[jackhill/guix/guix.git] / guix / ssh.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (guix ssh)
  #:use-module (guix store)
  #:use-module (guix i18n)
  #:use-module ((guix utils) #:select (&fix-hint))
  #:use-module (ssh session)
  #:use-module (ssh auth)
  #:use-module (ssh key)
  #:use-module (ssh channel)
  #:use-module (ssh popen)
  #:use-module (ssh session)
  #:use-module (ssh dist)
  #:use-module (ssh dist node)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-11)
  #:use-module (srfi srfi-26)
  #:use-module (srfi srfi-34)
  #:use-module (srfi srfi-35)
  #:use-module (ice-9 match)
  #:use-module (ice-9 binary-ports)
  #:export (open-ssh-session
            remote-daemon-channel
            connect-to-remote-daemon
            send-files
            retrieve-files
            retrieve-files*
            remote-store-host

            report-guile-error
            report-module-error))

;;; Commentary:
;;;
;;; This module provides tools to support communication with remote stores
;;; over SSH, using Guile-SSH.
;;;
;;; Code:

(define %compression
  "zlib@openssh.com,zlib")

(define* (open-ssh-session host #:key user port
                           (compression %compression))
  "Open an SSH session for HOST and return it.  When USER and PORT are #f, use
default values or whatever '~/.ssh/config' specifies; otherwise use them.
Throw an error on failure."
  (let ((session (make-session #:user user
                               #:host host
                               #:port port
                               #:timeout 10       ;seconds
                               ;; #:log-verbosity 'protocol

                               ;; We need lightweight compression when
                               ;; exchanging full archives.
                               #:compression compression
                               #:compression-level 3)))

    ;; Honor ~/.ssh/config.
    (session-parse-config! session)

    (match (connect! session)
      ('ok
       ;; Use public key authentication, via the SSH agent if it's available.
       (match (userauth-public-key/auto! session)
         ('success
          session)
         (x
          (disconnect! session)
          (raise (condition
                  (&message
                   (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
                                    host (get-error session)))))))))
      (x
       ;; Connection failed or timeout expired.
       (raise (condition
               (&message
                (message (format #f (G_ "SSH connection to '~a' failed: ~a~%")
                                 host (get-error session))))))))))

(define* (remote-daemon-channel session
                                #:optional
                                (socket-name
                                 "/var/guix/daemon-socket/socket"))
  "Return an input/output port (an SSH channel) to the daemon at SESSION."
  (define redirect
    ;; Code run in SESSION to redirect the remote process' stdin/stdout to the
    ;; daemon's socket, à la socat.  The SSH protocol supports forwarding to
    ;; Unix-domain sockets but libssh doesn't have an API for that, hence this
    ;; hack.
    `(begin
       (use-modules (ice-9 match) (rnrs io ports)
                    (rnrs bytevectors))

       (let ((sock    (socket AF_UNIX SOCK_STREAM 0))
             (stdin   (current-input-port))
             (stdout  (current-output-port))
             (select* (lambda (read write except)
                        ;; This is a workaround for
                        ;; <https://bugs.gnu.org/30365> in Guile < 2.2.4:
                        ;; since 'select' sometimes returns non-empty sets for
                        ;; no good reason, call 'select' a second time with a
                        ;; zero timeout to filter out incorrect replies.
                        (match (select read write except)
                          ((read write except)
                           (select read write except 0))))))
         (setvbuf stdout _IONBF)

         ;; Use buffered ports so that 'get-bytevector-some' returns up to the
         ;; whole buffer like read(2) would--see <https://bugs.gnu.org/30066>.
         (setvbuf stdin _IOFBF 65536)
         (setvbuf sock _IOFBF 65536)

         (connect sock AF_UNIX ,socket-name)

         (let loop ()
           (match (select* (list stdin sock) '() '())
             ((reads () ())
              (when (memq stdin reads)
                (match (get-bytevector-some stdin)
                  ((? eof-object?)
                   (primitive-exit 0))
                  (bv
                   (put-bytevector sock bv)
                   (force-output sock))))
              (when (memq sock reads)
                (match (get-bytevector-some sock)
                  ((? eof-object?)
                   (primitive-exit 0))
                  (bv
                   (put-bytevector stdout bv))))
              (loop))
             (_
              (primitive-exit 1)))))))

  (open-remote-pipe* session OPEN_BOTH
                     ;; Sort-of shell-quote REDIRECT.
                     "guile" "-c"
                     (object->string
                      (object->string redirect))))

(define* (connect-to-remote-daemon session
                                   #:optional
                                   (socket-name
                                    "/var/guix/daemon-socket/socket"))
  "Connect to the remote build daemon listening on SOCKET-NAME over SESSION,
an SSH session.  Return a <nix-server> object."
  (open-connection #:port (remote-daemon-channel session)))


(define (store-import-channel session)
  "Return an output port to which archives to be exported to SESSION's store
can be written."
  ;; Using the 'import-paths' RPC on a remote store would be slow because it
  ;; makes a round trip every time 32 KiB have been transferred.  This
  ;; procedure instead opens a separate channel to use the remote
  ;; 'import-paths' procedure, which consumes all the data in a single round
  ;; trip.  This optimizes the successful case at the expense of error
  ;; conditions: errors can only be reported once all the input has been
  ;; consumed.
  (define import
    `(begin
       (use-modules (guix) (srfi srfi-34)
                    (rnrs io ports) (rnrs bytevectors))

       (define (consume-input port)
         (let ((bv (make-bytevector 32768)))
           (let loop ()
             (let ((n (get-bytevector-n! port bv 0
                                         (bytevector-length bv))))
               (unless (eof-object? n)
                 (loop))))))

       ;; Upon completion, write an sexp that denotes the status.
       (write
        (catch #t
          (lambda ()
            (guard (c ((nix-protocol-error? c)
                       ;; Consume all the input since the only time we can
                       ;; report the error is after everything has been
                       ;; consumed.
                       (consume-input (current-input-port))
                       (list 'protocol-error (nix-protocol-error-message c))))
              (with-store store
                (setvbuf (current-input-port) _IONBF)
                (import-paths store (current-input-port))
                '(success))))
          (lambda args
            (cons 'error args))))))

  (open-remote-pipe session
                    (string-join
                     `("guile" "-c"
                       ,(object->string (object->string import))))
                    OPEN_BOTH))

(define* (store-export-channel session files
                               #:key recursive?)
  "Return an input port from which an export of FILES from SESSION's store can
be read.  When RECURSIVE? is true, the closure of FILES is exported."
  ;; Same as above: this is more efficient than calling 'export-paths' on a
  ;; remote store.
  (define export
    `(begin
       (eval-when (load expand eval)
         (unless (resolve-module '(guix) #:ensure #f)
           (write `(module-error))
           (exit 7)))

       (use-modules (guix) (srfi srfi-1)
                    (srfi srfi-26) (srfi srfi-34))

       (guard (c ((nix-connection-error? c)
                  (write `(connection-error ,(nix-connection-error-file c)
                                            ,(nix-connection-error-code c))))
                 ((nix-protocol-error? c)
                  (write `(protocol-error ,(nix-protocol-error-status c)
                                          ,(nix-protocol-error-message c))))
                 (else
                  (write `(exception))))
         (with-store store
           (let* ((files ',files)
                  (invalid (remove (cut valid-path? store <>)
                                   files)))
             (unless (null? invalid)
               (write `(invalid-items ,invalid))
               (exit 1))

             ;; TODO: When RECURSIVE? is true, we could send the list of store
             ;; items in the closure so that the other end can filter out
             ;; those it already has.

             (write '(exporting))                 ;we're ready
             (force-output)

             (setvbuf (current-output-port) _IONBF)
             (export-paths store files (current-output-port)
                           #:recursive? ,recursive?))))))

  (open-remote-input-pipe session
                          (string-join
                           `("guile" "-c"
                             ,(object->string
                               (object->string export))))))

(define* (send-files local files remote
                     #:key
                     recursive?
                     (log-port (current-error-port)))
  "Send the subset of FILES from LOCAL (a local store) that's missing to
REMOTE, a remote store.  When RECURSIVE? is true, send the closure of FILES.
Return the list of store items actually sent."
  ;; Compute the subset of FILES missing on SESSION and send them.
  (let* ((files   (if recursive? (requisites local files) files))
         (session (channel-get-session (nix-server-socket remote)))
         (node    (make-node session))
         (missing (node-eval node
                             `(begin
                                (use-modules (guix)
                                             (srfi srfi-1) (srfi srfi-26))

                                (with-store store
                                  (remove (cut valid-path? store <>)
                                          ',files)))))
         (count   (length missing))
         (port    (store-import-channel session)))
    (format log-port (N_ "sending ~a store item to '~a'...~%"
                         "sending ~a store items to '~a'...~%" count)
            count (session-get session 'host))

    ;; Send MISSING in topological order.
    (export-paths local missing port)

    ;; Tell the remote process that we're done.  (In theory the end-of-archive
    ;; mark of 'export-paths' would be enough, but in practice it's not.)
    (channel-send-eof port)

    ;; Wait for completion of the remote process and read the status sexp from
    ;; PORT.
    (let* ((result (false-if-exception (read port)))
           (status (zero? (channel-get-exit-status port))))
      (close-port port)
      (match result
        (('success . _)
         missing)
        (('protocol-error message)
         (raise (condition
                 (&nix-protocol-error (message message) (status 42)))))
        (('error key args ...)
         (raise (condition
                 (&nix-protocol-error
                  (message (call-with-output-string
                             (lambda (port)
                               (print-exception port #f key args))))
                  (status 43)))))
        (_
         (raise (condition
                 (&nix-protocol-error
                  (message "unknown error while sending files over SSH")
                  (status 44)))))))))

(define (remote-store-session remote)
  "Return the SSH channel beneath REMOTE, a remote store as returned by
'connect-to-remote-daemon', or #f."
  (channel-get-session (nix-server-socket remote)))

(define (remote-store-host remote)
  "Return the name of the host REMOTE is connected to, where REMOTE is a
remote store as returned by 'connect-to-remote-daemon'."
  (match (remote-store-session remote)
    (#f #f)
    ((? session? session)
     (session-get session 'host))))

(define* (file-retrieval-port files remote
                              #:key recursive?)
  "Return an input port from which to retrieve FILES (a list of store items)
from REMOTE, along with the number of items to retrieve (lower than or equal
to the length of FILES.)"
  (values (store-export-channel (remote-store-session remote) files
                                #:recursive? recursive?)
          (length files)))            ;XXX: inaccurate when RECURSIVE? is true

(define-syntax raise-error
  (syntax-rules (=>)
    ((_ fmt args ... (=> hint-fmt hint-args ...))
     (raise (condition
             (&message
              (message (format #f fmt args ...)))
             (&fix-hint
              (hint (format #f hint-fmt hint-args ...))))))
    ((_ fmt args ...)
     (raise (condition
             (&message
              (message (format #f fmt args ...))))))))

(define* (retrieve-files* files remote
                          #:key recursive? (log-port (current-error-port))
                          (import (const #f)))
  "Pass IMPORT an input port from which to read the sequence of FILES coming
from REMOTE.  When RECURSIVE? is true, retrieve the closure of FILES."
  (let-values (((port count)
                (file-retrieval-port files remote
                                     #:recursive? recursive?)))
    (match (read port)                            ;read the initial status
      (('exporting)
       (format #t (N_ "retrieving ~a store item from '~a'...~%"
                      "retrieving ~a store items from '~a'...~%" count)
               count (remote-store-host remote))

       (dynamic-wind
         (const #t)
         (lambda ()
           (import port))
         (lambda ()
           (close-port port))))
      ((? eof-object?)
       (report-guile-error (remote-store-host remote)))
      (('module-error . _)
       (report-module-error (remote-store-host remote)))
      (('connection-error file code . _)
       (raise-error (G_ "failed to connect to '~A' on remote host '~A': ~a")
                    file (remote-store-host remote) (strerror code)))
      (('invalid-items items . _)
       (raise-error (N_ "no such item on remote host '~A':~{ ~a~}"
                        "no such items on remote host '~A':~{ ~a~}"
                        (length items))
                    (remote-store-host remote) items))
      (('protocol-error status message . _)
       (raise-error (G_ "protocol error on remote host '~A': ~a")
                    (remote-store-host remote) message))
      (_
       (raise-error (G_ "failed to retrieve store items from '~a'")
                    (remote-store-host remote))))))

(define* (retrieve-files local files remote
                         #:key recursive? (log-port (current-error-port)))
  "Retrieve FILES from REMOTE and import them using the 'import-paths' RPC on
LOCAL.  When RECURSIVE? is true, retrieve the closure of FILES."
  (retrieve-files* (remove (cut valid-path? local <>) files)
                   remote
                   #:recursive? recursive?
                   #:log-port log-port
                   #:import (lambda (port)
                              (import-paths local port))))

\f
;;;
;;; Error reporting.
;;;

(define (report-guile-error host)
  (raise-error (G_ "failed to start Guile on remote host '~A'") host
               (=> (G_ "Make sure @command{guile} can be found in
@code{$PATH} on the remote host.  Run @command{ssh ~A guile --version} to
check.")
                   host)))

(define (report-module-error host)
  "Report an error about missing Guix modules on HOST."
  ;; TRANSLATORS: Leave "Guile" untranslated.
  (raise-error (G_ "Guile modules not found on remote host '~A'") host
               (=> (G_ "Make sure @code{GUILE_LOAD_PATH} includes Guix'
own module directory.  Run @command{ssh ~A env | grep GUILE_LOAD_PATH} to
check.")
                   host)))

;;; ssh.scm ends here
Commit	Line	Data
987a29ba	1	;;; GNU Guix --- Functional package management for GNU
d06d54e3	2	;;; Copyright © 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
987a29ba LC	3	;;;
	4	;;; This file is part of GNU Guix.
	5	;;;
	6	;;; GNU Guix is free software; you can redistribute it and/or modify it
	7	;;; under the terms of the GNU General Public License as published by
	8	;;; the Free Software Foundation; either version 3 of the License, or (at
	9	;;; your option) any later version.
	10	;;;
	11	;;; GNU Guix is distributed in the hope that it will be useful, but
	12	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	13	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	;;; GNU General Public License for more details.
	15	;;;
	16	;;; You should have received a copy of the GNU General Public License
	17	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	18
	19	(define-module (guix ssh)
	20	#:use-module (guix store)
52d174d6	21	#:use-module (guix i18n)
896fec47	22	#:use-module ((guix utils) #:select (&fix-hint))
615c5298 LC	23	#:use-module (ssh session)
	24	#:use-module (ssh auth)
	25	#:use-module (ssh key)
987a29ba LC	26	#:use-module (ssh channel)
	27	#:use-module (ssh popen)
	28	#:use-module (ssh session)
	29	#:use-module (ssh dist)
	30	#:use-module (ssh dist node)
0e3c8528	31	#:use-module (srfi srfi-1)
987a29ba	32	#:use-module (srfi srfi-11)
d06d54e3	33	#:use-module (srfi srfi-26)
13164a21 LC	34	#:use-module (srfi srfi-34)
13164a21 LC	35	#:use-module (srfi srfi-35)
987a29ba	36	#:use-module (ice-9 match)
13164a21	37	#:use-module (ice-9 binary-ports)
615c5298	38	#:export (open-ssh-session
e5378337	39	remote-daemon-channel
615c5298	40	connect-to-remote-daemon
987a29ba LC	41	send-files
987a29ba LC	42	retrieve-files
d06d54e3	43	retrieve-files*
4eb0f9ae LC	44	remote-store-host
	45
	46	report-guile-error
	47	report-module-error))
987a29ba LC	48
	49	;;; Commentary:
	50	;;;
	51	;;; This module provides tools to support communication with remote stores
	52	;;; over SSH, using Guile-SSH.
	53	;;;
	54	;;; Code:
	55
615c5298 LC	56	(define %compression
	57	"zlib@openssh.com,zlib")
	58
	59	(define* (open-ssh-session host #:key user port
	60	(compression %compression))
	61	"Open an SSH session for HOST and return it. When USER and PORT are #f, use
	62	default values or whatever '~/.ssh/config' specifies; otherwise use them.
	63	Throw an error on failure."
	64	(let ((session (make-session #:user user
	65	#:host host
	66	#:port port
	67	#:timeout 10 ;seconds
	68	;; #:log-verbosity 'protocol
	69
	70	;; We need lightweight compression when
	71	;; exchanging full archives.
	72	#:compression compression
	73	#:compression-level 3)))
	74
	75	;; Honor ~/.ssh/config.
	76	(session-parse-config! session)
	77
	78	(match (connect! session)
	79	('ok
	80	;; Use public key authentication, via the SSH agent if it's available.
	81	(match (userauth-public-key/auto! session)
	82	('success
	83	session)
	84	(x
	85	(disconnect! session)
	86	(raise (condition
	87	(&message
69daee23	88	(message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
615c5298 LC	89	host (get-error session)))))))))
	90	(x
	91	;; Connection failed or timeout expired.
	92	(raise (condition
	93	(&message
69daee23	94	(message (format #f (G_ "SSH connection to '~a' failed: ~a~%")
615c5298 LC	95	host (get-error session))))))))))
615c5298 LC	96
e5378337 LC	97	(define* (remote-daemon-channel session
	98	#:optional
	99	(socket-name
	100	"/var/guix/daemon-socket/socket"))
	101	"Return an input/output port (an SSH channel) to the daemon at SESSION."
987a29ba LC	102	(define redirect
	103	;; Code run in SESSION to redirect the remote process' stdin/stdout to the
	104	;; daemon's socket, à la socat. The SSH protocol supports forwarding to
	105	;; Unix-domain sockets but libssh doesn't have an API for that, hence this
	106	;; hack.
	107	`(begin
17af5d51	108	(use-modules (ice-9 match) (rnrs io ports)
0dcf675c	109	(rnrs bytevectors))
987a29ba	110
8446dc5a LC	111	(let ((sock (socket AF_UNIX SOCK_STREAM 0))
	112	(stdin (current-input-port))
	113	(stdout (current-output-port))
	114	(select* (lambda (read write except)
	115	;; This is a workaround for
	116	;; <https://bugs.gnu.org/30365> in Guile < 2.2.4:
	117	;; since 'select' sometimes returns non-empty sets for
	118	;; no good reason, call 'select' a second time with a
	119	;; zero timeout to filter out incorrect replies.
	120	(match (select read write except)
	121	((read write except)
	122	(select read write except 0))))))
987a29ba	123	(setvbuf stdout _IONBF)
0dcf675c LC	124
	125	;; Use buffered ports so that 'get-bytevector-some' returns up to the
	126	;; whole buffer like read(2) would--see <https://bugs.gnu.org/30066>.
	127	(setvbuf stdin _IOFBF 65536)
	128	(setvbuf sock _IOFBF 65536)
	129
987a29ba LC	130	(connect sock AF_UNIX ,socket-name)
	131
	132	(let loop ()
8446dc5a	133	(match (select* (list stdin sock) '() '())
55f40fdb	134	((reads () ())
987a29ba	135	(when (memq stdin reads)
0dcf675c LC	136	(match (get-bytevector-some stdin)
0dcf675c LC	137	((? eof-object?)
987a29ba	138	(primitive-exit 0))
0dcf675c LC	139	(bv
	140	(put-bytevector sock bv)
	141	(force-output sock))))
987a29ba	142	(when (memq sock reads)
0dcf675c LC	143	(match (get-bytevector-some sock)
0dcf675c LC	144	((? eof-object?)
987a29ba	145	(primitive-exit 0))
0dcf675c LC	146	(bv
0dcf675c LC	147	(put-bytevector stdout bv))))
987a29ba LC	148	(loop))
	149	(_
	150	(primitive-exit 1)))))))
	151
e5378337 LC	152	(open-remote-pipe* session OPEN_BOTH
	153	;; Sort-of shell-quote REDIRECT.
	154	"guile" "-c"
	155	(object->string
	156	(object->string redirect))))
	157
	158	(define* (connect-to-remote-daemon session
	159	#:optional
	160	(socket-name
	161	"/var/guix/daemon-socket/socket"))
	162	"Connect to the remote build daemon listening on SOCKET-NAME over SESSION,
	163	an SSH session. Return a <nix-server> object."
	164	(open-connection #:port (remote-daemon-channel session)))
	165
987a29ba LC	166
	167	(define (store-import-channel session)
	168	"Return an output port to which archives to be exported to SESSION's store
	169	can be written."
	170	;; Using the 'import-paths' RPC on a remote store would be slow because it
	171	;; makes a round trip every time 32 KiB have been transferred. This
	172	;; procedure instead opens a separate channel to use the remote
	173	;; 'import-paths' procedure, which consumes all the data in a single round
de9d8f0e LC	174	;; trip. This optimizes the successful case at the expense of error
	175	;; conditions: errors can only be reported once all the input has been
	176	;; consumed.
987a29ba LC	177	(define import
987a29ba LC	178	`(begin
de9d8f0e LC	179	(use-modules (guix) (srfi srfi-34)
de9d8f0e LC	180	(rnrs io ports) (rnrs bytevectors))
987a29ba	181
de9d8f0e LC	182	(define (consume-input port)
	183	(let ((bv (make-bytevector 32768)))
	184	(let loop ()
	185	(let ((n (get-bytevector-n! port bv 0
	186	(bytevector-length bv))))
	187	(unless (eof-object? n)
	188	(loop))))))
987a29ba	189
de9d8f0e LC	190	;; Upon completion, write an sexp that denotes the status.
	191	(write
	192	(catch #t
	193	(lambda ()
	194	(guard (c ((nix-protocol-error? c)
	195	;; Consume all the input since the only time we can
	196	;; report the error is after everything has been
	197	;; consumed.
	198	(consume-input (current-input-port))
	199	(list 'protocol-error (nix-protocol-error-message c))))
	200	(with-store store
	201	(setvbuf (current-input-port) _IONBF)
	202	(import-paths store (current-input-port))
	203	'(success))))
	204	(lambda args
	205	(cons 'error args))))))
987a29ba	206
de9d8f0e LC	207	(open-remote-pipe session
	208	(string-join
	209	`("guile" "-c"
	210	,(object->string (object->string import))))
	211	OPEN_BOTH))
987a29ba	212
e9629e82 LC	213	(define* (store-export-channel session files
e9629e82 LC	214	#:key recursive?)
987a29ba	215	"Return an input port from which an export of FILES from SESSION's store can
e9629e82	216	be read. When RECURSIVE? is true, the closure of FILES is exported."
987a29ba LC	217	;; Same as above: this is more efficient than calling 'export-paths' on a
	218	;; remote store.
	219	(define export
	220	`(begin
896fec47 LC	221	(eval-when (load expand eval)
	222	(unless (resolve-module '(guix) #:ensure #f)
	223	(write `(module-error))
	224	(exit 7)))
	225
	226	(use-modules (guix) (srfi srfi-1)
	227	(srfi srfi-26) (srfi srfi-34))
	228
	229	(guard (c ((nix-connection-error? c)
	230	(write `(connection-error ,(nix-connection-error-file c)
	231	,(nix-connection-error-code c))))
	232	((nix-protocol-error? c)
	233	(write `(protocol-error ,(nix-protocol-error-status c)
	234	,(nix-protocol-error-message c))))
	235	(else
	236	(write `(exception))))
	237	(with-store store
	238	(let* ((files ',files)
	239	(invalid (remove (cut valid-path? store <>)
	240	files)))
	241	(unless (null? invalid)
	242	(write `(invalid-items ,invalid))
	243	(exit 1))
	244
0e3c8528 LC	245	;; TODO: When RECURSIVE? is true, we could send the list of store
	246	;; items in the closure so that the other end can filter out
	247	;; those it already has.
	248
896fec47 LC	249	(write '(exporting)) ;we're ready
	250	(force-output)
	251
	252	(setvbuf (current-output-port) _IONBF)
	253	(export-paths store files (current-output-port)
	254	#:recursive? ,recursive?))))))
987a29ba LC	255
	256	(open-remote-input-pipe session
	257	(string-join
	258	`("guile" "-c"
	259	,(object->string
	260	(object->string export))))))
	261
	262	(define* (send-files local files remote
e9629e82 LC	263	#:key
	264	recursive?
	265	(log-port (current-error-port)))
987a29ba	266	"Send the subset of FILES from LOCAL (a local store) that's missing to
23973e4f LC	267	REMOTE, a remote store. When RECURSIVE? is true, send the closure of FILES.
23973e4f LC	268	Return the list of store items actually sent."
987a29ba	269	;; Compute the subset of FILES missing on SESSION and send them.
e9629e82 LC	270	(let* ((files (if recursive? (requisites local files) files))
e9629e82 LC	271	(session (channel-get-session (nix-server-socket remote)))
987a29ba LC	272	(node (make-node session))
	273	(missing (node-eval node
	274	`(begin
	275	(use-modules (guix)
	276	(srfi srfi-1) (srfi srfi-26))
	277
	278	(with-store store
	279	(remove (cut valid-path? store <>)
	280	',files)))))
	281	(count (length missing))
	282	(port (store-import-channel session)))
	283	(format log-port (N_ "sending ~a store item to '~a'...~%"
	284	"sending ~a store items to '~a'...~%" count)
	285	count (session-get session 'host))
	286
	287	;; Send MISSING in topological order.
	288	(export-paths local missing port)
	289
	290	;; Tell the remote process that we're done. (In theory the end-of-archive
	291	;; mark of 'export-paths' would be enough, but in practice it's not.)
	292	(channel-send-eof port)
	293
de9d8f0e LC	294	;; Wait for completion of the remote process and read the status sexp from
	295	;; PORT.
	296	(let* ((result (false-if-exception (read port)))
	297	(status (zero? (channel-get-exit-status port))))
987a29ba	298	(close-port port)
de9d8f0e LC	299	(match result
	300	(('success . _)
	301	missing)
	302	(('protocol-error message)
	303	(raise (condition
	304	(&nix-protocol-error (message message) (status 42)))))
	305	(('error key args ...)
	306	(raise (condition
	307	(&nix-protocol-error
	308	(message (call-with-output-string
	309	(lambda (port)
	310	(print-exception port #f key args))))
	311	(status 43)))))
	312	(_
	313	(raise (condition
	314	(&nix-protocol-error
	315	(message "unknown error while sending files over SSH")
	316	(status 44)))))))))
987a29ba LC	317
	318	(define (remote-store-session remote)
	319	"Return the SSH channel beneath REMOTE, a remote store as returned by
	320	'connect-to-remote-daemon', or #f."
	321	(channel-get-session (nix-server-socket remote)))
	322
	323	(define (remote-store-host remote)
	324	"Return the name of the host REMOTE is connected to, where REMOTE is a
	325	remote store as returned by 'connect-to-remote-daemon'."
	326	(match (remote-store-session remote)
	327	(#f #f)
	328	((? session? session)
	329	(session-get session 'host))))
	330
e9629e82 LC	331	(define* (file-retrieval-port files remote
e9629e82 LC	332	#:key recursive?)
987a29ba LC	333	"Return an input port from which to retrieve FILES (a list of store items)
	334	from REMOTE, along with the number of items to retrieve (lower than or equal
	335	to the length of FILES.)"
e9629e82 LC	336	(values (store-export-channel (remote-store-session remote) files
	337	#:recursive? recursive?)
	338	(length files))) ;XXX: inaccurate when RECURSIVE? is true
987a29ba	339
896fec47 LC	340	(define-syntax raise-error
	341	(syntax-rules (=>)
	342	((_ fmt args ... (=> hint-fmt hint-args ...))
	343	(raise (condition
	344	(&message
	345	(message (format #f fmt args ...)))
	346	(&fix-hint
	347	(hint (format #f hint-fmt hint-args ...))))))
	348	((_ fmt args ...)
	349	(raise (condition
	350	(&message
	351	(message (format #f fmt args ...))))))))
	352
d06d54e3 LC	353	(define* (retrieve-files* files remote
	354	#:key recursive? (log-port (current-error-port))
	355	(import (const #f)))
	356	"Pass IMPORT an input port from which to read the sequence of FILES coming
	357	from REMOTE. When RECURSIVE? is true, retrieve the closure of FILES."
987a29ba	358	(let-values (((port count)
e9629e82 LC	359	(file-retrieval-port files remote
e9629e82 LC	360	#:recursive? recursive?)))
896fec47 LC	361	(match (read port) ;read the initial status
	362	(('exporting)
	363	(format #t (N_ "retrieving ~a store item from '~a'...~%"
	364	"retrieving ~a store items from '~a'...~%" count)
	365	count (remote-store-host remote))
	366
d06d54e3 LC	367	(dynamic-wind
	368	(const #t)
	369	(lambda ()
	370	(import port))
	371	(lambda ()
	372	(close-port port))))
896fec47	373	((? eof-object?)
4eb0f9ae	374	(report-guile-error (remote-store-host remote)))
896fec47	375	(('module-error . _)
4eb0f9ae	376	(report-module-error (remote-store-host remote)))
896fec47 LC	377	(('connection-error file code . _)
	378	(raise-error (G_ "failed to connect to '~A' on remote host '~A': ~a")
	379	file (remote-store-host remote) (strerror code)))
	380	(('invalid-items items . _)
	381	(raise-error (N_ "no such item on remote host '~A':~{ ~a~}"
	382	"no such items on remote host '~A':~{ ~a~}"
	383	(length items))
	384	(remote-store-host remote) items))
	385	(('protocol-error status message . _)
	386	(raise-error (G_ "protocol error on remote host '~A': ~a")
	387	(remote-store-host remote) message))
	388	(_
	389	(raise-error (G_ "failed to retrieve store items from '~a'")
	390	(remote-store-host remote))))))
987a29ba	391
d06d54e3 LC	392	(define* (retrieve-files local files remote
	393	#:key recursive? (log-port (current-error-port)))
	394	"Retrieve FILES from REMOTE and import them using the 'import-paths' RPC on
	395	LOCAL. When RECURSIVE? is true, retrieve the closure of FILES."
0e3c8528 LC	396	(retrieve-files* (remove (cut valid-path? local <>) files)
0e3c8528 LC	397	remote
d06d54e3 LC	398	#:recursive? recursive?
	399	#:log-port log-port
	400	#:import (lambda (port)
	401	(import-paths local port))))
	402
4eb0f9ae LC	403	\f
	404	;;;
	405	;;; Error reporting.
	406	;;;
	407
	408	(define (report-guile-error host)
	409	(raise-error (G_ "failed to start Guile on remote host '~A'") host
	410	(=> (G_ "Make sure @command{guile} can be found in
	411	@code{$PATH} on the remote host. Run @command{ssh ~A guile --version} to
	412	check.")
	413	host)))
	414
	415	(define (report-module-error host)
	416	"Report an error about missing Guix modules on HOST."
	417	;; TRANSLATORS: Leave "Guile" untranslated.
	418	(raise-error (G_ "Guile modules not found on remote host '~A'") host
	419	(=> (G_ "Make sure @code{GUILE_LOAD_PATH} includes Guix'
	420	own module directory. Run @command{ssh ~A env \| grep GUILE_LOAD_PATH} to
	421	check.")
	422	host)))
	423
987a29ba	424	;;; ssh.scm ends here