Toggle diff (134 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index f620d0eb35..d5f81f6fcd 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -43102,6 +43102,20 @@ Secure Shell
running on this machine, then it @emph{may} take this file into account:
this is what @command{sshd} does by default, but be aware that it can
also be configured to ignore it.
+
+@item @code{add-keys-to-agent} (default: @code{``no''})
+This string specifies whether keys should be automatically added to a
+running ssh-agent. If this option is set to @code{``yes''} and a key is
+loaded from a file, the key and its passphrase are added to the agent
+with the default lifetime, as if by @code{ssh-add}. If this option is
+set to @code{``ask''}, @code{ssh} will require confirmation. If this
+option is set to @code{``confirm''}, each use of the key must be
+confirmed. If this option is set to @code{``no''}, no keys are added to
+the agent. Alternately, this option may be specified as a time interval
+to specify the key's lifetime in @code{ssh-agent}, after which it will
+automatically be removed. The argument must be @code{``no''},
+@code{``yes''}, @code{``confirm''} (optionally followed by a time
+interval), @code{``ask''} or a time interval.
@end table
@end deftp
diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm
index 628dc743ae..2de78eb1c4 100644
--- a/gnu/home/services/ssh.scm
+++ b/gnu/home/services/ssh.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2023 Janneke Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2023 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -42,6 +43,7 @@ (define-module (gnu home services ssh)
home-openssh-configuration-authorized-keys
home-openssh-configuration-known-hosts
home-openssh-configuration-hosts
+ home-openssh-configuration-add-keys-to-agent
home-ssh-agent-configuration
openssh-host
@@ -248,17 +250,45 @@ (define (serialize-openssh-host config)
(define-record-type* <home-openssh-configuration>
home-openssh-configuration make-home-openssh-configuration
home-openssh-configuration?
- (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
- (default #f))
- (known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like
- (default *unspecified*))
- (hosts home-openssh-configuration-hosts ;list of <openssh-host>
- (default '())))
+ (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
+ (default #f))
+ (known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like
+ (default *unspecified*))
+ (hosts home-openssh-configuration-hosts ;list of <openssh-host>
+ (default '()))
+ (add-keys-to-agent home-openssh-configuration-add-keys-to-agent ;string with limited values
+ (default "no")))
+
+(define (serialize-add-keys-to-agent value)
+ (define (valid-time-string? str)
+ (and (> (string-length str) 0)
+ (equal?
+ str
+ (match:substring
+ (string-match "\
+[0-9]+|([0-9]+[Ww])?([0-9]+[Dd])?([0-9]+[Hh])?([0-9]+[Mm])?([0-9]+[Ss])?"
+ str)))))
+
+ (string-append "AddKeysToAgent "
+ (cond ((member value '("yes" "no" "confirm" "ask")) value)
+ ((valid-time-string? value) value)
+ ((and (string-prefix? "confirm" value)
+ (valid-time-string?
+ (cdr (string-split value #\ )))) value)
+ ;; The 'else' branch is unreachable.
+ (else
+ (raise
+ (formatted-message
+ (G_ "~s: invalid 'add-keys-to-agent' value")
+ value))))))
(define (openssh-configuration->string config)
- (string-join (map serialize-openssh-host
- (home-openssh-configuration-hosts config))
- "\n"))
+ (string-join
+ (cons* (serialize-add-keys-to-agent
+ (home-openssh-configuration-add-keys-to-agent config))
+ (map serialize-openssh-host
+ (home-openssh-configuration-hosts config)))
+ "\n"))
(define* (file-join name files #:optional (delimiter " "))
"Return a file in the store called @var{name} that is the concatenation
base-commit: eed55a6544d5bda2245ec853e5fa4b28e1865bea
prerequisite-patch-id: a057b35ab55298bad50caab186b3e692a25230e1
prerequisite-patch-id: fb9054f780e6f97b92f00fdbe56058d1188ccf0a
prerequisite-patch-id: ca2f2591980b80c5cf27846e59e323bdc5a06b00
prerequisite-patch-id: ae5ad13b181ebb3c31d529af50622e3b78641442
prerequisite-patch-id: 34ed6acb0a1e5f79b5f6d18a6d4ef70cd97bf7ad
prerequisite-patch-id: 10d52b209b6e9c771050eef67ce566e79ab55c49
prerequisite-patch-id: e78e2a6daf59564caf5d2affe04ea7dde07f76c6
prerequisite-patch-id: 6aad4df7b83bfd5c2da38d9c2f80fba749f607b5
prerequisite-patch-id: da6a2d63ebb0ba1abb0b7c569d353724d900f95f
prerequisite-patch-id: 6279cff75e76e262f6ec82518db1fdf4c1810303
prerequisite-patch-id: 44453fcf2f2c38212a47d45d43ddcfa98167fabe
prerequisite-patch-id: 641eae2fa3842045ebe6072ad78214002f818221
prerequisite-patch-id: c19de9ee8c57210cbffc79945e69a858639f39bf
prerequisite-patch-id: 9833a747398a641803e203f8293382f55ad24ed1
prerequisite-patch-id: 94d5340918e3626726b6d32d93bf47425751898f
prerequisite-patch-id: e18164416e2c070b0b71f770c90d4c04af2635c1
prerequisite-patch-id: 31e98ea035053a965e87ad0164030cf909922d9e
prerequisite-patch-id: a1cf1f5c4a0ff2804fac986a69ffbc0328300afe
prerequisite-patch-id: 2a54e276f79fb57113a0be11e1ea2c07fdc2727d
prerequisite-patch-id: a463de1ba17ecb39588dfbd46c3bc5f9e0fb1b1c
prerequisite-patch-id: 3188de66dfc4bcb71f90601822428701528f4a98
prerequisite-patch-id: 6c93f771a1eca0747fd92a770fe750e2f15d8e52
prerequisite-patch-id: 12b76e9c2751da73ed64c9489b15f74ff17568cf
prerequisite-patch-id: eb618ab7b10483d917c308a38792af98baa517e2
prerequisite-patch-id: a471a4b7839bfb0ee9a3fd53ed962d729d38bd94
prerequisite-patch-id: 5e58202cc87a257c78033dafa62ffae4383e3718
prerequisite-patch-id: cd7f69695aa47b7e1b1160841fe842a3acd160e7
prerequisite-patch-id: b542cf4087eeee1ee3f7fc03b7c39896417bc7b5
prerequisite-patch-id: 843773f53ca319821185f9f9bc43ad905f081ee7
prerequisite-patch-id: a2dfb2fba1e1a3c8e270823022b6f462d27f17c8
--
2.40.1