HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'master' into staging.
[jackhill/guix/guix.git] / guix / ssh.scm
CommitLineData
987a29ba 1;;; GNU Guix --- Functional package management for GNU
3270308e 2;;; Copyright © 2016, 2017, 2018, 2019, 2020, 2021, 2021 Ludovic Courtès <ludo@gnu.org>
987a29ba
LC		 3;;;
4;;; This file is part of GNU Guix.
5;;;
6;;; GNU Guix is free software; you can redistribute it and/or modify it
7;;; under the terms of the GNU General Public License as published by
8;;; the Free Software Foundation; either version 3 of the License, or (at
9;;; your option) any later version.
10;;;
11;;; GNU Guix is distributed in the hope that it will be useful, but
12;;; WITHOUT ANY WARRANTY; without even the implied warranty of
13;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14;;; GNU General Public License for more details.
15;;;
16;;; You should have received a copy of the GNU General Public License
17;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
18
19(define-module (guix ssh)
20 #:use-module (guix store)
af15fe13 21 #:use-module (guix inferior)
52d174d6 22 #:use-module (guix i18n)
b03267df
LC		 23 #:use-module ((guix diagnostics)
24 #:select (info &fix-hint formatted-message))
25 #:use-module ((guix progress)
26 #:select (progress-bar
27 erase-current-line current-terminal-columns))
3033d59a 28 #:use-module (gcrypt pk-crypto)
615c5298
LC		 29 #:use-module (ssh session)
30 #:use-module (ssh auth)
31 #:use-module (ssh key)
987a29ba
LC		 32 #:use-module (ssh channel)
33 #:use-module (ssh popen)
34 #:use-module (ssh session)
0e3c8528 35 #:use-module (srfi srfi-1)
987a29ba 36 #:use-module (srfi srfi-11)
d06d54e3 37 #:use-module (srfi srfi-26)
13164a21
LC		 38 #:use-module (srfi srfi-34)
39 #:use-module (srfi srfi-35)
987a29ba 40 #:use-module (ice-9 match)
416a7c69 41 #:use-module (ice-9 format)
13164a21 42 #:use-module (ice-9 binary-ports)
b03267df 43 #:use-module (ice-9 vlist)
615c5298 44 #:export (open-ssh-session
114dcb42
LC		 45 authenticate-server*
46
af15fe13 47 remote-inferior
e5378337 48 remote-daemon-channel
615c5298 49 connect-to-remote-daemon
2c8e04f1 50 remote-system
3033d59a 51 remote-authorize-signing-key
987a29ba
LC		 52 send-files
53 retrieve-files
d06d54e3 54 retrieve-files*
4eb0f9ae
LC		 55 remote-store-host
56
7624ebba 57 report-guile-error))
987a29ba
LC		 58
59;;; Commentary:
60;;;
61;;; This module provides tools to support communication with remote stores
62;;; over SSH, using Guile-SSH.
63;;;
64;;; Code:
65
615c5298
LC		 66(define %compression
67 "zlib@openssh.com,zlib")
68
114dcb42
LC		 69(define (host-key->type+key host-key)
70 "Destructure HOST-KEY, an OpenSSH host key string, and return two values:
71its key type as a symbol, and the actual base64-encoded string."
72 (define (type->symbol type)
73 (and (string-prefix? "ssh-" type)
74 (string->symbol (string-drop type 4))))
75
76 (match (string-tokenize host-key)
77 ((type key x)
78 (values (type->symbol type) key))
79 ((type key)
80 (values (type->symbol type) key))))
81
82(define (authenticate-server* session key)
83 "Make sure the server for SESSION has the given KEY, where KEY is a string
84such as \"ssh-ed25519 AAAAC3Nz… root@example.org\". Raise an exception if the
85actual key does not match."
86 (let-values (((server) (get-server-public-key session))
87 ((type key) (host-key->type+key key)))
88 (unless (and (or (not (get-key-type server))
89 (eq? (get-key-type server) type))
90 (string=? (public-key->string server) key))
91 ;; Key mismatch: something's wrong. XXX: It could be that the server
92 ;; provided its Ed25519 key when we where expecting its RSA key. XXX:
93 ;; Guile-SSH 0.10.1 doesn't know about ed25519 keys and 'get-key-type'
94 ;; returns #f in that case.
d51bfe24 95 (raise (formatted-message (G_ "server at '~a' returned host key \
114dcb42
LC		 96'~a' of type '~a' instead of '~a' of type '~a'~%")
97 (session-get session 'host)
98 (public-key->string server)
99 (get-key-type server)
d51bfe24 100 key type)))))
114dcb42 101
a9b09ed7 102(define* (open-ssh-session host #:key user port identity
2b868284 103 host-key
81c5873a 104 (compression %compression)
3d0749b4
LC		 105 (timeout 3600)
106 (connection-timeout 10))
a9b09ed7
JK		 107 "Open an SSH session for HOST and return it. IDENTITY specifies the file
108name of a private key to use for authenticating with the host. When USER,
109PORT, or IDENTITY are #f, use default values or whatever '~/.ssh/config'
2b868284
LC		 110specifies; otherwise use them.
111
112When HOST-KEY is true, it must be a string like \"ssh-ed25519 AAAAC3Nz…
113root@example.org\"; the server is authenticated and an error is raised if its
114host key is different from HOST-KEY.
115
3d0749b4
LC		 116Error out if connection establishment takes more than CONNECTION-TIMEOUT
117seconds. Install TIMEOUT as the maximum time in seconds after which a read or
118write operation on a channel of the returned session is considered as failing.
81c5873a
LC		 119
120Throw an error on failure."
615c5298 121 (let ((session (make-session #:user user
a9b09ed7 122 #:identity identity
615c5298
LC		 123 #:host host
124 #:port port
3d0749b4 125 #:timeout connection-timeout
615c5298
LC		 126 ;; #:log-verbosity 'protocol
127
2b868284
LC		 128 ;; Prevent libssh from reading
129 ;; ~/.ssh/known_hosts when the caller provides
130 ;; a HOST-KEY to match against.
131 #:knownhosts (and host-key "/dev/null")
132
615c5298
LC		 133 ;; We need lightweight compression when
134 ;; exchanging full archives.
135 #:compression compression
e8088f0b
LDB		 136 #:compression-level 3
137
138 ;; Speed up RPCs by creating sockets with
139 ;; TCP_NODELAY.
140 #:nodelay #t)))
615c5298
LC		 141
142 ;; Honor ~/.ssh/config.
143 (session-parse-config! session)
144
145 (match (connect! session)
146 ('ok
2b868284
LC		 147 (if host-key
148 ;; Make sure the server's key is what we expect.
149 (authenticate-server* session host-key)
150
151 ;; Authenticate against ~/.ssh/known_hosts.
152 (match (authenticate-server session)
153 ('ok #f)
154 (reason
d51bfe24 155 (raise (formatted-message (G_ "failed to authenticate \
f5c18018 156server at '~a': ~a")
2b868284 157 (session-get session 'host)
d51bfe24 158 reason)))))
f5c18018 159
615c5298
LC		 160 ;; Use public key authentication, via the SSH agent if it's available.
161 (match (userauth-public-key/auto! session)
162 ('success
81c5873a 163 (session-set! session 'timeout timeout)
615c5298 164 session)
06ce4e3c
LC		 165 ('again
166 (raise (formatted-message (G_ "timeout while connecting \
167to SSH server at '~a'")
168 (session-get session 'host))))
615c5298 169 (x
35f35111
LDB		 170 (match (userauth-gssapi! session)
171 ('success
172 (session-set! session 'timeout timeout)
173 session)
174 (x
175 (disconnect! session)
176 (raise (condition
177 (&message
178 (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
179 host (get-error session)))))))))))
615c5298
LC		 180 (x
181 ;; Connection failed or timeout expired.
d51bfe24
LC		 182 (raise (formatted-message (G_ "SSH connection to '~a' failed: ~a~%")
183 host (get-error session)))))))
615c5298 184
5ea7537b
JK		 185(define* (remote-inferior session #:optional become-command)
186 "Return a remote inferior for the given SESSION. If BECOME-COMMAND is
187given, use that to invoke the remote Guile REPL."
188 (let* ((repl-command (append (or become-command '())
189 '("guix" "repl" "-t" "machine")))
190 (pipe (apply open-remote-pipe* session OPEN_BOTH repl-command)))
5ea7537b 191 (when (eof-object? (peek-char pipe))
e09c7f4a
LC		 192 (let ((status (channel-get-exit-status pipe)))
193 (close-port pipe)
d51bfe24 194 (raise (formatted-message (G_ "remote command '~{~a~^ ~}' failed \
e09c7f4a 195with status ~a")
d51bfe24 196 repl-command status))))
af15fe13
LC		 197 (port->inferior pipe)))
198
5ea7537b 199(define* (inferior-remote-eval exp session #:optional become-command)
ed7b4437 200 "Evaluate EXP in a new inferior running in SESSION, and close the inferior
5ea7537b
JK		 201right away. If BECOME-COMMAND is given, use that to invoke the remote Guile
202REPL."
203 (let ((inferior (remote-inferior session become-command)))
ed7b4437
LC		 204 (dynamic-wind
205 (const #t)
206 (lambda ()
207 (inferior-eval exp inferior))
208 (lambda ()
209 ;; Close INFERIOR right away to prevent finalization from happening in
210 ;; another thread at the wrong time (see
211 ;; <https://bugs.gnu.org/26976>.)
212 (close-inferior inferior)))))
213
7624ebba
LC		 214(define (remote-run exp session)
215 "Run EXP in a new process in SESSION and return a remote pipe.
216
217Unlike 'inferior-remote-eval', this is used for side effects and may
218communicate over stdout/stdin as it sees fit. EXP is typically a loop that
219processes data from stdin and/or sends data to stdout. The assumption is that
220EXP never returns or calls 'primitive-exit' when it's done."
221 (define pipe
222 (open-remote-pipe* session OPEN_BOTH
223 "guix" "repl" "-t" "machine"))
224
225 (match (read pipe)
226 (('repl-version _ ...)
227 #t)
228 ((? eof-object?)
229 (close-port pipe)
230 (raise (formatted-message
231 (G_ "failed to start 'guix repl' on '~a'")
232 (session-get session 'host)))))
233
234 ;; Disable buffering so 'guix repl' does not read more than what's really
235 ;; sent to itself.
236 (write '(setvbuf (current-input-port) 'none) pipe)
237 (force-output pipe)
238
239 ;; Read the reply and subsequent newline.
240 (read pipe) (get-u8 pipe)
241
242 (write exp pipe)
243 (force-output pipe)
244
245 ;; From now on, we stop following the inferior protocol.
246 pipe)
247
e5378337
LC		 248(define* (remote-daemon-channel session
249 #:optional
250 (socket-name
251 "/var/guix/daemon-socket/socket"))
252 "Return an input/output port (an SSH channel) to the daemon at SESSION."
987a29ba
LC		 253 (define redirect
254 ;; Code run in SESSION to redirect the remote process' stdin/stdout to the
255 ;; daemon's socket, à la socat. The SSH protocol supports forwarding to
256 ;; Unix-domain sockets but libssh doesn't have an API for that, hence this
257 ;; hack.
258 `(begin
17af5d51 259 (use-modules (ice-9 match) (rnrs io ports)
0dcf675c 260 (rnrs bytevectors))
987a29ba 261
3270308e
LC		 262 (define connect-to-daemon
263 ;; XXX: 'connect-to-daemon' used to be private and before that it
264 ;; didn't even exist, hence these shenanigans.
265 (let ((connect-to-daemon
266 (false-if-exception (module-ref (resolve-module '(guix store))
267 'connect-to-daemon))))
268 (lambda (uri)
269 (if connect-to-daemon
270 (connect-to-daemon uri)
271 (let ((sock (socket AF_UNIX SOCK_STREAM 0)))
272 (connect sock AF_UNIX ,socket-name)
273 sock)))))
274
275 ;; Use 'connect-to-daemon' to honor GUIX_DAEMON_SOCKET.
276 (let ((sock (connect-to-daemon (or (getenv "GUIX_DAEMON_SOCKET")
da28efef 277 ,socket-name)))
8446dc5a
LC		 278 (stdin (current-input-port))
279 (stdout (current-output-port))
280 (select* (lambda (read write except)
281 ;; This is a workaround for
282 ;; <https://bugs.gnu.org/30365> in Guile < 2.2.4:
283 ;; since 'select' sometimes returns non-empty sets for
284 ;; no good reason, call 'select' a second time with a
285 ;; zero timeout to filter out incorrect replies.
286 (match (select read write except)
287 ((read write except)
288 (select read write except 0))))))
76832d34 289 (setvbuf stdout 'none)
0dcf675c
LC		 290
291 ;; Use buffered ports so that 'get-bytevector-some' returns up to the
292 ;; whole buffer like read(2) would--see <https://bugs.gnu.org/30066>.
76832d34
LC		 293 (setvbuf stdin 'block 65536)
294 (setvbuf sock 'block 65536)
0dcf675c 295
987a29ba 296 (let loop ()
8446dc5a 297 (match (select* (list stdin sock) '() '())
55f40fdb 298 ((reads () ())
987a29ba 299 (when (memq stdin reads)
0dcf675c
LC		 300 (match (get-bytevector-some stdin)
301 ((? eof-object?)
987a29ba 302 (primitive-exit 0))
0dcf675c
LC		 303 (bv
304 (put-bytevector sock bv)
305 (force-output sock))))
987a29ba 306 (when (memq sock reads)
0dcf675c
LC		 307 (match (get-bytevector-some sock)
308 ((? eof-object?)
987a29ba 309 (primitive-exit 0))
0dcf675c
LC		 310 (bv
311 (put-bytevector stdout bv))))
987a29ba
LC		 312 (loop))
313 (_
314 (primitive-exit 1)))))))
315
7624ebba 316 (remote-run redirect session))
e5378337
LC		 317
318(define* (connect-to-remote-daemon session
319 #:optional
320 (socket-name
321 "/var/guix/daemon-socket/socket"))
322 "Connect to the remote build daemon listening on SOCKET-NAME over SESSION,
de9fbe9c 323an SSH session. Return a <store-connection> object."
e2f4a570
LC		 324 (guard (c ((store-connection-error? c)
325 ;; Raise a more focused error condition.
326 (raise (formatted-message
327 (G_ "failed to connect over SSH to daemon at '~a', socket ~a")
328 (session-get session 'host)
329 socket-name))))
330 (open-connection #:port (remote-daemon-channel session socket-name))))
987a29ba
LC		 331
332(define (store-import-channel session)
333 "Return an output port to which archives to be exported to SESSION's store
334can be written."
335 ;; Using the 'import-paths' RPC on a remote store would be slow because it
336 ;; makes a round trip every time 32 KiB have been transferred. This
337 ;; procedure instead opens a separate channel to use the remote
338 ;; 'import-paths' procedure, which consumes all the data in a single round
de9d8f0e
LC		 339 ;; trip. This optimizes the successful case at the expense of error
340 ;; conditions: errors can only be reported once all the input has been
341 ;; consumed.
987a29ba
LC		 342 (define import
343 `(begin
de9d8f0e
LC		 344 (use-modules (guix) (srfi srfi-34)
345 (rnrs io ports) (rnrs bytevectors))
987a29ba 346
de9d8f0e
LC		 347 (define (consume-input port)
348 (let ((bv (make-bytevector 32768)))
349 (let loop ()
350 (let ((n (get-bytevector-n! port bv 0
351 (bytevector-length bv))))
352 (unless (eof-object? n)
353 (loop))))))
987a29ba 354
de9d8f0e
LC		 355 ;; Upon completion, write an sexp that denotes the status.
356 (write
357 (catch #t
358 (lambda ()
359 (guard (c ((nix-protocol-error? c)
360 ;; Consume all the input since the only time we can
361 ;; report the error is after everything has been
362 ;; consumed.
363 (consume-input (current-input-port))
364 (list 'protocol-error (nix-protocol-error-message c))))
365 (with-store store
bc2b1484
LC		 366 (write '(importing)) ;we're ready
367 (force-output)
368
76832d34 369 (setvbuf (current-input-port) 'none)
de9d8f0e
LC		 370 (import-paths store (current-input-port))
371 '(success))))
372 (lambda args
7624ebba
LC		 373 (cons 'error args))))
374 (primitive-exit 0)))
987a29ba 375
7624ebba 376 (remote-run import session))
987a29ba 377
e9629e82
LC		 378(define* (store-export-channel session files
379 #:key recursive?)
987a29ba 380 "Return an input port from which an export of FILES from SESSION's store can
e9629e82 381be read. When RECURSIVE? is true, the closure of FILES is exported."
987a29ba
LC		 382 ;; Same as above: this is more efficient than calling 'export-paths' on a
383 ;; remote store.
384 (define export
385 `(begin
896fec47
LC		 386 (use-modules (guix) (srfi srfi-1)
387 (srfi srfi-26) (srfi srfi-34))
388
389 (guard (c ((nix-connection-error? c)
390 (write `(connection-error ,(nix-connection-error-file c)
7624ebba
LC		 391 ,(nix-connection-error-code c)))
392 (primitive-exit 1))
896fec47
LC		 393 ((nix-protocol-error? c)
394 (write `(protocol-error ,(nix-protocol-error-status c)
7624ebba
LC		 395 ,(nix-protocol-error-message c)))
396 (primitive-exit 2))
896fec47 397 (else
7624ebba
LC		 398 (write `(exception))
399 (primitive-exit 3)))
896fec47
LC		 400 (with-store store
401 (let* ((files ',files)
402 (invalid (remove (cut valid-path? store <>)
403 files)))
404 (unless (null? invalid)
405 (write `(invalid-items ,invalid))
406 (exit 1))
407
0e3c8528
LC		 408 ;; TODO: When RECURSIVE? is true, we could send the list of store
409 ;; items in the closure so that the other end can filter out
410 ;; those it already has.
411
896fec47
LC		 412 (write '(exporting)) ;we're ready
413 (force-output)
414
76832d34 415 (setvbuf (current-output-port) 'none)
896fec47 416 (export-paths store files (current-output-port)
7624ebba
LC		 417 #:recursive? ,recursive?)
418 (primitive-exit 0))))))
987a29ba 419
7624ebba 420 (remote-run export session))
987a29ba 421
2c8e04f1
JK		 422(define (remote-system session)
423 "Return the system type as expected by Nix, usually ARCHITECTURE-KERNEL, of
424the machine on the other end of SESSION."
425 (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-system))
426 session))
3033d59a 427
4cc5e520 428(define* (remote-authorize-signing-key key session #:optional become-command)
3033d59a
JK		 429 "Send KEY, a canonical sexp containing a public key, over SESSION and add it
430to the system ACL file if it has not yet been authorized."
431 (inferior-remote-eval
432 `(begin
433 (use-modules (guix build utils)
434 (guix pki)
435 (guix utils)
436 (gcrypt pk-crypto)
437 (srfi srfi-26))
438
439 (define acl (current-acl))
440 (define key (string->canonical-sexp ,(canonical-sexp->string key)))
441
442 (unless (authorized-key? key)
443 (let ((acl (public-keys->acl (cons key (acl->public-keys acl)))))
444 (mkdir-p (dirname %acl-file))
445 (with-atomic-file-output %acl-file
446 (cut write-acl acl <>)))))
4cc5e520
JK		 447 session
448 become-command))
2c8e04f1 449
b03267df
LC		 450(define (prepare-to-send store host log-port items)
451 "Notify the user that we're about to send ITEMS to HOST. Return three
452values allowing 'notify-send-progress' to track the state of this transfer."
453 (let* ((count (length items))
454 (sizes (fold (lambda (item result)
455 (vhash-cons item
456 (path-info-nar-size
457 (query-path-info store item))
458 result))
459 vlist-null
460 items))
461 (total (vlist-fold (lambda (pair result)
462 (match pair
463 ((_ . size) (+ size result))))
464 0
465 sizes)))
466 (info (N_ "sending ~a store item (~h MiB) to '~a'...~%"
467 "sending ~a store items (~h MiB) to '~a'...~%" count)
468 count
469 (inexact->exact (round (/ total (expt 2. 20))))
470 host)
471
472 (values log-port sizes total 0)))
473
474(define (notify-transfer-progress item port sizes total sent)
475 "Notify the user that we've already transferred SENT bytes out of TOTAL.
476Use SIZES to determine the size of ITEM, which is about to be sent."
477 (define (display-bar %)
478 (erase-current-line port)
479 (format port "~3@a% ~a"
480 (inexact->exact (round (* 100. (/ sent total))))
481 (progress-bar % (- (max (current-terminal-columns) 5) 5)))
482 (force-output port))
483
44c6e6f5
LC		 484 (unless (zero? total)
485 (let ((% (* 100. (/ sent total))))
486 (match (vhash-assoc item sizes)
487 (#f
488 (display-bar %)
489 (values port sizes total sent))
490 ((_ . size)
491 (display-bar %)
492 (values port sizes total (+ sent size)))))))
b03267df
LC		 493
494(define (notify-transfer-completion port . args)
495 "Notify the user that the transfer has completed."
496 (apply notify-transfer-progress "" port args) ;display the 100% progress bar
497 (erase-current-line port)
498 (force-output port))
499
987a29ba 500(define* (send-files local files remote
e9629e82
LC		 501 #:key
502 recursive?
503 (log-port (current-error-port)))
987a29ba 504 "Send the subset of FILES from LOCAL (a local store) that's missing to
23973e4f
LC		 505REMOTE, a remote store. When RECURSIVE? is true, send the closure of FILES.
506Return the list of store items actually sent."
987a29ba 507 ;; Compute the subset of FILES missing on SESSION and send them.
e9629e82 508 (let* ((files (if recursive? (requisites local files) files))
de9fbe9c 509 (session (channel-get-session (store-connection-socket remote)))
de83660d 510 (missing (inferior-remote-eval
ed7b4437
LC		 511 `(begin
512 (use-modules (guix)
513 (srfi srfi-1) (srfi srfi-26))
987a29ba 514
ed7b4437
LC		 515 (with-store store
516 (remove (cut valid-path? store <>)
517 ',files)))
518 session))
b03267df
LC		 519 (port (store-import-channel session))
520 (host (session-get session 'host)))
bc2b1484
LC		 521 ;; Make sure everything alright on the remote side.
522 (match (read port)
523 (('importing)
524 #t)
525 (sexp
526 (handle-import/export-channel-error sexp remote)))
527
987a29ba 528 ;; Send MISSING in topological order.
b03267df
LC		 529 (let ((tty? (isatty? log-port)))
530 (export-paths local missing port
531 #:start (cut prepare-to-send local host log-port <>)
532 #:progress (if tty? notify-transfer-progress (const #f))
533 #:finish (if tty? notify-transfer-completion (const #f))))
987a29ba
LC		 534
535 ;; Tell the remote process that we're done. (In theory the end-of-archive
536 ;; mark of 'export-paths' would be enough, but in practice it's not.)
537 (channel-send-eof port)
538
de9d8f0e 539 ;; Wait for completion of the remote process and read the status sexp from
63fd9f08
LC		 540 ;; PORT. Wait for the exit status only when 'read' completed; otherwise,
541 ;; we might wait forever if the other end is stuck.
de9d8f0e 542 (let* ((result (false-if-exception (read port)))
63fd9f08
LC		 543 (status (and result
544 (zero? (channel-get-exit-status port)))))
987a29ba 545 (close-port port)
de9d8f0e
LC		 546 (match result
547 (('success . _)
548 missing)
549 (('protocol-error message)
550 (raise (condition
f9e8a123 551 (&store-protocol-error (message message) (status 42)))))
de9d8f0e
LC		 552 (('error key args ...)
553 (raise (condition
f9e8a123 554 (&store-protocol-error
de9d8f0e
LC		 555 (message (call-with-output-string
556 (lambda (port)
557 (print-exception port #f key args))))
558 (status 43)))))
559 (_
560 (raise (condition
f9e8a123 561 (&store-protocol-error
de9d8f0e
LC		 562 (message "unknown error while sending files over SSH")
563 (status 44)))))))))
987a29ba
LC		 564
565(define (remote-store-session remote)
566 "Return the SSH channel beneath REMOTE, a remote store as returned by
567'connect-to-remote-daemon', or #f."
de9fbe9c 568 (channel-get-session (store-connection-socket remote)))
987a29ba
LC		 569
570(define (remote-store-host remote)
571 "Return the name of the host REMOTE is connected to, where REMOTE is a
572remote store as returned by 'connect-to-remote-daemon'."
573 (match (remote-store-session remote)
574 (#f #f)
575 ((? session? session)
576 (session-get session 'host))))
577
e9629e82
LC		 578(define* (file-retrieval-port files remote
579 #:key recursive?)
987a29ba
LC		 580 "Return an input port from which to retrieve FILES (a list of store items)
581from REMOTE, along with the number of items to retrieve (lower than or equal
582to the length of FILES.)"
e9629e82
LC		 583 (values (store-export-channel (remote-store-session remote) files
584 #:recursive? recursive?)
585 (length files))) ;XXX: inaccurate when RECURSIVE? is true
987a29ba 586
896fec47
LC		 587(define-syntax raise-error
588 (syntax-rules (=>)
589 ((_ fmt args ... (=> hint-fmt hint-args ...))
590 (raise (condition
591 (&message
592 (message (format #f fmt args ...)))
593 (&fix-hint
594 (hint (format #f hint-fmt hint-args ...))))))
595 ((_ fmt args ...)
596 (raise (condition
597 (&message
598 (message (format #f fmt args ...))))))))
599
bc2b1484
LC		 600(define (handle-import/export-channel-error sexp remote)
601 "Report an error corresponding to SEXP, the EOF object or an sexp read from
602REMOTE."
603 (match sexp
604 ((? eof-object?)
605 (report-guile-error (remote-store-host remote)))
bc2b1484
LC		 606 (('connection-error file code . _)
607 (raise-error (G_ "failed to connect to '~A' on remote host '~A': ~a")
608 file (remote-store-host remote) (strerror code)))
609 (('invalid-items items . _)
610 (raise-error (N_ "no such item on remote host '~A':~{ ~a~}"
611 "no such items on remote host '~A':~{ ~a~}"
612 (length items))
613 (remote-store-host remote) items))
614 (('protocol-error status message . _)
615 (raise-error (G_ "protocol error on remote host '~A': ~a")
616 (remote-store-host remote) message))
617 (_
618 (raise-error (G_ "failed to retrieve store items from '~a'")
619 (remote-store-host remote)))))
620
d06d54e3
LC		 621(define* (retrieve-files* files remote
622 #:key recursive? (log-port (current-error-port))
623 (import (const #f)))
624 "Pass IMPORT an input port from which to read the sequence of FILES coming
625from REMOTE. When RECURSIVE? is true, retrieve the closure of FILES."
987a29ba 626 (let-values (((port count)
e9629e82
LC		 627 (file-retrieval-port files remote
628 #:recursive? recursive?)))
896fec47
LC		 629 (match (read port) ;read the initial status
630 (('exporting)
631 (format #t (N_ "retrieving ~a store item from '~a'...~%"
632 "retrieving ~a store items from '~a'...~%" count)
633 count (remote-store-host remote))
634
d06d54e3
LC		 635 (dynamic-wind
636 (const #t)
637 (lambda ()
638 (import port))
639 (lambda ()
640 (close-port port))))
bc2b1484
LC		 641 (sexp
642 (handle-import/export-channel-error sexp remote)))))
987a29ba 643
d06d54e3
LC		 644(define* (retrieve-files local files remote
645 #:key recursive? (log-port (current-error-port)))
646 "Retrieve FILES from REMOTE and import them using the 'import-paths' RPC on
647LOCAL. When RECURSIVE? is true, retrieve the closure of FILES."
0e3c8528
LC		 648 (retrieve-files* (remove (cut valid-path? local <>) files)
649 remote
d06d54e3
LC		 650 #:recursive? recursive?
651 #:log-port log-port
652 #:import (lambda (port)
653 (import-paths local port))))
654
4eb0f9ae
LC		 655\f
656;;;
657;;; Error reporting.
658;;;
659
660(define (report-guile-error host)
661 (raise-error (G_ "failed to start Guile on remote host '~A'") host
662 (=> (G_ "Make sure @command{guile} can be found in
663@code{$PATH} on the remote host. Run @command{ssh ~A guile --version} to
664check.")
665 host)))
666
8f53d734
LC		 667(define (report-inferior-exception exception host)
668 "Report EXCEPTION, an &inferior-exception that occurred on HOST."
669 (raise-error (G_ "exception occurred on remote host '~A': ~s")
670 host (inferior-exception-arguments exception)))
671
987a29ba 672;;; ssh.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/