Add an internal SFTP server to the OpenSSH service.

DoneSubmitted by Clément Lassieur.
Details
4 participants
  • Clément Lassieur
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Severity
normal
C
C
Clément Lassieur wrote on 19 Mar 2017 17:32
(address . guix-patches@gnu.org)
87wpbl1b3m.fsf@lassieur.org
The goal of this patchset is to add a 'subsystems' field to<openssh-configuration>, whose default value would be an internal SFTPserver.
I also added a test for this SFTP server, as asked by Ludovic. For thistest, I needed to abstract the session connection and authenticationstuff: I took inspiration from the Guile-SSH tests.
Previous thread was:http://lists.gnu.org/archive/html/guix-devel/2017-03/msg00461.html.
Comments are welcome :)Clément
C
C
Clément Lassieur wrote on 19 Mar 2017 17:35
[PATCH 1/4] services: openssh: Cosmetic changes.
(address . 26173@debbugs.gnu.org)
20170319163507.3583-1-clement@lassieur.org
* gnu/services/ssh.scm (<openssh-configuration>): Reformat to fit in 80columns.
Signed-off-by: Clément Lassieur <clement@lassieur.org>--- gnu/services/ssh.scm | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-)
Toggle diff (56 lines)diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scmindex d8a3ad35a..6272d53fc 100644--- a/gnu/services/ssh.scm+++ b/gnu/services/ssh.scm@@ -260,28 +260,39 @@ The other options should be self-descriptive." (define-record-type* <openssh-configuration> openssh-configuration make-openssh-configuration openssh-configuration?- (openssh openssh-configuration-openssh ;package+ ;; <package>+ (openssh openssh-configuration-openssh (default openssh))+ ;; string (pid-file openssh-configuration-pid-file (default "/var/run/sshd.pid"))- (port-number openssh-configuration-port-number ;integer+ ;; integer+ (port-number openssh-configuration-port-number (default 22))- (permit-root-login openssh-configuration-permit-root-login ;Boolean | 'without-password+ ;; Boolean | 'without-password+ (permit-root-login openssh-configuration-permit-root-login (default #f))- (allow-empty-passwords? openssh-configuration-allow-empty-passwords? ;Boolean+ ;; Boolean+ (allow-empty-passwords? openssh-configuration-allow-empty-passwords? (default #f))- (password-authentication? openssh-configuration-password-authentication? ;Boolean+ ;; Boolean+ (password-authentication? openssh-configuration-password-authentication? (default #t))+ ;; Boolean (public-key-authentication? openssh-configuration-public-key-authentication?- (default #t)) ;Boolean- (x11-forwarding? openssh-configuration-x11-forwarding? ;Boolean+ (default #t))+ ;; Boolean+ (x11-forwarding? openssh-configuration-x11-forwarding? (default #f))+ ;; Boolean (challenge-response-authentication? openssh-challenge-response-authentication?- (default #f)) ;Boolean+ (default #f))+ ;; Boolean (use-pam? openssh-configuration-use-pam?- (default #t)) ;Boolean+ (default #t))+ ;; Boolean (print-last-log? openssh-configuration-print-last-log?- (default #t))) ;Boolean+ (default #t))) (define %openssh-accounts (list (user-group (name "sshd") (system? #t))-- 2.12.0
C
C
Clément Lassieur wrote on 19 Mar 2017 17:35
[PATCH 2/4] services: openssh: Add 'subsystems' option.
(address . 26173@debbugs.gnu.org)
20170319163507.3583-2-clement@lassieur.org
* gnu/services/ssh.scm (openssh-config-file): Add it.(<openssh-configuration>)[subsystems]: Add it.* doc/guix.texi (Networking Services): Document it.
Signed-off-by: Clément Lassieur <clement@lassieur.org>--- doc/guix.texi | 9 ++++++ gnu/services/ssh.scm | 81 +++++++++++++++++++++++++++++----------------------- 2 files changed, 55 insertions(+), 35 deletions(-)
Toggle diff (121 lines)diff --git a/doc/guix.texi b/doc/guix.texiindex 50e794400..8bc7f3e39 100644--- a/doc/guix.texi+++ b/doc/guix.texi@@ -9511,6 +9511,15 @@ equivalent role to password authentication, you should disable either @item @code{print-last-log?} (default: @code{#t}) Specifies whether @command{sshd} should print the date and time of the last user login when a user logs in interactively.++@item @code{subsystems} (default: @code{'(("sftp" "internal-sftp"))})+Configures external subsystems (e.g. file transfer daemon).++This is a list of two-element lists, each of which containing the+subsystem name and a command (with optional arguments) to execute upon+subsystem request.++The command @command{internal-sftp} implements an in-process SFTP server. @end table @end deftp diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scmindex 6272d53fc..b7f9887b3 100644--- a/gnu/services/ssh.scm+++ b/gnu/services/ssh.scm@@ -292,7 +292,10 @@ The other options should be self-descriptive." (default #t)) ;; Boolean (print-last-log? openssh-configuration-print-last-log?- (default #t)))+ (default #t))+ ;; list of two-element lists+ (subsystems openssh-configuration-subsystems+ (default '(("sftp" "internal-sftp"))))) (define %openssh-accounts (list (user-group (name "sshd") (system? #t))@@ -327,40 +330,48 @@ The other options should be self-descriptive." "Return the sshd configuration file corresponding to CONFIG." (computed-file "sshd_config"- #~(call-with-output-file #$output- (lambda (port)- (display "# Generated by 'openssh-service'.\n" port)- (format port "Port ~a\n"- #$(number->string (openssh-configuration-port-number config)))- (format port "PermitRootLogin ~a\n"- #$(match (openssh-configuration-permit-root-login config)- (#t "yes")- (#f "no")- ('without-password "without-password")))- (format port "PermitEmptyPasswords ~a\n"- #$(if (openssh-configuration-allow-empty-passwords? config)- "yes" "no"))- (format port "PasswordAuthentication ~a\n"- #$(if (openssh-configuration-password-authentication? config)- "yes" "no"))- (format port "PubkeyAuthentication ~a\n"- #$(if (openssh-configuration-public-key-authentication? config)- "yes" "no"))- (format port "X11Forwarding ~a\n"- #$(if (openssh-configuration-x11-forwarding? config)- "yes" "no"))- (format port "PidFile ~a\n"- #$(openssh-configuration-pid-file config))- (format port "ChallengeResponseAuthentication ~a\n"- #$(if (openssh-challenge-response-authentication? config)- "yes" "no"))- (format port "UsePAM ~a\n"- #$(if (openssh-configuration-use-pam? config)- "yes" "no"))- (format port "PrintLastLog ~a\n"- #$(if (openssh-configuration-print-last-log? config)- "yes" "no"))- #t))))+ #~(begin+ (use-modules (ice-9 match))+ (call-with-output-file #$output+ (lambda (port)+ (display "# Generated by 'openssh-service'.\n" port)+ (format port "Port ~a\n"+ #$(number->string+ (openssh-configuration-port-number config)))+ (format port "PermitRootLogin ~a\n"+ #$(match (openssh-configuration-permit-root-login config)+ (#t "yes")+ (#f "no")+ ('without-password "without-password")))+ (format port "PermitEmptyPasswords ~a\n"+ #$(if (openssh-configuration-allow-empty-passwords? config)+ "yes" "no"))+ (format port "PasswordAuthentication ~a\n"+ #$(if (openssh-configuration-password-authentication? config)+ "yes" "no"))+ (format port "PubkeyAuthentication ~a\n"+ #$(if (openssh-configuration-public-key-authentication?+ config)+ "yes" "no"))+ (format port "X11Forwarding ~a\n"+ #$(if (openssh-configuration-x11-forwarding? config)+ "yes" "no"))+ (format port "PidFile ~a\n"+ #$(openssh-configuration-pid-file config))+ (format port "ChallengeResponseAuthentication ~a\n"+ #$(if (openssh-challenge-response-authentication? config)+ "yes" "no"))+ (format port "UsePAM ~a\n"+ #$(if (openssh-configuration-use-pam? config)+ "yes" "no"))+ (format port "PrintLastLog ~a\n"+ #$(if (openssh-configuration-print-last-log? config)+ "yes" "no"))+ (for-each+ (match-lambda+ ((name command) (format port "Subsystem\t~a\t~a\n" name command)))+ '#$(openssh-configuration-subsystems config))+ #t))))) (define (openssh-shepherd-service config) "Return a <shepherd-service> for openssh with CONFIG."-- 2.12.0
C
C
Clément Lassieur wrote on 19 Mar 2017 17:35
[PATCH 3/4] tests: ssh: Abstract session connection and authentication.
(address . 26173@debbugs.gnu.org)
20170319163507.3583-3-clement@lassieur.org
* gnu/tests/ssh.scm (run-ssh-test): Introduce make-session-for-test,call-with-connected-session and call-with-connected-session/auth.(run-ssh-test)["connect"]: Rename to "shell command". Abstract its sessionconnection and authentication work into the above three functions.
Signed-off-by: Clément Lassieur <clement@lassieur.org>--- gnu/tests/ssh.scm | 79 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 50 insertions(+), 29 deletions(-)
Toggle diff (107 lines)diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scmindex 456476e69..fae4dff25 100644--- a/gnu/tests/ssh.scm+++ b/gnu/tests/ssh.scm@@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; ;;; This file is part of GNU Guix. ;;;@@ -101,6 +102,44 @@ empty-password logins." (error "file didn't show up" ,file)))) marionette)) + (define (make-session-for-test)+ "Make a session with predefined parameters for a test."+ (make-session #:user "root"+ #:port 2222+ #:host "localhost"+ #:log-verbosity 'protocol))++ (define (call-with-connected-session proc)+ "Call the one-argument procedure PROC with a freshly created and+connected SSH session object, return the result of the procedure call. The+session is disconnected when the PROC is finished."+ (let ((session (make-session-for-test)))+ (dynamic-wind+ (lambda ()+ (let ((result (connect! session)))+ (unless (equal? result 'ok)+ (error "Could not connect to a server"+ session result))))+ (lambda () (proc session))+ (lambda () (disconnect! session)))))++ (define (call-with-connected-session/auth proc)+ "Make an authenticated session. We should be able to connect as+root with an empty password."+ (call-with-connected-session+ (lambda (session)+ (let loop ((methods (list (cut userauth-password! <> "")+ (cut userauth-none! <>))))+ (match methods+ (()+ (error "all the authentication methods failed"))+ ((auth rest ...)+ (match (pk 'auth (auth session))+ ('success+ (proc session))+ ('denied+ (loop rest)))))))))+ (mkdir #$output) (chdir #$output) @@ -131,37 +170,19 @@ empty-password logins." (current-services)))) marionette)) - ;; Connect to the guest over SSH. We should be able to connect as- ;; "root" with an empty password. Make sure we can run a shell+ ;; Connect to the guest over SSH. Make sure we can run a shell ;; command there.- (test-equal "connect"+ (test-equal "shell command" 'hello- (let* ((session (make-session #:user "root"- #:port 2222 #:host "localhost"- #:log-verbosity 'protocol)))- (match (connect! session)- ('ok- ;; Try the simple authentication methods. Dropbear- ;; requires 'none' when there are no passwords, whereas- ;; OpenSSH accepts 'password' with an empty password.- (let loop ((methods (list (cut userauth-password! <> "")- (cut userauth-none! <>))))- (match methods- (()- (error "all the authentication methods failed"))- ((auth rest ...)- (match (pk 'auth (auth session))- ('success- ;; FIXME: 'get-server-public-key' segfaults.- ;; (get-server-public-key session)- (let ((channel (make-channel session)))- (channel-open-session channel)- (channel-request-exec channel- "echo hello > /root/witness")- (and (zero? (channel-get-exit-status channel))- (wait-for-file "/root/witness"))))- ('denied- (loop rest))))))))))+ (call-with-connected-session/auth+ (lambda (session)+ ;; FIXME: 'get-server-public-key' segfaults.+ ;; (get-server-public-key session)+ (let ((channel (make-channel session)))+ (channel-open-session channel)+ (channel-request-exec channel "echo hello > /root/witness")+ (and (zero? (channel-get-exit-status channel))+ (wait-for-file "/root/witness")))))) (test-end) (exit (= (test-runner-fail-count (test-runner-current)) 0)))))-- 2.12.0
C
C
Clément Lassieur wrote on 19 Mar 2017 17:35
[PATCH 4/4] tests: ssh: Add a test for SFTP.
(address . 26173@debbugs.gnu.org)
20170319163507.3583-4-clement@lassieur.org
* gnu/tests/ssh.scm (run-ssh-test): Introduce "SFTP file writing and reading".Make 'sftp' a keyword parameter.
Signed-off-by: Clément Lassieur <clement@lassieur.org>--- gnu/tests/ssh.scm | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-)
Toggle diff (56 lines)diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scmindex fae4dff25..8e656abff 100644--- a/gnu/tests/ssh.scm+++ b/gnu/tests/ssh.scm@@ -55,7 +55,7 @@ (services (cons service (operating-system-user-services %base-os))))) -(define (run-ssh-test name ssh-service pid-file)+(define* (run-ssh-test name ssh-service pid-file #:key (sftp #f)) "Run a test of an OS running SSH-SERVICE, which writes its PID to PID-FILE. SSH-SERVICE must be configured to listen on port 22 and to allow for root and empty-password logins."@@ -81,7 +81,8 @@ empty-password logins." (ice-9 match) (ssh session) (ssh auth)- (ssh channel))+ (ssh channel)+ (ssh sftp)) (define marionette ;; Enable TCP forwarding of the guest's port 22.@@ -184,6 +185,20 @@ root with an empty password." (and (zero? (channel-get-exit-status channel)) (wait-for-file "/root/witness")))))) + ;; Connect to the guest over SFTP. Make sure we can write and+ ;; read a file there.+ (when #$sftp+ (test-equal "SFTP file writing and reading"+ 'hello+ (call-with-connected-session/auth+ (lambda (session)+ (let ((sftp-session (make-sftp-session session))+ (witness "/root/sftp-witness"))+ (call-with-remote-output-file sftp-session witness+ (cut display "hello" <>))+ (call-with-remote-input-file sftp-session witness+ read))))))+ (test-end) (exit (= (test-runner-fail-count (test-runner-current)) 0))))) @@ -200,7 +215,8 @@ root with an empty password." (openssh-configuration (permit-root-login #t) (allow-empty-passwords? #t)))- "/var/run/sshd.pid"))))+ "/var/run/sshd.pid"+ #:sftp #t)))) (define %test-dropbear (system-test-- 2.12.0
L
L
Ludovic Courtès wrote on 20 Mar 2017 21:17
Re: bug#26173: [PATCH 1/4] services: openssh: Cosmetic changes.
(name . Clément Lassieur)(address . clement@lassieur.org)(address . 26173@debbugs.gnu.org)
87var3u2ir.fsf@gnu.org
Clément Lassieur <clement@lassieur.org> skribis:
Toggle quote (3 lines)> * gnu/services/ssh.scm (<openssh-configuration>): Reformat to fit in 80> columns.
OK, why not. :-)
Ludo’.
L
L
Ludovic Courtès wrote on 20 Mar 2017 21:18
Re: bug#26173: [PATCH 2/4] services: openssh: Add 'subsystems' option.
(name . Clément Lassieur)(address . clement@lassieur.org)(address . 26173@debbugs.gnu.org)
87r31ru2fj.fsf@gnu.org
Clément Lassieur <clement@lassieur.org> skribis:
Toggle quote (4 lines)> * gnu/services/ssh.scm (openssh-config-file): Add it.> (<openssh-configuration>)[subsystems]: Add it.> * doc/guix.texi (Networking Services): Document it.
[...]
Toggle quote (9 lines)> +@item @code{subsystems} (default: @code{'(("sftp" "internal-sftp"))})> +Configures external subsystems (e.g. file transfer daemon).> +> +This is a list of two-element lists, each of which containing the> +subsystem name and a command (with optional arguments) to execute upon> +subsystem request.> +> +The command @command{internal-sftp} implements an in-process SFTP server.
Maybe you can add an @example for the external SFTP server, just to showwhat the syntax is like.
Otherwise LGTM, thanks!
Ludo’.
L
L
Ludovic Courtès wrote on 20 Mar 2017 21:21
Re: bug#26173: [PATCH 3/4] tests: ssh: Abstract session connection and authentication.
(name . Clément Lassieur)(address . clement@lassieur.org)(address . 26173@debbugs.gnu.org)
87mvcfu2ay.fsf@gnu.org
Clément Lassieur <clement@lassieur.org> skribis:
Toggle quote (5 lines)> * gnu/tests/ssh.scm (run-ssh-test): Introduce make-session-for-test,> call-with-connected-session and call-with-connected-session/auth.> (run-ssh-test)["connect"]: Rename to "shell command". Abstract its session> connection and authentication work into the above three functions.
It looks nicer with this change, cool!
Toggle quote (8 lines)> - (match (connect! session)> - ('ok> - ;; Try the simple authentication methods. Dropbear> - ;; requires 'none' when there are no passwords, whereas> - ;; OpenSSH accepts 'password' with an empty password.> - (let loop ((methods (list (cut userauth-password! <> "")> - (cut userauth-none! <>))))
This comment vanished in the refactoring but it might be worth keeping.
Otherwise LGTM, thanks!
Ludo’.
L
L
Ludovic Courtès wrote on 20 Mar 2017 21:25
Re: bug#26173: [PATCH 4/4] tests: ssh: Add a test for SFTP.
(name . Clément Lassieur)(address . clement@lassieur.org)(address . 26173@debbugs.gnu.org)
87h92nu24z.fsf@gnu.org
Clément Lassieur <clement@lassieur.org> skribis:
Toggle quote (3 lines)> * gnu/tests/ssh.scm (run-ssh-test): Introduce "SFTP file writing and reading".> Make 'sftp' a keyword parameter.
Woohoo!
Please also mention the change to ‘%test-openssh’.
Toggle quote (5 lines)> +(define* (run-ssh-test name ssh-service pid-file #:key (sftp #f))> "Run a test of an OS running SSH-SERVICE, which writes its PID to PID-FILE.> SSH-SERVICE must be configured to listen on port 22 and to allow for root and> empty-password logins."
Nitpick: call it ‘sftp?’ (with a question mark) to make it clear it’s aBoolean, and mention it in the docstring.
Toggle quote (5 lines)> + ;; Connect to the guest over SFTP. Make sure we can write and> + ;; read a file there.> + (when #$sftp> + (test-equal "SFTP file writing and reading"
You can write it like this:
(unless #$sftp? (test-skip 1))
(test-equal …)
That way the test will be marked as skipped when SFTP support ismissing, which is marginally nicer.
Thanks for taking the time to write this test!
Ludo’.
C
C
Clément Lassieur wrote on 21 Mar 2017 01:01
Re: bug#26173: [PATCH 3/4] tests: ssh: Abstract session connection and authentication.
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26173@debbugs.gnu.org)
87r31r7b1c.fsf@lassieur.org
Ludovic Courtès <ludo@gnu.org> writes:
Toggle quote (19 lines)> Clément Lassieur <clement@lassieur.org> skribis:>>> * gnu/tests/ssh.scm (run-ssh-test): Introduce make-session-for-test,>> call-with-connected-session and call-with-connected-session/auth.>> (run-ssh-test)["connect"]: Rename to "shell command". Abstract its session>> connection and authentication work into the above three functions.>> It looks nicer with this change, cool!>>> - (match (connect! session)>> - ('ok>> - ;; Try the simple authentication methods. Dropbear>> - ;; requires 'none' when there are no passwords, whereas>> - ;; OpenSSH accepts 'password' with an empty password.>> - (let loop ((methods (list (cut userauth-password! <> "")>> - (cut userauth-none! <>))))>> This comment vanished in the refactoring but it might be worth keeping.
Oh! Sorry, that wasn't intentional.
Toggle quote (3 lines)> Otherwise LGTM, thanks!>> Ludo’.
C
C
Clément Lassieur wrote on 21 Mar 2017 01:03
Re: bug#26173: [PATCH 4/4] tests: ssh: Add a test for SFTP.
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26173@debbugs.gnu.org)
87pohb7ayv.fsf@lassieur.org
Ludovic Courtès <ludo@gnu.org> writes:
Toggle quote (34 lines)> Clément Lassieur <clement@lassieur.org> skribis:>>> * gnu/tests/ssh.scm (run-ssh-test): Introduce "SFTP file writing and reading".>> Make 'sftp' a keyword parameter.>> Woohoo!>> Please also mention the change to ‘%test-openssh’.>>> +(define* (run-ssh-test name ssh-service pid-file #:key (sftp #f))>> "Run a test of an OS running SSH-SERVICE, which writes its PID to PID-FILE.>> SSH-SERVICE must be configured to listen on port 22 and to allow for root and>> empty-password logins.">> Nitpick: call it ‘sftp?’ (with a question mark) to make it clear it’s a> Boolean, and mention it in the docstring.>>> + ;; Connect to the guest over SFTP. Make sure we can write and>> + ;; read a file there.>> + (when #$sftp>> + (test-equal "SFTP file writing and reading">> You can write it like this:>> (unless #$sftp?> (test-skip 1))>> (test-equal …)>> That way the test will be marked as skipped when SFTP support is> missing, which is marginally nicer.>> Thanks for taking the time to write this test!
Thank you for the review :)
I'll send an updated patchset.
Clément
C
C
Clément Lassieur wrote on 21 Mar 2017 01:04
[PATCH 1/4] services: openssh: Cosmetic changes.
(address . 26173@debbugs.gnu.org)
20170321000445.23129-1-clement@lassieur.org
* gnu/services/ssh.scm (<openssh-configuration>): Reformat to fit in 80columns.
Signed-off-by: Clément Lassieur <clement@lassieur.org>--- gnu/services/ssh.scm | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-)
Toggle diff (56 lines)diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scmindex d8a3ad35a..6272d53fc 100644--- a/gnu/services/ssh.scm+++ b/gnu/services/ssh.scm@@ -260,28 +260,39 @@ The other options should be self-descriptive." (define-record-type* <openssh-configuration> openssh-configuration make-openssh-configuration openssh-configuration?- (openssh openssh-configuration-openssh ;package+ ;; <package>+ (openssh openssh-configuration-openssh (default openssh))+ ;; string (pid-file openssh-configuration-pid-file (default "/var/run/sshd.pid"))- (port-number openssh-configuration-port-number ;integer+ ;; integer+ (port-number openssh-configuration-port-number (default 22))- (permit-root-login openssh-configuration-permit-root-login ;Boolean | 'without-password+ ;; Boolean | 'without-password+ (permit-root-login openssh-configuration-permit-root-login (default #f))- (allow-empty-passwords? openssh-configuration-allow-empty-passwords? ;Boolean+ ;; Boolean+ (allow-empty-passwords? openssh-configuration-allow-empty-passwords? (default #f))- (password-authentication? openssh-configuration-password-authentication? ;Boolean+ ;; Boolean+ (password-authentication? openssh-configuration-password-authentication? (default #t))+ ;; Boolean (public-key-authentication? openssh-configuration-public-key-authentication?- (default #t)) ;Boolean- (x11-forwarding? openssh-configuration-x11-forwarding? ;Boolean+ (default #t))+ ;; Boolean+ (x11-forwarding? openssh-configuration-x11-forwarding? (default #f))+ ;; Boolean (challenge-response-authentication? openssh-challenge-response-authentication?- (default #f)) ;Boolean+ (default #f))+ ;; Boolean (use-pam? openssh-configuration-use-pam?- (default #t)) ;Boolean+ (default #t))+ ;; Boolean (print-last-log? openssh-configuration-print-last-log?- (default #t))) ;Boolean+ (default #t))) (define %openssh-accounts (list (user-group (name "sshd") (system? #t))-- 2.12.0
C
C
Clément Lassieur wrote on 21 Mar 2017 01:04
[PATCH 2/4] services: openssh: Add 'subsystems' option.
(address . 26173@debbugs.gnu.org)
20170321000445.23129-2-clement@lassieur.org
* gnu/services/ssh.scm (openssh-config-file): Add it.(<openssh-configuration>)[subsystems]: Add it.* doc/guix.texi (Networking Services): Document it.
Signed-off-by: Clément Lassieur <clement@lassieur.org>--- doc/guix.texi | 16 +++++++++++ gnu/services/ssh.scm | 81 +++++++++++++++++++++++++++++----------------------- 2 files changed, 62 insertions(+), 35 deletions(-)
Toggle diff (128 lines)diff --git a/doc/guix.texi b/doc/guix.texiindex 297141288..63291e33e 100644--- a/doc/guix.texi+++ b/doc/guix.texi@@ -9511,6 +9511,22 @@ equivalent role to password authentication, you should disable either @item @code{print-last-log?} (default: @code{#t}) Specifies whether @command{sshd} should print the date and time of the last user login when a user logs in interactively.++@item @code{subsystems} (default: @code{'(("sftp" "internal-sftp"))})+Configures external subsystems (e.g. file transfer daemon).++This is a list of two-element lists, each of which containing the+subsystem name and a command (with optional arguments) to execute upon+subsystem request.++The command @command{internal-sftp} implements an in-process SFTP+server. Alternately, one can specify the @command{sftp-server} command:+@example+(service openssh-service-type+ (openssh-configuration+ (subsystems+ '(("sftp" "/run/current-system/profile/libexec/sftp-server")))))+@end example @end table @end deftp diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scmindex 6272d53fc..b7f9887b3 100644--- a/gnu/services/ssh.scm+++ b/gnu/services/ssh.scm@@ -292,7 +292,10 @@ The other options should be self-descriptive." (default #t)) ;; Boolean (print-last-log? openssh-configuration-print-last-log?- (default #t)))+ (default #t))+ ;; list of two-element lists+ (subsystems openssh-configuration-subsystems+ (default '(("sftp" "internal-sftp"))))) (define %openssh-accounts (list (user-group (name "sshd") (system? #t))@@ -327,40 +330,48 @@ The other options should be self-descriptive." "Return the sshd configuration file corresponding to CONFIG." (computed-file "sshd_config"- #~(call-with-output-file #$output- (lambda (port)- (display "# Generated by 'openssh-service'.\n" port)- (format port "Port ~a\n"- #$(number->string (openssh-configuration-port-number config)))- (format port "PermitRootLogin ~a\n"- #$(match (openssh-configuration-permit-root-login config)- (#t "yes")- (#f "no")- ('without-password "without-password")))- (format port "PermitEmptyPasswords ~a\n"- #$(if (openssh-configuration-allow-empty-passwords? config)- "yes" "no"))- (format port "PasswordAuthentication ~a\n"- #$(if (openssh-configuration-password-authentication? config)- "yes" "no"))- (format port "PubkeyAuthentication ~a\n"- #$(if (openssh-configuration-public-key-authentication? config)- "yes" "no"))- (format port "X11Forwarding ~a\n"- #$(if (openssh-configuration-x11-forwarding? config)- "yes" "no"))- (format port "PidFile ~a\n"- #$(openssh-configuration-pid-file config))- (format port "ChallengeResponseAuthentication ~a\n"- #$(if (openssh-challenge-response-authentication? config)- "yes" "no"))- (format port "UsePAM ~a\n"- #$(if (openssh-configuration-use-pam? config)- "yes" "no"))- (format port "PrintLastLog ~a\n"- #$(if (openssh-configuration-print-last-log? config)- "yes" "no"))- #t))))+ #~(begin+ (use-modules (ice-9 match))+ (call-with-output-file #$output+ (lambda (port)+ (display "# Generated by 'openssh-service'.\n" port)+ (format port "Port ~a\n"+ #$(number->string+ (openssh-configuration-port-number config)))+ (format port "PermitRootLogin ~a\n"+ #$(match (openssh-configuration-permit-root-login config)+ (#t "yes")+ (#f "no")+ ('without-password "without-password")))+ (format port "PermitEmptyPasswords ~a\n"+ #$(if (openssh-configuration-allow-empty-passwords? config)+ "yes" "no"))+ (format port "PasswordAuthentication ~a\n"+ #$(if (openssh-configuration-password-authentication? config)+ "yes" "no"))+ (format port "PubkeyAuthentication ~a\n"+ #$(if (openssh-configuration-public-key-authentication?+ config)+ "yes" "no"))+ (format port "X11Forwarding ~a\n"+ #$(if (openssh-configuration-x11-forwarding? config)+ "yes" "no"))+ (format port "PidFile ~a\n"+ #$(openssh-configuration-pid-file config))+ (format port "ChallengeResponseAuthentication ~a\n"+ #$(if (openssh-challenge-response-authentication? config)+ "yes" "no"))+ (format port "UsePAM ~a\n"+ #$(if (openssh-configuration-use-pam? config)+ "yes" "no"))+ (format port "PrintLastLog ~a\n"+ #$(if (openssh-configuration-print-last-log? config)+ "yes" "no"))+ (for-each+ (match-lambda+ ((name command) (format port "Subsystem\t~a\t~a\n" name command)))+ '#$(openssh-configuration-subsystems config))+ #t))))) (define (openssh-shepherd-service config) "Return a <shepherd-service> for openssh with CONFIG."-- 2.12.0
C
C
Clément Lassieur wrote on 21 Mar 2017 01:04
[PATCH 3/4] tests: ssh: Abstract session connection and authentication.
(address . 26173@debbugs.gnu.org)
20170321000445.23129-3-clement@lassieur.org
* gnu/tests/ssh.scm (run-ssh-test): Introduce make-session-for-test,call-with-connected-session and call-with-connected-session/auth.(run-ssh-test)["connect"]: Rename to "shell command". Abstract its sessionconnection and authentication work into the above three functions.
Signed-off-by: Clément Lassieur <clement@lassieur.org>--- gnu/tests/ssh.scm | 82 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 53 insertions(+), 29 deletions(-)
Toggle diff (110 lines)diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scmindex 456476e69..7779b7156 100644--- a/gnu/tests/ssh.scm+++ b/gnu/tests/ssh.scm@@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; ;;; This file is part of GNU Guix. ;;;@@ -101,6 +102,47 @@ empty-password logins." (error "file didn't show up" ,file)))) marionette)) + (define (make-session-for-test)+ "Make a session with predefined parameters for a test."+ (make-session #:user "root"+ #:port 2222+ #:host "localhost"+ #:log-verbosity 'protocol))++ (define (call-with-connected-session proc)+ "Call the one-argument procedure PROC with a freshly created and+connected SSH session object, return the result of the procedure call. The+session is disconnected when the PROC is finished."+ (let ((session (make-session-for-test)))+ (dynamic-wind+ (lambda ()+ (let ((result (connect! session)))+ (unless (equal? result 'ok)+ (error "Could not connect to a server"+ session result))))+ (lambda () (proc session))+ (lambda () (disconnect! session)))))++ (define (call-with-connected-session/auth proc)+ "Make an authenticated session. We should be able to connect as+root with an empty password."+ (call-with-connected-session+ (lambda (session)+ ;; Try the simple authentication methods. Dropbear requires+ ;; 'none' when there are no passwords, whereas OpenSSH accepts+ ;; 'password' with an empty password.+ (let loop ((methods (list (cut userauth-password! <> "")+ (cut userauth-none! <>))))+ (match methods+ (()+ (error "all the authentication methods failed"))+ ((auth rest ...)+ (match (pk 'auth (auth session))+ ('success+ (proc session))+ ('denied+ (loop rest)))))))))+ (mkdir #$output) (chdir #$output) @@ -131,37 +173,19 @@ empty-password logins." (current-services)))) marionette)) - ;; Connect to the guest over SSH. We should be able to connect as- ;; "root" with an empty password. Make sure we can run a shell+ ;; Connect to the guest over SSH. Make sure we can run a shell ;; command there.- (test-equal "connect"+ (test-equal "shell command" 'hello- (let* ((session (make-session #:user "root"- #:port 2222 #:host "localhost"- #:log-verbosity 'protocol)))- (match (connect! session)- ('ok- ;; Try the simple authentication methods. Dropbear- ;; requires 'none' when there are no passwords, whereas- ;; OpenSSH accepts 'password' with an empty password.- (let loop ((methods (list (cut userauth-password! <> "")- (cut userauth-none! <>))))- (match methods- (()- (error "all the authentication methods failed"))- ((auth rest ...)- (match (pk 'auth (auth session))- ('success- ;; FIXME: 'get-server-public-key' segfaults.- ;; (get-server-public-key session)- (let ((channel (make-channel session)))- (channel-open-session channel)- (channel-request-exec channel- "echo hello > /root/witness")- (and (zero? (channel-get-exit-status channel))- (wait-for-file "/root/witness"))))- ('denied- (loop rest))))))))))+ (call-with-connected-session/auth+ (lambda (session)+ ;; FIXME: 'get-server-public-key' segfaults.+ ;; (get-server-public-key session)+ (let ((channel (make-channel session)))+ (channel-open-session channel)+ (channel-request-exec channel "echo hello > /root/witness")+ (and (zero? (channel-get-exit-status channel))+ (wait-for-file "/root/witness")))))) (test-end) (exit (= (test-runner-fail-count (test-runner-current)) 0)))))-- 2.12.0
C
C
Clément Lassieur wrote on 21 Mar 2017 01:04
[PATCH 4/4] tests: ssh: Add a test for SFTP.
(address . 26173@debbugs.gnu.org)
20170321000445.23129-4-clement@lassieur.org
* gnu/tests/ssh.scm (run-ssh-test): Introduce "SFTP file writing and reading".Make 'sftp?' a keyword parameter.(%test-openssh): Pass #:sftp? #t to 'run-ssh-test'.
Signed-off-by: Clément Lassieur <clement@lassieur.org>--- gnu/tests/ssh.scm | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-)
Toggle diff (63 lines)diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scmindex 7779b7156..c1582c473 100644--- a/gnu/tests/ssh.scm+++ b/gnu/tests/ssh.scm@@ -55,10 +55,12 @@ (services (cons service (operating-system-user-services %base-os))))) -(define (run-ssh-test name ssh-service pid-file)+(define* (run-ssh-test name ssh-service pid-file #:key (sftp? #f)) "Run a test of an OS running SSH-SERVICE, which writes its PID to PID-FILE. SSH-SERVICE must be configured to listen on port 22 and to allow for root and-empty-password logins."+empty-password logins.++When SFTP? is true, run an SFTP server test." (mlet* %store-monad ((os -> (marionette-operating-system (os-with-service ssh-service) #:imported-modules '((gnu services herd)@@ -81,7 +83,8 @@ empty-password logins." (ice-9 match) (ssh session) (ssh auth)- (ssh channel))+ (ssh channel)+ (ssh sftp)) (define marionette ;; Enable TCP forwarding of the guest's port 22.@@ -187,6 +190,21 @@ root with an empty password." (and (zero? (channel-get-exit-status channel)) (wait-for-file "/root/witness")))))) + ;; Connect to the guest over SFTP. Make sure we can write and+ ;; read a file there.+ (unless #$sftp?+ (test-skip 1))+ (test-equal "SFTP file writing and reading"+ 'hello+ (call-with-connected-session/auth+ (lambda (session)+ (let ((sftp-session (make-sftp-session session))+ (witness "/root/sftp-witness"))+ (call-with-remote-output-file sftp-session witness+ (cut display "hello" <>))+ (call-with-remote-input-file sftp-session witness+ read)))))+ (test-end) (exit (= (test-runner-fail-count (test-runner-current)) 0))))) @@ -203,7 +221,8 @@ root with an empty password." (openssh-configuration (permit-root-login #t) (allow-empty-passwords? #t)))- "/var/run/sshd.pid"))))+ "/var/run/sshd.pid"+ #:sftp? #t)))) (define %test-dropbear (system-test-- 2.12.0
L
L
Leo Famulari wrote on 21 Mar 2017 01:41
(name . Clément Lassieur)(address . clement@lassieur.org)(address . 26173@debbugs.gnu.org)
20170321004111.GA6290@jasmine
On Tue, Mar 21, 2017 at 01:04:45AM +0100, Clément Lassieur wrote:
Toggle quote (6 lines)> * gnu/tests/ssh.scm (run-ssh-test): Introduce "SFTP file writing and reading".> Make 'sftp?' a keyword parameter.> (%test-openssh): Pass #:sftp? #t to 'run-ssh-test'.> > Signed-off-by: Clément Lassieur <clement@lassieur.org>
No need to "sign off" on your own patches. In Guix, we use this fieldwhen we commit a patch on behalf of somebody else.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAljQdqQACgkQJkb6MLrKfwj79g/8CvF5yk9y/7M1m8EOWSG3NdqF4WUzPkHxfuH9Xvdh9nwy1Ug3/YVNMtvtA704rfJJFfjXKdz1oVwF9mbd2ot/QdstRZdwVcg0nmqJ5pV9qyXC+6hMPqVaNuIqK3j48s37lzPqxBv9X+qqnsTwwD+LjG4ZdDRKjTj/tENl0+lcSNURq1GzTenf9PCOTqaGsBnps4FPKkOspIrI6GJIVL8MxzCO6YQdZD4Lu+l3JlDcMf3GQYSkrvIpq35Xo110VKtqG3qgQ08/dFqrBLOPagM5Nqf6TNKoMA9dg53KQDFRxQcsjb4Gs3KqAsZJq2H7VYZEIRmNLQ0KgCei0PCoQIx7irKjrfMFgsfiOPQ+T7NzWgFI8zxS0l/T3ZDOBn1w9Z+miST60FAi0s+dKoBaBXHS1m6OT976wfsMpAS/x1Qbnq9x08gAmZCINFHzX6JHu0bH5Xd4IT+xtP/PrH502bxMczSQxiw5tG+t3vg7vQbv6KmFGLcGSvYRXow6YjlWB5QWWi/FnDfMxy8DAzn9T6JQk2tr9++e5Mthns4it4ncuFL6+1u4/qEKhhsKIYDlYo6Vb38QwOmI+oCY9g8AaFRktyrsHbpyxGrH1EQVm5Me/gPd0/IGmD9Gdtt/VKIFubwAs08v1nDTgcZY8RDGvD2ODrmOHzueY+xhwulzbV16U8g==8FgC-----END PGP SIGNATURE-----

C
C
Clément Lassieur wrote on 21 Mar 2017 09:11
(name . Leo Famulari)(address . leo@famulari.name)(address . 26173@debbugs.gnu.org)
87mvcfoxqr.fsf@lassieur.org
Leo Famulari <leo@famulari.name> writes:
Toggle quote (10 lines)> On Tue, Mar 21, 2017 at 01:04:45AM +0100, Clément Lassieur wrote:>> * gnu/tests/ssh.scm (run-ssh-test): Introduce "SFTP file writing and reading".>> Make 'sftp?' a keyword parameter.>> (%test-openssh): Pass #:sftp? #t to 'run-ssh-test'.>> >> Signed-off-by: Clément Lassieur <clement@lassieur.org>>> No need to "sign off" on your own patches. In Guix, we use this field> when we commit a patch on behalf of somebody else.
Ok! I could not find anything about it in HACKING. Is this writtensomewhere else? Or maybe we should update HACKING?
M
M
Marius Bakke wrote on 21 Mar 2017 13:13
(address . 26173@debbugs.gnu.org)
87o9wu6d4w.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me
Clément Lassieur <clement@lassieur.org> writes:
Toggle quote (15 lines)> Leo Famulari <leo@famulari.name> writes:>>> On Tue, Mar 21, 2017 at 01:04:45AM +0100, Clément Lassieur wrote:>>> * gnu/tests/ssh.scm (run-ssh-test): Introduce "SFTP file writing and reading".>>> Make 'sftp?' a keyword parameter.>>> (%test-openssh): Pass #:sftp? #t to 'run-ssh-test'.>>> >>> Signed-off-by: Clément Lassieur <clement@lassieur.org>>>>> No need to "sign off" on your own patches. In Guix, we use this field>> when we commit a patch on behalf of somebody else.>> Ok! I could not find anything about it in HACKING. Is this written> somewhere else? Or maybe we should update HACKING?
This sounds like a good idea. There are some contributors who don't usethe '-s' flag to `git am` too, such that one has to use `git log--format=full` to see who committed/reviewed a patch.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAljRGP8ACgkQoqBt8qM6VPphpAf/fvbb/mUnpv7kvPKUxodD1cVVVdr0tJNhVnhwwQXCQsncINRxGsyB7BGGkvkILcWtlmw7bBTUox1tEox5pBeotJWN8/D4/+mSYs3f/hCv7EjuWHHTeLoEdoMzHCrGcnCoAgkaRElyQ7h3nE3+FjC6QyXpgDK0qAVjFmGMcdLefgxGYz4WW8ZddIQWTVYPIBN5OG5mWbtefugCtfor6GdvKDWIUmOPbkS4S15LWehiG8X1NKCto/+4Bv9GPugZcmrR53zQJQ81BI1MiWUsp2icH9LU+tj9PTXmHPnDcqzt3Ey607uZW0wypoTIG5sx5yW216QQRZHOOQPNbd2rnZTwyg===YThE-----END PGP SIGNATURE-----
L
L
Ludovic Courtès wrote on 21 Mar 2017 15:23
Re: bug#26173: [PATCH 2/4] services: openssh: Add 'subsystems' option.
(name . Clément Lassieur)(address . clement@lassieur.org)(address . 26173@debbugs.gnu.org)
87a88e1zeq.fsf@gnu.org
Clément Lassieur <clement@lassieur.org> skribis:
Toggle quote (4 lines)> * gnu/services/ssh.scm (openssh-config-file): Add it.> (<openssh-configuration>)[subsystems]: Add it.> * doc/guix.texi (Networking Services): Document it.
[...]
Toggle quote (9 lines)> +The command @command{internal-sftp} implements an in-process SFTP> +server. Alternately, one can specify the @command{sftp-server} command:> +@example> +(service openssh-service-type> + (openssh-configuration> + (subsystems> + '(("sftp" "/run/current-system/profile/libexec/sftp-server")))))> +@end example
Maybe the example should use:
`(("sftp" ,(file-append openssh "/libexec/sftp-server")))
which looks better IMO (assuming it works, but I think it does.)
OK for you to push the whole series.
Thanks!
Ludo’.
L
L
Leo Famulari wrote on 21 Mar 2017 18:59
Re: bug#26173: [PATCH 4/4] tests: ssh: Add a test for SFTP.
(name . Marius Bakke)(address . mbakke@fastmail.com)
20170321175908.GB2004@jasmine
On Tue, Mar 21, 2017 at 01:13:51PM +0100, Marius Bakke wrote:
Toggle quote (8 lines)> Clément Lassieur <clement@lassieur.org> writes:> > Leo Famulari <leo@famulari.name> writes:> >> No need to "sign off" on your own patches. In Guix, we use this field> >> when we commit a patch on behalf of somebody else.> >> > Ok! I could not find anything about it in HACKING. Is this written> > somewhere else? Or maybe we should update HACKING?
Okay, I think it's a nice convention. Would you like to add a sentenceor two about it?
Toggle quote (4 lines)> This sounds like a good idea. There are some contributors who don't use> the '-s' flag to `git am` too, such that one has to use `git log> --format=full` to see who committed/reviewed a patch.
Overall, the Signed-off-by text is not that important, but it does savea bit of time while reading the commit log.
As Marius points out, Git records the committer separately. Plus, thecommitter information can include any text you choose, just like theauthorial information.
The PGP / GPG signature is the only thing that can actually record theidentity of the person who pushed the commit to Savannah (assuming onedoes not create a useful SHA1 collision in the repository).
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAljRaewACgkQJkb6MLrKfwjsZQ/+P930hjaIM/IizwQZxPdEreOuMdeb+CLQAYiwuZOH8GdrJrD0etTZ26NuHjnqTfHZ/4WPXU4ggw8lXp8naZ0PfJ23LDkfUQ8kiwcgA3dza+X5lI+Jflho5EVs2paOlSEYMdDWY2lWGFDT4VyP2hWyRIItgpfXu4lTGSaJYE5u+U0Qrrieh0S+djGX2bCTLNZD65rgHwqimSfwNxpH32HHiFBAAsxrTgsgy2G9y1cW61UhbsdocZIeYtPCBJfhz1XtNLQd5OzpDKoeGp0bM6zlt5gKNqfmhkkER0npbp7JjWQVbsM1q24edNxatEf/ZIomtauWU70zG9Nodtz5PmrG+xAGCr+OdCpCOcRjK0NKztcW0D4HFvEsvMsBf0qjcm/AOAVjmWw8IxLQOC607fGG5JjQz/QL49UYC68Dg1+/qqmrpDbdEn5TSDRszIS3aP03Yv+W7fm83CQwPd0nXoA3Ttmq40nCMCfEZO/UEDm6XEWx4h1fi0CCPcwtQ27+k1fHQMiQPsF5VKWTF1ZE3hTH1HK6B9feqe1dYZHQ//WU9B0WcVYNWcjPDUAsj+MmNcV5sjYuZLOzCebNuYHJdE3DEO3GesuzC3yxqE4idSn+0aRvDgwLi79Aq0PwVVN9DBcN84jxp0BLeXup4AST7pLxRpcO1X43DHwj/9mWylKGqho==b7Sy-----END PGP SIGNATURE-----

C
C
Clément Lassieur wrote on 21 Mar 2017 20:55
Re: bug#26173: [PATCH 2/4] services: openssh: Add 'subsystems' option.
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26173@debbugs.gnu.org)
87zigeieva.fsf@lassieur.org
Ludovic Courtès <ludo@gnu.org> writes:
Toggle quote (23 lines)> Clément Lassieur <clement@lassieur.org> skribis:>>> * gnu/services/ssh.scm (openssh-config-file): Add it.>> (<openssh-configuration>)[subsystems]: Add it.>> * doc/guix.texi (Networking Services): Document it.>> [...]>>> +The command @command{internal-sftp} implements an in-process SFTP>> +server. Alternately, one can specify the @command{sftp-server} command:>> +@example>> +(service openssh-service-type>> + (openssh-configuration>> + (subsystems>> + '(("sftp" "/run/current-system/profile/libexec/sftp-server")))))>> +@end example>> Maybe the example should use:>> `(("sftp" ,(file-append openssh "/libexec/sftp-server")))>> which looks better IMO (assuming it works, but I think it does.)
It works, done.
Toggle quote (2 lines)> OK for you to push the whole series.
Pushed!
Clément
C
C
Clément Lassieur wrote on 21 Mar 2017 22:23
Re: bug#26173: [PATCH 4/4] tests: ssh: Add a test for SFTP.
(name . Leo Famulari)(address . leo@famulari.name)
87var2iati.fsf@lassieur.org
Leo Famulari <leo@famulari.name> writes:
Toggle quote (12 lines)> On Tue, Mar 21, 2017 at 01:13:51PM +0100, Marius Bakke wrote:>> Clément Lassieur <clement@lassieur.org> writes:>> > Leo Famulari <leo@famulari.name> writes:>> >> No need to "sign off" on your own patches. In Guix, we use this field>> >> when we commit a patch on behalf of somebody else.>> >>> > Ok! I could not find anything about it in HACKING. Is this written>> > somewhere else? Or maybe we should update HACKING?>> Okay, I think it's a nice convention. Would you like to add a sentence> or two about it?
Toggle quote (14 lines)>> This sounds like a good idea. There are some contributors who don't use>> the '-s' flag to `git am` too, such that one has to use `git log>> --format=full` to see who committed/reviewed a patch.>> Overall, the Signed-off-by text is not that important, but it does save> a bit of time while reading the commit log.>> As Marius points out, Git records the committer separately. Plus, the> committer information can include any text you choose, just like the> authorial information.>> The PGP / GPG signature is the only thing that can actually record the> identity of the person who pushed the commit to Savannah (assuming one> does not create a useful SHA1 collision in the repository).
C
C
Clément Lassieur wrote on 21 Mar 2017 22:51
control message for bug #26173
(address . control@debbugs.gnu.org)
87pohai9ii.fsf@lassieur.org
tags 26173 fixedclose 26173
?
Your comment

This issue is archived.

To comment on this conversation send email to 26173@debbugs.gnu.org