emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#62966: closed ([PATCH 1/2] home: services: openssh: Add configuratio


From: GNU bug Tracking System
Subject: bug#62966: closed ([PATCH 1/2] home: services: openssh: Add configuration option for jump proxies)
Date: Fri, 21 Apr 2023 15:16:02 +0000

Your message dated Fri, 21 Apr 2023 17:15:21 +0200
with message-id <87leilgtbq.fsf@gnu.org>
and subject line Re: bug#62966: [PATCH 1/2] home: services: openssh: Add 
configuration option for jump proxies
has caused the debbugs.gnu.org bug report #62966,
regarding [PATCH 1/2] home: services: openssh: Add configuration option for 
jump proxies
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
62966: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=62966
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: [PATCH 1/2] home: services: openssh: Add configuration option for jump proxies Date: Thu, 20 Apr 2023 14:30:24 +0300
Add a new 'proxy' field to openssh-host to allow ProxyCommand or
ProxyJump, but not both, to be configured. Configuring both would cause
the serialization order to determine which one is used. Deprecate the
'proxy-command' field because the 'proxy' field replaces it.

* gnu/home/services/ssh.scm (proxy-jump->string,
proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list,
sanitize-proxy-command): New procedure.
(proxy-jump, proxy-command): New record type.
(openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH
can't have ProxyCommand and ProxyJump configured at the same time.
* doc/guix.texi (Secure Shell): Update to match the changes to the
service.
---
 doc/guix.texi             | 29 ++++++++++++++---
 gnu/home/services/ssh.scm | 65 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 89 insertions(+), 5 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index adb1975935..da25bba770 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -42618,10 +42618,31 @@ machine.
 @item @code{compression?} (default: @code{#f}) (type: boolean)
 Whether to compress data in transit.
 
-@item @code{proxy-command} (type: maybe-string)
-The command to use to connect to the server.  As an example, a command
-to connect via an HTTP proxy at 192.0.2.0 would be: @code{"nc -X connect
--x 192.0.2.0:8080 %h %p"}.
+@item @code{proxy} (type: maybe-proxy-command-or-jump-list)
+The command to use to connect to the server or a list of SSH hosts to
+jump through before connecting to the server.  The field may be set to either a
+@code{proxy-command} or a list of @code{proxy-jump} records.
+
+As an example, a @code{proxy-command} to connect via an HTTP proxy at 192.0.2.0
+would be constructed with: @code{(proxy-command "nc -X connect -x
+192.0.2.0:8080 %h %p")}.
+
+@deftp {Data Type} proxy-jump
+Available @code{proxy-jump} fields are:
+
+@table @asis
+@item @code{user} (type: maybe-string)
+User name on the remote host.
+
+@item @code{host-name} (type: string)
+Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}.
+
+@item @code{port} (type: maybe-natural-number)
+TCP port number to connect to.
+
+@end table
+
+@end deftp
 
 @item @code{host-key-algorithms} (type: maybe-string-list)
 The list of accepted host key algorithms---e.g.,
diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm
index 01917a29cd..6aeb6ad5a7 100644
--- a/gnu/home/services/ssh.scm
+++ b/gnu/home/services/ssh.scm
@@ -20,6 +20,7 @@
 (define-module (gnu home services ssh)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (guix deprecation)
   #:use-module (guix diagnostics)
   #:use-module (guix i18n)
   #:use-module (gnu services)
@@ -32,6 +33,8 @@ (define-module (gnu home services ssh)
   #:autoload   (gnu packages base) (glibc-utf8-locales)
   #:use-module (gnu packages ssh)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-9)
+  #:use-module (srfi srfi-9 gnu)
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
@@ -55,6 +58,12 @@ (define-module (gnu home services ssh)
             openssh-host-host-key-algorithms
             openssh-host-accepted-key-types
             openssh-host-extra-content
+            proxy-jump
+            proxy-jump-host-name
+            proxy-jump-port
+            proxy-jump-user
+            proxy-command
+            proxy-command->string
 
             home-openssh-service-type
             home-ssh-agent-service-type))
@@ -114,6 +123,54 @@ (define (serialize-string-list field lst)
 
 (define-maybe string-list)
 
+(define-record-type <proxy-command>
+  (proxy-command command)
+  proxy-command?
+  (command proxy-command->string))
+
+(set-record-type-printer! <proxy-command>
+  (lambda (obj port)
+    (format port "#<proxy-command ~s>" (proxy-command->string obj))))
+
+(define-configuration/no-serialization proxy-jump
+  (user
+   maybe-string
+   "User name on the remote host.")
+  (host-name
+   (string)
+   "Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}.")
+  (port
+   maybe-natural-number
+   "TCP port number to connect to."))
+
+(define (proxy-jump->string proxy-jump)
+  (match-record proxy-jump <proxy-jump>
+    (host-name user port)
+    (string-append
+      (if (maybe-value-set? user) (string-append user "@") "")
+      host-name
+      (if (maybe-value-set? port) (string-append ":" (number->string port)) 
""))))
+
+(define (proxy-command-or-jump-list? x)
+  (or (proxy-command? x)
+      (and (list? x)
+           (every proxy-jump? x))))
+
+(define (serialize-proxy-command-or-jump-list field value)
+  (if (proxy-command? value)
+    (serialize-string 'proxy-command (proxy-command->string value))
+    (serialize-string-list 'proxy-jump (map proxy-jump->string value))))
+
+(define-maybe proxy-command-or-jump-list)
+
+(define (sanitize-proxy-command properties)
+  (lambda (value)
+  (when (maybe-value-set? value)
+    (warn-about-deprecation 'proxy-command properties #:replacement 'proxy))
+  (unless (maybe-string? value)
+    (configuration-field-error (source-properties->location properties) 
'proxy-command value))
+  value))
+
 (define-configuration openssh-host
   (name
    (string)
@@ -155,7 +212,13 @@ (define-configuration openssh-host
    maybe-string
    "The command to use to connect to the server.  As an example, a command
 to connect via an HTTP proxy at 192.0.2.0 would be: @code{\"nc -X
-connect -x 192.0.2.0:8080 %h %p\"}.")
+connect -x 192.0.2.0:8080 %h %p\"}.  Using 'proxy-command' is deprecated, use
+'proxy' instead."
+   (sanitizer (sanitize-proxy-command (current-source-location))))
+  (proxy
+   maybe-proxy-command-or-jump-list
+   "The command to use to connect to the server or a list of SSH hosts to jump
+through before connecting to the server.")
   (host-key-algorithms
    maybe-string-list
    "The list of accepted host key algorithms---e.g.,

base-commit: a9f4b6ecd00112ae4fb04dfbe0f9cc86b042dbc5
-- 
2.39.2




--- End Message ---
--- Begin Message --- Subject: Re: bug#62966: [PATCH 1/2] home: services: openssh: Add configuration option for jump proxies Date: Fri, 21 Apr 2023 17:15:21 +0200 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Hi Saku,

Saku Laesvuori <saku@laesvuori.fi> skribis:

> Add a new 'proxy' field to openssh-host to allow ProxyCommand or
> ProxyJump, but not both, to be configured. Configuring both would cause
> the serialization order to determine which one is used. Deprecate the
> 'proxy-command' field because the 'proxy' field replaces it.
>
> * gnu/home/services/ssh.scm (proxy-jump->string,
> proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list,
> sanitize-proxy-command): New procedure.
> (proxy-jump, proxy-command): New record type.
> (openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH
> can't have ProxyCommand and ProxyJump configured at the same time.
> * doc/guix.texi (Secure Shell): Update to match the changes to the
> service.

Nice improvement.

> * doc/guix.texi (Secure Shell): Update openssh-host documentation to
> match the code.

Applied, thanks!

Ludo’.


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]