Commit | Line | Data |
---|---|---|
987a29ba | 1 | ;;; GNU Guix --- Functional package management for GNU |
3270308e | 2 | ;;; Copyright © 2016, 2017, 2018, 2019, 2020, 2021, 2021 Ludovic Courtès <ludo@gnu.org> |
987a29ba LC |
3 | ;;; |
4 | ;;; This file is part of GNU Guix. | |
5 | ;;; | |
6 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
7 | ;;; under the terms of the GNU General Public License as published by | |
8 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
9 | ;;; your option) any later version. | |
10 | ;;; | |
11 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
12 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | ;;; GNU General Public License for more details. | |
15 | ;;; | |
16 | ;;; You should have received a copy of the GNU General Public License | |
17 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
18 | ||
19 | (define-module (guix ssh) | |
20 | #:use-module (guix store) | |
af15fe13 | 21 | #:use-module (guix inferior) |
52d174d6 | 22 | #:use-module (guix i18n) |
b03267df LC |
23 | #:use-module ((guix diagnostics) |
24 | #:select (info &fix-hint formatted-message)) | |
25 | #:use-module ((guix progress) | |
26 | #:select (progress-bar | |
27 | erase-current-line current-terminal-columns)) | |
3033d59a | 28 | #:use-module (gcrypt pk-crypto) |
615c5298 LC |
29 | #:use-module (ssh session) |
30 | #:use-module (ssh auth) | |
31 | #:use-module (ssh key) | |
987a29ba LC |
32 | #:use-module (ssh channel) |
33 | #:use-module (ssh popen) | |
34 | #:use-module (ssh session) | |
0e3c8528 | 35 | #:use-module (srfi srfi-1) |
987a29ba | 36 | #:use-module (srfi srfi-11) |
d06d54e3 | 37 | #:use-module (srfi srfi-26) |
13164a21 LC |
38 | #:use-module (srfi srfi-34) |
39 | #:use-module (srfi srfi-35) | |
987a29ba | 40 | #:use-module (ice-9 match) |
416a7c69 | 41 | #:use-module (ice-9 format) |
13164a21 | 42 | #:use-module (ice-9 binary-ports) |
b03267df | 43 | #:use-module (ice-9 vlist) |
615c5298 | 44 | #:export (open-ssh-session |
114dcb42 LC |
45 | authenticate-server* |
46 | ||
af15fe13 | 47 | remote-inferior |
e5378337 | 48 | remote-daemon-channel |
615c5298 | 49 | connect-to-remote-daemon |
2c8e04f1 | 50 | remote-system |
3033d59a | 51 | remote-authorize-signing-key |
987a29ba LC |
52 | send-files |
53 | retrieve-files | |
d06d54e3 | 54 | retrieve-files* |
4eb0f9ae LC |
55 | remote-store-host |
56 | ||
7624ebba | 57 | report-guile-error)) |
987a29ba LC |
58 | |
59 | ;;; Commentary: | |
60 | ;;; | |
61 | ;;; This module provides tools to support communication with remote stores | |
62 | ;;; over SSH, using Guile-SSH. | |
63 | ;;; | |
64 | ;;; Code: | |
65 | ||
615c5298 LC |
66 | (define %compression |
67 | "zlib@openssh.com,zlib") | |
68 | ||
114dcb42 LC |
69 | (define (host-key->type+key host-key) |
70 | "Destructure HOST-KEY, an OpenSSH host key string, and return two values: | |
71 | its key type as a symbol, and the actual base64-encoded string." | |
72 | (define (type->symbol type) | |
73 | (and (string-prefix? "ssh-" type) | |
74 | (string->symbol (string-drop type 4)))) | |
75 | ||
76 | (match (string-tokenize host-key) | |
77 | ((type key x) | |
78 | (values (type->symbol type) key)) | |
79 | ((type key) | |
80 | (values (type->symbol type) key)))) | |
81 | ||
82 | (define (authenticate-server* session key) | |
83 | "Make sure the server for SESSION has the given KEY, where KEY is a string | |
84 | such as \"ssh-ed25519 AAAAC3Nz… root@example.org\". Raise an exception if the | |
85 | actual key does not match." | |
86 | (let-values (((server) (get-server-public-key session)) | |
87 | ((type key) (host-key->type+key key))) | |
88 | (unless (and (or (not (get-key-type server)) | |
89 | (eq? (get-key-type server) type)) | |
90 | (string=? (public-key->string server) key)) | |
91 | ;; Key mismatch: something's wrong. XXX: It could be that the server | |
92 | ;; provided its Ed25519 key when we where expecting its RSA key. XXX: | |
93 | ;; Guile-SSH 0.10.1 doesn't know about ed25519 keys and 'get-key-type' | |
94 | ;; returns #f in that case. | |
d51bfe24 | 95 | (raise (formatted-message (G_ "server at '~a' returned host key \ |
114dcb42 LC |
96 | '~a' of type '~a' instead of '~a' of type '~a'~%") |
97 | (session-get session 'host) | |
98 | (public-key->string server) | |
99 | (get-key-type server) | |
d51bfe24 | 100 | key type))))) |
114dcb42 | 101 | |
a9b09ed7 | 102 | (define* (open-ssh-session host #:key user port identity |
2b868284 | 103 | host-key |
81c5873a | 104 | (compression %compression) |
3d0749b4 LC |
105 | (timeout 3600) |
106 | (connection-timeout 10)) | |
a9b09ed7 JK |
107 | "Open an SSH session for HOST and return it. IDENTITY specifies the file |
108 | name of a private key to use for authenticating with the host. When USER, | |
109 | PORT, or IDENTITY are #f, use default values or whatever '~/.ssh/config' | |
2b868284 LC |
110 | specifies; otherwise use them. |
111 | ||
112 | When HOST-KEY is true, it must be a string like \"ssh-ed25519 AAAAC3Nz… | |
113 | root@example.org\"; the server is authenticated and an error is raised if its | |
114 | host key is different from HOST-KEY. | |
115 | ||
3d0749b4 LC |
116 | Error out if connection establishment takes more than CONNECTION-TIMEOUT |
117 | seconds. Install TIMEOUT as the maximum time in seconds after which a read or | |
118 | write operation on a channel of the returned session is considered as failing. | |
81c5873a LC |
119 | |
120 | Throw an error on failure." | |
615c5298 | 121 | (let ((session (make-session #:user user |
a9b09ed7 | 122 | #:identity identity |
615c5298 LC |
123 | #:host host |
124 | #:port port | |
3d0749b4 | 125 | #:timeout connection-timeout |
615c5298 LC |
126 | ;; #:log-verbosity 'protocol |
127 | ||
2b868284 LC |
128 | ;; Prevent libssh from reading |
129 | ;; ~/.ssh/known_hosts when the caller provides | |
130 | ;; a HOST-KEY to match against. | |
131 | #:knownhosts (and host-key "/dev/null") | |
132 | ||
615c5298 LC |
133 | ;; We need lightweight compression when |
134 | ;; exchanging full archives. | |
135 | #:compression compression | |
e8088f0b LDB |
136 | #:compression-level 3 |
137 | ||
138 | ;; Speed up RPCs by creating sockets with | |
139 | ;; TCP_NODELAY. | |
140 | #:nodelay #t))) | |
615c5298 LC |
141 | |
142 | ;; Honor ~/.ssh/config. | |
143 | (session-parse-config! session) | |
144 | ||
145 | (match (connect! session) | |
146 | ('ok | |
2b868284 LC |
147 | (if host-key |
148 | ;; Make sure the server's key is what we expect. | |
149 | (authenticate-server* session host-key) | |
150 | ||
151 | ;; Authenticate against ~/.ssh/known_hosts. | |
152 | (match (authenticate-server session) | |
153 | ('ok #f) | |
154 | (reason | |
d51bfe24 | 155 | (raise (formatted-message (G_ "failed to authenticate \ |
f5c18018 | 156 | server at '~a': ~a") |
2b868284 | 157 | (session-get session 'host) |
d51bfe24 | 158 | reason))))) |
f5c18018 | 159 | |
615c5298 LC |
160 | ;; Use public key authentication, via the SSH agent if it's available. |
161 | (match (userauth-public-key/auto! session) | |
162 | ('success | |
81c5873a | 163 | (session-set! session 'timeout timeout) |
615c5298 | 164 | session) |
06ce4e3c LC |
165 | ('again |
166 | (raise (formatted-message (G_ "timeout while connecting \ | |
167 | to SSH server at '~a'") | |
168 | (session-get session 'host)))) | |
615c5298 | 169 | (x |
35f35111 LDB |
170 | (match (userauth-gssapi! session) |
171 | ('success | |
172 | (session-set! session 'timeout timeout) | |
173 | session) | |
174 | (x | |
175 | (disconnect! session) | |
176 | (raise (condition | |
177 | (&message | |
178 | (message (format #f (G_ "SSH authentication failed for '~a': ~a~%") | |
179 | host (get-error session))))))))))) | |
615c5298 LC |
180 | (x |
181 | ;; Connection failed or timeout expired. | |
d51bfe24 LC |
182 | (raise (formatted-message (G_ "SSH connection to '~a' failed: ~a~%") |
183 | host (get-error session))))))) | |
615c5298 | 184 | |
5ea7537b JK |
185 | (define* (remote-inferior session #:optional become-command) |
186 | "Return a remote inferior for the given SESSION. If BECOME-COMMAND is | |
187 | given, use that to invoke the remote Guile REPL." | |
188 | (let* ((repl-command (append (or become-command '()) | |
189 | '("guix" "repl" "-t" "machine"))) | |
190 | (pipe (apply open-remote-pipe* session OPEN_BOTH repl-command))) | |
5ea7537b | 191 | (when (eof-object? (peek-char pipe)) |
e09c7f4a LC |
192 | (let ((status (channel-get-exit-status pipe))) |
193 | (close-port pipe) | |
d51bfe24 | 194 | (raise (formatted-message (G_ "remote command '~{~a~^ ~}' failed \ |
e09c7f4a | 195 | with status ~a") |
d51bfe24 | 196 | repl-command status)))) |
af15fe13 LC |
197 | (port->inferior pipe))) |
198 | ||
5ea7537b | 199 | (define* (inferior-remote-eval exp session #:optional become-command) |
ed7b4437 | 200 | "Evaluate EXP in a new inferior running in SESSION, and close the inferior |
5ea7537b JK |
201 | right away. If BECOME-COMMAND is given, use that to invoke the remote Guile |
202 | REPL." | |
203 | (let ((inferior (remote-inferior session become-command))) | |
ed7b4437 LC |
204 | (dynamic-wind |
205 | (const #t) | |
206 | (lambda () | |
207 | (inferior-eval exp inferior)) | |
208 | (lambda () | |
209 | ;; Close INFERIOR right away to prevent finalization from happening in | |
210 | ;; another thread at the wrong time (see | |
211 | ;; <https://bugs.gnu.org/26976>.) | |
212 | (close-inferior inferior))))) | |
213 | ||
7624ebba LC |
214 | (define (remote-run exp session) |
215 | "Run EXP in a new process in SESSION and return a remote pipe. | |
216 | ||
217 | Unlike 'inferior-remote-eval', this is used for side effects and may | |
218 | communicate over stdout/stdin as it sees fit. EXP is typically a loop that | |
219 | processes data from stdin and/or sends data to stdout. The assumption is that | |
220 | EXP never returns or calls 'primitive-exit' when it's done." | |
221 | (define pipe | |
222 | (open-remote-pipe* session OPEN_BOTH | |
223 | "guix" "repl" "-t" "machine")) | |
224 | ||
225 | (match (read pipe) | |
226 | (('repl-version _ ...) | |
227 | #t) | |
228 | ((? eof-object?) | |
229 | (close-port pipe) | |
230 | (raise (formatted-message | |
231 | (G_ "failed to start 'guix repl' on '~a'") | |
232 | (session-get session 'host))))) | |
233 | ||
234 | ;; Disable buffering so 'guix repl' does not read more than what's really | |
235 | ;; sent to itself. | |
236 | (write '(setvbuf (current-input-port) 'none) pipe) | |
237 | (force-output pipe) | |
238 | ||
239 | ;; Read the reply and subsequent newline. | |
240 | (read pipe) (get-u8 pipe) | |
241 | ||
242 | (write exp pipe) | |
243 | (force-output pipe) | |
244 | ||
245 | ;; From now on, we stop following the inferior protocol. | |
246 | pipe) | |
247 | ||
e5378337 LC |
248 | (define* (remote-daemon-channel session |
249 | #:optional | |
250 | (socket-name | |
251 | "/var/guix/daemon-socket/socket")) | |
252 | "Return an input/output port (an SSH channel) to the daemon at SESSION." | |
987a29ba LC |
253 | (define redirect |
254 | ;; Code run in SESSION to redirect the remote process' stdin/stdout to the | |
255 | ;; daemon's socket, à la socat. The SSH protocol supports forwarding to | |
256 | ;; Unix-domain sockets but libssh doesn't have an API for that, hence this | |
257 | ;; hack. | |
258 | `(begin | |
17af5d51 | 259 | (use-modules (ice-9 match) (rnrs io ports) |
0dcf675c | 260 | (rnrs bytevectors)) |
987a29ba | 261 | |
3270308e LC |
262 | (define connect-to-daemon |
263 | ;; XXX: 'connect-to-daemon' used to be private and before that it | |
264 | ;; didn't even exist, hence these shenanigans. | |
265 | (let ((connect-to-daemon | |
266 | (false-if-exception (module-ref (resolve-module '(guix store)) | |
267 | 'connect-to-daemon)))) | |
268 | (lambda (uri) | |
269 | (if connect-to-daemon | |
270 | (connect-to-daemon uri) | |
271 | (let ((sock (socket AF_UNIX SOCK_STREAM 0))) | |
272 | (connect sock AF_UNIX ,socket-name) | |
273 | sock))))) | |
274 | ||
275 | ;; Use 'connect-to-daemon' to honor GUIX_DAEMON_SOCKET. | |
276 | (let ((sock (connect-to-daemon (or (getenv "GUIX_DAEMON_SOCKET") | |
da28efef | 277 | ,socket-name))) |
8446dc5a LC |
278 | (stdin (current-input-port)) |
279 | (stdout (current-output-port)) | |
280 | (select* (lambda (read write except) | |
281 | ;; This is a workaround for | |
282 | ;; <https://bugs.gnu.org/30365> in Guile < 2.2.4: | |
283 | ;; since 'select' sometimes returns non-empty sets for | |
284 | ;; no good reason, call 'select' a second time with a | |
285 | ;; zero timeout to filter out incorrect replies. | |
286 | (match (select read write except) | |
287 | ((read write except) | |
288 | (select read write except 0)))))) | |
76832d34 | 289 | (setvbuf stdout 'none) |
0dcf675c LC |
290 | |
291 | ;; Use buffered ports so that 'get-bytevector-some' returns up to the | |
292 | ;; whole buffer like read(2) would--see <https://bugs.gnu.org/30066>. | |
76832d34 LC |
293 | (setvbuf stdin 'block 65536) |
294 | (setvbuf sock 'block 65536) | |
0dcf675c | 295 | |
987a29ba | 296 | (let loop () |
8446dc5a | 297 | (match (select* (list stdin sock) '() '()) |
55f40fdb | 298 | ((reads () ()) |
987a29ba | 299 | (when (memq stdin reads) |
0dcf675c LC |
300 | (match (get-bytevector-some stdin) |
301 | ((? eof-object?) | |
987a29ba | 302 | (primitive-exit 0)) |
0dcf675c LC |
303 | (bv |
304 | (put-bytevector sock bv) | |
305 | (force-output sock)))) | |
987a29ba | 306 | (when (memq sock reads) |
0dcf675c LC |
307 | (match (get-bytevector-some sock) |
308 | ((? eof-object?) | |
987a29ba | 309 | (primitive-exit 0)) |
0dcf675c LC |
310 | (bv |
311 | (put-bytevector stdout bv)))) | |
987a29ba LC |
312 | (loop)) |
313 | (_ | |
314 | (primitive-exit 1))))))) | |
315 | ||
7624ebba | 316 | (remote-run redirect session)) |
e5378337 LC |
317 | |
318 | (define* (connect-to-remote-daemon session | |
319 | #:optional | |
320 | (socket-name | |
321 | "/var/guix/daemon-socket/socket")) | |
322 | "Connect to the remote build daemon listening on SOCKET-NAME over SESSION, | |
de9fbe9c | 323 | an SSH session. Return a <store-connection> object." |
e2f4a570 LC |
324 | (guard (c ((store-connection-error? c) |
325 | ;; Raise a more focused error condition. | |
326 | (raise (formatted-message | |
327 | (G_ "failed to connect over SSH to daemon at '~a', socket ~a") | |
328 | (session-get session 'host) | |
329 | socket-name)))) | |
330 | (open-connection #:port (remote-daemon-channel session socket-name)))) | |
987a29ba LC |
331 | |
332 | (define (store-import-channel session) | |
333 | "Return an output port to which archives to be exported to SESSION's store | |
334 | can be written." | |
335 | ;; Using the 'import-paths' RPC on a remote store would be slow because it | |
336 | ;; makes a round trip every time 32 KiB have been transferred. This | |
337 | ;; procedure instead opens a separate channel to use the remote | |
338 | ;; 'import-paths' procedure, which consumes all the data in a single round | |
de9d8f0e LC |
339 | ;; trip. This optimizes the successful case at the expense of error |
340 | ;; conditions: errors can only be reported once all the input has been | |
341 | ;; consumed. | |
987a29ba LC |
342 | (define import |
343 | `(begin | |
de9d8f0e LC |
344 | (use-modules (guix) (srfi srfi-34) |
345 | (rnrs io ports) (rnrs bytevectors)) | |
987a29ba | 346 | |
de9d8f0e LC |
347 | (define (consume-input port) |
348 | (let ((bv (make-bytevector 32768))) | |
349 | (let loop () | |
350 | (let ((n (get-bytevector-n! port bv 0 | |
351 | (bytevector-length bv)))) | |
352 | (unless (eof-object? n) | |
353 | (loop)))))) | |
987a29ba | 354 | |
de9d8f0e LC |
355 | ;; Upon completion, write an sexp that denotes the status. |
356 | (write | |
357 | (catch #t | |
358 | (lambda () | |
359 | (guard (c ((nix-protocol-error? c) | |
360 | ;; Consume all the input since the only time we can | |
361 | ;; report the error is after everything has been | |
362 | ;; consumed. | |
363 | (consume-input (current-input-port)) | |
364 | (list 'protocol-error (nix-protocol-error-message c)))) | |
365 | (with-store store | |
bc2b1484 LC |
366 | (write '(importing)) ;we're ready |
367 | (force-output) | |
368 | ||
76832d34 | 369 | (setvbuf (current-input-port) 'none) |
de9d8f0e LC |
370 | (import-paths store (current-input-port)) |
371 | '(success)))) | |
372 | (lambda args | |
7624ebba LC |
373 | (cons 'error args)))) |
374 | (primitive-exit 0))) | |
987a29ba | 375 | |
7624ebba | 376 | (remote-run import session)) |
987a29ba | 377 | |
e9629e82 LC |
378 | (define* (store-export-channel session files |
379 | #:key recursive?) | |
987a29ba | 380 | "Return an input port from which an export of FILES from SESSION's store can |
e9629e82 | 381 | be read. When RECURSIVE? is true, the closure of FILES is exported." |
987a29ba LC |
382 | ;; Same as above: this is more efficient than calling 'export-paths' on a |
383 | ;; remote store. | |
384 | (define export | |
385 | `(begin | |
896fec47 LC |
386 | (use-modules (guix) (srfi srfi-1) |
387 | (srfi srfi-26) (srfi srfi-34)) | |
388 | ||
389 | (guard (c ((nix-connection-error? c) | |
390 | (write `(connection-error ,(nix-connection-error-file c) | |
7624ebba LC |
391 | ,(nix-connection-error-code c))) |
392 | (primitive-exit 1)) | |
896fec47 LC |
393 | ((nix-protocol-error? c) |
394 | (write `(protocol-error ,(nix-protocol-error-status c) | |
7624ebba LC |
395 | ,(nix-protocol-error-message c))) |
396 | (primitive-exit 2)) | |
896fec47 | 397 | (else |
7624ebba LC |
398 | (write `(exception)) |
399 | (primitive-exit 3))) | |
896fec47 LC |
400 | (with-store store |
401 | (let* ((files ',files) | |
402 | (invalid (remove (cut valid-path? store <>) | |
403 | files))) | |
404 | (unless (null? invalid) | |
405 | (write `(invalid-items ,invalid)) | |
406 | (exit 1)) | |
407 | ||
0e3c8528 LC |
408 | ;; TODO: When RECURSIVE? is true, we could send the list of store |
409 | ;; items in the closure so that the other end can filter out | |
410 | ;; those it already has. | |
411 | ||
896fec47 LC |
412 | (write '(exporting)) ;we're ready |
413 | (force-output) | |
414 | ||
76832d34 | 415 | (setvbuf (current-output-port) 'none) |
896fec47 | 416 | (export-paths store files (current-output-port) |
7624ebba LC |
417 | #:recursive? ,recursive?) |
418 | (primitive-exit 0)))))) | |
987a29ba | 419 | |
7624ebba | 420 | (remote-run export session)) |
987a29ba | 421 | |
2c8e04f1 JK |
422 | (define (remote-system session) |
423 | "Return the system type as expected by Nix, usually ARCHITECTURE-KERNEL, of | |
424 | the machine on the other end of SESSION." | |
425 | (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-system)) | |
426 | session)) | |
3033d59a | 427 | |
4cc5e520 | 428 | (define* (remote-authorize-signing-key key session #:optional become-command) |
3033d59a JK |
429 | "Send KEY, a canonical sexp containing a public key, over SESSION and add it |
430 | to the system ACL file if it has not yet been authorized." | |
431 | (inferior-remote-eval | |
432 | `(begin | |
433 | (use-modules (guix build utils) | |
434 | (guix pki) | |
435 | (guix utils) | |
436 | (gcrypt pk-crypto) | |
437 | (srfi srfi-26)) | |
438 | ||
439 | (define acl (current-acl)) | |
440 | (define key (string->canonical-sexp ,(canonical-sexp->string key))) | |
441 | ||
442 | (unless (authorized-key? key) | |
443 | (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) | |
444 | (mkdir-p (dirname %acl-file)) | |
445 | (with-atomic-file-output %acl-file | |
446 | (cut write-acl acl <>))))) | |
4cc5e520 JK |
447 | session |
448 | become-command)) | |
2c8e04f1 | 449 | |
b03267df LC |
450 | (define (prepare-to-send store host log-port items) |
451 | "Notify the user that we're about to send ITEMS to HOST. Return three | |
452 | values allowing 'notify-send-progress' to track the state of this transfer." | |
453 | (let* ((count (length items)) | |
454 | (sizes (fold (lambda (item result) | |
455 | (vhash-cons item | |
456 | (path-info-nar-size | |
457 | (query-path-info store item)) | |
458 | result)) | |
459 | vlist-null | |
460 | items)) | |
461 | (total (vlist-fold (lambda (pair result) | |
462 | (match pair | |
463 | ((_ . size) (+ size result)))) | |
464 | 0 | |
465 | sizes))) | |
466 | (info (N_ "sending ~a store item (~h MiB) to '~a'...~%" | |
467 | "sending ~a store items (~h MiB) to '~a'...~%" count) | |
468 | count | |
469 | (inexact->exact (round (/ total (expt 2. 20)))) | |
470 | host) | |
471 | ||
472 | (values log-port sizes total 0))) | |
473 | ||
474 | (define (notify-transfer-progress item port sizes total sent) | |
475 | "Notify the user that we've already transferred SENT bytes out of TOTAL. | |
476 | Use SIZES to determine the size of ITEM, which is about to be sent." | |
477 | (define (display-bar %) | |
478 | (erase-current-line port) | |
479 | (format port "~3@a% ~a" | |
480 | (inexact->exact (round (* 100. (/ sent total)))) | |
481 | (progress-bar % (- (max (current-terminal-columns) 5) 5))) | |
482 | (force-output port)) | |
483 | ||
44c6e6f5 LC |
484 | (unless (zero? total) |
485 | (let ((% (* 100. (/ sent total)))) | |
486 | (match (vhash-assoc item sizes) | |
487 | (#f | |
488 | (display-bar %) | |
489 | (values port sizes total sent)) | |
490 | ((_ . size) | |
491 | (display-bar %) | |
492 | (values port sizes total (+ sent size))))))) | |
b03267df LC |
493 | |
494 | (define (notify-transfer-completion port . args) | |
495 | "Notify the user that the transfer has completed." | |
496 | (apply notify-transfer-progress "" port args) ;display the 100% progress bar | |
497 | (erase-current-line port) | |
498 | (force-output port)) | |
499 | ||
987a29ba | 500 | (define* (send-files local files remote |
e9629e82 LC |
501 | #:key |
502 | recursive? | |
503 | (log-port (current-error-port))) | |
987a29ba | 504 | "Send the subset of FILES from LOCAL (a local store) that's missing to |
23973e4f LC |
505 | REMOTE, a remote store. When RECURSIVE? is true, send the closure of FILES. |
506 | Return the list of store items actually sent." | |
987a29ba | 507 | ;; Compute the subset of FILES missing on SESSION and send them. |
e9629e82 | 508 | (let* ((files (if recursive? (requisites local files) files)) |
de9fbe9c | 509 | (session (channel-get-session (store-connection-socket remote))) |
de83660d | 510 | (missing (inferior-remote-eval |
ed7b4437 LC |
511 | `(begin |
512 | (use-modules (guix) | |
513 | (srfi srfi-1) (srfi srfi-26)) | |
987a29ba | 514 | |
ed7b4437 LC |
515 | (with-store store |
516 | (remove (cut valid-path? store <>) | |
517 | ',files))) | |
518 | session)) | |
b03267df LC |
519 | (port (store-import-channel session)) |
520 | (host (session-get session 'host))) | |
bc2b1484 LC |
521 | ;; Make sure everything alright on the remote side. |
522 | (match (read port) | |
523 | (('importing) | |
524 | #t) | |
525 | (sexp | |
526 | (handle-import/export-channel-error sexp remote))) | |
527 | ||
987a29ba | 528 | ;; Send MISSING in topological order. |
b03267df LC |
529 | (let ((tty? (isatty? log-port))) |
530 | (export-paths local missing port | |
531 | #:start (cut prepare-to-send local host log-port <>) | |
532 | #:progress (if tty? notify-transfer-progress (const #f)) | |
533 | #:finish (if tty? notify-transfer-completion (const #f)))) | |
987a29ba LC |
534 | |
535 | ;; Tell the remote process that we're done. (In theory the end-of-archive | |
536 | ;; mark of 'export-paths' would be enough, but in practice it's not.) | |
537 | (channel-send-eof port) | |
538 | ||
de9d8f0e | 539 | ;; Wait for completion of the remote process and read the status sexp from |
63fd9f08 LC |
540 | ;; PORT. Wait for the exit status only when 'read' completed; otherwise, |
541 | ;; we might wait forever if the other end is stuck. | |
de9d8f0e | 542 | (let* ((result (false-if-exception (read port))) |
63fd9f08 LC |
543 | (status (and result |
544 | (zero? (channel-get-exit-status port))))) | |
987a29ba | 545 | (close-port port) |
de9d8f0e LC |
546 | (match result |
547 | (('success . _) | |
548 | missing) | |
549 | (('protocol-error message) | |
550 | (raise (condition | |
f9e8a123 | 551 | (&store-protocol-error (message message) (status 42))))) |
de9d8f0e LC |
552 | (('error key args ...) |
553 | (raise (condition | |
f9e8a123 | 554 | (&store-protocol-error |
de9d8f0e LC |
555 | (message (call-with-output-string |
556 | (lambda (port) | |
557 | (print-exception port #f key args)))) | |
558 | (status 43))))) | |
559 | (_ | |
560 | (raise (condition | |
f9e8a123 | 561 | (&store-protocol-error |
de9d8f0e LC |
562 | (message "unknown error while sending files over SSH") |
563 | (status 44))))))))) | |
987a29ba LC |
564 | |
565 | (define (remote-store-session remote) | |
566 | "Return the SSH channel beneath REMOTE, a remote store as returned by | |
567 | 'connect-to-remote-daemon', or #f." | |
de9fbe9c | 568 | (channel-get-session (store-connection-socket remote))) |
987a29ba LC |
569 | |
570 | (define (remote-store-host remote) | |
571 | "Return the name of the host REMOTE is connected to, where REMOTE is a | |
572 | remote store as returned by 'connect-to-remote-daemon'." | |
573 | (match (remote-store-session remote) | |
574 | (#f #f) | |
575 | ((? session? session) | |
576 | (session-get session 'host)))) | |
577 | ||
e9629e82 LC |
578 | (define* (file-retrieval-port files remote |
579 | #:key recursive?) | |
987a29ba LC |
580 | "Return an input port from which to retrieve FILES (a list of store items) |
581 | from REMOTE, along with the number of items to retrieve (lower than or equal | |
582 | to the length of FILES.)" | |
e9629e82 LC |
583 | (values (store-export-channel (remote-store-session remote) files |
584 | #:recursive? recursive?) | |
585 | (length files))) ;XXX: inaccurate when RECURSIVE? is true | |
987a29ba | 586 | |
896fec47 LC |
587 | (define-syntax raise-error |
588 | (syntax-rules (=>) | |
589 | ((_ fmt args ... (=> hint-fmt hint-args ...)) | |
590 | (raise (condition | |
591 | (&message | |
592 | (message (format #f fmt args ...))) | |
593 | (&fix-hint | |
594 | (hint (format #f hint-fmt hint-args ...)))))) | |
595 | ((_ fmt args ...) | |
596 | (raise (condition | |
597 | (&message | |
598 | (message (format #f fmt args ...)))))))) | |
599 | ||
bc2b1484 LC |
600 | (define (handle-import/export-channel-error sexp remote) |
601 | "Report an error corresponding to SEXP, the EOF object or an sexp read from | |
602 | REMOTE." | |
603 | (match sexp | |
604 | ((? eof-object?) | |
605 | (report-guile-error (remote-store-host remote))) | |
bc2b1484 LC |
606 | (('connection-error file code . _) |
607 | (raise-error (G_ "failed to connect to '~A' on remote host '~A': ~a") | |
608 | file (remote-store-host remote) (strerror code))) | |
609 | (('invalid-items items . _) | |
610 | (raise-error (N_ "no such item on remote host '~A':~{ ~a~}" | |
611 | "no such items on remote host '~A':~{ ~a~}" | |
612 | (length items)) | |
613 | (remote-store-host remote) items)) | |
614 | (('protocol-error status message . _) | |
615 | (raise-error (G_ "protocol error on remote host '~A': ~a") | |
616 | (remote-store-host remote) message)) | |
617 | (_ | |
618 | (raise-error (G_ "failed to retrieve store items from '~a'") | |
619 | (remote-store-host remote))))) | |
620 | ||
d06d54e3 LC |
621 | (define* (retrieve-files* files remote |
622 | #:key recursive? (log-port (current-error-port)) | |
623 | (import (const #f))) | |
624 | "Pass IMPORT an input port from which to read the sequence of FILES coming | |
625 | from REMOTE. When RECURSIVE? is true, retrieve the closure of FILES." | |
987a29ba | 626 | (let-values (((port count) |
e9629e82 LC |
627 | (file-retrieval-port files remote |
628 | #:recursive? recursive?))) | |
896fec47 LC |
629 | (match (read port) ;read the initial status |
630 | (('exporting) | |
631 | (format #t (N_ "retrieving ~a store item from '~a'...~%" | |
632 | "retrieving ~a store items from '~a'...~%" count) | |
633 | count (remote-store-host remote)) | |
634 | ||
d06d54e3 LC |
635 | (dynamic-wind |
636 | (const #t) | |
637 | (lambda () | |
638 | (import port)) | |
639 | (lambda () | |
640 | (close-port port)))) | |
bc2b1484 LC |
641 | (sexp |
642 | (handle-import/export-channel-error sexp remote))))) | |
987a29ba | 643 | |
d06d54e3 LC |
644 | (define* (retrieve-files local files remote |
645 | #:key recursive? (log-port (current-error-port))) | |
646 | "Retrieve FILES from REMOTE and import them using the 'import-paths' RPC on | |
647 | LOCAL. When RECURSIVE? is true, retrieve the closure of FILES." | |
0e3c8528 LC |
648 | (retrieve-files* (remove (cut valid-path? local <>) files) |
649 | remote | |
d06d54e3 LC |
650 | #:recursive? recursive? |
651 | #:log-port log-port | |
652 | #:import (lambda (port) | |
653 | (import-paths local port)))) | |
654 | ||
4eb0f9ae LC |
655 | \f |
656 | ;;; | |
657 | ;;; Error reporting. | |
658 | ;;; | |
659 | ||
660 | (define (report-guile-error host) | |
661 | (raise-error (G_ "failed to start Guile on remote host '~A'") host | |
662 | (=> (G_ "Make sure @command{guile} can be found in | |
663 | @code{$PATH} on the remote host. Run @command{ssh ~A guile --version} to | |
664 | check.") | |
665 | host))) | |
666 | ||
8f53d734 LC |
667 | (define (report-inferior-exception exception host) |
668 | "Report EXCEPTION, an &inferior-exception that occurred on HOST." | |
669 | (raise-error (G_ "exception occurred on remote host '~A': ~s") | |
670 | host (inferior-exception-arguments exception))) | |
671 | ||
987a29ba | 672 | ;;; ssh.scm ends here |