From patchwork Mon Sep 26 17:30:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Nieuwenhuizen X-Patchwork-Id: 16022 Received: (qmail 89004 invoked by uid 89); 26 Sep 2016 17:30:49 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.7 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 spammy=instantly, mes, Receiving, resolving X-Spam-Status: No, score=-4.7 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: lists.gnu.org Received: from lists.gnu.org (HELO lists.gnu.org) (208.118.235.17) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 26 Sep 2016 17:30:38 +0000 Received: from localhost ([::1]:45901 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boZjg-0004Nv-Vg for patchwork@sourceware.org; Mon, 26 Sep 2016 13:30:36 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48476) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boZjc-0004Nb-2b for guix-devel@gnu.org; Mon, 26 Sep 2016 13:30:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1boZjX-0003wT-Jg for guix-devel@gnu.org; Mon, 26 Sep 2016 13:30:31 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:48118) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boZjJ-0003sr-So; Mon, 26 Sep 2016 13:30:13 -0400 Received: from peder.onsbrabantnet.nl ([88.159.206.46]:35270 helo=dundal.peder.onsbrabantnet.nl) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1boZjI-0000rn-34; Mon, 26 Sep 2016 13:30:12 -0400 From: Jan Nieuwenhuizen To: ng0 Subject: Re: Network with QEMU generated image (guix system vm)? Organization: AvatarAcademy.nl References: <87pont13rh.fsf@we.make.ritual.n0.is> <87a8exaw96.fsf@gnu.org> <87vaxlrqbf.fsf@we.make.ritual.n0.is> <8760plaulz.fsf@gnu.org> <878tuh2e25.fsf@we.make.ritual.n0.is> X-Url: http://AvatarAcademy.nl Date: Mon, 26 Sep 2016 19:30:08 +0200 In-Reply-To: <878tuh2e25.fsf@we.make.ritual.n0.is> (ng0's message of "Sat, 24 Sep 2016 21:17:06 +0000") Message-ID: <87h9928t7j.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+patchwork=sourceware.org@gnu.org Sender: "Guix-devel" ng0 writes: > For a considerable long time and countless tries, that's why I'm asking > about any way to do this as it just does not work. Just about anything > which would work on GuixSD from a git checkout of guix.git is welcome. Find attached my ssh/lsh-seed hack to allow unattended entry into a vm and a minimal vm description. Here's what I did 19:18:45 janneke@dundal:~/src/guix $ guix system vm os.scm /gnu/store/4rqrzxz8amzq7j599sfr2vsbwy01fx04-run-vm.sh -net user,hostfwd=tcp::2223-:2222& 19:19:37 janneke@dundal:~/src/guix $ ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:2223 [wait] 19:19:40 janneke@dundal:~/src/guix $ ssh localhost -p 2223 .. RET RET janneke@os ~$ GIT_SSL_NO_VERIFY=1 git clone https://gitlab.com/janneke/mes.git Cloning into 'mes'... remote: Counting objects: 969, done. remote: Compressing objects: 100% (348/348), done. remote: Total 969 (delta 654), reused 886 (delta 610) Receiving objects: 100% (969/969), 316.35 KiB | 0 bytes/s, done. Resolving deltas: 100% (654/654), done. What I don't understand: sometimes the clone works instantly, sometimes I need to "wait a bit" until cloning or `ping gitlab.com' works. It seemed to be always immediately available when I added the mcron and rottlog test services, which confuses me even more. Might just be coincidence. Greetings, Jan From 8c8687407057ca9caa123905f7ca2e3feeffa203 Mon Sep 17 00:00:00 2001 From: Jan Nieuwenhuizen Date: Thu, 8 Sep 2016 14:09:28 +0200 Subject: [PATCH] gnu: Add lsh-seed, lsh-service: use it. --- gnu/packages/ssh.scm | 26 ++++++++++++++++++++++++++ gnu/services/ssh.scm | 7 +++++++ 2 files changed, 33 insertions(+) diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index b2612a4..5255848 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -517,3 +517,29 @@ manipulating key files.") authentication with SSH's so-called @dfn{interactive keyboard password authentication}.") (license license:gpl2+))) + +(use-modules (guix build-system trivial)) +(define-public lsh-seed + (package + (name "lsh-seed") + (version "0") + (source #f) + (build-system trivial-build-system) + (arguments + '(#:modules ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils)) + (let* ((source (assoc-ref %build-inputs "source")) + (out (assoc-ref %outputs "out")) + (etc (string-append out "/etc")) + (seed (string-append etc "/lsh-seed"))) + (mkdir-p etc) + (with-output-to-file seed + (lambda () (display "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"))) + (chmod seed #o400) + #t)))) + (home-page "http://localhost") + (synopsis "lsh-seed") + (description "lsh-seed") + (license license:gpl3+))) diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 462988c..96ba3d7 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -68,6 +68,13 @@ (define (lsh-initialization lsh host-key) "Return the gexp to initialize the LSH service for HOST-KEY." #~(begin + + (unless (file-exists? #$%yarrow-seed) + (when (file-exists? #$lsh-seed) + (mkdir-p (dirname #$%yarrow-seed)) + (copy-file (string-append #$lsh-seed "/etc/lsh-seed") #$%yarrow-seed) + (chmod #$%yarrow-seed #o400))) + (unless (file-exists? #$%yarrow-seed) (system* (string-append #$lsh "/bin/lsh-make-seed") "--sloppy" "-o" #$%yarrow-seed)) -- 2.9.3