GNU bug report logs - #70034
Hostkey error when pulling or building from private git repository

Previous Next

Package: guix;

Reported by: Atte Torri <atte.torri <at> universite-paris-saclay.fr>

Date: Wed, 27 Mar 2024 16:10:02 UTC

Severity: normal

To reply to this bug, email your comments to 70034 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#70034; Package guix. (Wed, 27 Mar 2024 16:10:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Atte Torri <atte.torri <at> universite-paris-saclay.fr>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Wed, 27 Mar 2024 16:10:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Atte Torri <atte.torri <at> universite-paris-saclay.fr>
To: bug-guix <bug-guix <at> gnu.org>
Subject: Hostkey error when pulling or building from private git repository
Date: Wed, 27 Mar 2024 17:09:34 +0100 (CET)

[Message part 1 (text/plain, inline)]
Hello, 

I get an error message when trying to `guix pull` a channel from a private git repository or when trying to `guix build` a package from a private git repository 
Previously it worked great up until a few days ago. I have tested it on multiple machines and get the same error, as well as for private repositories hosted on gitlab and github. 

This is the error message I get when I pull (for build it is essentially the same) 

atte <at> beryllium:~$ guix pull 
Updating channel 'guix-test' from Git repository at 'git <at> github.com:Blixodus/guix-test.git'... 
guix pull: error: Git error: failed to set hostkey preference: The requested method(s) are not currently supported 


And this is how I define channels in .config/guix/channels.scm, with a url to a private git repository by ssh 

(list (channel 
(name 'guix-test) 
(url "git <at> github.com:Blixodus/guix-test.git") 
(branch "main"))) 

Atte Torri 

[Message part 2 (text/html, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#70034; Package guix. (Wed, 10 Apr 2024 10:29:02 GMT) Full text and rfc822 format available.

Message #8 received at 70034 <at> debbugs.gnu.org (full text, mbox):

From: Tim Johann <t1m <at> phrogstar.de>
To: 70034 <at> debbugs.gnu.org
Subject: Re: Hostkey error when pulling or building from private git repository
Date: Wed, 10 Apr 2024 12:14:21 +0200

[Message part 1 (text/plain, inline)]
Hi there,

I have experienced the same problem, and have a little piece of the puzzle.  As I looked at the server hosting my own private channel I saw the line

Unable to negotiate with XXX.XXX.XXX.XXX port 45072: no matching host key type found. Their offer: ssh-rsa [preauth]

which means that the guix pull command only uses a Hostkey using an algorithm that is not in the default configuration of the sshd HostKeyAlgorithms (as it is considered too weak for keys of a size <2048 bits?).

The workaround I am using is a line

HostKeyAlgorithms +ssh-rsa

in my server's sshd_config (and using a key of a size of 4096 bits).

Nevertheless, I would like to see guix pull using a host key with a different algorithm - or a larger variety of host keys.

Hoping that helps,

Cheers

Tim

[Message part 2 (text/html, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#70034; Package guix. (Thu, 11 Apr 2024 18:01:05 GMT) Full text and rfc822 format available.

Message #11 received at 70034 <at> debbugs.gnu.org (full text, mbox):

From: "Frederickson, Jonathan" <jfrederi <at> akamai.com>
To: "70034 <at> debbugs.gnu.org" <70034 <at> debbugs.gnu.org>
Subject: Hostkey error when pulling or building from private git repository
Date: Thu, 11 Apr 2024 17:34:01 +0000

[Message part 1 (text/plain, inline)]
I just ran into this issue as well. I spent some time bisecting last
night and tracked it down to a change in guile-git's dependency on
libgit2:

  9f00975f55e569fc3ba204fc34261a942a19b4e5 is the first bad commit
  commit 9f00975f55e569fc3ba204fc34261a942a19b4e5
  Author: Ludovic Courtès <ludo <at> gnu.org>
  Date:   Mon Feb 26 22:15:57 2024 +0100
  
      gnu: guile-git: Depend on libgit2 1.7.
      
      * gnu/packages/guile.scm (guile-git)[inputs]: Replace LIBGIT2-1.3 
with
      LIBGIT2-1.7.
      
      Change-Id: Ia386f977b0888b7bd9b26443ac6150428fda2155
  
   gnu/packages/guile.scm | 4 +---
   1 file changed, 1 insertion(+), 3 deletions(-)

[smime.p7s (application/pkcs7-signature, attachment)]
Information forwarded to bug-guix <at> gnu.org:
bug#70034; Package guix. (Fri, 12 Apr 2024 15:48:22 GMT) Full text and rfc822 format available.

Message #14 received at 70034 <at> debbugs.gnu.org (full text, mbox):

From: "Frederickson, Jonathan" <jfrederi <at> akamai.com>
To: "70034 <at> debbugs.gnu.org" <70034 <at> debbugs.gnu.org>
Subject: Hostkey error when pulling or building from private git repository
Date: Fri, 12 Apr 2024 14:50:43 +0000

[Message part 1 (text/plain, inline)]
It looks like this is https://github.com/libgit2/libgit2/issues/6612

And one of the comments on that issue from the libgit2 maintainer made
me realize there's a workaround. Using github.com as an example since
the initial report was having trouble with a channel on github, if you
run this:

$ ssh-keyscan github.com >> ~/.ssh/known_hosts

...it seems to fix the issue, because ssh-keyscan fetches host keys of
all types from the remote host, rather than just one (as seems to
happen when you connect to a remote host via SSH normally).

Obviously would prefer a proper fix, but this is a relatively low-
impact workaround for now.

[smime.p7s (application/pkcs7-signature, attachment)]
This bug report was last modified 21 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.