GNU bug report logs -
#70034
Hostkey error when pulling or building from private git repository
Previous Next
To reply to this bug, email your comments to 70034 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#70034
; Package
guix
.
(Wed, 27 Mar 2024 16:10:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Atte Torri <atte.torri <at> universite-paris-saclay.fr>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Wed, 27 Mar 2024 16:10:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello,
I get an error message when trying to `guix pull` a channel from a private git repository or when trying to `guix build` a package from a private git repository
Previously it worked great up until a few days ago. I have tested it on multiple machines and get the same error, as well as for private repositories hosted on gitlab and github.
This is the error message I get when I pull (for build it is essentially the same)
atte <at> beryllium:~$ guix pull
Updating channel 'guix-test' from Git repository at 'git <at> github.com:Blixodus/guix-test.git'...
guix pull: error: Git error: failed to set hostkey preference: The requested method(s) are not currently supported
And this is how I define channels in .config/guix/channels.scm, with a url to a private git repository by ssh
(list (channel
(name 'guix-test)
(url "git <at> github.com:Blixodus/guix-test.git")
(branch "main")))
Atte Torri
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#70034
; Package
guix
.
(Wed, 10 Apr 2024 10:29:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 70034 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi there,
I have experienced the same problem, and have a little piece of the puzzle. As I looked at the server hosting my own private channel I saw the line
Unable to negotiate with XXX.XXX.XXX.XXX port 45072: no matching host key type found. Their offer: ssh-rsa [preauth]
which means that the guix pull command only uses a Hostkey using an algorithm that is not in the default configuration of the sshd HostKeyAlgorithms (as it is considered too weak for keys of a size <2048 bits?).
The workaround I am using is a line
HostKeyAlgorithms +ssh-rsa
in my server's sshd_config (and using a key of a size of 4096 bits).
Nevertheless, I would like to see guix pull using a host key with a different algorithm - or a larger variety of host keys.
Hoping that helps,
Cheers
Tim
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#70034
; Package
guix
.
(Thu, 11 Apr 2024 18:01:05 GMT)
Full text and
rfc822 format available.
Message #11 received at 70034 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
I just ran into this issue as well. I spent some time bisecting last
night and tracked it down to a change in guile-git's dependency on
libgit2:
9f00975f55e569fc3ba204fc34261a942a19b4e5 is the first bad commit
commit 9f00975f55e569fc3ba204fc34261a942a19b4e5
Author: Ludovic Courtès <ludo <at> gnu.org>
Date: Mon Feb 26 22:15:57 2024 +0100
gnu: guile-git: Depend on libgit2 1.7.
* gnu/packages/guile.scm (guile-git)[inputs]: Replace LIBGIT2-1.3
with
LIBGIT2-1.7.
Change-Id: Ia386f977b0888b7bd9b26443ac6150428fda2155
gnu/packages/guile.scm | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
[smime.p7s (application/pkcs7-signature, attachment)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#70034
; Package
guix
.
(Fri, 12 Apr 2024 15:48:22 GMT)
Full text and
rfc822 format available.
Message #14 received at 70034 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
It looks like this is https://github.com/libgit2/libgit2/issues/6612
And one of the comments on that issue from the libgit2 maintainer made
me realize there's a workaround. Using github.com as an example since
the initial report was having trouble with a channel on github, if you
run this:
$ ssh-keyscan github.com >> ~/.ssh/known_hosts
...it seems to fix the issue, because ssh-keyscan fetches host keys of
all types from the remote host, rather than just one (as seems to
happen when you connect to a remote host via SSH normally).
Obviously would prefer a proper fix, but this is a relatively low-
impact workaround for now.
[smime.p7s (application/pkcs7-signature, attachment)]
This bug report was last modified 21 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.