me
/
guix
Archived
1
0
Fork 0

home: services: ssh: Add 'match-criteria' option.

* gnu/home/services/ssh.scm (serialize-address-family): Raise
'&formatted-message' instead of '&error'.
(ssh-match-keywords): New variable.
(match-criteria?): New procedure.
(match-criteria): New maybe type.
(openssh-host)[name]: Turn into 'maybe-string'.
[match-criteria]: New field.
(serialize-openssh-host): Adjust accordingly.
* doc/guix.texi (Secure Shell): Document it.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
master
Nicolas Graves 2023-06-05 14:34:46 +02:00 committed by Ludovic Courtès
parent f19e1b4f96
commit 95853e61a7
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 62 additions and 8 deletions

View File

@ -43100,11 +43100,21 @@ Available @code{openssh-host} fields are:
@table @asis @table @asis
@item @code{name} (type: string) @item @code{name} (type: string)
Name of this host declaration. Name of this host declaration. A @code{openssh-host} must define only
@code{name} or @code{match-criteria}. Use host-name @code{\"*\"} for
top-level options.
@item @code{host-name} (type: maybe-string) @item @code{host-name} (type: maybe-string)
Host name---e.g., @code{"foo.example.org"} or @code{"192.168.1.2"}. Host name---e.g., @code{"foo.example.org"} or @code{"192.168.1.2"}.
@item @code{match-criteria} (type: maybe-match-criteria)
When specified, this string denotes the set of hosts to which the entry
applies, superseding the @code{host-name} field. Its first element must be
all or one of @code{ssh-match-keywords}. The rest of the elements are
arguments for the keyword, or other criteria. A @code{openssh-host} must
define only @code{name} or @code{match-criteria}. Other host configuration
options will apply to all hosts matching @code{match-criteria}.
@item @code{address-family} (type: maybe-address-family) @item @code{address-family} (type: maybe-address-family)
Address family to use when connecting to this host: one of Address family to use when connecting to this host: one of
@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only). @code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only).

View File

@ -49,6 +49,7 @@
openssh-host openssh-host
openssh-host-host-name openssh-host-host-name
openssh-host-match-criteria
openssh-host-identity-file openssh-host-identity-file
openssh-host-name openssh-host-name
openssh-host-port openssh-host-port
@ -96,7 +97,11 @@
(cond ((= family AF_INET) "inet") (cond ((= family AF_INET) "inet")
((= family AF_INET6) "inet6") ((= family AF_INET6) "inet6")
;; The 'else' branch is unreachable. ;; The 'else' branch is unreachable.
(else (raise (condition (&error))))) (else
(raise
(formatted-message
(G_ "~s: invalid address family value")
family))))
"\n") "\n")
"")) ""))
@ -174,13 +179,40 @@
(configuration-field-error (source-properties->location properties) 'proxy-command value)) (configuration-field-error (source-properties->location properties) 'proxy-command value))
value)) value))
(define ssh-match-keywords
'(canonical final exec host originalhost user localuser))
(define (match-criteria? str)
;; Rule out the case of "all" keyword.
(if (member str '("all"
"canonical all"
"final all"))
#t
(let* ((first (string-take str (string-index str #\ )))
(keyword (string->symbol (if (string-prefix? "!" first)
(string-drop first 1)
first))))
(memq keyword ssh-match-keywords))))
(define-maybe match-criteria)
(define-configuration openssh-host (define-configuration openssh-host
(name (name
(string) maybe-string
"Name of this host declaration.") "Name of this host declaration. A @code{openssh-host} must define only
@code{name} or @code{match-criteria}. Use host-name @code{\"*\"} for
top-level options.")
(host-name (host-name
maybe-string maybe-string
"Host name---e.g., @code{\"foo.example.org\"} or @code{\"192.168.1.2\"}.") "Host name---e.g., @code{\"foo.example.org\"} or @code{\"192.168.1.2\"}.")
(match-criteria ;TODO implement stricter match-criteria rules
maybe-match-criteria
"When specified, this string denotes the set of hosts to which the entry
applies, superseding the @code{host-name} field. Its first element must be
all or one of @code{ssh-match-keywords}. The rest of the elements are
arguments for the keyword, or other criteria. A @code{openssh-host} must
define only @code{name} or @code{match-criteria}. Other host configuration
options will apply to all hosts matching @code{match-criteria}.")
(address-family (address-family
maybe-address-family maybe-address-family
"Address family to use when connecting to this host: one of "Address family to use when connecting to this host: one of
@ -235,17 +267,29 @@ through before connecting to the server.")
@file{~/.ssh/config}.")) @file{~/.ssh/config}."))
(define (serialize-openssh-host config) (define (serialize-openssh-host config)
(define (openssh-host-name-field? field) (define (openssh-host-name-or-match-field? field)
(eq? (configuration-field-name field) 'name)) (or (eq? (configuration-field-name field) 'name)
(eq? (configuration-field-name field) 'match-criteria)))
(string-append (string-append
"Host " (openssh-host-name config) "\n" (if (maybe-value-set? (openssh-host-name config))
(if (maybe-value-set? (openssh-host-match-criteria config))
(raise
(formatted-message
(G_ "define either 'name' or 'match-criteria', not both")))
(string-append "Host " (openssh-host-name config) "\n"))
(if (maybe-value-set? (openssh-host-match-criteria config))
(string-append
"Match " (string-join (openssh-host-match-criteria config) " ") "\n")
(raise
(formatted-message
(G_ "define either 'name' or 'match-criteria' once")))))
(string-concatenate (string-concatenate
(map (lambda (field) (map (lambda (field)
((configuration-field-serializer field) ((configuration-field-serializer field)
(configuration-field-name field) (configuration-field-name field)
((configuration-field-getter field) config))) ((configuration-field-getter field) config)))
(remove openssh-host-name-field? (remove openssh-host-name-or-match-field?
openssh-host-fields))))) openssh-host-fields)))))
(define-record-type* <home-openssh-configuration> (define-record-type* <home-openssh-configuration>