tribes/guix-fork
1
0
Fork 0
forked from tribes/guix
Code Pull Requests Activity
Files
master
guix-fork/guix/scripts/copy.scm
T
Tomas Volf 159dcc337a ssh: Do not default to port 22 (let guile-ssh do it). 
Fixes <https://issues.guix.gnu.org/74832>.

After update to guile-ssh 0.18.0, options passed to the `make-session'
procedure now take precedence over the configuration file.  In few places we
however had code like `(or port 22)' leading to (in absence of alternative
port being specified) always using port 22, ignoring the configuration file.

Due to that for example following command fails:

    guix copy hello --to=name

Name is reachable, but ssh server listens on port 2222.  That is correctly
configured in ~/.ssh/config, and the invocation used to succeed until the
upgrade.  However now it tries to connect to port 22 (since port was not
specified).  While setting the port on the command line *is* possible, it is
not exactly ergonomic.

Since guile-ssh (well, libssh) defaults to 22 if not told otherwise, we can
just always pass the port, and #f will use the port from ~/.ssh/config or, iff
none is set, 22.

I went through the repository and adjusted all places where it seemed
appropriate.  In particular, these places were left alone:

gnu/machine/digital-ocean.scm: The droplet is created with root user and the
expected key, so forcing them to those values seems correct.

gnu/machine/ssh.scm: For deployments reproducibility is favored over
convenience, and user can pass #f to explicitly request using value the
~/.ssh/config.

* guix/scripts/copy.scm (send-to-remote-host): Always pass the port to
open-ssh-session.
(retrieve-from-remote-host): Same.
* guix/scripts/offload.scm (open-ssh-session): Pass #f as #:config.  Skips
reading the configuration file and is nicer.
* guix/ssh.scm (open-ssh-session): Drop explicit parsing of the configuration
since it is parsed by default.  Report actual port used in the error message.
* guix/store/ssh.scm (connect-to-daemon): Always pass the port part of the
uri, even when #f.

Change-Id: I5fdf20f36509a9a0ef138ce72c7198f688eea494
Reported-by: Dariqq <dariqq@posteo.net>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2025-10-06 10:30:33 +02:00

199 lines
7.2 KiB
Scheme
Raw Permalink Blame History

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016, 2017, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix scripts copy)
#:use-module (guix ui)
#:use-module (guix scripts)
#:use-module (guix ssh)
#:use-module ((ssh session) #:select (disconnect!))
#:use-module (guix store)
#:use-module ((guix status) #:select (with-status-verbosity))
#:use-module (guix utils)
#:use-module (guix derivations)
#:use-module (guix scripts build)
#:use-module ((guix scripts archive) #:select (options->derivations+files))
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-11)
#:use-module (srfi srfi-37)
#:use-module (ice-9 match)
#:use-module (ice-9 format)
#:export (guix-copy))
;;;
;;; Exchanging store items over SSH.
;;;
(define (ssh-spec->user+host+port spec)
"Parse SPEC, a string like \"user@host:port\" or just \"host\", and return
three values: the user name (or #f), the host name, and the TCP port
number (or #f) corresponding to SPEC."
(define tokens
(char-set #\@ #\:))
(match (string-tokenize spec (char-set-complement tokens))
((host)
(values #f host #f))
((left right)
(if (string-index spec #\@)
(values left right #f)
(values #f left (string->number right))))
((user host port)
(match (string->number port)
((? integer? port)
(values user host port))
(x
(leave (G_ "~a: invalid TCP port number~%") port))))
(x
(leave (G_ "~a: invalid SSH specification~%") spec))))
(define (warn-if-empty items)
(when (null? items)
(warning (G_ "no arguments specified, nothing to copy~%"))))
(define (send-to-remote-host local target opts)
"Send ITEMS to TARGET. ITEMS is a list of store items or package names; for ;
package names, build the underlying packages before sending them."
(let-values (((user host port)
(ssh-spec->user+host+port target))
((drv items)
(options->derivations+files local opts)))
(warn-if-empty items)
(and (build-derivations local drv)
(let* ((session (open-ssh-session host #:user user #:port port))
(remote (connect-to-remote-daemon session))
(sent (send-files local items remote
#:recursive? #t)))
(close-connection remote)
(format #t "~{~a~%~}" sent)
sent))))
(define (retrieve-from-remote-host local source opts)
"Retrieve ITEMS from SOURCE."
(let*-values (((user host port)
(ssh-spec->user+host+port source))
((session)
(open-ssh-session host #:user user #:port port))
((remote)
(connect-to-remote-daemon session)))
;; TODO: Here we could to compute and build the derivations on REMOTE
;; rather than on LOCAL (one-off offloading) but that is currently too
;; slow due to the many RPC round trips. So we just assume that REMOTE
;; contains ITEMS.
(let*-values (((drv items)
(options->derivations+files local opts))
((retrieved)
(begin
(warn-if-empty items)
(retrieve-files local items remote #:recursive? #t))))
(close-connection remote)
(disconnect! session)
(format #t "~{~a~%~}" retrieved)
retrieved)))
;;;
;;; Options.
;;;
(define (show-help)
(display (G_ "Usage: guix copy [OPTION]... ITEMS...
Copy ITEMS to or from the specified host over SSH.\n"))
(display (G_ "
--to=HOST send ITEMS to HOST"))
(display (G_ "
--from=HOST receive ITEMS from HOST"))
(display (G_ "
-v, --verbosity=LEVEL use the given verbosity LEVEL"))
(newline)
(show-build-options-help)
(newline)
(display (G_ "
-h, --help display this help and exit"))
(display (G_ "
-V, --version display version information and exit"))
(newline)
(show-bug-report-information))
(define %options
;; Specifications of the command-line options.
(cons* (option '("to") #t #f
(lambda (opt name arg result)
(alist-cons 'destination arg result)))
(option '("from") #t #f
(lambda (opt name arg result)
(alist-cons 'source arg result)))
(option '(#\v "verbosity") #t #f
(lambda (opt name arg result)
(let ((level (string->number* arg)))
(alist-cons 'verbosity level
(alist-delete 'verbosity result)))))
(option '(#\n "dry-run") #f #f
(lambda (opt name arg result)
(alist-cons 'dry-run? #t result)))
(option '(#\h "help") #f #f
(lambda args
(leave-on-EPIPE (show-help))
(exit 0)))
(option '(#\V "version") #f #f
(lambda args
(show-version-and-exit "guix copy")))
(option '(#\s "system") #t #f
(lambda (opt name arg result)
(alist-cons 'system arg
(alist-delete 'system result eq?))))
%standard-build-options))
(define %default-options
`((system . ,(%current-system))
(substitutes? . #t)
(offload? . #t)
(graft? . #t)
(print-build-trace? . #t)
(print-extended-build-trace? . #t)
(multiplexed-build-output? . #t)
(debug . 0)
(verbosity . 3)))
;;;
;;; Entry point.
;;;
(define-command (guix-copy . args)
(category plumbing)
(synopsis "copy store items remotely over SSH")
(with-error-handling
(let* ((opts (parse-command-line args %options (list %default-options)))
(source (assoc-ref opts 'source))
(target (assoc-ref opts 'destination)))
(with-store store
(set-build-options-from-command-line store opts)
(with-build-handler (build-notifier #:use-substitutes?
(assoc-ref opts 'substitutes?)
#:verbosity
(assoc-ref opts 'verbosity)
#:dry-run?
(assoc-ref opts 'dry-run?))
(with-status-verbosity (assoc-ref opts 'verbosity)
(cond (target (send-to-remote-host store target opts))
(source (retrieve-from-remote-host store source opts))
(else (leave (G_ "use '--to' or '--from'~%"))))))))))
View Git Blame Copy Permalink