GNU bug report logs - #77013
[PATCH] machine: hetzner: Allow connections using ssh-agent.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Sergey Trofimov <sarg@HIDDEN>; Keywords: patch; dated Fri, 14 Mar 2025 15:08:01 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 77013 <at> debbugs.gnu.org:


Received: (at 77013) by debbugs.gnu.org; 18 Mar 2025 10:31:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 18 06:31:32 2025
Received: from localhost ([127.0.0.1]:37218 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tuUEO-0008J7-0B
	for submit <at> debbugs.gnu.org; Tue, 18 Mar 2025 06:31:32 -0400
Received: from hera.aquilenet.fr ([185.233.100.1]:50800)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tuUEJ-0008He-Br
 for 77013 <at> debbugs.gnu.org; Tue, 18 Mar 2025 06:31:29 -0400
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 8E68F545;
 Tue, 18 Mar 2025 11:31:19 +0100 (CET)
Authentication-Results: hera.aquilenet.fr;
	none
X-Virus-Scanned: Debian amavis at hera.aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavis, port 10024) with ESMTP
 id LM1pTKPNWTYG; Tue, 18 Mar 2025 11:31:19 +0100 (CET)
Received: from ribbon (unknown [193.50.110.142])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 9531130D;
 Tue, 18 Mar 2025 11:31:18 +0100 (CET)
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Sergey Trofimov <sarg@HIDDEN>
Subject: Re: [bug#77013] [PATCH] machine: hetzner: Allow connections using
 ssh-agent.
In-Reply-To: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN>
 (Sergey Trofimov's message of "Fri, 14 Mar 2025 16:06:54 +0100")
References: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN>
Date: Tue, 18 Mar 2025 11:31:17 +0100
Message-ID: <87iko6k4ui.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 8E68F545
X-Spamd-Result: default: False [5.98 / 15.00]; SPAM_FLAG(5.00)[];
 BAYES_HAM(-3.00)[99.99%]; NEURAL_SPAM(2.58)[0.861];
 SUSPICIOUS_RECIPS(1.50)[]; MIME_GOOD(-0.10)[text/plain];
 RCPT_COUNT_THREE(0.00)[4]; FROM_EQ_ENVFROM(0.00)[];
 FREEMAIL_CC(0.00)[debbugs.gnu.org,gmail.com,burningswell.com];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FREEMAIL_ENVRCPT(0.00)[gmail.com]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[];
 ARC_NA(0.00)[]
X-Spam-Level: *****
X-Rspamd-Action: greylist
X-Spamd-Bar: +++++
X-Rspamd-Server: hera
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Sergey Trofimov <sarg@HIDDEN> skribis: > *
 gnu/machine/hetzner.scm
 (<hetzner-configuration>): Add ssh-public-key. > * doc/guix.texi (System
 Configuration)[hetzner-configuration]: Document it. [...] 
 Content analysis details:   (1.7 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.233.100.1 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.233.100.1 listed in sa-accredit.habeas.com]
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL
 blocklist [URIs: sarg.org.ru]
 0.6 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL
 blocklist [URIs: sarg.org.ru]
X-Debbugs-Envelope-To: 77013
Cc: Roman Scherer <roman@HIDDEN>, 77013 <at> debbugs.gnu.org,
 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.7 (/)

Sergey Trofimov <sarg@HIDDEN> skribis:

> * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
> * doc/guix.texi (System Configuration)[hetzner-configuration]: Document i=
t.

[...]

> -@item @code{ssh-key}
> -The file name of the SSH private key to use to authenticate with the
> +@item @code{ssh-key} (default: @code{#f})
> +If specified, the path to the SSH private key to use to authenticate wit=
h the

s/path/file name/

At first sight the rest LGTM but I=E2=80=99ll let Roman comment.

Thanks,
Ludo=E2=80=99.




Information forwarded to guix-patches@HIDDEN:
bug#77013; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 14 Mar 2025 15:07:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 14 11:07:17 2025
Received: from localhost ([127.0.0.1]:35524 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tt6d2-0001Ti-T8
	for submit <at> debbugs.gnu.org; Fri, 14 Mar 2025 11:07:17 -0400
Received: from lists.gnu.org ([2001:470:142::17]:54322)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <sarg@HIDDEN>) id 1tt6cz-0001TM-OH
 for submit <at> debbugs.gnu.org; Fri, 14 Mar 2025 11:07:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <sarg@HIDDEN>) id 1tt6cs-00067e-Qd
 for guix-patches@HIDDEN; Fri, 14 Mar 2025 11:07:07 -0400
Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <sarg@HIDDEN>) id 1tt6cq-0004WR-MY
 for guix-patches@HIDDEN; Fri, 14 Mar 2025 11:07:06 -0400
Received: by mail-ed1-x52f.google.com with SMTP id
 4fb4d7f45d1cf-5e673822f76so3717059a12.2
 for <guix-patches@HIDDEN>; Fri, 14 Mar 2025 08:07:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=sarg.org.ru; s=google; t=1741964820; x=1742569620; darn=gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=;
 b=qxMZ6M4em4y49ZagrHB8DIjxkdCgEn1z1vLOAUzOhM2ZOqPz0MaJf/N5/hZGOdeXex
 3YvJfLlX8N1K2fZVb4OD3cIEjxSRokwuNlPIbFL3Nn8+2yv0qfr0LAjq0GsJLzHoDF1J
 r5PX73hTPx+D6MFC77sr2/UxQ0feafrdK6gmgO6uUVKZnn0PSP0riqfP/mk/6yzN7jBf
 7acEKUazitUsOaXy5+A7NtUiwjlJxOyBuRJWOiSq9GAUGaOuwZ5LrxPRVASil65urFnw
 S6B/sAJ3mpM2UW/fxBsf+o3HdBi4bePrdlPUXGm9nJZ+7vP+1PpGydalvZcbqPeZeGqf
 7wTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1741964820; x=1742569620;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=;
 b=aEr0j2zMJDWWGPsw+L66/fmsklcyV+cG3JLECQCYWamQLTujRjBWlROkK7W+DuAeFp
 MbNpFycV1pySs4YKQSeUTq50TtJ3Jbige0Bm6z1t4fw/1DOvrY8eMmnRE07CsPJoGGbb
 7rFbrXdSHReKM1P+2pNBmMXz5/CU1AeambvVA7Nrs7umCmwH4CMwvQvlbD51xi/Vgwq7
 9UtgWbsOSVgzCTLAC/5ZAKUBGiaf2qzZxP2wWh1UCXDfYkzerkDqI7Ak7+68WTAZ9ayw
 SKIsG8d4Zo2vN6RxTS+QkYIaWfUkhSDzcHE8JQ5+k20k7kOeFNec5QOQe6DztdAmwfjr
 UXRA==
X-Gm-Message-State: AOJu0Yx9x/TVw8OV9jE4LRVHK0sUeQxJfM3EBwDq09UK3Bk9uw7wbDyn
 Dxm2hCgXe/likxvSYXX3w8r8D4cc/wcJ2sRm/ol+js5llMILORCa4t6p4YVew9TSLAddRWs7Qg9
 Ja6A=
X-Gm-Gg: ASbGncsI7BKNv1ppHPz5G2n6nYMQFd4QgqSASjwF2nfMUImnvwLh2H1CD0nPwiaBjTd
 YKBnz5C4Bkm49VN2BwQJMcvjrH4rn71ShDjMXcftbpvU2V6FnYBUjaJoX+dflpHeGlM7nbAakiP
 MpGKHgHcioVQ5u/YUeu5ivHCGYKJpbaDcwmU7NWgSNnbbXeZWhdlen3dK8afqqKeteY6c9nzkmN
 XefEmcVDXp7qOsrFUuGVbeX+dQdgZPKkGbcAik7nkjF8PnomZ4OihfGogiIWNfaRgx+omeP1Rql
 dJYBuf6Lr9qQCJtw9Za50CL5qEJQ1j4+RhFC55qZZA==
X-Google-Smtp-Source: AGHT+IEM9Rl9gW/Y1lZvEmpYXGHubi6lloS3hBWNsaOe50WC5i4Rox1XrmiQnKuyCEo8v/79zzH07A==
X-Received: by 2002:a05:6402:518a:b0:5e7:97d2:6d10 with SMTP id
 4fb4d7f45d1cf-5e8a09faf23mr3482472a12.28.1741964819482; 
 Fri, 14 Mar 2025 08:06:59 -0700 (PDT)
Received: from localhost ([2a02:2454:a0a5:2400:a64e:31ff:fe38:fd6c])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-5e816afdfdbsm2039720a12.74.2025.03.14.08.06.57
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 14 Mar 2025 08:06:58 -0700 (PDT)
From: Sergey Trofimov <sarg@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] machine: hetzner: Allow connections using ssh-agent.
Date: Fri, 14 Mar 2025 16:06:54 +0100
Message-ID: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, Roman Scherer <roman@HIDDEN>
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::52f;
 envelope-from=sarg@HIDDEN; helo=mail-ed1-x52f.google.com
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 URIBL_SBL_A=0.1 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: * gnu/machine/hetzner.scm (<hetzner-configuration>): Add
 ssh-public-key.
 * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
 --- doc/guix.texi | 11 ++++++++--- gnu/machine/hetz [...] 
 Content analysis details:   (1.7 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL
 blocklist [URIs: sarg.org.ru]
 0.6 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL
 blocklist [URIs: sarg.org.ru]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
X-Debbugs-Envelope-To: submit
Cc: Sergey Trofimov <sarg@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.7 (/)

* gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
* doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
---
 doc/guix.texi           | 11 ++++++++---
 gnu/machine/hetzner.scm | 17 +++++++++++------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index d109877a32..49ac018913 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -45942,10 +45942,15 @@ Invoking guix deploy
 server type is currently not supported, since its rescue system is too
 small to bootstrap a Guix system from.
 
-@item @code{ssh-key}
-The file name of the SSH private key to use to authenticate with the
+@item @code{ssh-key} (default: @code{#f})
+If specified, the path to the SSH private key to use to authenticate with the
 remote host.
 
+@item @code{ssh-public-key} (default: extracted from @code{ssh-key})
+If specified, either a public key as returned by
+@code{string->public-key} or the path to the SSH public key to use to
+authenticate with the remote host.
+
 @end table
 
 When deploying a machine for the first time, the following steps are
@@ -46008,7 +46013,7 @@ Invoking guix deploy
        (environment hetzner-environment-type)
        (configuration (hetzner-configuration
                        (server-type "cpx51")
-                       (ssh-key "/home/charlie/.ssh/id_rsa")))))
+                       (ssh-public-key "/home/charlie/.ssh/id_rsa.pub")))))
 @end lisp
 
 @vindex GUIX_HETZNER_API_TOKEN
diff --git a/gnu/machine/hetzner.scm b/gnu/machine/hetzner.scm
index bc8d2efbd3..e8484e4d51 100644
--- a/gnu/machine/hetzner.scm
+++ b/gnu/machine/hetzner.scm
@@ -77,6 +77,7 @@ (define-module (gnu machine hetzner)
             hetzner-configuration-location
             hetzner-configuration-server-type
             hetzner-configuration-ssh-key
+            hetzner-configuration-ssh-public-key
             hetzner-configuration?
             hetzner-environment-type))
 
@@ -204,20 +205,24 @@ (define-record-type* <hetzner-configuration> hetzner-configuration
             (default "fsn1"))
   (server-type hetzner-configuration-server-type ; string
                (default "cx42"))
-  (ssh-key hetzner-configuration-ssh-key)) ; string
+  (ssh-public-key hetzner-configuration-ssh-public-key ; public-key | string
+                  (thunked)
+                  (default (public-key-from-file (hetzner-configuration-ssh-key this-hetzner-configuration)))
+                  (sanitize
+                   (lambda (value)
+                     (if (string? value) (public-key-from-file value) value))))
+  (ssh-key hetzner-configuration-ssh-key
+           (default #f))) ; #f | string
 
 (define (hetzner-configuration-ssh-key-fingerprint config)
   "Return the SSH public key fingerprint of CONFIG as a string."
-  (and-let* ((file-name (hetzner-configuration-ssh-key config))
-             (privkey (private-key-from-file file-name))
-             (pubkey (private-key->public-key privkey))
+  (and-let* ((pubkey (hetzner-configuration-ssh-public-key config))
              (hash (get-public-key-hash pubkey 'md5)))
     (bytevector->hex-string hash)))
 
 (define (hetzner-configuration-ssh-key-public config)
   "Return the SSH public key of CONFIG as a string."
-  (and-let* ((ssh-key (hetzner-configuration-ssh-key config))
-             (public-key (public-key-from-file ssh-key)))
+  (let ((public-key (hetzner-configuration-ssh-public-key config)))
     (format #f "ssh-~a ~a" (get-key-type public-key)
             (public-key->string public-key))))
 

base-commit: 9449ab3c2025820d2e6fd679fa7e34832b667ea7
--
2.48.1





Acknowledgement sent to Sergey Trofimov <sarg@HIDDEN>:
New bug report received and forwarded. Copy sent to ludo@HIDDEN, maxim.cournoyer@HIDDEN, roman@HIDDEN, guix-patches@HIDDEN. Full text available.
Report forwarded to ludo@HIDDEN, maxim.cournoyer@HIDDEN, roman@HIDDEN, guix-patches@HIDDEN:
bug#77013; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 18 Mar 2025 10:45:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.