From patchwork Thu Aug 15 08:05:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jakob L. Kreuze" X-Patchwork-Id: 14929 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 426CA172B3; Thu, 15 Aug 2019 09:06:22 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id C52F01729E for ; Thu, 15 Aug 2019 09:06:21 +0100 (BST) Received: from localhost ([::1]:39234 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAm5-0000Ck-6S for patchwork@mira.cbaines.net; Thu, 15 Aug 2019 04:06:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34587) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAlo-0008Lw-67 for guix-patches@gnu.org; Thu, 15 Aug 2019 04:06:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hyAlm-0004JJ-HA for guix-patches@gnu.org; Thu, 15 Aug 2019 04:06:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41747) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hyAlm-0004J9-D4 for guix-patches@gnu.org; Thu, 15 Aug 2019 04:06:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hyAlm-0004XN-6d for guix-patches@gnu.org; Thu, 15 Aug 2019 04:06:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#36957] [PATCH 1/5] machine: Allow non-root users to deploy. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 15 Aug 2019 08:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36957 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber Received: via spool by 36957-submit@debbugs.gnu.org id=B36957.156585631317379 (code B ref 36957); Thu, 15 Aug 2019 08:06:02 +0000 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:05:13 +0000 Received: from localhost ([127.0.0.1]:50568 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAky-0004WE-ON for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:05:13 -0400 Received: from mx.sdf.org ([205.166.94.20]:54536) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAkw-0004W3-V2 for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:05:11 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F853KI005090 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:05:07 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:05:04 -0400 In-Reply-To: <875zmy26u6.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:03:45 -0400") Message-ID: <871rxm26rz.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 36957@debbugs.gnu.org Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * doc/guix.texi (Invoking guix deploy): Add section describing prerequisites for deploying as a non-root user. * guix/remote.scm (remote-pipe-for-gexp): New optional 'become-command' argument. (%remote-eval): New optional 'become-command' argument. (remote-eval): New 'become-command' keyword argument. * guix/ssh.scm (remote-inferior): New optional 'become-command' argument. (inferior-remote-eval): New optional 'become-command' argument. (remote-authorize-signing-key): New optional 'become-command' argument. * gnu/machine/ssh.scm (machine-become-command): New variable. (managed-host-remote-eval): Invoke 'remote-eval' with the '#:become-command' keyword. (deploy-managed-host): Invoke 'remote-authorize-signing-key' with the '#:become-command' keyword. --- doc/guix.texi | 10 ++++++++ gnu/machine/ssh.scm | 8 +++++++ guix/remote.scm | 57 ++++++++++++++++++++++++++++----------------- guix/ssh.scm | 25 ++++++++++++++------ 4 files changed, 72 insertions(+), 28 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a7facf4701..e5cec7ad25 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -25514,6 +25514,7 @@ evaluates to. As an example, @var{file} might contain a definition like this: (environment managed-host-environment-type) (configuration (machine-ssh-configuration (host-name "localhost") + (user "alice") (identity "./id_rsa") (port 2222))))) @end example @@ -25546,6 +25547,15 @@ accepts store items it receives from the coordinator: # guix archive --authorize < coordinator-public-key.txt @end example +@code{user}, in this example, specifies the name of the user account to log in +as to perform the deployment. Its default value is @code{root}, but root +login over SSH may be forbidden in some cases. To work around this, +@command{guix deploy} can log in as an unprivileged user and employ +@code{sudo} to escalate privileges. This will only work if @code{sudo} is +currently installed on the remote and can be invoked non-interactively as +@code{user}. That is: the line in @code{sudoers} granting @code{user} the +ability to use @code{sudo} must contain the @code{NOPASSWD} tag. + @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 670990a633..fb15d39e61 100644 --- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -101,6 +101,14 @@ one from the configuration's parameters if one was not provided." ;;; Remote evaluation. ;;; +(define (machine-become-command machine) + "Return as a list of strings the program and arguments necessary to run a +shell command with escalated privileges for MACHINE's configuration." + (if (string= "root" (machine-ssh-configuration-user + (machine-configuration machine))) + '() + '("/run/setuid-programs/sudo" "-n" "--"))) + (define (managed-host-remote-eval machine exp) "Internal implementation of 'machine-remote-eval' for MACHINE instances with an environment type of 'managed-host." diff --git a/guix/remote.scm b/guix/remote.scm index bcac64ea7a..d8124e41ab 100644 --- a/guix/remote.scm +++ b/guix/remote.scm @@ -27,6 +27,8 @@ #:use-module (guix utils) #:use-module (ssh popen) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (ice-9 match) #:export (remote-eval)) @@ -41,29 +43,41 @@ ;;; ;;; Code: -(define (remote-pipe-for-gexp lowered session) - "Return a remote pipe for the given SESSION to evaluate LOWERED." +(define* (remote-pipe-for-gexp lowered session #:optional become-command) + "Return a remote pipe for the given SESSION to evaluate LOWERED. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." (define shell-quote (compose object->string object->string)) - (apply open-remote-pipe* session OPEN_READ - (string-append (derivation-input-output-path - (lowered-gexp-guile lowered)) - "/bin/guile") - "--no-auto-compile" - (append (append-map (lambda (directory) - `("-L" ,directory)) - (lowered-gexp-load-path lowered)) - (append-map (lambda (directory) - `("-C" ,directory)) - (lowered-gexp-load-path lowered)) - `("-c" - ,(shell-quote (lowered-gexp-sexp lowered)))))) + (define repl-command + (append (or become-command '()) + (list + (string-append (derivation-input-output-path + (lowered-gexp-guile lowered)) + "/bin/guile") + "--no-auto-compile") + (append-map (lambda (directory) + `("-L" ,directory)) + (lowered-gexp-load-path lowered)) + (append-map (lambda (directory) + `("-C" ,directory)) + (lowered-gexp-load-path lowered)) + `("-c" + ,(shell-quote (lowered-gexp-sexp lowered))))) -(define (%remote-eval lowered session) + (let ((pipe (apply open-remote-pipe* session OPEN_READ repl-command))) + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) + pipe)) + +(define* (%remote-eval lowered session #:optional become-command) "Evaluate LOWERED, a lowered gexp, in SESSION. This assumes that all the -prerequisites of EXP are already available on the host at SESSION." - (let* ((pipe (remote-pipe-for-gexp lowered session)) +prerequisites of EXP are already available on the host at SESSION. If +BECOME-COMMAND is given, use that to invoke the remote Guile REPL." + (let* ((pipe (remote-pipe-for-gexp lowered session become-command)) (result (read-repl-response pipe))) (close-port pipe) result)) @@ -92,7 +106,8 @@ result to the current output port using the (guix repl) protocol." (build-locally? #t) (system (%current-system)) (module-path %load-path) - (socket-name "/var/guix/daemon-socket/socket")) + (socket-name "/var/guix/daemon-socket/socket") + (become-command #f)) "Evaluate EXP, a gexp, on the host at SESSION, an SSH session. Ensure that all the elements EXP refers to are built and deployed to SESSION beforehand. When BUILD-LOCALLY? is true, said dependencies are built locally and sent to @@ -119,7 +134,7 @@ remote store." (built-derivations inputs) ((store-lift send-files) to-send remote #:recursive? #t) (return (close-connection remote)) - (return (%remote-eval lowered session)))) + (return (%remote-eval lowered session become-command)))) (let ((to-send (append (map (compose derivation-file-name derivation-input-derivation) inputs) @@ -128,4 +143,4 @@ remote store." ((store-lift send-files) to-send remote #:recursive? #t) (return (build-derivations remote inputs)) (return (close-connection remote)) - (return (%remote-eval lowered session))))))) + (return (%remote-eval lowered session become-command))))))) diff --git a/guix/ssh.scm b/guix/ssh.scm index 9b5ca68894..90311127a1 100644 --- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -98,16 +98,27 @@ specifies; otherwise use them. Throw an error on failure." (message (format #f (G_ "SSH connection to '~a' failed: ~a~%") host (get-error session)))))))))) -(define (remote-inferior session) - "Return a remote inferior for the given SESSION." - (let ((pipe (open-remote-pipe* session OPEN_BOTH - "guix" "repl" "-t" "machine"))) +(define* (remote-inferior session #:optional become-command) + "Return a remote inferior for the given SESSION. If BECOME-COMMAND is +given, use that to invoke the remote Guile REPL." + (let* ((repl-command (append (or become-command '()) + '("guix" "repl" "-t" "machine"))) + (pipe (apply open-remote-pipe* session OPEN_BOTH repl-command))) + ;; XXX: 'channel-get-exit-status' would be better here, but hangs if the + ;; process does succeed. This doesn't reflect the documentation, so it's + ;; possible that it's a bug in guile-ssh. + (when (eof-object? (peek-char pipe)) + (raise (condition + (&message + (message (format #f (G_ "failed to run '~{~a~^ ~}'") + repl-command)))))) (port->inferior pipe))) -(define (inferior-remote-eval exp session) +(define* (inferior-remote-eval exp session #:optional become-command) "Evaluate EXP in a new inferior running in SESSION, and close the inferior -right away." - (let ((inferior (remote-inferior session))) +right away. If BECOME-COMMAND is given, use that to invoke the remote Guile +REPL." + (let ((inferior (remote-inferior session become-command))) (dynamic-wind (const #t) (lambda () From patchwork Thu Aug 15 08:05:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jakob L. Kreuze" X-Patchwork-Id: 14931 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 77581172B3; Thu, 15 Aug 2019 09:07:12 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 057591729E for ; Thu, 15 Aug 2019 09:07:12 +0100 (BST) Received: from localhost ([::1]:39252 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAmt-0000tm-Dm for patchwork@mira.cbaines.net; Thu, 15 Aug 2019 04:07:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34699) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAml-0000sq-VS for guix-patches@gnu.org; Thu, 15 Aug 2019 04:07:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hyAmk-0004ij-3P for guix-patches@gnu.org; Thu, 15 Aug 2019 04:07:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41754) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hyAmj-0004ic-Vm for guix-patches@gnu.org; Thu, 15 Aug 2019 04:07:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hyAmj-0004ZF-Ov for guix-patches@gnu.org; Thu, 15 Aug 2019 04:07:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#36957] [PATCH 2/5] machine: Implement 'roll-back-machine'. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 15 Aug 2019 08:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36957 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber Received: via spool by 36957-submit@debbugs.gnu.org id=B36957.156585636417477 (code B ref 36957); Thu, 15 Aug 2019 08:07:01 +0000 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:06:04 +0000 Received: from localhost ([127.0.0.1]:50572 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAlo-0004Xo-AR for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:06:04 -0400 Received: from mx.sdf.org ([205.166.94.20]:54381) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAlm-0004XL-AX for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:06:02 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F85s4N003379 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:05:59 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:05:57 -0400 In-Reply-To: <871rxm26rz.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:05:04 -0400") Message-ID: <87wofezwd6.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 36957@debbugs.gnu.org Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/machine.scm (roll-back-machine, &deploy-error, deploy-error?) (deploy-error-should-roll-back) (deploy-error-captured-args): New variable. * gnu/machine/ssh.scm (roll-back-managed-host): New variable. * guix/scripts/deploy.scm (guix-deploy): Roll-back systems when a deployment fails. --- gnu/machine.scm | 27 +++++++++++++++- gnu/machine/ssh.scm | 72 +++++++++++++++++++++++++++++++++++++++-- guix/scripts/deploy.scm | 17 ++++++++-- 3 files changed, 110 insertions(+), 6 deletions(-) diff --git a/gnu/machine.scm b/gnu/machine.scm index 30ae97f6ec..05b03b21d4 100644 --- a/gnu/machine.scm +++ b/gnu/machine.scm @@ -24,6 +24,7 @@ #:use-module (guix records) #:use-module (guix store) #:use-module ((guix utils) #:select (source-properties->location)) + #:use-module (srfi srfi-35) #:export (environment-type environment-type? environment-type-name @@ -40,7 +41,13 @@ machine-display-name deploy-machine - machine-remote-eval)) + roll-back-machine + machine-remote-eval + + &deploy-error + deploy-error? + deploy-error-should-roll-back + deploy-error-captured-args)) ;;; Commentary: ;;; @@ -66,6 +73,7 @@ ;; of the form '(machine-remote-eval machine exp)'. (machine-remote-eval environment-type-machine-remote-eval) ; procedure (deploy-machine environment-type-deploy-machine) ; procedure + (roll-back-machine environment-type-roll-back-machine) ; procedure ;; Metadata. (name environment-type-name) ; symbol @@ -105,3 +113,20 @@ are built and deployed to MACHINE beforehand." MACHINE, activating it on MACHINE and switching MACHINE to the new generation." (let ((environment (machine-environment machine))) ((environment-type-deploy-machine environment) machine))) + +(define (roll-back-machine machine) + "Monadic procedure rolling back to the previous system generation on +MACHINE. Return the number of the generation that was current before switching +and the new generation number." + (let ((environment (machine-environment machine))) + ((environment-type-roll-back-machine environment) machine))) + + +;;; +;;; Error types. +;;; + +(define-condition-type &deploy-error &error + deploy-error? + (should-roll-back deploy-error-should-roll-back) + (captured-args deploy-error-captured-args)) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index fb15d39e61..4b5d5fe3a2 100644 --- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -17,6 +17,7 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu machine ssh) + #:use-module (gnu bootloader) #:use-module (gnu machine) #:autoload (gnu packages gnupg) (guile-gcrypt) #:use-module (gnu system) @@ -34,6 +35,7 @@ #:use-module (guix store) #:use-module (guix utils) #:use-module (ice-9 match) + #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) @@ -341,6 +343,18 @@ of MACHINE's system profile, ordered from most recent to oldest." (boot-parameters-kernel-arguments params)))))))) generations)))) +(define-syntax-rule (with-roll-back should-roll-back? mbody ...) + "Catch exceptions that arise when binding MBODY, a monadic expression in +%STORE-MONAD, and collect their arguments in a &deploy-error condition, with +the 'should-roll-back' field set to SHOULD-ROLL-BACK?" + (catch #t + (lambda () + mbody ...) + (lambda args + (raise (condition (&deploy-error + (should-roll-back should-roll-back?) + (captured-args args))))))) + (define (deploy-managed-host machine) "Internal implementation of 'deploy-machine' for MACHINE instances with an environment type of 'managed-host." @@ -353,9 +367,60 @@ environment type of 'managed-host." (bootloader-configuration (operating-system-bootloader os)) (bootcfg (operating-system-bootcfg os menu-entries))) (mbegin %store-monad - (switch-to-system eval os) - (upgrade-shepherd-services eval os) - (install-bootloader eval bootloader-configuration bootcfg))))) + (with-roll-back #f + (switch-to-system eval os)) + (with-roll-back #t + (mbegin %store-monad + (upgrade-shepherd-services eval os) + (install-bootloader eval bootloader-configuration bootcfg))))))) + + +;;; +;;; Roll-back. +;;; + +(define (roll-back-managed-host machine) + "Internal implementation of 'roll-back-machine' for MACHINE instances with +an environment type of 'managed-host." + (define remote-exp + (with-extensions (list guile-gcrypt) + (with-imported-modules (source-module-closure '((guix config) + (guix profiles))) + #~(begin + (use-modules (guix config) + (guix profiles)) + + (define %system-profile + (string-append %state-directory "/profiles/system")) + + (define target-generation + (relative-generation %system-profile -1)) + + (if target-generation + (switch-to-generation %system-profile target-generation) + 'error))))) + + (define roll-back-failure + (condition (&message (message (G_ "could not roll-back machine"))))) + + (mlet* %store-monad ((boot-parameters (machine-boot-parameters machine)) + (_ -> (if (< (length boot-parameters) 2) + (raise roll-back-failure))) + (entries -> (map boot-parameters->menu-entry + (list (second boot-parameters)))) + (old-entries -> (map boot-parameters->menu-entry + (drop boot-parameters 2))) + (bootloader -> (operating-system-bootloader + (machine-operating-system machine))) + (bootcfg (lower-object + ((bootloader-configuration-file-generator + (bootloader-configuration-bootloader + bootloader)) + bootloader entries + #:old-entries old-entries))) + (remote-result (machine-remote-eval machine remote-exp))) + (when (eqv? 'error remote-result) + (raise roll-back-failure)))) ;;; @@ -366,6 +431,7 @@ environment type of 'managed-host." (environment-type (machine-remote-eval managed-host-remote-eval) (deploy-machine deploy-managed-host) + (roll-back-machine roll-back-managed-host) (name 'managed-host-environment-type) (description "Provisioning for machines that are accessible over SSH and have a known host-name. This entails little more than maintaining an SSH diff --git a/guix/scripts/deploy.scm b/guix/scripts/deploy.scm index 81f2b33260..6a67985c8b 100644 --- a/guix/scripts/deploy.scm +++ b/guix/scripts/deploy.scm @@ -28,6 +28,8 @@ #:use-module (guix grafts) #:use-module (ice-9 format) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (srfi srfi-37) #:export (guix-deploy)) @@ -88,7 +90,18 @@ Perform the deployment specified by FILE.\n")) (with-store store (set-build-options-from-command-line store opts) (for-each (lambda (machine) - (info (G_ "deploying to ~a...") (machine-display-name machine)) + (info (G_ "deploying to ~a...~%") + (machine-display-name machine)) (parameterize ((%graft? (assq-ref opts 'graft?))) - (run-with-store store (deploy-machine machine)))) + (guard (c ((message-condition? c) + (report-error (G_ "failed to deploy ~a: '~a'~%") + (machine-display-name machine) + (condition-message c))) + ((deploy-error? c) + (when (deploy-error-should-roll-back c) + (info (G_ "rolling back ~a...~%") + (machine-display-name machine)) + (run-with-store store (roll-back-machine machine))) + (apply throw (deploy-error-captured-args c)))) + (run-with-store store (deploy-machine machine))))) machines)))) From patchwork Thu Aug 15 08:06:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jakob L. Kreuze" X-Patchwork-Id: 14930 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id A7A16172B3; Thu, 15 Aug 2019 09:07:11 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 576791729E for ; Thu, 15 Aug 2019 09:07:11 +0100 (BST) Received: from localhost ([::1]:39250 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAms-0000tY-Qt for patchwork@mira.cbaines.net; Thu, 15 Aug 2019 04:07:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34701) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAmm-0000sr-24 for guix-patches@gnu.org; Thu, 15 Aug 2019 04:07:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hyAmk-0004j4-LQ for guix-patches@gnu.org; Thu, 15 Aug 2019 04:07:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41755) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hyAmk-0004iy-HK for guix-patches@gnu.org; Thu, 15 Aug 2019 04:07:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hyAmk-0004ZM-A2 for guix-patches@gnu.org; Thu, 15 Aug 2019 04:07:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#36957] [PATCH 3/5] machine: Automatically authorize the coordinator's signing key. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 15 Aug 2019 08:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36957 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber Received: via spool by 36957-submit@debbugs.gnu.org id=B36957.156585640617534 (code B ref 36957); Thu, 15 Aug 2019 08:07:02 +0000 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:06:46 +0000 Received: from localhost ([127.0.0.1]:50575 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAmT-0004Yj-RR for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:06:46 -0400 Received: from mx.sdf.org ([205.166.94.20]:54231) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAmS-0004Yc-NT for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:06:45 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F86cFR009862 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:06:42 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> <87wofezwd6.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:06:41 -0400 In-Reply-To: <87wofezwd6.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:05:57 -0400") Message-ID: <87sgq2zwby.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 36957@debbugs.gnu.org Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. (deploy-managed-host): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. (Invoking guix deploy): Add section describing the 'authorize?' field. --- doc/guix.texi | 3 +++ gnu/machine/ssh.scm | 33 ++++++++++++++++++++++++++------- guix/ssh.scm | 23 +++++++++++++++++++++++ 3 files changed, 52 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index e5cec7ad25..d80f62970d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -25586,6 +25586,9 @@ with an @code{environment} of @code{managed-host-environment-type}. @item @code{system} The Nix system type describing the architecture of the machine being deployed to. This should look something like ``x86_64-linux''. +@item @code{authorize?} (default: @code{#t}) +If true, the coordinator's signing key will be added to the remote's ACL +keyring. @item @code{port} (default: @code{22}) @item @code{user} (default: @code{"root"}) @item @code{identity} (default: @code{#f}) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 4b5d5fe3a2..ac3aa3e370 100644 --- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -28,13 +28,16 @@ #:use-module (guix i18n) #:use-module (guix modules) #:use-module (guix monads) + #:use-module (guix pki) #:use-module (guix records) #:use-module (guix remote) #:use-module (guix scripts system reconfigure) #:use-module (guix ssh) #:use-module (guix store) #:use-module (guix utils) + #:use-module (gcrypt pk-crypto) #:use-module (ice-9 match) + #:use-module (ice-9 textual-ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) @@ -48,6 +51,7 @@ machine-ssh-configuration-host-name machine-ssh-configuration-build-locally? + machine-ssh-configuration-authorize? machine-ssh-configuration-port machine-ssh-configuration-user machine-ssh-configuration-session)) @@ -70,17 +74,19 @@ make-machine-ssh-configuration machine-ssh-configuration? this-machine-ssh-configuration - (host-name machine-ssh-configuration-host-name) ; string - (system machine-ssh-configuration-system) ; string - (build-locally? machine-ssh-configuration-build-locally? + (host-name machine-ssh-configuration-host-name) ; string + (system machine-ssh-configuration-system) ; string + (build-locally? machine-ssh-configuration-build-locally? ; boolean (default #t)) - (port machine-ssh-configuration-port ; integer + (authorize? machine-ssh-configuration-authorize? ; boolean + (default #t)) + (port machine-ssh-configuration-port ; integer (default 22)) - (user machine-ssh-configuration-user ; string + (user machine-ssh-configuration-user ; string (default "root")) - (identity machine-ssh-configuration-identity ; path to a private key + (identity machine-ssh-configuration-identity ; path to a private key (default #f)) - (session machine-ssh-configuration-session ; session + (session machine-ssh-configuration-session ; session (default #f))) (define (machine-ssh-session machine) @@ -359,6 +365,19 @@ the 'should-roll-back' field set to SHOULD-ROLL-BACK?" "Internal implementation of 'deploy-machine' for MACHINE instances with an environment type of 'managed-host." (maybe-raise-unsupported-configuration-error machine) + (when (machine-ssh-configuration-authorize? + (machine-configuration machine)) + (unless (file-exists? %public-key-file) + (raise (condition + (&message + (message (format #f (G_ "no signing key '~a'. \ +have you run 'guix archive --generate-key?'") + %public-key-file)))))) + (remote-authorize-signing-key (call-with-input-file %public-key-file + (lambda (port) + (string->canonical-sexp + (get-string-all port)))) + (machine-ssh-session machine))) (mlet %store-monad ((_ (check-deployment-sanity machine)) (boot-parameters (machine-boot-parameters machine))) (let* ((os (machine-operating-system machine)) diff --git a/guix/ssh.scm b/guix/ssh.scm index 90311127a1..24834c6f68 100644 --- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -21,6 +21,7 @@ #:use-module (guix inferior) #:use-module (guix i18n) #:use-module ((guix utils) #:select (&fix-hint)) + #:use-module (gcrypt pk-crypto) #:use-module (ssh session) #:use-module (ssh auth) #:use-module (ssh key) @@ -40,6 +41,7 @@ remote-daemon-channel connect-to-remote-daemon remote-system + remote-authorize-signing-key send-files retrieve-files retrieve-files* @@ -300,6 +302,27 @@ the machine on the other end of SESSION." (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-system)) session)) +(define (remote-authorize-signing-key key session) + "Send KEY, a canonical sexp containing a public key, over SESSION and add it +to the system ACL file if it has not yet been authorized." + (inferior-remote-eval + `(begin + (use-modules (guix build utils) + (guix pki) + (guix utils) + (gcrypt pk-crypto) + (srfi srfi-26)) + + (define acl (current-acl)) + (define key (string->canonical-sexp ,(canonical-sexp->string key))) + + (unless (authorized-key? key) + (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) + (mkdir-p (dirname %acl-file)) + (with-atomic-file-output %acl-file + (cut write-acl acl <>))))) + session)) + (define* (send-files local files remote #:key recursive? From patchwork Thu Aug 15 08:07:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jakob L. Kreuze" X-Patchwork-Id: 14932 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D0920172B3; Thu, 15 Aug 2019 09:08:10 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 9D40E1729E for ; Thu, 15 Aug 2019 09:08:10 +0100 (BST) Received: from localhost ([::1]:39258 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAnq-0001JY-3Z for patchwork@mira.cbaines.net; Thu, 15 Aug 2019 04:08:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34845) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAni-0001Fz-Uz for guix-patches@gnu.org; Thu, 15 Aug 2019 04:08:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hyAni-00057O-3e for guix-patches@gnu.org; Thu, 15 Aug 2019 04:08:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41759) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hyAni-00057G-0a for guix-patches@gnu.org; Thu, 15 Aug 2019 04:08:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hyAnh-0004b2-Pk for guix-patches@gnu.org; Thu, 15 Aug 2019 04:08:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#36957] [PATCH 4/5] doc: Add description of 'build-locally?'. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 15 Aug 2019 08:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36957 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber Received: via spool by 36957-submit@debbugs.gnu.org id=B36957.156585645517632 (code B ref 36957); Thu, 15 Aug 2019 08:08:01 +0000 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:07:35 +0000 Received: from localhost ([127.0.0.1]:50580 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAnH-0004aK-AZ for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:07:35 -0400 Received: from mx.sdf.org ([205.166.94.20]:54066) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAnF-0004aC-LF for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:07:34 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F87KI1015193 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:07:28 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> <87wofezwd6.fsf_-_@sdf.lonestar.org> <87sgq2zwby.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:07:19 -0400 In-Reply-To: <87sgq2zwby.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:06:41 -0400") Message-ID: <87o90qzwaw.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 36957@debbugs.gnu.org Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * doc/guix.texi (Invoking guix deploy): Add section describing the 'build-locally?' field of 'managed-host-environment-type'. --- doc/guix.texi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index d80f62970d..043851e418 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -25583,6 +25583,8 @@ with an @code{environment} of @code{managed-host-environment-type}. @table @asis @item @code{host-name} +@item @code{build-locally?} (default: @code{#t}) +If false, system derivations will be built on the machine being deployed to. @item @code{system} The Nix system type describing the architecture of the machine being deployed to. This should look something like ``x86_64-linux''. From patchwork Thu Aug 15 08:08:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jakob L. Kreuze" X-Patchwork-Id: 14933 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id AD098172B3; Thu, 15 Aug 2019 09:09:11 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 790201729E for ; Thu, 15 Aug 2019 09:09:11 +0100 (BST) Received: from localhost ([::1]:39266 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAoo-0003sn-Uk for patchwork@mira.cbaines.net; Thu, 15 Aug 2019 04:09:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34981) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyAoh-0003Xh-NM for guix-patches@gnu.org; Thu, 15 Aug 2019 04:09:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hyAog-0005dd-LT for guix-patches@gnu.org; Thu, 15 Aug 2019 04:09:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41764) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hyAog-0005dY-Hd for guix-patches@gnu.org; Thu, 15 Aug 2019 04:09:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hyAog-0004cl-BY for guix-patches@gnu.org; Thu, 15 Aug 2019 04:09:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#36957] [PATCH 5/5] remote: Use (%daemon-socket-uri) rather than hard-coded path. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 15 Aug 2019 08:09:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36957 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber Received: via spool by 36957-submit@debbugs.gnu.org id=B36957.156585650517724 (code B ref 36957); Thu, 15 Aug 2019 08:09:02 +0000 Received: (at 36957) by debbugs.gnu.org; 15 Aug 2019 08:08:25 +0000 Received: from localhost ([127.0.0.1]:50584 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAo5-0004bo-Ky for submit@debbugs.gnu.org; Thu, 15 Aug 2019 04:08:25 -0400 Received: from mx.sdf.org ([205.166.94.20]:53838) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyAo3-0004bg-WF for 36957@debbugs.gnu.org; Thu, 15 Aug 2019 04:08:24 -0400 Received: from Upsilon ([62.102.148.69]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x7F88IFL007726 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Thu, 15 Aug 2019 08:08:21 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> <87tvarjtgw.fsf@sdf.lonestar.org> <87h86jxyea.fsf@dustycloud.org> <875zmy26u6.fsf_-_@sdf.lonestar.org> <871rxm26rz.fsf_-_@sdf.lonestar.org> <87wofezwd6.fsf_-_@sdf.lonestar.org> <87sgq2zwby.fsf_-_@sdf.lonestar.org> <87o90qzwaw.fsf_-_@sdf.lonestar.org> Date: Thu, 15 Aug 2019 04:08:22 -0400 In-Reply-To: <87o90qzwaw.fsf_-_@sdf.lonestar.org> (Jakob L. Kreuze's message of "Thu, 15 Aug 2019 04:07:19 -0400") Message-ID: <87k1bezw95.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 36957@debbugs.gnu.org Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * guix/remote.scm (remote-eval): Use (%daemon-socket-uri) as the default value of 'socket-name' rather than hard-coded path. --- guix/remote.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guix/remote.scm b/guix/remote.scm index d8124e41ab..ae2fe17dd2 100644 --- a/guix/remote.scm +++ b/guix/remote.scm @@ -106,7 +106,7 @@ result to the current output port using the (guix repl) protocol." (build-locally? #t) (system (%current-system)) (module-path %load-path) - (socket-name "/var/guix/daemon-socket/socket") + (socket-name (%daemon-socket-uri)) (become-command #f)) "Evaluate EXP, a gexp, on the host at SESSION, an SSH session. Ensure that all the elements EXP refers to are built and deployed to SESSION beforehand.