Received: (at 77013) by debbugs.gnu.org; 18 Mar 2025 10:31:33 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 18 06:31:32 2025 Received: from localhost ([127.0.0.1]:37218 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tuUEO-0008J7-0B for submit <at> debbugs.gnu.org; Tue, 18 Mar 2025 06:31:32 -0400 Received: from hera.aquilenet.fr ([185.233.100.1]:50800) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tuUEJ-0008He-Br for 77013 <at> debbugs.gnu.org; Tue, 18 Mar 2025 06:31:29 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 8E68F545; Tue, 18 Mar 2025 11:31:19 +0100 (CET) Authentication-Results: hera.aquilenet.fr; none X-Virus-Scanned: Debian amavis at hera.aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavis, port 10024) with ESMTP id LM1pTKPNWTYG; Tue, 18 Mar 2025 11:31:19 +0100 (CET) Received: from ribbon (unknown [193.50.110.142]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 9531130D; Tue, 18 Mar 2025 11:31:18 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Sergey Trofimov <sarg@HIDDEN> Subject: Re: [bug#77013] [PATCH] machine: hetzner: Allow connections using ssh-agent. In-Reply-To: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN> (Sergey Trofimov's message of "Fri, 14 Mar 2025 16:06:54 +0100") References: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN> Date: Tue, 18 Mar 2025 11:31:17 +0100 Message-ID: <87iko6k4ui.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 8E68F545 X-Spamd-Result: default: False [5.98 / 15.00]; SPAM_FLAG(5.00)[]; BAYES_HAM(-3.00)[99.99%]; NEURAL_SPAM(2.58)[0.861]; SUSPICIOUS_RECIPS(1.50)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_THREE(0.00)[4]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_CC(0.00)[debbugs.gnu.org,gmail.com,burningswell.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FREEMAIL_ENVRCPT(0.00)[gmail.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[]; ARC_NA(0.00)[] X-Spam-Level: ***** X-Rspamd-Action: greylist X-Spamd-Bar: +++++ X-Rspamd-Server: hera X-Spam-Score: 1.7 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Sergey Trofimov <sarg@HIDDEN> skribis: > * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key. > * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it. [...] Content analysis details: (1.7 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [185.233.100.1 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [185.233.100.1 listed in sa-accredit.habeas.com] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL blocklist [URIs: sarg.org.ru] 0.6 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL blocklist [URIs: sarg.org.ru] X-Debbugs-Envelope-To: 77013 Cc: Roman Scherer <roman@HIDDEN>, 77013 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.7 (/) Sergey Trofimov <sarg@HIDDEN> skribis: > * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key. > * doc/guix.texi (System Configuration)[hetzner-configuration]: Document i= t. [...] > -@item @code{ssh-key} > -The file name of the SSH private key to use to authenticate with the > +@item @code{ssh-key} (default: @code{#f}) > +If specified, the path to the SSH private key to use to authenticate wit= h the s/path/file name/ At first sight the rest LGTM but I=E2=80=99ll let Roman comment. Thanks, Ludo=E2=80=99.
guix-patches@HIDDEN
:bug#77013
; Package guix-patches
.
Full text available.Received: (at submit) by debbugs.gnu.org; 14 Mar 2025 15:07:17 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 14 11:07:17 2025 Received: from localhost ([127.0.0.1]:35524 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tt6d2-0001Ti-T8 for submit <at> debbugs.gnu.org; Fri, 14 Mar 2025 11:07:17 -0400 Received: from lists.gnu.org ([2001:470:142::17]:54322) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <sarg@HIDDEN>) id 1tt6cz-0001TM-OH for submit <at> debbugs.gnu.org; Fri, 14 Mar 2025 11:07:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <sarg@HIDDEN>) id 1tt6cs-00067e-Qd for guix-patches@HIDDEN; Fri, 14 Mar 2025 11:07:07 -0400 Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <sarg@HIDDEN>) id 1tt6cq-0004WR-MY for guix-patches@HIDDEN; Fri, 14 Mar 2025 11:07:06 -0400 Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-5e673822f76so3717059a12.2 for <guix-patches@HIDDEN>; Fri, 14 Mar 2025 08:07:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sarg.org.ru; s=google; t=1741964820; x=1742569620; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=; b=qxMZ6M4em4y49ZagrHB8DIjxkdCgEn1z1vLOAUzOhM2ZOqPz0MaJf/N5/hZGOdeXex 3YvJfLlX8N1K2fZVb4OD3cIEjxSRokwuNlPIbFL3Nn8+2yv0qfr0LAjq0GsJLzHoDF1J r5PX73hTPx+D6MFC77sr2/UxQ0feafrdK6gmgO6uUVKZnn0PSP0riqfP/mk/6yzN7jBf 7acEKUazitUsOaXy5+A7NtUiwjlJxOyBuRJWOiSq9GAUGaOuwZ5LrxPRVASil65urFnw S6B/sAJ3mpM2UW/fxBsf+o3HdBi4bePrdlPUXGm9nJZ+7vP+1PpGydalvZcbqPeZeGqf 7wTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741964820; x=1742569620; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=; b=aEr0j2zMJDWWGPsw+L66/fmsklcyV+cG3JLECQCYWamQLTujRjBWlROkK7W+DuAeFp MbNpFycV1pySs4YKQSeUTq50TtJ3Jbige0Bm6z1t4fw/1DOvrY8eMmnRE07CsPJoGGbb 7rFbrXdSHReKM1P+2pNBmMXz5/CU1AeambvVA7Nrs7umCmwH4CMwvQvlbD51xi/Vgwq7 9UtgWbsOSVgzCTLAC/5ZAKUBGiaf2qzZxP2wWh1UCXDfYkzerkDqI7Ak7+68WTAZ9ayw SKIsG8d4Zo2vN6RxTS+QkYIaWfUkhSDzcHE8JQ5+k20k7kOeFNec5QOQe6DztdAmwfjr UXRA== X-Gm-Message-State: AOJu0Yx9x/TVw8OV9jE4LRVHK0sUeQxJfM3EBwDq09UK3Bk9uw7wbDyn Dxm2hCgXe/likxvSYXX3w8r8D4cc/wcJ2sRm/ol+js5llMILORCa4t6p4YVew9TSLAddRWs7Qg9 Ja6A= X-Gm-Gg: ASbGncsI7BKNv1ppHPz5G2n6nYMQFd4QgqSASjwF2nfMUImnvwLh2H1CD0nPwiaBjTd YKBnz5C4Bkm49VN2BwQJMcvjrH4rn71ShDjMXcftbpvU2V6FnYBUjaJoX+dflpHeGlM7nbAakiP MpGKHgHcioVQ5u/YUeu5ivHCGYKJpbaDcwmU7NWgSNnbbXeZWhdlen3dK8afqqKeteY6c9nzkmN XefEmcVDXp7qOsrFUuGVbeX+dQdgZPKkGbcAik7nkjF8PnomZ4OihfGogiIWNfaRgx+omeP1Rql dJYBuf6Lr9qQCJtw9Za50CL5qEJQ1j4+RhFC55qZZA== X-Google-Smtp-Source: AGHT+IEM9Rl9gW/Y1lZvEmpYXGHubi6lloS3hBWNsaOe50WC5i4Rox1XrmiQnKuyCEo8v/79zzH07A== X-Received: by 2002:a05:6402:518a:b0:5e7:97d2:6d10 with SMTP id 4fb4d7f45d1cf-5e8a09faf23mr3482472a12.28.1741964819482; Fri, 14 Mar 2025 08:06:59 -0700 (PDT) Received: from localhost ([2a02:2454:a0a5:2400:a64e:31ff:fe38:fd6c]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e816afdfdbsm2039720a12.74.2025.03.14.08.06.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Mar 2025 08:06:58 -0700 (PDT) From: Sergey Trofimov <sarg@HIDDEN> To: guix-patches@HIDDEN Subject: [PATCH] machine: hetzner: Allow connections using ssh-agent. Date: Fri, 14 Mar 2025 16:06:54 +0100 Message-ID: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, Roman Scherer <roman@HIDDEN> Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::52f; envelope-from=sarg@HIDDEN; helo=mail-ed1-x52f.google.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_SBL_A=0.1 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.7 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key. * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it. --- doc/guix.texi | 11 ++++++++--- gnu/machine/hetz [...] Content analysis details: (1.7 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL blocklist [URIs: sarg.org.ru] 0.6 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL blocklist [URIs: sarg.org.ru] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-Debbugs-Envelope-To: submit Cc: Sergey Trofimov <sarg@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.7 (/) * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key. * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it. --- doc/guix.texi | 11 ++++++++--- gnu/machine/hetzner.scm | 17 +++++++++++------ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index d109877a32..49ac018913 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -45942,10 +45942,15 @@ Invoking guix deploy server type is currently not supported, since its rescue system is too small to bootstrap a Guix system from. -@item @code{ssh-key} -The file name of the SSH private key to use to authenticate with the +@item @code{ssh-key} (default: @code{#f}) +If specified, the path to the SSH private key to use to authenticate with the remote host. +@item @code{ssh-public-key} (default: extracted from @code{ssh-key}) +If specified, either a public key as returned by +@code{string->public-key} or the path to the SSH public key to use to +authenticate with the remote host. + @end table When deploying a machine for the first time, the following steps are @@ -46008,7 +46013,7 @@ Invoking guix deploy (environment hetzner-environment-type) (configuration (hetzner-configuration (server-type "cpx51") - (ssh-key "/home/charlie/.ssh/id_rsa"))))) + (ssh-public-key "/home/charlie/.ssh/id_rsa.pub"))))) @end lisp @vindex GUIX_HETZNER_API_TOKEN diff --git a/gnu/machine/hetzner.scm b/gnu/machine/hetzner.scm index bc8d2efbd3..e8484e4d51 100644 --- a/gnu/machine/hetzner.scm +++ b/gnu/machine/hetzner.scm @@ -77,6 +77,7 @@ (define-module (gnu machine hetzner) hetzner-configuration-location hetzner-configuration-server-type hetzner-configuration-ssh-key + hetzner-configuration-ssh-public-key hetzner-configuration? hetzner-environment-type)) @@ -204,20 +205,24 @@ (define-record-type* <hetzner-configuration> hetzner-configuration (default "fsn1")) (server-type hetzner-configuration-server-type ; string (default "cx42")) - (ssh-key hetzner-configuration-ssh-key)) ; string + (ssh-public-key hetzner-configuration-ssh-public-key ; public-key | string + (thunked) + (default (public-key-from-file (hetzner-configuration-ssh-key this-hetzner-configuration))) + (sanitize + (lambda (value) + (if (string? value) (public-key-from-file value) value)))) + (ssh-key hetzner-configuration-ssh-key + (default #f))) ; #f | string (define (hetzner-configuration-ssh-key-fingerprint config) "Return the SSH public key fingerprint of CONFIG as a string." - (and-let* ((file-name (hetzner-configuration-ssh-key config)) - (privkey (private-key-from-file file-name)) - (pubkey (private-key->public-key privkey)) + (and-let* ((pubkey (hetzner-configuration-ssh-public-key config)) (hash (get-public-key-hash pubkey 'md5))) (bytevector->hex-string hash))) (define (hetzner-configuration-ssh-key-public config) "Return the SSH public key of CONFIG as a string." - (and-let* ((ssh-key (hetzner-configuration-ssh-key config)) - (public-key (public-key-from-file ssh-key))) + (let ((public-key (hetzner-configuration-ssh-public-key config))) (format #f "ssh-~a ~a" (get-key-type public-key) (public-key->string public-key)))) base-commit: 9449ab3c2025820d2e6fd679fa7e34832b667ea7 -- 2.48.1
Sergey Trofimov <sarg@HIDDEN>
:ludo@HIDDEN, maxim.cournoyer@HIDDEN, roman@HIDDEN, guix-patches@HIDDEN
.
Full text available.ludo@HIDDEN, maxim.cournoyer@HIDDEN, roman@HIDDEN, guix-patches@HIDDEN
:bug#77013
; Package guix-patches
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.