[bug#63786] [PATCH] home: services: ssh: Allow unset boolean

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#63786] [PATCH] home: services: ssh: Allow unset boolean

From:	Andrew Tropin
Subject:	[bug#63786] [PATCH] home: services: ssh: Allow unset boolean
Date:	Mon, 12 Jun 2023 08:58:18 +0400

On 2023-06-11 10:49, Efraim Flashner wrote:

> options in ssh-config.
> Reply-To: 
> X-PGP-Key-ID: 0x41AAE7DCCA3D8351
> X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
> X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
>
> For some reason this didn't get sent to the bug.
>
> -- 
> Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
> GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
> Confidentiality cannot be guaranteed on emails sent or received unencrypted
> From: Efraim Flashner <efraim@flashner.co.il>
> Subject: Re: bug#63786: [PATCH] home: services: ssh: Allow unset boolean 
> options in ssh-config.
> To: Ludovic Courtès <ludo@gnu.org>
> Date: Fri, 09 Jun 2023 16:24:26 +0300
>
> On Thu, Jun 08, 2023 at 10:57:37PM +0200, Ludovic Courtès wrote:
>> Hello!
>> 
>> Efraim Flashner <efraim@flashner.co.il> skribis:
>> 
>> >>From man 5 ssh_config:
>> > Unless noted otherwise, for each parameter, the first obtained value
>> > will be used.
>> >
>> > We want to allow falling through to the first actual user defined value.
>> 
>> What do you mean by “first actual user-defined value”?  This service is
>> what generates all the “user-defined values”, no?
>
> Right now my ~/.ssh/config has
>
> Host do1-tor
>     Hostname <insert tor address>
>     IdentityFile ~/.ssh/id_ed25519
> Host *.onion *-tor
>     #ProxyCommand 
> /gnu/store/dgvybjrj154f4cyfbkrbqyirv5gd8ic2-netcat-openbsd-1.218-2/bin/nc -X 
> 5 -x localhost:9050 %h %p
>     ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p
>     ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p
>     Compression yes
>
> The way the ssh config is read is that `ssh do1-tor` first matches
> do1-tor and then also matches *-tor, so I can factor our ProxyCommand,
> ControlPath and Compression for use with the other *-tor Hosts I have
> listed.
>
> This configuration could be
> (openssh-host (name "do1-tor")
>               (host-name <insert tor address>)
>               (identity-file "~/.ssh/id_ed25519"))
> (openssh-host (name "*-onion *-tor)
>               (compression? #t)
>               (proxy
>                (proxy-command ...))
>               (extra-content "  ControlPath ...\n"))
>
> If this is all I enter, then my .ssh/config is generated like this:
>
> Host do1-tor
>   Hostname <insert tor address>
>   IdentityFile ~/.ssh/id_ed25519
>   ForwardX11 no
>   ForwardX11Trusted no
>   ForwardAgent no
>   Compression no
> Host *.onion *-tor
>   ForwardX11 no
>   ForwardX11Trusted no
>   ForwardAgent no
>   Compression yes
>   ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p
>   ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p
>
> Compression might default to no, but in my hand crafted .ssh/config I've
> set it to yes for *-tor Hosts. Forward* might all default to no, and
> it's not set anywhere, but being explicit about the default here could
> cause problems if I want X11 forwarding across an entire range of hosts,
> not just individual ones.
>
>> Overall my take is that default values should be specified in our code
>> (as default values of configuration record fields) rather than left
>> unspecified.  I think this is clearer and more predictable than relying
>> on upstream’s default values.
>
> In general this is a good plan, but here it actually interferes with the
> expected configuration output. 'Fall through' is the default, not the
> actual default for each of the individual configuration options. They
> only get set if that field isn't set by any of the possibly multiple
> configuration matches set it first.

A few years ago, when we were implementing the first version of ssh home
service in rde we went a slightly different way and didn't hardcode any
record fields and let user set an alist of key/value pairs:
https://git.sr.ht/~abcdw/rde/tree/19c2d2f0996624eea8b7a87b14bbc31e4a9b943b/src/gnu/home-services/ssh.scm#L204

It's not a perfect solution either, but quite flexible.  Also, it's
relatively easy to implement default values: we can provide
%default-host-options and ask people to do something like this on user
side configuration:

(merge %default-host-options '((compression . #f)))

Of course "asking people" won't work, so it's possible to set a default
value of options field to %default-host-options
https://git.sr.ht/~abcdw/rde/tree/19c2d2f0996624eea8b7a87b14bbc31e4a9b943b/src/gnu/home-services/ssh.scm#L100
and let people override it with '((compression . #f)) or enrich with
(merge %default-host-options '((compression . #f))).

It's not a proposal or something, just sharing how it's implemented in
rde.


P.S. Note that (gnu home-services *) modules are subject to deprecation
and when (rde home services ssh) appear, it will have a slightly
different interface.

-- 
Best regards,
Andrew Tropin

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#63786] [PATCH] home: services: ssh: Allow unset boolean, Efraim Flashner, 2023/06/11
- [bug#63786] [PATCH] home: services: ssh: Allow unset boolean, Andrew Tropin <=
  - bug#63786: [PATCH] home: services: ssh: Allow unset boolean, Efraim Flashner, 2023/06/14

Prev by Date: [bug#63984] [PATCH emacs-team 0/2] Start preparing for Emacs 29
Next by Date: [bug#63863] [PATCH] gnu: home: Add support for home-pipewire-service
Previous by thread: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean
Next by thread: bug#63786: [PATCH] home: services: ssh: Allow unset boolean
Index(es):
- Date
- Thread