GNU bug report logs

#77013 [PATCH] machine: hetzner: Allow connections using ssh-agent.

Package	Source(s)		Maintainer(s)
guix-patches		PTS Buildd Popcon

Reported by Sergey Trofimov <sarg@sarg.org.ru>
Date 2025-03-14T15:08:01
Severity normal
Tags patch
Done Ludovic Courtès <ludo@gnu.org>

Reply or subscribe to this bug. View this bug as an mbox, status mbox, or maintainer mbox

Report forwarded to ludo@gnu.org, maxim.cournoyer@gmail.com, roman@burningswell.com, guix-patches@gnu.org:
bug#77013; Package guix-patches. (Fri, 14 Mar 2025 15:08:02 GMT) (full text, mbox, link).

Acknowledgement sent to Sergey Trofimov <sarg@sarg.org.ru>:
New bug report received and forwarded. Copy sent to ludo@gnu.org, maxim.cournoyer@gmail.com, roman@burningswell.com, guix-patches@gnu.org. (Fri, 14 Mar 2025 15:08:02 GMT) (full text, mbox, link).

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

* gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
* doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
---
 doc/guix.texi           | 11 ++++++++---
 gnu/machine/hetzner.scm | 17 +++++++++++------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index d109877a32..49ac018913 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -45942,10 +45942,15 @@ Invoking guix deploy
 server type is currently not supported, since its rescue system is too
 small to bootstrap a Guix system from.
 
-@item @code{ssh-key}
-The file name of the SSH private key to use to authenticate with the
+@item @code{ssh-key} (default: @code{#f})
+If specified, the path to the SSH private key to use to authenticate with the
 remote host.
 
+@item @code{ssh-public-key} (default: extracted from @code{ssh-key})
+If specified, either a public key as returned by
+@code{string->public-key} or the path to the SSH public key to use to
+authenticate with the remote host.
+
 @end table
 
 When deploying a machine for the first time, the following steps are
@@ -46008,7 +46013,7 @@ Invoking guix deploy
        (environment hetzner-environment-type)
        (configuration (hetzner-configuration
                        (server-type "cpx51")
-                       (ssh-key "/home/charlie/.ssh/id_rsa")))))
+                       (ssh-public-key "/home/charlie/.ssh/id_rsa.pub")))))
 @end lisp
 
 @vindex GUIX_HETZNER_API_TOKEN
diff --git a/gnu/machine/hetzner.scm b/gnu/machine/hetzner.scm
index bc8d2efbd3..e8484e4d51 100644
--- a/gnu/machine/hetzner.scm
+++ b/gnu/machine/hetzner.scm
@@ -77,6 +77,7 @@ (define-module (gnu machine hetzner)
             hetzner-configuration-location
             hetzner-configuration-server-type
             hetzner-configuration-ssh-key
+            hetzner-configuration-ssh-public-key
             hetzner-configuration?
             hetzner-environment-type))
 
@@ -204,20 +205,24 @@ (define-record-type* <hetzner-configuration> hetzner-configuration
             (default "fsn1"))
   (server-type hetzner-configuration-server-type ; string
                (default "cx42"))
-  (ssh-key hetzner-configuration-ssh-key)) ; string
+  (ssh-public-key hetzner-configuration-ssh-public-key ; public-key | string
+                  (thunked)
+                  (default (public-key-from-file (hetzner-configuration-ssh-key this-hetzner-configuration)))
+                  (sanitize
+                   (lambda (value)
+                     (if (string? value) (public-key-from-file value) value))))
+  (ssh-key hetzner-configuration-ssh-key
+           (default #f))) ; #f | string
 
 (define (hetzner-configuration-ssh-key-fingerprint config)
   "Return the SSH public key fingerprint of CONFIG as a string."
-  (and-let* ((file-name (hetzner-configuration-ssh-key config))
-             (privkey (private-key-from-file file-name))
-             (pubkey (private-key->public-key privkey))
+  (and-let* ((pubkey (hetzner-configuration-ssh-public-key config))
              (hash (get-public-key-hash pubkey 'md5)))
     (bytevector->hex-string hash)))
 
 (define (hetzner-configuration-ssh-key-public config)
   "Return the SSH public key of CONFIG as a string."
-  (and-let* ((ssh-key (hetzner-configuration-ssh-key config))
-             (public-key (public-key-from-file ssh-key)))
+  (let ((public-key (hetzner-configuration-ssh-public-key config)))
     (format #f "ssh-~a ~a" (get-key-type public-key)
             (public-key->string public-key))))
 

base-commit: 9449ab3c2025820d2e6fd679fa7e34832b667ea7
--
2.48.1

Information forwarded to guix-patches@gnu.org:
bug#77013; Package guix-patches. (Tue, 18 Mar 2025 10:32:01 GMT) (full text, mbox, link).

Message #8 received at 77013@debbugs.gnu.org (full text, mbox, reply):

Sergey Trofimov <sarg@sarg.org.ru> skribis:

> * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
> * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.

[...]

> -@item @code{ssh-key}
> -The file name of the SSH private key to use to authenticate with the
> +@item @code{ssh-key} (default: @code{#f})
> +If specified, the path to the SSH private key to use to authenticate with the

s/path/file name/

At first sight the rest LGTM but I’ll let Roman comment.

Thanks,
Ludo’.

Reply sent to Ludovic Courtès <ludo@gnu.org>:
You have taken responsibility. (Sun, 06 Apr 2025 09:47:02 GMT) (full text, mbox, link).

Notification sent to Sergey Trofimov <sarg@sarg.org.ru>:
bug acknowledged by developer. (Sun, 06 Apr 2025 09:47:02 GMT) (full text, mbox, link).

Message #13 received at 77013-done@debbugs.gnu.org (full text, mbox, reply):

Hi Sergey,

Ludovic Courtès <ludo@gnu.org> skribis:

> Sergey Trofimov <sarg@sarg.org.ru> skribis:
>
>> * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
>> * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
>
> [...]
>
>> -@item @code{ssh-key}
>> -The file name of the SSH private key to use to authenticate with the
>> +@item @code{ssh-key} (default: @code{#f})
>> +If specified, the path to the SSH private key to use to authenticate with the
>
> s/path/file name/
>
> At first sight the rest LGTM but I’ll let Roman comment.

No news from Roman so I made the change above and applied it.

Thanks,
Ludo’.

Information forwarded to guix-patches@gnu.org:
bug#77013; Package guix-patches. (Sun, 06 Apr 2025 10:48:02 GMT) (full text, mbox, link).

Message #16 received at 77013-done@debbugs.gnu.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Hi Ludo,

sorry, I missed this one. I'm fine with the change.

Thanks for committing it.

Roman

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Sergey,
>
> Ludovic Courtès <ludo@gnu.org> skribis:
>
>> Sergey Trofimov <sarg@sarg.org.ru> skribis:
>>
>>> * gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
>>> * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
>>
>> [...]
>>
>>> -@item @code{ssh-key}
>>> -The file name of the SSH private key to use to authenticate with the
>>> +@item @code{ssh-key} (default: @code{#f})
>>> +If specified, the path to the SSH private key to use to authenticate with the
>>
>> s/path/file name/
>>
>> At first sight the rest LGTM but I’ll let Roman comment.
>
> No news from Roman so I made the change above and applied it.
>
> Thanks,
> Ludo’.

[signature.asc (application/pgp-signature, inline)]

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Fri Apr 18 13:16:00 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.