Received: (at 77013) by debbugs.gnu.org; 18 Mar 2025 10:31:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 18 06:31:32 2025
Received: from localhost ([127.0.0.1]:37218 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tuUEO-0008J7-0B
for submit <at> debbugs.gnu.org; Tue, 18 Mar 2025 06:31:32 -0400
Received: from hera.aquilenet.fr ([185.233.100.1]:50800)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tuUEJ-0008He-Br
for 77013 <at> debbugs.gnu.org; Tue, 18 Mar 2025 06:31:29 -0400
Received: from localhost (localhost [127.0.0.1])
by hera.aquilenet.fr (Postfix) with ESMTP id 8E68F545;
Tue, 18 Mar 2025 11:31:19 +0100 (CET)
Authentication-Results: hera.aquilenet.fr;
none
X-Virus-Scanned: Debian amavis at hera.aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
by localhost (hera.aquilenet.fr [127.0.0.1]) (amavis, port 10024) with ESMTP
id LM1pTKPNWTYG; Tue, 18 Mar 2025 11:31:19 +0100 (CET)
Received: from ribbon (unknown [193.50.110.142])
by hera.aquilenet.fr (Postfix) with ESMTPSA id 9531130D;
Tue, 18 Mar 2025 11:31:18 +0100 (CET)
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Sergey Trofimov <sarg@HIDDEN>
Subject: Re: [bug#77013] [PATCH] machine: hetzner: Allow connections using
ssh-agent.
In-Reply-To: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN>
(Sergey Trofimov's message of "Fri, 14 Mar 2025 16:06:54 +0100")
References: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN>
Date: Tue, 18 Mar 2025 11:31:17 +0100
Message-ID: <87iko6k4ui.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 8E68F545
X-Spamd-Result: default: False [5.98 / 15.00]; SPAM_FLAG(5.00)[];
BAYES_HAM(-3.00)[99.99%]; NEURAL_SPAM(2.58)[0.861];
SUSPICIOUS_RECIPS(1.50)[]; MIME_GOOD(-0.10)[text/plain];
RCPT_COUNT_THREE(0.00)[4]; FROM_EQ_ENVFROM(0.00)[];
FREEMAIL_CC(0.00)[debbugs.gnu.org,gmail.com,burningswell.com];
MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[];
RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[];
TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
FREEMAIL_ENVRCPT(0.00)[gmail.com]; RCVD_VIA_SMTP_AUTH(0.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[];
ARC_NA(0.00)[]
X-Spam-Level: *****
X-Rspamd-Action: greylist
X-Spamd-Bar: +++++
X-Rspamd-Server: hera
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Sergey Trofimov <sarg@HIDDEN> skribis: > *
gnu/machine/hetzner.scm
(<hetzner-configuration>): Add ssh-public-key. > * doc/guix.texi (System
Configuration)[hetzner-configuration]: Document it. [...]
Content analysis details: (1.7 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[185.233.100.1 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[185.233.100.1 listed in sa-accredit.habeas.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL
blocklist [URIs: sarg.org.ru]
0.6 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL
blocklist [URIs: sarg.org.ru]
X-Debbugs-Envelope-To: 77013
Cc: Roman Scherer <roman@HIDDEN>, 77013 <at> debbugs.gnu.org,
Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.7 (/)
Sergey Trofimov <sarg@HIDDEN> skribis:
> * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
> * doc/guix.texi (System Configuration)[hetzner-configuration]: Document i=
t.
[...]
> -@item @code{ssh-key}
> -The file name of the SSH private key to use to authenticate with the
> +@item @code{ssh-key} (default: @code{#f})
> +If specified, the path to the SSH private key to use to authenticate wit=
h the
s/path/file name/
At first sight the rest LGTM but I=E2=80=99ll let Roman comment.
Thanks,
Ludo=E2=80=99.
guix-patches@HIDDEN:bug#77013; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 14 Mar 2025 15:07:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 14 11:07:17 2025
Received: from localhost ([127.0.0.1]:35524 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tt6d2-0001Ti-T8
for submit <at> debbugs.gnu.org; Fri, 14 Mar 2025 11:07:17 -0400
Received: from lists.gnu.org ([2001:470:142::17]:54322)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <sarg@HIDDEN>) id 1tt6cz-0001TM-OH
for submit <at> debbugs.gnu.org; Fri, 14 Mar 2025 11:07:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <sarg@HIDDEN>) id 1tt6cs-00067e-Qd
for guix-patches@HIDDEN; Fri, 14 Mar 2025 11:07:07 -0400
Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <sarg@HIDDEN>) id 1tt6cq-0004WR-MY
for guix-patches@HIDDEN; Fri, 14 Mar 2025 11:07:06 -0400
Received: by mail-ed1-x52f.google.com with SMTP id
4fb4d7f45d1cf-5e673822f76so3717059a12.2
for <guix-patches@HIDDEN>; Fri, 14 Mar 2025 08:07:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sarg.org.ru; s=google; t=1741964820; x=1742569620; darn=gnu.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=;
b=qxMZ6M4em4y49ZagrHB8DIjxkdCgEn1z1vLOAUzOhM2ZOqPz0MaJf/N5/hZGOdeXex
3YvJfLlX8N1K2fZVb4OD3cIEjxSRokwuNlPIbFL3Nn8+2yv0qfr0LAjq0GsJLzHoDF1J
r5PX73hTPx+D6MFC77sr2/UxQ0feafrdK6gmgO6uUVKZnn0PSP0riqfP/mk/6yzN7jBf
7acEKUazitUsOaXy5+A7NtUiwjlJxOyBuRJWOiSq9GAUGaOuwZ5LrxPRVASil65urFnw
S6B/sAJ3mpM2UW/fxBsf+o3HdBi4bePrdlPUXGm9nJZ+7vP+1PpGydalvZcbqPeZeGqf
7wTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1741964820; x=1742569620;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=;
b=aEr0j2zMJDWWGPsw+L66/fmsklcyV+cG3JLECQCYWamQLTujRjBWlROkK7W+DuAeFp
MbNpFycV1pySs4YKQSeUTq50TtJ3Jbige0Bm6z1t4fw/1DOvrY8eMmnRE07CsPJoGGbb
7rFbrXdSHReKM1P+2pNBmMXz5/CU1AeambvVA7Nrs7umCmwH4CMwvQvlbD51xi/Vgwq7
9UtgWbsOSVgzCTLAC/5ZAKUBGiaf2qzZxP2wWh1UCXDfYkzerkDqI7Ak7+68WTAZ9ayw
SKIsG8d4Zo2vN6RxTS+QkYIaWfUkhSDzcHE8JQ5+k20k7kOeFNec5QOQe6DztdAmwfjr
UXRA==
X-Gm-Message-State: AOJu0Yx9x/TVw8OV9jE4LRVHK0sUeQxJfM3EBwDq09UK3Bk9uw7wbDyn
Dxm2hCgXe/likxvSYXX3w8r8D4cc/wcJ2sRm/ol+js5llMILORCa4t6p4YVew9TSLAddRWs7Qg9
Ja6A=
X-Gm-Gg: ASbGncsI7BKNv1ppHPz5G2n6nYMQFd4QgqSASjwF2nfMUImnvwLh2H1CD0nPwiaBjTd
YKBnz5C4Bkm49VN2BwQJMcvjrH4rn71ShDjMXcftbpvU2V6FnYBUjaJoX+dflpHeGlM7nbAakiP
MpGKHgHcioVQ5u/YUeu5ivHCGYKJpbaDcwmU7NWgSNnbbXeZWhdlen3dK8afqqKeteY6c9nzkmN
XefEmcVDXp7qOsrFUuGVbeX+dQdgZPKkGbcAik7nkjF8PnomZ4OihfGogiIWNfaRgx+omeP1Rql
dJYBuf6Lr9qQCJtw9Za50CL5qEJQ1j4+RhFC55qZZA==
X-Google-Smtp-Source: AGHT+IEM9Rl9gW/Y1lZvEmpYXGHubi6lloS3hBWNsaOe50WC5i4Rox1XrmiQnKuyCEo8v/79zzH07A==
X-Received: by 2002:a05:6402:518a:b0:5e7:97d2:6d10 with SMTP id
4fb4d7f45d1cf-5e8a09faf23mr3482472a12.28.1741964819482;
Fri, 14 Mar 2025 08:06:59 -0700 (PDT)
Received: from localhost ([2a02:2454:a0a5:2400:a64e:31ff:fe38:fd6c])
by smtp.gmail.com with ESMTPSA id
4fb4d7f45d1cf-5e816afdfdbsm2039720a12.74.2025.03.14.08.06.57
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 14 Mar 2025 08:06:58 -0700 (PDT)
From: Sergey Trofimov <sarg@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] machine: hetzner: Allow connections using ssh-agent.
Date: Fri, 14 Mar 2025 16:06:54 +0100
Message-ID: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, Roman Scherer <roman@HIDDEN>
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::52f;
envelope-from=sarg@HIDDEN; helo=mail-ed1-x52f.google.com
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_SBL_A=0.1 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/machine/hetzner.scm (<hetzner-configuration>): Add
ssh-public-key.
* doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
--- doc/guix.texi | 11 ++++++++--- gnu/machine/hetz [...]
Content analysis details: (1.7 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL
blocklist [URIs: sarg.org.ru]
0.6 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL
blocklist [URIs: sarg.org.ru]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
X-Debbugs-Envelope-To: submit
Cc: Sergey Trofimov <sarg@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.7 (/)
* gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
* doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
---
doc/guix.texi | 11 ++++++++---
gnu/machine/hetzner.scm | 17 +++++++++++------
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index d109877a32..49ac018913 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -45942,10 +45942,15 @@ Invoking guix deploy
server type is currently not supported, since its rescue system is too
small to bootstrap a Guix system from.
-@item @code{ssh-key}
-The file name of the SSH private key to use to authenticate with the
+@item @code{ssh-key} (default: @code{#f})
+If specified, the path to the SSH private key to use to authenticate with the
remote host.
+@item @code{ssh-public-key} (default: extracted from @code{ssh-key})
+If specified, either a public key as returned by
+@code{string->public-key} or the path to the SSH public key to use to
+authenticate with the remote host.
+
@end table
When deploying a machine for the first time, the following steps are
@@ -46008,7 +46013,7 @@ Invoking guix deploy
(environment hetzner-environment-type)
(configuration (hetzner-configuration
(server-type "cpx51")
- (ssh-key "/home/charlie/.ssh/id_rsa")))))
+ (ssh-public-key "/home/charlie/.ssh/id_rsa.pub")))))
@end lisp
@vindex GUIX_HETZNER_API_TOKEN
diff --git a/gnu/machine/hetzner.scm b/gnu/machine/hetzner.scm
index bc8d2efbd3..e8484e4d51 100644
--- a/gnu/machine/hetzner.scm
+++ b/gnu/machine/hetzner.scm
@@ -77,6 +77,7 @@ (define-module (gnu machine hetzner)
hetzner-configuration-location
hetzner-configuration-server-type
hetzner-configuration-ssh-key
+ hetzner-configuration-ssh-public-key
hetzner-configuration?
hetzner-environment-type))
@@ -204,20 +205,24 @@ (define-record-type* <hetzner-configuration> hetzner-configuration
(default "fsn1"))
(server-type hetzner-configuration-server-type ; string
(default "cx42"))
- (ssh-key hetzner-configuration-ssh-key)) ; string
+ (ssh-public-key hetzner-configuration-ssh-public-key ; public-key | string
+ (thunked)
+ (default (public-key-from-file (hetzner-configuration-ssh-key this-hetzner-configuration)))
+ (sanitize
+ (lambda (value)
+ (if (string? value) (public-key-from-file value) value))))
+ (ssh-key hetzner-configuration-ssh-key
+ (default #f))) ; #f | string
(define (hetzner-configuration-ssh-key-fingerprint config)
"Return the SSH public key fingerprint of CONFIG as a string."
- (and-let* ((file-name (hetzner-configuration-ssh-key config))
- (privkey (private-key-from-file file-name))
- (pubkey (private-key->public-key privkey))
+ (and-let* ((pubkey (hetzner-configuration-ssh-public-key config))
(hash (get-public-key-hash pubkey 'md5)))
(bytevector->hex-string hash)))
(define (hetzner-configuration-ssh-key-public config)
"Return the SSH public key of CONFIG as a string."
- (and-let* ((ssh-key (hetzner-configuration-ssh-key config))
- (public-key (public-key-from-file ssh-key)))
+ (let ((public-key (hetzner-configuration-ssh-public-key config)))
(format #f "ssh-~a ~a" (get-key-type public-key)
(public-key->string public-key))))
base-commit: 9449ab3c2025820d2e6fd679fa7e34832b667ea7
--
2.48.1
Sergey Trofimov <sarg@HIDDEN>:ludo@HIDDEN, maxim.cournoyer@HIDDEN, roman@HIDDEN, guix-patches@HIDDEN.
Full text available.ludo@HIDDEN, maxim.cournoyer@HIDDEN, roman@HIDDEN, guix-patches@HIDDEN:bug#77013; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.