o11.zoho.eu ([31.186.226.225])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <edou@rdklein.fr>) id 1qKfM7-0000vH-Lj
 for bug-guix@gnu.org; Sat, 15 Jul 2023 09:30:46 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1689427827; cv=none; d=zohomail.eu; s=zohoarc; 
 b=V+JukPL9vTdM4lRIYPJJIxHOgGrLcDzkUdVrTuQYD85II65ldHvCFTaZwB1LFmMohRntrNJ3APtBJ9aj2geuFn1kuZL1UcLzI1KE95Ow6TMGdSRGWgXKkTsk5Wo/5wxnJMhsfR6Ckz+yINucSKcqfiLMgPcTn1Uei8u7nr7Gmd0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu;
 s=zohoarc; 
 t=1689427827; h=Content-Type:Date:From:MIME-Version:Message-ID:Subject:To; 
 bh=qR2aULmZOCqYw11j00ferLxTQD6wn/LtDqfQUxFXjQU=; 
 b=PK/YWnr3OeX+5SbS4hiTxdGF+Aj+TIYGf/C3STMG/TDSI89zu/RINpCG9IUrA8EjGR4ef3xxx6zI8z45nSoJ7TujjlFLbEt9FgbuJNTQ2JUQvcZ/ysFkBQM40I6SQ0vTmuSj8KRjzwGbWK8oc8bSRwuBC8DXQQlVsF9aMHVBm40=
ARC-Authentication-Results: i=1; mx.zohomail.eu;
 dkim=pass  header.i=rdklein.fr;
 spf=pass  smtp.mailfrom=edou@rdklein.fr;
 dmarc=pass header.from=<edou@rdklein.fr>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1689427827; 
 s=zoho; d=rdklein.fr; i=edou@rdklein.fr;
 h=From:From:To:To:Subject:Subject:Date:Date:Message-ID:MIME-Version:Content-Type:Message-Id:Reply-To:Cc;
 bh=qR2aULmZOCqYw11j00ferLxTQD6wn/LtDqfQUxFXjQU=;
 b=BR7jmMh81HVecnuDPhcR+jiWajm6rYp3Nu2Hmi3KfgnVGZCPKA0vBkoe7jNHIM+p
 7bH7sc+79Pg3LAK+ZH7qBEebLPiV7dpjfvfD8tZmlyQ/+jTo9474fyQM9GBWMRcgP4K
 rvhTv1wlM0Gx1FlU8xZj0nXANujQuyw+J/1hKQRB4BaJh569C1kgOW/xKftJjj6TDrc
 arqwS59i47YnOWTMqnyqD6f2HmE6AXkcW4msMh7UtyMPO+qRiPMWzz271fd4w3cH27t
 vlS2a+sVOVDflqZ8Q16RlPcKkKEBj6e81CLCQfkXrGfBweVBYN+r/44G/LIjREkSVg4
 9WQzqmcihA==
Received: from venerable (89.87.95.79.rev.sfr.net [79.95.87.89]) by mx.zoho.eu
 with SMTPS id 1689427824965615.6914996297846;
 Sat, 15 Jul 2023 15:30:24 +0200 (CEST)
User-agent: mu4e 1.8.9; emacs 28.2
From: Edouard Klein <edou@rdklein.fr>
Date: Sat, 15 Jul 2023 15:25:18 +0200
Message-ID: <87zg3xpaje.fsf@rdklein.fr>
MIME-Version: 1.0
Content-Type: text/plain
X-ZohoMailClient: External
Received-SPF: pass client-ip=31.186.226.225; envelope-from=edou@rdklein.fr;
 helo=sender11-op-o11.zoho.eu
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.1 (/)

Hi all !

I'm trying to write a package for a repo that's accessible through an
anonymous SSH access.

The repo can be cloned with:
git clone git@the-dam.org:permaudit
without any issues.

However, when I use the package definition below, I get the following
error:
guix build: error: Git failure while fetching ssh://git@the-dam.org/permaudit: failed to start SSH session: Unable to exchange encryption keys

Some googling leads me to believe this is a mismatch between the
client's accepted ciphers and the server's accepted ciphers, but both
machines are up-to-date guix systems, so I'm not sure it's that.

I don't want to install an HTTP bridge, git is fine via SSH.

If anybody has any idea, I'm all hears.

Thanks !

Edouard.




(define-public permaudit
  (let ((revision "0")
        (commit "1cd9fe303076d7656469dbfc455d63aff70d62ed"))
    (package
      (name "permaudit")
      (version (git-version "20230714" revision commit))
      (source
       (git-checkout
        (url "ssh://git@the-dam.org/permaudit")
        (commit commit)))
      (build-system gnu-build-system)
      (arguments
       `(#:tests? #f                    ; no tests
         #:phases
         (modify-phases %standard-phases
           (replace 'configure          ; no configure script but taking this
                                        ; opportunity to replace the hard
                                        ; coded path to permaudit.sh
             (lambda* (#:key inputs outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (bin (string-append out "/bin"))
                      (bash (assoc-ref inputs "bash-minimal")))
                 (substitute* "permaudit_wrapper.c"
                   (("/usr/bin/permaudit.sh")
                    (string-append bin "/permaudit.sh"))
                   (("/bin/bash")
                    (string-append bash "/bin/bash")))
                 (substitute* "permaudit.sh"
                   (("/bin/bash")
                    (string-append bash "/bin/bash"))
                   (("find")
                    (string-append find "/bin/find"))))))
           (replace 'install            ; no install target
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (bin (string-append out "/bin")))
                 ;; Those chmod won't be respected in the store anyway
                 ;; (the store is read-only, and you can't setuid a binary in it)
                 ;; but this is the spirit of upstream's makefile target "install"
                 (chmod "permaudit.sh" #o644)
                 (install-file "permaudit.sh" bin)
                 (chmod "permaudit" #o4754)
                 (install-file "permaudit" bin)))))))
      (inputs
       (list bash-minimal coreutils))
      (synopsis "Permission audit tool")
      (home-page "https://the-dam.org/docs/explanations/permaudit.html")
      (description
       "Permaudit lets you see who can read or write on the specified directory.")
      (license license:agpl3+))))




From unknown Fri Sep 05 22:44:11 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#64648: Can't clone a git repo over anonymous SSH
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 20 Jul 2023 13:18:02 +0000
Resent-Message-ID: <handler.64648.B64648.16898590505254@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 64648
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Edouard Klein <edou@rdklein.fr>
Cc: 64648@debbugs.gnu.org
Received: via spool by 64648-submit@debbugs.gnu.org id=B64648.16898590505254
          (code B ref 64648); Thu, 20 Jul 2023 13:18:02 +0000
Received: (at 64648) by debbugs.gnu.org; 20 Jul 2023 13:17:30 +0000
Received: from localhost ([127.0.0.1]:57995 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1qMTX7-0001Mf-Lv
	for submit@debbugs.gnu.org; Thu, 20 Jul 2023 09:17:29 -0400
Received: from mail-qk1-x72e.google.com ([2607:f8b0:4864:20::72e]:48444)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1qMTX5-0001MA-Ju
 for 64648@debbugs.gnu.org; Thu, 20 Jul 2023 09:17:29 -0400
Received: by mail-qk1-x72e.google.com with SMTP id
 af79cd13be357-7659c6cae2cso65804485a.1
 for <64648@debbugs.gnu.org>; Thu, 20 Jul 2023 06:17:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1689859041; x=1690463841;
 h=mime-version:user-agent:message-id:in-reply-to:date:references
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=vKnYcHNWnYlw7fmFpWlEAuNI5zkCeyxoCkdXBZbAT18=;
 b=EzItOD+g8KtEnH+9t1jWFcFbcHusUWqL6XXqFdgEa8791Omenv+68GgMw6SdnkbOKF
 WqGdvugx3r/tvquqWoWp30jprMvBLXcUVoGrqwHj/+XTJL8CgC/hQAC2XVPVLsN1fC0x
 Hv8PMxAaCiD7lPrkZuBEYsM8Sew077E/lpL5jdZsr5QmSbZfcK+/qBFM/XUykrWKl/tB
 c0P5FYGIX86EB+wd8DyxaK9WvMtUl4aYRPLPYdq1CEp2qXcVIsD3S/1xmcAG95IMKmcQ
 CL+VaKuZRmweIuX/O6/5lwqG4Z5jNW40MlvkH3sSasVAfDgZzuC67P3uhn+gDuQFoeOj
 cpCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1689859041; x=1690463841;
 h=mime-version:user-agent:message-id:in-reply-to:date:references
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=vKnYcHNWnYlw7fmFpWlEAuNI5zkCeyxoCkdXBZbAT18=;
 b=ZVhOWIHzl4z/ZZMYA736geYpMrFLporSrkG9h4Wg/1NwdUwTi0CwOqIjoda+mDk4SN
 g6rMthj2N2EWwGvWnwlua7I2D2lS97eLAPeDEQjViOcYg41Q8+jExa2N/yxEBndxLZ2O
 QcxgRBaq8KiQ6RoyXsCKqgZULJWcFakpzLqzAuMa5FMGu0kY5loYyvknQHc0iBlZNLI7
 Umw1vvoO8T1d/uplfzR4frY8VoUBv9cduytfEd+XrMMrwyvfCnlZ9rTGe5xff4sH3vsn
 ZP7pR78rsoE4xFIg13S72WtmafAhUL7bKVCmoeWaulPaAdvAuy7YywCmHMPPkm5roCZD
 nSGg==
X-Gm-Message-State: ABy/qLbkbJ0XwTB4J0Nfoa3X+382qKk3NEwJfmbEpMQX0YJPx8bXEzLQ
 GQh6RLZXDQjo0q1KGq9oxKGzMQM/TuA=
X-Google-Smtp-Source: APBJJlHd7Tt0l+wVShRNwCL9/f7akDDmOKfQqIFiQYQaXUT2aDxZIXsVVMtFCf7LmyznRpeqXAV+Yw==
X-Received: by 2002:a05:620a:40c4:b0:767:1c41:ed2d with SMTP id
 g4-20020a05620a40c400b007671c41ed2dmr6566768qko.33.1689859041587; 
 Thu, 20 Jul 2023 06:17:21 -0700 (PDT)
Received: from hurd (dsl-159-145.b2b2c.ca. [66.158.159.145])
 by smtp.gmail.com with ESMTPSA id
 hf1-20020a05622a608100b003ef2db16e72sm288656qtb.94.2023.07.20.06.17.21
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 20 Jul 2023 06:17:21 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
References: <87zg3xpaje.fsf@rdklein.fr>
Date: Thu, 20 Jul 2023 09:17:20 -0400
In-Reply-To: <87zg3xpaje.fsf@rdklein.fr> (Edouard Klein's message of "Sat, 15
 Jul 2023 15:25:18 +0200")
Message-ID: <874jlyn2n3.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

Edouard Klein <edou@rdklein.fr> writes:

> Hi all !
>
> I'm trying to write a package for a repo that's accessible through an
> anonymous SSH access.
>
> The repo can be cloned with:
> git clone git@the-dam.org:permaudit
> without any issues.
>
> However, when I use the package definition below, I get the following
> error:
> guix build: error: Git failure while fetching ssh://git@the-dam.org/permaudit: failed to start SSH session: Unable to exchange encryption keys
>
> Some googling leads me to believe this is a mismatch between the
> client's accepted ciphers and the server's accepted ciphers, but both
> machines are up-to-date guix systems, so I'm not sure it's that.
>
> I don't want to install an HTTP bridge, git is fine via SSH.
>
> If anybody has any idea, I'm all hears.

Don't they also offer a HTTP(S) access?  I think libssh as used by
libgit2 expects an SSH agent running... I remember wresting with it in a
CI context.

-- 
Thanks,
Maxim




From unknown Fri Sep 05 22:44:11 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#64648: Can't clone a git repo over anonymous SSH
Resent-From: Edouard Klein <edou@rdklein.fr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 31 Jul 2023 09:22:02 +0000
Resent-Message-ID: <handler.64648.B64648.169079528118783@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 64648
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Cc: 64648@debbugs.gnu.org
Received: via spool by 64648-submit@debbugs.gnu.org id=B64648.169079528118783
          (code B ref 64648); Mon, 31 Jul 2023 09:22:02 +0000
Received: (at 64648) by debbugs.gnu.org; 31 Jul 2023 09:21:21 +0000
Received: from localhost ([127.0.0.1]:51829 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1qQP5d-0004ss-74
	for submit@debbugs.gnu.org; Mon, 31 Jul 2023 05:21:21 -0400
Received: from sender11-op-o11.zoho.eu ([31.186.226.225]:17142)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <edou@rdklein.fr>) id 1qQP5a-0004sh-2W
 for 64648@debbugs.gnu.org; Mon, 31 Jul 2023 05:21:20 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1690795274; cv=none; d=zohomail.eu; s=zohoarc; 
 b=BSQV/Zki2bSIp3e4R0JwHxwUGKYCxG8nuHeQUwOC0MKREU+0EbEGQIhoRXa/SShy5UcEpYMmp9ZT50iREyhCarJ/kAWTJN+/D6NtQeCQC0loq56+eXJ+/t7XaTnuv0w3eYmb23WmlQORFhk/m8wnwUu50KpvXg2gZ3Q77NzD0Qw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu;
 s=zohoarc; t=1690795274;
 h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To;
 bh=uZFViQJw1JbG0w3gv6nzgyWucZMdmHISKTSayGOPaRU=; 
 b=V9nQ3NDSwbjgflr3JOG1gCR+m/LktzraC5zG9/diekYxIyI2NFJm3P/OG25CNyl0nQ1cm/8jeGR1O4JbdECmadK6eJc1BJfnf7USatULxn1k79QPQ2UrYEjxN3GAM72tLp2ESs2yeKwWF1Ys1HNMDzn726CeNAQ7p4QduJcLlKE=
ARC-Authentication-Results: i=1; mx.zohomail.eu;
 dkim=pass  header.i=rdklein.fr;
 spf=pass  smtp.mailfrom=edou@rdklein.fr;
 dmarc=pass header.from=<edou@rdklein.fr>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1690795274; 
 s=zoho; d=rdklein.fr; i=edou@rdklein.fr;
 h=References:From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:In-reply-to:Message-ID:MIME-Version:Content-Type:Message-Id:Reply-To;
 bh=uZFViQJw1JbG0w3gv6nzgyWucZMdmHISKTSayGOPaRU=;
 b=DjbApMzqL/Evrf0E/tNQHNeuVvT+toG9GPAKK7DTZTjvly8jjvbrRnkH3pU3XPS0
 Gjpp4p8YIU3RS667nVPz2ijbWM097f4p17X7hLjJAMmTOYLXKB0+sJRlGW9oJ4zHRWx
 6LCqvjA6hwCuzncXNBuhX7fXJQ8lTtcxxmdiBmxu/b1iAd5U5taUznt3iJl5wh88QNg
 vujO2qd68gOj+N5cqjWd5U3ETSv0DolPuSmQoGS0ChtUhRNCWJWiCQSsXSj7MnqkZDJ
 MeY3kQlPhNyw4pl2Gjl9sUKRaFjd/1Ivc/ru9rVvIwt9fJT233JWXehwt4J7TxjlfSh
 SeUPQMl5Lw==
Received: from venerable (56.135.65.81.rev.sfr.net [81.65.135.56]) by
 mx.zoho.eu with SMTPS id 1690795271451802.7373321720341;
 Mon, 31 Jul 2023 11:21:11 +0200 (CEST)
References: <87zg3xpaje.fsf@rdklein.fr> <874jlyn2n3.fsf@gmail.com>
User-agent: mu4e 1.8.9; emacs 28.2
From: Edouard Klein <edou@rdklein.fr>
Date: Mon, 31 Jul 2023 11:18:04 +0200
In-reply-to: <874jlyn2n3.fsf@gmail.com>
Message-ID: <87tttkzbb5.fsf@rdklein.fr>
MIME-Version: 1.0
Content-Type: text/plain
X-ZohoMailClient: External
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi !

>
> Don't they also offer a HTTP(S) access?  I think libssh as used by
> libgit2 expects an SSH agent running... I remember wresting with it in a
> CI context.

Well, "they" is me :) I finally opened up anonymous access via git://
but I'm not extatic about it, it's one more daemon that can be pwnd.

https://gitlab.com/edouardklein/guix/-/commit/40e320d14b4c583214cdbd45fb47453c5ebb762a

The dedicated service did not work so I rolled my own as a
sheperd-root-service. I did not have the time to look into the issue.

So the problem remains, but is less urgent because it has been worked
around for now. Fixing this upstream seems like a hard battle.




From unknown Fri Sep 05 22:44:11 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#64648: Can't clone a git repo over anonymous SSH
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Tue, 01 Aug 2023 14:16:01 +0000
Resent-Message-ID: <handler.64648.B64648.169089931922535@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 64648
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Edouard Klein <edou@rdklein.fr>
Cc: 64648@debbugs.gnu.org
Received: via spool by 64648-submit@debbugs.gnu.org id=B64648.169089931922535
          (code B ref 64648); Tue, 01 Aug 2023 14:16:01 +0000
Received: (at 64648) by debbugs.gnu.org; 1 Aug 2023 14:15:19 +0000
Received: from localhost ([127.0.0.1]:48152 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1qQq9e-0005rK-MI
	for submit@debbugs.gnu.org; Tue, 01 Aug 2023 10:15:19 -0400
Received: from mail-oo1-xc2e.google.com ([2607:f8b0:4864:20::c2e]:57750)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1qQq9c-0005r3-1I
 for 64648@debbugs.gnu.org; Tue, 01 Aug 2023 10:15:16 -0400
Received: by mail-oo1-xc2e.google.com with SMTP id
 006d021491bc7-56661fe27cbso3813840eaf.3
 for <64648@debbugs.gnu.org>; Tue, 01 Aug 2023 07:15:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1690899310; x=1691504110;
 h=mime-version:user-agent:message-id:in-reply-to:date:references
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=9Glyf74yxdX9lOx25PbrRAn7GQIt7CQmHaAMjztKyto=;
 b=OU1XyGfH9z0kEQGuyx2AasXzAQz3dnqmYlKGRrbMxhe7eWAbwIy6OL6LJyV0nQAPxX
 CWocn3dQH1DN5emZeKEVXAFpBjCOGspcifg4OH1zkyPfUizywExYzs+M823wi3MRTw7S
 WIVK68or541v9UnS7quZ4uTrdpkbelcBYRrcXbwDUcR4WiRW4epMO/trVahG9hKnPtng
 vnDwoETa9i3zCENkUoJcmfOIW0+fGCccv34p5thuxb/P8QaVWLEF0KgM3rGSZvzJ42ZO
 6iH42iJsUA+EW3D9vqkFPisMdFww/UCJuUWwuqI4VsvBg8CM/LO4UsDJaZygw4jOitfw
 k76A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1690899310; x=1691504110;
 h=mime-version:user-agent:message-id:in-reply-to:date:references
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=9Glyf74yxdX9lOx25PbrRAn7GQIt7CQmHaAMjztKyto=;
 b=TAStlB1F99vYFRdTZejwvpJ4MbtEDFqBe2OzNbqOv5OidVVYOvL/qN3Ui1vXZXGRC+
 VL/uUvodTR5QZRxK0uikvU87S8JTq7u+QSLICO7tZju0OX+U6GxUIGDgCGhPP/NoMshb
 5tmQmo+JRtnvLFETFE52UWwVj8rbV9iNAC3LHjBYorFo8Dsb0UsSdVyQ3j4n1IeQqIWT
 KyplBf/cO0ijFZkFzY8W7pkk7Ia7pYiycdPRrrtuD4kMqQwAeourCLjaqYZDp9WGsv1j
 8or3Mkws5eXs/fCudn8Mu8Kmy33Aqdj2wrRMZRc2QUB0jdTmQg1aRquz1JGMJzBXP55h
 r3Ig==
X-Gm-Message-State: ABy/qLZBNLC9HN0BAL46p5d4nCHiZ9p92w49qJIM8TNRhteRzh0yvo32
 f2WDCqB4CyjnwtbnHyIib+dJEKB4K0Q=
X-Google-Smtp-Source: APBJJlEIVqcL8kk9mZRwssnJuj89M8OEYgaD0+lm5DUdJQN7ZXvlnGmEaeM5n1zrIirPeUloUgIXSg==
X-Received: by 2002:a05:6358:52c3:b0:133:7c4:e752 with SMTP id
 z3-20020a05635852c300b0013307c4e752mr4528008rwz.26.1690899309885; 
 Tue, 01 Aug 2023 07:15:09 -0700 (PDT)
Received: from hurd (dsl-151-227.b2b2c.ca. [66.158.151.227])
 by smtp.gmail.com with ESMTPSA id
 e16-20020a0ce3d0000000b0063642bcc5e4sm4641786qvl.9.2023.08.01.07.15.08
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 01 Aug 2023 07:15:09 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
References: <87zg3xpaje.fsf@rdklein.fr> <874jlyn2n3.fsf@gmail.com>
 <87tttkzbb5.fsf@rdklein.fr>
Date: Tue, 01 Aug 2023 10:15:08 -0400
In-Reply-To: <87tttkzbb5.fsf@rdklein.fr> (Edouard Klein's message of "Mon, 31
 Jul 2023 11:18:04 +0200")
Message-ID: <87jzuesvbn.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

Edouard Klein <edou@rdklein.fr> writes:

> Hi !
>
>>
>> Don't they also offer a HTTP(S) access?  I think libssh as used by
>> libgit2 expects an SSH agent running... I remember wresting with it in a
>> CI context.
>
> Well, "they" is me :) I finally opened up anonymous access via git://
> but I'm not extatic about it, it's one more daemon that can be pwnd.
>
> https://gitlab.com/edouardklein/guix/-/commit/40e320d14b4c583214cdbd45fb47453c5ebb762a
>
> The dedicated service did not work so I rolled my own as a
> sheperd-root-service. I did not have the time to look into the issue.
>
> So the problem remains, but is less urgent because it has been worked
> around for now. Fixing this upstream seems like a hard battle.

OK; I think the best course of action here would be to come up with a
minimal reproducer written in C using all the API available of libgit2
or libssh2 (which is used by libgit2) and report any issue to their
issue tracker and/or work toward a fix.

It'd be interesting to see how libssh compares, and perhaps attempting
to revive this pull request which adds 'libssh' as a backend to libgit2
here [0]

[0]  https://github.com/libgit2/libgit2/pull/5253

-- 
Thanks,
Maxim