[PATCH] machine: hetzner: Allow connections using ssh-agent.

  • Done
  • quality assurance status badge
Details
3 participants
  • Ludovic Courtès
  • Roman Scherer
  • Sergey Trofimov
Owner
unassigned
Submitted by
Sergey Trofimov
Severity
normal

Debbugs page

S
S
Sergey Trofimov wrote on 14 Mar 08:06 -0700
(address . guix-patches@gnu.org)(name . Sergey Trofimov)(address . sarg@sarg.org.ru)
03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@sarg.org.ru
* gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
* doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
---
doc/guix.texi | 11 ++++++++---
gnu/machine/hetzner.scm | 17 +++++++++++------
2 files changed, 19 insertions(+), 9 deletions(-)

Toggle diff (76 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index d109877a32..49ac018913 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -45942,10 +45942,15 @@ Invoking guix deploy
server type is currently not supported, since its rescue system is too
small to bootstrap a Guix system from.
-@item @code{ssh-key}
-The file name of the SSH private key to use to authenticate with the
+@item @code{ssh-key} (default: @code{#f})
+If specified, the path to the SSH private key to use to authenticate with the
remote host.
+@item @code{ssh-public-key} (default: extracted from @code{ssh-key})
+If specified, either a public key as returned by
+@code{string->public-key} or the path to the SSH public key to use to
+authenticate with the remote host.
+
@end table
When deploying a machine for the first time, the following steps are
@@ -46008,7 +46013,7 @@ Invoking guix deploy
(environment hetzner-environment-type)
(configuration (hetzner-configuration
(server-type "cpx51")
- (ssh-key "/home/charlie/.ssh/id_rsa")))))
+ (ssh-public-key "/home/charlie/.ssh/id_rsa.pub")))))
@end lisp
@vindex GUIX_HETZNER_API_TOKEN
diff --git a/gnu/machine/hetzner.scm b/gnu/machine/hetzner.scm
index bc8d2efbd3..e8484e4d51 100644
--- a/gnu/machine/hetzner.scm
+++ b/gnu/machine/hetzner.scm
@@ -77,6 +77,7 @@ (define-module (gnu machine hetzner)
hetzner-configuration-location
hetzner-configuration-server-type
hetzner-configuration-ssh-key
+ hetzner-configuration-ssh-public-key
hetzner-configuration?
hetzner-environment-type))
@@ -204,20 +205,24 @@ (define-record-type* <hetzner-configuration> hetzner-configuration
(default "fsn1"))
(server-type hetzner-configuration-server-type ; string
(default "cx42"))
- (ssh-key hetzner-configuration-ssh-key)) ; string
+ (ssh-public-key hetzner-configuration-ssh-public-key ; public-key | string
+ (thunked)
+ (default (public-key-from-file (hetzner-configuration-ssh-key this-hetzner-configuration)))
+ (sanitize
+ (lambda (value)
+ (if (string? value) (public-key-from-file value) value))))
+ (ssh-key hetzner-configuration-ssh-key
+ (default #f))) ; #f | string
(define (hetzner-configuration-ssh-key-fingerprint config)
"Return the SSH public key fingerprint of CONFIG as a string."
- (and-let* ((file-name (hetzner-configuration-ssh-key config))
- (privkey (private-key-from-file file-name))
- (pubkey (private-key->public-key privkey))
+ (and-let* ((pubkey (hetzner-configuration-ssh-public-key config))
(hash (get-public-key-hash pubkey 'md5)))
(bytevector->hex-string hash)))
(define (hetzner-configuration-ssh-key-public config)
"Return the SSH public key of CONFIG as a string."
- (and-let* ((ssh-key (hetzner-configuration-ssh-key config))
- (public-key (public-key-from-file ssh-key)))
+ (let ((public-key (hetzner-configuration-ssh-public-key config)))
(format #f "ssh-~a ~a" (get-key-type public-key)
(public-key->string public-key))))

base-commit: 9449ab3c2025820d2e6fd679fa7e34832b667ea7
--
2.48.1
L
L
Ludovic Courtès wrote on 18 Mar 03:31 -0700
(name . Sergey Trofimov)(address . sarg@sarg.org.ru)
87iko6k4ui.fsf@gnu.org
Sergey Trofimov <sarg@sarg.org.ru> skribis:

Toggle quote (3 lines)
> * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
> * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.

[...]

Toggle quote (5 lines)
> -@item @code{ssh-key}
> -The file name of the SSH private key to use to authenticate with the
> +@item @code{ssh-key} (default: @code{#f})
> +If specified, the path to the SSH private key to use to authenticate with the

s/path/file name/

At first sight the rest LGTM but I’ll let Roman comment.

Thanks,
Ludo’.
L
L
Ludovic Courtès wrote on 6 Apr 02:46 -0700
(name . Sergey Trofimov)(address . sarg@sarg.org.ru)
87wmbx1v3a.fsf@gnu.org
Hi Sergey,

Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (16 lines)
> Sergey Trofimov <sarg@sarg.org.ru> skribis:
>
>> * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
>> * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
>
> [...]
>
>> -@item @code{ssh-key}
>> -The file name of the SSH private key to use to authenticate with the
>> +@item @code{ssh-key} (default: @code{#f})
>> +If specified, the path to the SSH private key to use to authenticate with the
>
> s/path/file name/
>
> At first sight the rest LGTM but I’ll let Roman comment.

No news from Roman so I made the change above and applied it.

Thanks,
Ludo’.
Closed
R
R
Roman Scherer wrote on 6 Apr 03:47 -0700
(name . Ludovic Courtès)(address . ludo@gnu.org)
86ecy5r2gr.fsf@burningswell.com
Hi Ludo,

sorry, I missed this one. I'm fine with the change.

Thanks for committing it.

Roman

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (24 lines)
> Hi Sergey,
>
> Ludovic Courtès <ludo@gnu.org> skribis:
>
>> Sergey Trofimov <sarg@sarg.org.ru> skribis:
>>
>>> * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
>>> * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
>>
>> [...]
>>
>>> -@item @code{ssh-key}
>>> -The file name of the SSH private key to use to authenticate with the
>>> +@item @code{ssh-key} (default: @code{#f})
>>> +If specified, the path to the SSH private key to use to authenticate with the
>>
>> s/path/file name/
>>
>> At first sight the rest LGTM but I’ll let Roman comment.
>
> No news from Roman so I made the change above and applied it.
>
> Thanks,
> Ludo’.
-----BEGIN PGP SIGNATURE-----

iQFLBAEBCAA1FiEE0iajOdjfRIFd3gygPdpSUn0qwZkFAmfyW8QXHHJvbWFuQGJ1
cm5pbmdzd2VsbC5jb20ACgkQPdpSUn0qwZkSdQf6A+KiAbLsQLkxkC+6zlaU3gQn
mUib7f0hUMpyrDek/N22bHUVmufkAhp9Bh+uvytz0IKqxk72xiNz9k99ZLInsW79
SErX9zOCuxs2pCR0YOsd0AdioC988GFb7AloEGzA+dsFFUZjnBEBwgs/OR6oeOuL
T+VvXsHFpBdaCRRnCjkmWlaSEJwbhNvb7Fcl8BB7P1XEw47f9pCeYhHz/MIOua5c
JjM6r9hVha0RjkCzdq8YgGHDjHfxtMJ6Qitq0xBa7WyeomEL7X67PU7KqdVPzegc
UnR3QMf57YeQKa80CQCSSyY/8/Udoi7TSad0RqsghiaqkbA8KPBFdFuOjJYlZA==
=6KsE
-----END PGP SIGNATURE-----

Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 77013@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 77013
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch