X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: anothersms@HIDDEN (=?UTF-8?Q?Nicol=C3=B2?= Balzarotti)
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 14 Jan 2020 21:22:01 +0000
Resent-Message-ID: <handler.39136.B.157903690026737 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 39136 <at> debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.157903690026737
(code B ref -1); Tue, 14 Jan 2020 21:22:01 +0000
Received: (at submit) by debbugs.gnu.org; 14 Jan 2020 21:21:40 +0000
Received: from localhost ([127.0.0.1]:33654 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1irTd5-0006x8-GQ
for submit <at> debbugs.gnu.org; Tue, 14 Jan 2020 16:21:40 -0500
Received: from lists.gnu.org ([209.51.188.17]:48207)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <anothersms@HIDDEN>) id 1irTd3-0006x1-GU
for submit <at> debbugs.gnu.org; Tue, 14 Jan 2020 16:21:38 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:49091)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <anothersms@HIDDEN>) id 1irTd1-00044c-VB
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:37 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM,
URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <anothersms@HIDDEN>) id 1irTd0-0007ZX-7Z
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:35 -0500
Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]:53302)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from <anothersms@HIDDEN>)
id 1irTcz-0007Yj-VI
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:34 -0500
Received: by mail-wm1-x335.google.com with SMTP id m24so15504159wmc.3
for <guix-patches@HIDDEN>; Tue, 14 Jan 2020 13:21:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:subject:date:message-id:mime-version;
bh=YAe21svaacBEdVgUt5LGPvtbT+z75Cr4foKr7hHvhzg=;
b=Eri6ghqtxz1c3IJDokMM5HQz8eIvytLfYgMLoO1l0Xxuche1EvSQ6km/tXgjdn68+n
dieK0MjdUQgpXlP0+SUkzU1bmFbnS1rdR2vMuq3frQ/wKVDplVs68KBn+ZJOp9z98+1s
yK9lUef94Prg4eJei4DHwFxQeeB3GdSo0SRL9nMgmOxq5eQoxO8LYvUqggYPYOeKtK4J
sB18daB2O8xHzi1LU55bmR045YxILtP2TNtZaZRKJ/9Bdij9/XJQkLQGWFiCSfwN3CIl
1humQLGu5oxnIFbPI1MbSM6IlHO6ybAFZxoQBYG2HmVLldrYGnM5dlnvTgfBwqCEsCgB
p/JQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
bh=YAe21svaacBEdVgUt5LGPvtbT+z75Cr4foKr7hHvhzg=;
b=I1FZTc/9mkK9eG0+U5qW2QakZRbnb352ksaupZD0rx5cRPxHmnDvx3vK8KeoAzItyx
Ix8gKaJHD0SjLlwAs73TYfuX5s3JCjqge3z4bqykxuP8p3Zoy2SwBQ1Zo0+MbNFuf/+i
LHZ6WfrBbew5U4b2H72nX3GJkEk5ZVvHYaASay4EG6jOquq6kTx060QLlj+Sy/VQ6PbD
rFF93lDEv0cQJYI51yzlLw6Z8Mr0t7ZAClDBAydZSdBnk/5ahE+ecSAlC6tOXcx8N9US
G55Y8LSFdHlSoXnQwRpiNSYnieCavRERR3/dnzGryB16xVB95l3/JTmTgYR3ZkaUk85K
HqkQ==
X-Gm-Message-State: APjAAAVPIE4AxYWmtONB9Vedm8IZtWtqoaLGLBydJ7U8lsj1IxJduTbc
PFe1u14XLBGFiaAAecKfInaeRcc4
X-Google-Smtp-Source: APXvYqywVcVDmddYzLVeEd+Ceux2ffMJB+Z0L43Jx7MYr1CoTcaKEmIdP7wc1snXzxB5P2WeWmgxAw==
X-Received: by 2002:a1c:740b:: with SMTP id p11mr31139307wmc.78.1579036891695;
Tue, 14 Jan 2020 13:21:31 -0800 (PST)
Received: from guixSD (host146-19-dynamic.50-79-r.retail.telecomitalia.it.
[79.50.19.146])
by smtp.gmail.com with ESMTPSA id n10sm21160533wrt.14.2020.01.14.13.21.30
for <guix-patches@HIDDEN>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 14 Jan 2020 13:21:30 -0800 (PST)
From: anothersms@HIDDEN (=?UTF-8?Q?Nicol=C3=B2?= Balzarotti)
Date: Tue, 14 Jan 2020 22:21:29 +0100
Message-ID: <874kwx91k6.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 2a00:1450:4864:20::335
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hello guix! This is my first service :) I know I still miss
documentation and tests, but before diving into it I wanted a general feedback
on it (so that if we decide to change something I don't have to adjust th
[...] Content analysis details: (2.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: nixo.xyz]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
1.9 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: nixo.xyz (xyz)]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (anothersms[at]gmail.com)
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust [209.51.188.17 listed in list.dnswl.org]
2.0 SPOOFED_FREEMAIL No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello guix!
This is my first service :) I know I still miss documentation and tests,
but before diving into it I wanted a general feedback on it (so that if
we decide to change something I don't have to adjust the docs and the
tests twice).
Endlessh is already in the repo, but for those who don't know: it's a
fake ssh server; it should be used to prevent bruteforce attacks and the
like by "freezing" the connection on the standard port (while the real
ssh server is on another non-standard port). So, I don't know if as
default port should be 22 or, as it is now, 2222 (program's default).
My second doubt is regarding the place; it's an ssh server, but its main
purpose is for security? Maybe should go under admin.scm? I'm not sure
Last thing: bind-family as a list of allowed values is a suggetion from
IRC @leoprikler. Thanks for your help there!
Waiting for your feedback,
Nicol=C3=B2
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
filename=0001-gnu-services-Add-endlessh.patch
From 63f975ec47de8ab951beaac6781327faf06d0cac Mon Sep 17 00:00:00 2001
From: nixo <nicolo@HIDDEN>
Date: Tue, 14 Jan 2020 22:08:15 +0100
Subject: [PATCH] gnu: services: Add endlessh.
* gnu/services/ssh.scm (endlessh): New variable.
---
gnu/services/ssh.scm | 74 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 73 insertions(+), 1 deletion(-)
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d2dbb8f80d..d2729fb059 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -45,7 +45,11 @@
dropbear-configuration
dropbear-configuration?
dropbear-service-type
- dropbear-service))
+ dropbear-service
+
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type))
;;; Commentary:
;;;
@@ -628,4 +632,72 @@ daemon} with the given @var{config}, a @code{<dropbear-configuration>}
object."
(service dropbear-service-type config))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
;;; ssh.scm ends here
--
2.24.1
--=-=-=--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: anothersms@HIDDEN (=?UTF-8?Q?Nicol=C3=B2?= Balzarotti) Subject: bug#39136: Acknowledgement ([PATCH] gnu: services: Add endlessh.) Message-ID: <handler.39136.B.157903690026737.ack <at> debbugs.gnu.org> References: <874kwx91k6.fsf@HIDDEN> X-Gnu-PR-Message: ack 39136 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 39136 <at> debbugs.gnu.org Date: Tue, 14 Jan 2020 21:22:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): guix-patches@HIDDEN If you wish to submit further information on this problem, please send it to 39136 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 39136: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D39136 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: Oleg Pykhalov <go.wigust@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sat, 25 Jul 2020 20:09:01 +0000
Resent-Message-ID: <handler.39136.B39136.15957077358862 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: anothersms@HIDDEN (=?UTF-8?Q?Nicol=C3=B2?= Balzarotti)
Cc: 39136 <at> debbugs.gnu.org
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.15957077358862
(code B ref 39136); Sat, 25 Jul 2020 20:09:01 +0000
Received: (at 39136) by debbugs.gnu.org; 25 Jul 2020 20:08:55 +0000
Received: from localhost ([127.0.0.1]:51223 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1jzQTX-0002Is-6K
for submit <at> debbugs.gnu.org; Sat, 25 Jul 2020 16:08:55 -0400
Received: from mail-lj1-f169.google.com ([209.85.208.169]:35362)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <go.wigust@HIDDEN>) id 1jzQTV-0002IX-Pw
for 39136 <at> debbugs.gnu.org; Sat, 25 Jul 2020 16:08:54 -0400
Received: by mail-lj1-f169.google.com with SMTP id q4so13337927lji.2
for <39136 <at> debbugs.gnu.org>; Sat, 25 Jul 2020 13:08:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version;
bh=YlsGf/6tUQEbCjhz+rRJY6MsIxTjTcrGPc8aDV9CTVo=;
b=V4TqgogwNu5maVvz/ohf6IwclaBDiEbGdgwWN5AEWc/a6u67ul+XrcOe32F6Vs6wdO
31uMQ1AJmiqEhR27yA3XhIUPGpVtKJot78mvq/pVkAbaZ489Sz/+UnRfW58C/5E4U64E
m9yyZSJyyhtlqkrfBsFE8Vv3YvI+d7kSX5KYNAdI5KHxrcy1IW8g9RUF6MteWE+O63AC
ODkl7GLx5PLgi7HmLl7u/dZUo1ztM9rplp9s9P4fY9EKKcVC9FA4yTQg6SoHdhdiTz4o
9PYp+RGEjMXk6iUa4OH1UwnluZ1R0hOpYiLNwAnL0zuzi5Rv49am1VfHWF5VIGGgvuHQ
Uv/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version;
bh=YlsGf/6tUQEbCjhz+rRJY6MsIxTjTcrGPc8aDV9CTVo=;
b=YfIk5YBPaEaXtWtSF9EVjy+5Vye0pJaNTLTAn3D6sFVQTcUAOK2lnQqLEcUyenGcsk
cdeNfaH26npNJt38v40Nzz2PLjshO8NqYALPrcN1y8b2fRGXTzoFgeLLasIRIejtIP1S
d8RYo1at3C+d5KLXnIiQg0UEzXsgMDF0ztsftuohFE6ncQgpj6owiQVNvy0XDV2C+PmG
4U6TiVHuDr53nQ6Uu0r8uT6Yrz83GhUyLyWpgbfmC9EFVPRvxNYZP3SIYHa5Cead0VBs
4ZaunJ3oVulb/vyU1VgQtYW+OxUcB6w0uY7V0TiRxHyOwDKNjzTd+eJkjBfb11R+LFEA
VE8w==
X-Gm-Message-State: AOAM533rjCB5KPodzroSFOVrm8BZhVPu1VItp4M+a9f/4GWzUYqA/c65
DECEM0ul8zbvDnJ0e0SbOgoobohw
X-Google-Smtp-Source: ABdhPJwl+rNSZErxLfj3AEUSaLAy0fNA80ySiloRVY7hohLJJTrBeGgmb/lUcVhxE9SVBJGkWZDj+g==
X-Received: by 2002:a05:651c:1134:: with SMTP id
e20mr2066962ljo.40.1595707727552;
Sat, 25 Jul 2020 13:08:47 -0700 (PDT)
Received: from guixsd (ppp91-122-98-213.pppoe.avangarddsl.ru. [91.122.98.213])
by smtp.gmail.com with ESMTPSA id
m26sm211705ljc.129.2020.07.25.13.08.46
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 25 Jul 2020 13:08:46 -0700 (PDT)
From: Oleg Pykhalov <go.wigust@HIDDEN>
References: <874kwx91k6.fsf@HIDDEN>
Date: Sat, 25 Jul 2020 23:08:44 +0300
In-Reply-To: <874kwx91k6.fsf@HIDDEN>
("=?UTF-8?Q?Nicol=C3=B2?= Balzarotti"'s message of "Tue, 14 Jan 2020
22:21:29 +0100")
Message-ID: <87365fl5mb.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 1.0 (+)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi,
That patch was forgotten for some reason, but we still have a succeeded
to build =E2=80=98endlessh=E2=80=99 package which missing a service! :-)
anothersms@HIDDEN (Nicol=C3=B2 Balzarotti) writes:
> This is my first service :) I know I still miss documentation and tests,
> but before diving into it I wanted a general feedback on it (so that if
> we decide to change something I don't have to adjust the docs and the
> tests twice).
Tests are appreciated ;-)
> Endlessh is already in the repo, but for those who don't know: it's a
> fake ssh server; it should be used to prevent bruteforce attacks and the
> like by "freezing" the connection on the standard port (while the real
> ssh server is on another non-standard port). So, I don't know if as
> default port should be 22 or, as it is now, 2222 (program's default).
2222 is OK. But we need this be documented in =E2=80=98doc/guix.texi=E2=80=
=99. Could
you take a look on this, please?
> My second doubt is regarding the place; it's an ssh server, but its main
> purpose is for security? Maybe should go under admin.scm? I'm not sure
I think gnu/services/ssh.scm is good.
[=E2=80=A6]
> +(define-record-type* <endlessh-configuration>
> + endlessh-configuration make-endlessh-configuration
> + endlessh-configuration?
> + ;; list of two symbols, allowed values are ipv4, ipv6 or both
> + (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
Please, move =E2=80=98(default =E2=80=A6)=E2=80=99 things on a separate lin=
e.
[=E2=80=A6]
Otherwise LGTM. Could you send an update with a documented service?
Thanks,
Oleg.
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl8ckUwACgkQFn+OpQAa
+px84Q//cThaNKqntgDxuutVSS1XIFeUFFgpcWmUHtJOnvz+9PxQ1gZDzJY5R9xO
GHERkNjoZopFfrt59owcIoBmnickxUembFYKQjssZscedr9prbX6oGjYgN5znKpk
xN2lAcS11XsKMecv+M5UJvGvRGsXHcFQJl7nafyyIhlF3qbQmcgUO5r1PfjPSgrU
uK8AyEvbdgYYQbvZTrboFPBn/frj+mIQ8HdXwaBtBBHuR8AcYderFCfD9fabWB8G
Tb4Qh3dpF3W2FhY8x8FpYxEsZA4RR8YoHAHX8TLcqtRb/7IVscYb78L+TUEs53bs
yb2o6RGpTsmRl7Muiw6Q4gGn7fdM9v28lgddILD6OB5dLImlP72YT9V6sTQ/Wev6
WFikCwH5ulrvhREP+cbYQPwV9XxgUj0EuXvd+Ya77ggG6x3Y6WnGRxEwL9Haykqi
+HuRkj0k5GB5kWxjpNtmMd6QRV58SXRr7Zq5jrJvbPU+4Xa7joeLUOeKjmJ7PeXN
SmGVgmiIKmflxGFI0DrXBP6e88XLwJkRKbeej+t8AlUffe5LXBH0ZS2+I6yhdDtr
+uDTPIR2r7RL45CHeyO9E16umSXhyZU0RjhXVQ+lg83wjZgBajU3R4bmNYQQK85P
6ZZjZ6uLaHTSfkzGnD8t3GIusFzbEk11XD/QviSZC2j38pK5SOg=
=XbGN
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH 1/2] services: Add endlessh service.
References: <874kwx91k6.fsf@HIDDEN>
In-Reply-To: <874kwx91k6.fsf@HIDDEN>
Resent-From: Joshua Branson <jbranso@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Mon, 15 Mar 2021 16:31:01 +0000
Resent-Message-ID: <handler.39136.B39136.161582584231592 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 39136 <at> debbugs.gnu.org
Cc: =?UTF-8?Q?Nicol=C3=B2?= Balzarotti <nicolo@HIDDEN>
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.161582584231592
(code B ref 39136); Mon, 15 Mar 2021 16:31:01 +0000
Received: (at 39136) by debbugs.gnu.org; 15 Mar 2021 16:30:42 +0000
Received: from localhost ([127.0.0.1]:36591 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lLq77-0008DU-OP
for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 12:30:42 -0400
Received: from mx1.dismail.de ([78.46.223.134]:14705)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1lLq75-0008D7-1v
for 39136 <at> debbugs.gnu.org; Mon, 15 Mar 2021 12:30:40 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id dff06951;
Mon, 15 Mar 2021 17:30:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:date:message-id:mime-version:content-type
:content-transfer-encoding; s=20190914; bh=Tk6JjC8fyJ1LrzU5iVT/v
CyUXldeLislM8LsuyUE3UA=; b=CJyaMlmNTS4Kx487rc7suLxShh0EaZPztNHZa
2mP86l++eS9RszTH2Qow40aZFpTrSEfNBM3FDfBYfFD8nxOJSPG9s26Zz6S+zunl
6nog3tz3xoe5WBs7wcXFfwVQMlclLVfgB9R2O55CyeYOhufDlLKnoipX78+wc7FT
DIOsZwZvFRDHDtZTimgvK3l2kj/vr6TCDN0otKTvoO57BSwyqNR3Yg3aEi24rHqV
afXOkuHfFA/UFvnU1zEpCnmcGtVXhGDwqb7JXVn0zPR3JaDdvL0dVNUE7SldvsEd
R2moiE+7sz2nXXpLQMHSH2TTEW3hjteGfZzf9MLv9LKc8Mhww==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id beebfcd2;
Mon, 15 Mar 2021 17:30:31 +0100 (CET)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id b8faeee4;
Mon, 15 Mar 2021 17:30:31 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 260a3f7e
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
Mon, 15 Mar 2021 17:30:30 +0100 (CET)
From: Joshua Branson <jbranso@HIDDEN>
Date: Mon, 15 Mar 2021 12:29:48 -0400
Message-Id: <20210315162949.17092-1-jbranso@HIDDEN>
X-Mailer: git-send-email 2.30.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.3 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.3 (-)
From: Nicolò Balzarotti <nicolo@HIDDEN>
* gnu/services/ssh.scm: Add endlessh service
(<endlessh-configuration>): New record type.
(endlessh-config->conf, endlessh-shepherd-service, endlessh-service-type): New procedures.
---
gnu/services/ssh.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 1891db0487..aad9bbc754 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -54,6 +54,10 @@
autossh-configuration?
autossh-service-type
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type
+
webssh-configuration
webssh-configuration?
webssh-service-type
@@ -739,6 +743,75 @@ object."
autossh-service-activation)))
(default-value (autossh-configuration))))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
+
;;;
;;; WebSSH
--
2.30.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH 2/2] services: containerized endlessh
Resent-From: Joshua Branson <jbranso@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Mon, 15 Mar 2021 16:31:02 +0000
Resent-Message-ID: <handler.39136.B39136.161582584531603 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 39136 <at> debbugs.gnu.org
Cc: Joshua Branson <jbranso@HIDDEN>
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.161582584531603
(code B ref 39136); Mon, 15 Mar 2021 16:31:02 +0000
Received: (at 39136) by debbugs.gnu.org; 15 Mar 2021 16:30:45 +0000
Received: from localhost ([127.0.0.1]:36593 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lLq7B-0008De-5E
for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 12:30:45 -0400
Received: from mx1.dismail.de ([78.46.223.134]:14705)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1lLq76-0008D7-CA
for 39136 <at> debbugs.gnu.org; Mon, 15 Mar 2021 12:30:41 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 08a985c3
for <39136 <at> debbugs.gnu.org>; Mon, 15 Mar 2021 17:30:36 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:date:message-id:in-reply-to:references:mime-version
:content-type:content-transfer-encoding; s=20190914; bh=ZWnA8cQE
D15FcgVm4lkvQLCmzwjnpqoa8fb8XZivybU=; b=moGS8EXHaefYkXYle203v+5D
pxSXz1VToRQeNsO4FIjgeKRcx/2UfTuJtzbKN1vTpJIm8LWkG89njMZAJTmmQg8X
zyYXeWHE5PHlVhnS+RJ6NDWvOiKg2x8AKVnhIpO/L+/2LsfLyxEQ3Kx1u3c+Bmyf
nTZiaTaTa/C1bjvL6AAqsuJTjmbjVDYW56q9ur3st3Xy/IjkLHijsmFNbqmww8w6
UkiMr5J6K/bY7UISYUfvViTxZyvfCBBf2WLhVvcvpupoASZ/HPHcdRdYa2IvcEag
O65NtaovmkR5ujaXTVjeS339kGvdujQs8QEJtXZtGXlZAJt2YnlIUGEO/jbp3Q==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 6c8dfcae
for <39136 <at> debbugs.gnu.org>; Mon, 15 Mar 2021 17:30:35 +0100 (CET)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id 186989a5
for <39136 <at> debbugs.gnu.org>; Mon, 15 Mar 2021 17:30:35 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 84cc5fa7
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
Mon, 15 Mar 2021 17:30:34 +0100 (CET)
From: Joshua Branson <jbranso@HIDDEN>
Date: Mon, 15 Mar 2021 12:29:49 -0400
Message-Id: <20210315162949.17092-2-jbranso@HIDDEN>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210315162949.17092-1-jbranso@HIDDEN>
References: <20210315162949.17092-1-jbranso@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=y
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.3 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.3 (-)
doc: endlessh service documentation.
* doc/guix.texi (Networking Services): New endlessh-service-type section.
services: containerized endlessh
* gnu/services/ssh.scm (endlessh-config->conf): make-forkexec-contructor ->
make-forkexec-constructor/container. and attempted to enable logging to syslog.
(define-record-type* <endlessh-configuration>)
move default values of endlessh configuration to separate line.
Add copyright line for Nicolo.
---
doc/guix.texi | 60 ++++++++++++++++++++++++++++++++++++++++++++
gnu/services/ssh.scm | 35 ++++++++++++++++++--------
2 files changed, 85 insertions(+), 10 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 464c1141d8..38807b3069 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -17081,6 +17081,66 @@ may cause undefined behaviour.
@end table
@end deftp
+@cindex Endlessh
+@deffn {Scheme Variable} endlessh-service-type
+This is the type for the @uref{https://github.com/skeeto/endlessh,
+Endlessh} program that delays ssh clients for days at a time by
+@emph{very slowly} sending a random and endless SSH banner. The smart
+hacker will put endlessh running on port 22, and let crackers get stuck
+in this tarpit. This lets your real ssh server run more securely on a
+non-standard port.
+
+For example:
+
+@lisp
+(service endlessh-service-type
+ (endlessh-configuration
+ (port-number 22)))
+@end lisp
+
+@end deffn
+
+@deftp {Data Type} endlessh-configuration
+Data type representing the configuration for @code{endlessh-service}.
+@table @asis
+@item @code{package} (default: @var{endlessh})
+@code{endlessh} package to use.
+
+@item @code{bind-family} (default: @code{'(ipv4 ipv6)})
+This specifies if endlessh should use ipv4 and/or ipv6.
+
+@item @code{delay} (default: @code{10000})
+The endless banner is sent one line at a time. This is the delay
+in milliseconds between individual lines.
+
+@item @code{length} (default: @code{32})
+The length of each line is randomized. This controls the maximum length
+of each line. Shorter lines may keep clients on for longer if they give
+up after a certain number of bytes.
+
+@item @code{max-clients} (default: @code{4096})
+Maximum number of connections to accept at a time. Connections beyond
+this are not immediately rejected, but will wait in the queue.
+
+@item @code{port-number} (default: @code{2222})
+The port on which to listen for new SSH connections. Most users who
+want to use endlessh as intended should set this port number to
+@code{22}.
+
+@item @code{log-level} (default: @code{0})
+Set the detail level for the log.
+@table @asis
+@item 0 = Quiet
+@item 1 = Standard, useful log messages
+@item 2 = Very noisy debugging information
+@end table
+
+@item @code{syslog} (default: @code{#f})
+Print diagnostics to syslog instead of standard output
+
+@end table
+@end deftp
+
@cindex WebSSH
@deffn {Scheme Variable} webssh-service-type
This is the type for the @uref{https://webssh.huashengdun.org/, WebSSH}
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index aad9bbc754..838655cf2c 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -6,6 +6,8 @@
;;; Copyright © 2019 Ricardo Wurmus <rekado@HIDDEN>
;;; Copyright © 2020 pinoaffe <pinoaffe@HIDDEN>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@HIDDEN>
+;;; Copyright © 2020 Nicolò Balzarotti <nicolo@HIDDEN>
+;;; Copyright @ 2021 Joshua Branson <jbranso@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -752,19 +754,25 @@ object."
endlessh-configuration make-endlessh-configuration
endlessh-configuration?
;; list of two symbols, allowed values are ipv4, ipv6 or both
- (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ (bind-family endlessh-configuration-bind-family
+ (default '(ipv4 ipv6)))
;; integer
- (delay endlessh-configuration-delay (default 10000))
+ (delay endlessh-configuration-delay
+ (default 10000))
;; integer
;; Must be in the range
- (length endlessh-configuration-length (default 32))
+ (length endlessh-configuration-length
+ (default 32))
;; integer
- (max-clients endlessh-configuration-max-clients (default 4096))
+ (max-clients endlessh-configuration-max-clients
+ (default 4096))
;; integer
- (port-number endlessh-configuration-port-number (default 2222))
+ (port-number endlessh-configuration-port-number
+ (default 2222))
;; integer
;; Allowed values are 0, 1 and 2
- (log-level endlessh-configuration-log-level (default 0)))
+ (log-level endlessh-configuration-log-level
+ (default 0)))
(define (endlessh-config->conf config)
"Convert the CONFIG of type <endlessh-config> to a config file."
@@ -797,15 +805,22 @@ object."
(shepherd-service
(documentation "Run endlessh tarpit server.")
(provision '(endlessh))
- (start #~(make-forkexec-constructor
- (list #$(file-append endlessh "/bin/endlessh")
- "-f" #$(endlessh-config->conf config))))
+ (start #~(make-forkexec-constructor/container
+ `(list #$(file-append endlessh "/bin/endlessh")
+ ,(if (positive? (endlessh-configuration-log-level config))
+ "-s"
+ "")
+ "-f" #$(endlessh-config->conf config))))
(stop #~(make-kill-destructor))))
(define endlessh-service-type
(service-type
(name 'endlessh)
- (description "Run endlessh tarpit server.")
+ (description "Endlessh is an SSH tarpit that very slowly sends an endless,
+random SSH banner. It keeps SSH clients locked up for hours or even days at a
+time. The purpose is to put your real SSH server on another port and then let
+the script kiddies get stuck in this tarpit instead of bothering a real
+server.")
(extensions
(list (service-extension shepherd-root-service-type
(compose list endlessh-shepherd-service))))
--
2.30.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] My endlessh patch series
References: <874kwx91k6.fsf@HIDDEN>
In-Reply-To: <874kwx91k6.fsf@HIDDEN>
Resent-From: Joshua Branson <jbranso@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 16 Mar 2021 15:33:01 +0000
Resent-Message-ID: <handler.39136.B39136.16159087706709 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 39136 <at> debbugs.gnu.org
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.16159087706709
(code B ref 39136); Tue, 16 Mar 2021 15:33:01 +0000
Received: (at 39136) by debbugs.gnu.org; 16 Mar 2021 15:32:50 +0000
Received: from localhost ([127.0.0.1]:40762 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lMBgg-0001k9-FO
for submit <at> debbugs.gnu.org; Tue, 16 Mar 2021 11:32:50 -0400
Received: from mx1.dismail.de ([78.46.223.134]:15951)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1lMBgf-0001js-5h
for 39136 <at> debbugs.gnu.org; Tue, 16 Mar 2021 11:32:50 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 6a7a8599
for <39136 <at> debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date
:message-id:from:to:subject; s=20190914; bh=Od5ECtnalWwbRzVygkza
bg6EEc6xgKcKA0/qTxYScpY=; b=az8nCDmYkBuEZgBT/03kQgjHWOeQG77pB9cC
PXGe6VvaB+RJfZUNAX1XDMVlibXzsuSpwQRZEjYoAW1TfuxHfevikOiifhK99kV7
sKRyGp3OQOtc6n13QVO5EbDHXEslzExSPTZ9wAeTAcDCdgmH6W2WBx2Mj6XlEuCF
N+6wc+CVg+yeUh0FIHQLpKxzUTzzEjJOFMC3S0D/di8n+cqdfCja5cSjFrDS0Mhx
Fk8nPDWMHuwHGOj9QWniZpX8xTgFwvgmAndHn4PKC5JATIPLLHCmNy+sgd1e4juy
oO6AWdnWWRyeckIvTgfzyds99zXP1ks/DjfuqXIWJ37AntYSyg==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 69d59fc6
for <39136 <at> debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id 7d26d748
for <39136 <at> debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id c4b0a7e4
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <39136 <at> debbugs.gnu.org>;
Tue, 16 Mar 2021 16:32:40 +0100 (CET)
Date: Tue, 16 Mar 2021 11:32:21 -0400
Message-Id: <87a6r39ksa.fsf@HIDDEN>
From: Joshua Branson <jbranso@HIDDEN>
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
So I've been working on this endlessh service for a while. I believe
it could be better, but perfectionist can only do one thing perfectly:
nothing. So I've submitted the above patch series. Let me know if it
needs more work.
At the moment, I believe that endlessh runs as root. It would be nice
to let it run as user nobody or something like that.
The endlessh systemd file provides an example of how to do that:
https://github.com/skeeto/endlessh/blob/master/util/endlessh.service
## If you want Endlessh to bind on ports < 1024
## 1) run:
## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
## 2) uncomment following line
#AmbientCapabilities=CAP_NET_BIND_SERVICE
## 3) comment following line
PrivateUsers=true
Though setcap 'cap_net_bind_service=+ep' is linux specific. And I'm
not certain if guix has a method for running setcap on items in the
store.
Those are just some relevant thoughts for improving the service!
Thanks!
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] issues.guix.org not showing patch series?
References: <874kwx91k6.fsf@HIDDEN>
In-Reply-To: <874kwx91k6.fsf@HIDDEN>
Resent-From: Joshua Branson <jbranso@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 16 Mar 2021 15:43:02 +0000
Resent-Message-ID: <handler.39136.B39136.16159093677795 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 39136 <at> debbugs.gnu.org
Cc: bug-guix@HIDDEN
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.16159093677795
(code B ref 39136); Tue, 16 Mar 2021 15:43:02 +0000
Received: (at 39136) by debbugs.gnu.org; 16 Mar 2021 15:42:47 +0000
Received: from localhost ([127.0.0.1]:40786 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lMBqI-00021e-Th
for submit <at> debbugs.gnu.org; Tue, 16 Mar 2021 11:42:47 -0400
Received: from mx1.dismail.de ([78.46.223.134]:26741)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1lMBqH-00021P-26
for 39136 <at> debbugs.gnu.org; Tue, 16 Mar 2021 11:42:45 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 8c426939;
Tue, 16 Mar 2021 16:42:38 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date
:message-id:from:to:cc:subject; s=20190914; bh=zelpc1C1M/koxQEXk
+Roj/oRRZjWoddSC4CWJif1Ego=; b=l445TLAJ3ai5chRTcEKXelINRraad/uy+
h9B8rgRFPSJDu0SHW1A5jsYbirbD50GSXKI1kAS74wE003k7qA/XfcPV4WjYWv3x
BhbZmR2XjfgMI4A5U7AS3hjU99U+U52GlPx5kS4XI4V6Qlim13ztKSjpZ9RyS9Sa
sV0h50AfgDwOE0TQJvpeX4k1vuIhvilgY/Rkq+t4NaJNeGDtKosR04RZvV6icXsg
o3HfHeiOlpl2lU1Di3VWQnuUJtAjtxgT0J7tKMWvexmZ0qV2vevOHX8FrXbuqBUe
ViPgzTDe787C6qzWJuVQqwyT+y1px77yWtDzVCc47yoZgShnwBSJg==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 87bf9ff5;
Tue, 16 Mar 2021 16:42:38 +0100 (CET)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id 75f310ae;
Tue, 16 Mar 2021 16:42:38 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 5386d147
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
Tue, 16 Mar 2021 16:42:37 +0100 (CET)
Date: Tue, 16 Mar 2021 11:42:18 -0400
Message-Id: <878s6n9kbp.fsf@HIDDEN>
From: Joshua Branson <jbranso@HIDDEN>
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hello!
I just submitted a patch series for an endlessh service!
However, issues.guix.gnu.org/39136 does not properly show the patch
series. :( Maybe I just submitted the patch series incorrectly. :)
You can see the patch series here:
https://lists.gnu.org/archive/html/guix-patches/2021-03/msg00672.html
And via
M-x debbugs-gnu-bugs RET 39136 RET
I'm not certain what the issue is...
This is the command that I used to send the patch series.
#+BEGIN_SRC sh
git send-email --to=39136 <at> debbugs.gnu.org HEAD~2
#+END_SRC
Thanks!
Your friend,
Joshua
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: Joshua Branson <jbranso@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 19 Mar 2021 16:24:02 +0000
Resent-Message-ID: <handler.39136.B39136.161617098824671 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 39136 <at> debbugs.gnu.org
Cc: go.wigust@HIDDEN
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.161617098824671
(code B ref 39136); Fri, 19 Mar 2021 16:24:02 +0000
Received: (at 39136) by debbugs.gnu.org; 19 Mar 2021 16:23:08 +0000
Received: from localhost ([127.0.0.1]:50876 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lNHtz-0006Pr-TO
for submit <at> debbugs.gnu.org; Fri, 19 Mar 2021 12:23:08 -0400
Received: from mx1.dismail.de ([78.46.223.134]:8171)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1lNHty-0006PA-AD
for 39136 <at> debbugs.gnu.org; Fri, 19 Mar 2021 12:23:07 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id c3e611f8;
Fri, 19 Mar 2021 17:22:59 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to
:subject:references:cc:date:in-reply-to:message-id:mime-version
:content-type; s=20190914; bh=l1/wowBBoZpZl+YCg2ZbLQdaWIvjTVXdJB
ITsg8bb78=; b=FBOsp6k9F2kSxRJbxFT0RZ8TqnHXzZbJqOTMmdmXbM8Q1SiFee
FoZtpRU5XGcLdF1HvuAMq20sILmMEoa7evAtkXhBnS/s5kRAXTc3zD18DjVLQijl
/n0EcOlDkZ0rZVVhv/xD5UD1Ybgms2kwwZ43H0PkfSjVKxRxQEI/xyR3G4zyOLnH
JymfA5eypGgVA6TiZU8JElznLPfzIjU88+v/cHt09IDPOD3jNaB8UylT/1PzzpLG
xjjDB3Xmbzm6GK9qBOD2HI4Yu5WAOfm5Fm1BoyK2bA8gs8q8d9sqoJgBP0v68m0h
IAXxUll/oInDldl3sU7+4CMU9hFYWRhK1Bkg==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id acd5e0ce;
Fri, 19 Mar 2021 17:22:59 +0100 (CET)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id 1467b0f0;
Fri, 19 Mar 2021 17:22:59 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id a7a1b547
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
Fri, 19 Mar 2021 17:22:58 +0100 (CET)
From: Joshua Branson <jbranso@HIDDEN>
References: <874kwx91k6.fsf@HIDDEN>
<87a6r39ksa.fsf@HIDDEN>
Date: Fri, 19 Mar 2021 12:22:40 -0400
In-Reply-To: <87a6r39ksa.fsf@HIDDEN> (Joshua Branson's message of "Tue, 16
Mar 2021 11:32:21 -0400")
Message-ID: <87h7l7kt9r.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Ping for Oleg!
Thanks!
Joshua
P.S. I forget to include your email in the patch series. I know the
patch series could be better, but I figured I'd rather submit something
rather than nothing. Thanks!
--
Joshua Branson (joshuaBPMan in #guix)
Sent from Emacs and Gnus
https://gnucode.me
https://video.hardlimit.com/accounts/joshua_branson/video-channels
https://propernaming.org
"You can have whatever you want, as long as you help
enough other people get what they want." - Zig Ziglar
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: Oleg Pykhalov <go.wigust@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Mon, 22 Mar 2021 18:46:01 +0000
Resent-Message-ID: <handler.39136.B39136.161643875516136 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Joshua Branson <jbranso@HIDDEN>
Cc: 39136 <at> debbugs.gnu.org
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.161643875516136
(code B ref 39136); Mon, 22 Mar 2021 18:46:01 +0000
Received: (at 39136) by debbugs.gnu.org; 22 Mar 2021 18:45:55 +0000
Received: from localhost ([127.0.0.1]:58628 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lOPYp-0004CB-3D
for submit <at> debbugs.gnu.org; Mon, 22 Mar 2021 14:45:55 -0400
Received: from mail-lj1-f181.google.com ([209.85.208.181]:34762)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <go.wigust@HIDDEN>) id 1lOPYn-0004By-48
for 39136 <at> debbugs.gnu.org; Mon, 22 Mar 2021 14:45:53 -0400
Received: by mail-lj1-f181.google.com with SMTP id f16so22431508ljm.1
for <39136 <at> debbugs.gnu.org>; Mon, 22 Mar 2021 11:45:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version;
bh=6s6QoLAowzqzO7xzq5EuautVaZh3XrsCACcAjlg8a1w=;
b=LzwIPOqIheScU+sXOZGy2eABOhKDZK5Mg1XrlFJq3R16ENXe6otdihSBqVmbIlBBEz
TUCxDJEIKO12yPk0N2jUozfFnz/gElCT43+4fcycIgiNfIEmMWhb5Jmf9pIFjhx3te/f
dsA8Hp4T7aa+mVsMeBmvI8gQEYr8jL3KdNt88pVgK3gD67Mauaq+pFrKzWelHoFwMi7c
qOWRkA7A8dYBebBi0KglaQZcKTQ6Na/fSHBnon56qv6irMyN8E66YR1FFW71L4M5Bp7h
tt02PJ7GKN0i1VQklWDBJkOvBLJmUP9/D/bYpAthsFrSZvpuSOghtTFM/B/tvMxpEFIV
DFKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version;
bh=6s6QoLAowzqzO7xzq5EuautVaZh3XrsCACcAjlg8a1w=;
b=ZE4MTVX7kt6+XMnbxAV6FxF3OkhHdifH7RteN75jIrLsgd2uExVhnYtj8v9Z7yW+gl
TfUdfQv3BgGOen8wDQRN1Jdi0WRQ1vjMFOq/LjQ3Oa9q/eHI2pl5quPQ9TNnj1yzvZWQ
nytzy6gp4vXH/3a8gkTM3RFhmXlY35K/OsrxqU0sJtArHwrZQAQ3mqrQnbSxU6v1hnEk
KziaQwvAQenAXJRHNZWWzWo+Hz/bSlAVGgINPLjQ0Gx8iIDTB49wkUSlrvxw4Zj3sjsJ
lkbk8Tb9YbSALfQXl3dPKndtEyWN68kCZNbzGb3CKOeYj1YGmcjAwQAI6iRVBT0qZP3Y
GKIg==
X-Gm-Message-State: AOAM533hViaGetbAjxc3W5xwlIYni+L708PFpYi5dxmX4Y2jXnFIJIq1
+3Ldlq2JA8hQGo+5IAWYQbJLIDj4M1U=
X-Google-Smtp-Source: ABdhPJzG3j79njCFeg08mVfydc+eYyTxVPeXbN7sDKxmQu0Ov8o1yxh/VQGImZCS1q49Uh6pmenrHA==
X-Received: by 2002:a2e:b537:: with SMTP id z23mr544747ljm.350.1616438746665;
Mon, 22 Mar 2021 11:45:46 -0700 (PDT)
Received: from guixsd ([88.201.161.72])
by smtp.gmail.com with ESMTPSA id j19sm874638lfg.225.2021.03.22.11.45.45
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 22 Mar 2021 11:45:45 -0700 (PDT)
From: Oleg Pykhalov <go.wigust@HIDDEN>
References: <874kwx91k6.fsf@HIDDEN>
<87a6r39ksa.fsf@HIDDEN> <87h7l7kt9r.fsf_-_@HIDDEN>
Date: Mon, 22 Mar 2021 21:45:42 +0300
In-Reply-To: <87h7l7kt9r.fsf_-_@HIDDEN> (Joshua Branson's message of "Fri,
19 Mar 2021 12:22:40 -0400")
Message-ID: <87zgyv2fjd.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello,
I failed to test endlessh with "services: containerized endlessh" patch
in a virtual machine. Unfortunately at the moment I'm not familiar with
=E2=80=98make-forkexec-constructor/container=E2=80=99 machinery, and have n=
o idea about
that causing the issue of boot hang. Failed VM config in attachment.
--=-=-=
Content-Type: text/x-scheme
Content-Disposition: attachment; filename=vm-image.tmpl
Content-Description: vm-image.tmpl
;; This is an operating system configuration for a VM image.
;; Modify it as you see fit and instantiate the changes by running:
;;
;; guix system reconfigure /etc/config.scm
;;
(use-modules (gnu) (guix) (srfi srfi-1))
(use-service-modules desktop networking ssh xorg)
(use-package-modules bootloaders certs fonts nvi
package-management wget xorg)
(define vm-image-motd (plain-file "motd" "
\x1b[1;37mThis is the GNU system. Welcome!\x1b[0m
This instance of Guix is a template for virtualized environments.
You can reconfigure the whole system by adjusting /etc/config.scm
and running:
guix system reconfigure /etc/config.scm
Run '\x1b[1;37minfo guix\x1b[0m' to browse documentation.
\x1b[1;33mConsider setting a password for the 'root' and 'guest' \
accounts.\x1b[0m
"))
(operating-system
(host-name "gnu")
(timezone "Etc/UTC")
(locale "en_US.utf8")
(keyboard-layout (keyboard-layout "us" "altgr-intl"))
;; Label for the GRUB boot menu.
(label (string-append "GNU Guix " (package-version guix)))
(firmware '())
;; Below we assume /dev/vda is the VM's hard disk.
;; Adjust as needed.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/vda")
(terminal-outputs '(console))))
(file-systems (cons (file-system
(mount-point "/")
(device "/dev/vda1")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "guest")
(comment "GNU Guix Live")
(password "") ;no password
(group "users")
(supplementary-groups '("wheel" "netdev"
"audio" "video")))
%base-user-accounts))
;; Our /etc/sudoers file. Since 'guest' initially has an empty password,
;; allow for password-less sudo.
(sudoers-file (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=NOPASSWD: ALL\n"))
(packages (append (list nss-certs wget)
%base-packages))
(services
(append (list ;; Uncomment the line below to add an SSH server.
;; (service openssh-service-type
;; (openssh-configuration
;; (port-number 2222)))
(service endlessh-service-type
(endlessh-configuration
(port-number 2222)))
;; Use the DHCP client service rather than NetworkManager.
(service dhcp-client-service-type))
;; Remove GDM, ModemManager, NetworkManager, and wpa-supplicant,
;; which don't make sense in a VM.
(remove (lambda (service)
(let ((type (service-kind service)))
(or (memq type
(list gdm-service-type
wpa-supplicant-service-type
cups-pk-helper-service-type
network-manager-service-type
modem-manager-service-type))
(eq? 'network-manager-applet
(service-type-name type)))))
(modify-services %base-services
(login-service-type config =>
(login-configuration
(inherit config)
(motd vm-image-motd)))))))
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
--=-=-=
Content-Type: text/plain
I succeeded to test without "services: containerized endlessh". If wish
to fix a problem, ping me then you done. Otherwise I could push a
working version without containerization.
Thanks,
Oleg.
--=-=-=--
--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAmBY5dYUHGdvLndpZ3Vz
dEBnbWFpbC5jb20ACgkQFn+OpQAa+pwRLQ//b7/BeXuTmjoPBdvCo7+zef/q67Hu
q68tZwvp4SZoOXSrTOlwKFhmr4jRKdlw8SDGg3Xx7ZMU6YbsTmvndzl82wyTIHpf
+754G2XTQib/MGseVg4XvBkkYYkgbtMW7xINqd723dM9b46ZmRQbjLCSWPmoj1zM
voNeQsGpSVa7iz+UDE/OHpqDQhdXKA35OqPUssCjj/Bkbo1+gYb3itqruHXkxjdI
bjiYDVu47eaBPvd3QPQSm8xESKPB5yuj/LRO0JijyREXsvV4yfZVyJJk9a3c9nX9
nQLYwBFgRr6++X1O39PA6mzT45NlTR3r3XKjsCd0HtOh1sTytjNA/olTGw1+W1e5
gOjU4mtvGEzRF3p9BQs8D3VV3wVkmjgQDdHK9/gOpT+x0aUGdJp2w/ByTN1FeNRL
tRzTGOzYBrKv5zsVMv9PKR6zklhtDWz9fnSQa/5CnfI3x82lr5M+MMxGTpQPFISq
GZS6ITA1RSD+yEdu6V2JohPHqhbeI06O4e6HGy6MHIHxQU6mtZLAXpKE5AJvSmP2
y7F1pWBz6UZGHqBKfmRDReCeq+eOKjjgL2HeZ28ync1lpi00DEiU2PVZvleWposv
K95fMxloXmITqPN1621/jxhnwXq0iLhL7fwJMJEN1enscfT8nNOBwg+MI88OPg+u
ZSb5mXMtM0UcLr0=
=Dj5i
-----END PGP SIGNATURE-----
--==-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: Joshua Branson <jbranso@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 04 Apr 2021 13:33:01 +0000
Resent-Message-ID: <handler.39136.B39136.16175431368265 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Oleg Pykhalov <go.wigust@HIDDEN>
Cc: 39136 <at> debbugs.gnu.org
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.16175431368265
(code B ref 39136); Sun, 04 Apr 2021 13:33:01 +0000
Received: (at 39136) by debbugs.gnu.org; 4 Apr 2021 13:32:16 +0000
Received: from localhost ([127.0.0.1]:35116 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lT2rP-00029E-W3
for submit <at> debbugs.gnu.org; Sun, 04 Apr 2021 09:32:16 -0400
Received: from mx1.dismail.de ([78.46.223.134]:23377)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1lT2rN-00028y-4R
for 39136 <at> debbugs.gnu.org; Sun, 04 Apr 2021 09:32:14 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id b686fa3f;
Sun, 4 Apr 2021 15:32:05 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:references:date:in-reply-to:message-id:mime-version
:content-type:content-transfer-encoding; s=20190914; bh=t6A+7g/Z
YheQMedmRuwR0h7QjyeO8k+iMuBLrTBAQQE=; b=uV1po3/NpeFWwA8H3EaXOt0G
eVubz7f/xQmMNVM+xpANqPfwY111ODOy+ObgGD/mvtNHdBZpkXO07TIw50ZxEsSp
6nbdMDQeWKTbnvqQMILrJ7AjbAmlbP00EFfWQqD3IglM+XjbUm55LYfkNgJdSvmC
aqDp/z8nixdS+xY4G8/ziAgJT42uMy/uhwpklwRd2hUOPPPiiw/V45TwsZRDp4Fz
C9PXNZjy/CA44T9866QTWCL6tuTTF54lxxN7Z1ruagXTXFyTMzgzftciIH4W/o89
cm6rk9GnHAI79J19+M8dFMFqwQJBh4Zbs1OPLVq5oOfrd24Qw4fYq3MdMS46gw==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 41f6a369;
Sun, 4 Apr 2021 15:32:05 +0200 (CEST)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id e4f6d675;
Sun, 4 Apr 2021 15:32:05 +0200 (CEST)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id f2308c99
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
Sun, 4 Apr 2021 15:32:04 +0200 (CEST)
From: Joshua Branson <jbranso@HIDDEN>
References: <874kwx91k6.fsf@HIDDEN>
<87a6r39ksa.fsf@HIDDEN> <87h7l7kt9r.fsf_-_@HIDDEN>
<87zgyv2fjd.fsf_-_@HIDDEN>
Date: Sun, 04 Apr 2021 09:31:51 -0400
In-Reply-To: <87zgyv2fjd.fsf_-_@HIDDEN> (Oleg Pykhalov's message of "Mon,
22 Mar 2021 21:45:42 +0300")
Message-ID: <878s5ymb08.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Oleg Pykhalov <go.wigust@HIDDEN> writes:
> Hello,
>
> I failed to test endlessh with "services: containerized endlessh" patch
> in a virtual machine. Unfortunately at the moment I'm not familiar with
> =E2=80=98make-forkexec-constructor/container=E2=80=99 machinery, and have=
no idea about
> that causing the issue of boot hang. Failed VM config in attachment.
>
>
>
>
> I succeeded to test without "services: containerized endlessh". If wish
> to fix a problem, ping me then you done. Otherwise I could push a
> working version without containerization.
Oh, I suppose that I will try to get containerization working on this
service. I'd prefer to have it containerized, since it is running as
root.
Thanks!
>
> Thanks,
> Oleg.
>
--
Joshua Branson (joshuaBPMan in #guix)
Sent from Emacs and Gnus
https://gnucode.me
https://video.hardlimit.com/accounts/joshua_branson/video-channels
https://propernaming.org
"You can have whatever you want, as long as you help
enough other people get what they want." - Zig Ziglar
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Wed, 31 Aug 2022 10:50:02 +0000
Resent-Message-ID: <handler.39136.B39136.16619429851834 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Joshua Branson <jbranso@HIDDEN>
Cc: 39136 <at> debbugs.gnu.org
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.16619429851834
(code B ref 39136); Wed, 31 Aug 2022 10:50:02 +0000
Received: (at 39136) by debbugs.gnu.org; 31 Aug 2022 10:49:45 +0000
Received: from localhost ([127.0.0.1]:38327 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oTLI1-0000TV-1p
for submit <at> debbugs.gnu.org; Wed, 31 Aug 2022 06:49:45 -0400
Received: from eggs.gnu.org ([209.51.188.92]:59446)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1oTLHy-0000TF-6I
for 39136 <at> debbugs.gnu.org; Wed, 31 Aug 2022 06:49:43 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34736)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1oTLHs-0001qY-Th; Wed, 31 Aug 2022 06:49:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
From; bh=PLue9P7BEPor8f/Vtyo/+spTDvd0iwjoPnszWmHLLzQ=; b=Ut9Yx7svYLs7h6Qxl6iA
mlRFKrlLkZRx6hGNpYfKw+J+QUY2WXT6ZcxKk41s5OlMaJKjxL3I9B5gIJnhQT/rIyY5QzAZJfF4C
H1gdgLVf+zOuCewIhR/ARkpGZd3z4xIf8CM16MABP6RbqgOqgcQ7zloaT0oTj9DFE2EDHW9yMD3Ex
yTqEeSsQ/HcJiXNlrVZILPqUY6COFYWSbz55laxxLXePaMvfUkknB8Ns7jhETJL9+SF1FRohKe8hx
IzshK+40IEVD15j4UKBd9fWfklz6wN1R5w6fhw0FoPpUgsxO2WO8I3oPI1cpFQNlorSb+lHwfnh4n
zIWqUHJXF3DSiA==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:50428
helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1oTLHs-0007IP-54; Wed, 31 Aug 2022 06:49:36 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <20210315162949.17092-1-jbranso@HIDDEN>
<20210315162949.17092-2-jbranso@HIDDEN>
Date: Wed, 31 Aug 2022 12:49:33 +0200
In-Reply-To: <20210315162949.17092-2-jbranso@HIDDEN> (Joshua Branson's
message of "Mon, 15 Mar 2021 12:29:49 -0400")
Message-ID: <87o7w0bsci.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Joshua,
Joshua Branson <jbranso@HIDDEN> skribis:
> doc: endlessh service documentation.
>
> * doc/guix.texi (Networking Services): New endlessh-service-type section.
>
> services: containerized endlessh
>
> * gnu/services/ssh.scm (endlessh-config->conf): make-forkexec-contructor =
->
> make-forkexec-constructor/container. and attempted to enable logging to s=
yslog.
> (define-record-type* <endlessh-configuration>)
> move default values of endlessh configuration to separate line.
> Add copyright line for Nicolo.
Could you merge both patch #1 and patch #2? Usually doc is added in the
same commit as the thing being documented.
> +@cindex Endlessh
> +@deffn {Scheme Variable} endlessh-service-type
> +This is the type for the @uref{https://github.com/skeeto/endlessh,
> +Endlessh} program that delays ssh clients for days at a time by
Nitpick: s/ssh/SSH/.
> +@emph{very slowly} sending a random and endless SSH banner. The smart
> +hacker will put endlessh running on port 22, and let crackers get stuck
Maybe =E2=80=9CThe smart hacker will put=E2=80=9D -> =E2=80=9CYou would typ=
ically run=E2=80=9D
> + (start #~(make-forkexec-constructor/container
Let=E2=80=99s forget about =E2=80=98/container=E2=80=99 for now if it doesn=
=E2=80=99t work yet.
Perhaps we can have a minimal system test to make sure the thing is
running and listening on the right port? There are tests for
full-fledged SSH servers in (gnu tests ssh) that could serve as
inspiration.
Could you send a (hopefully) last version with these changes?
Thanks in advance,
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: jbranso@HIDDEN
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Wed, 31 Aug 2022 23:35:02 +0000
Resent-Message-ID: <handler.39136.B39136.166198888832199 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: "Ludovic =?UTF-8?Q?Court=C3=A8s?=" <ludo@HIDDEN>
Cc: 39136 <at> debbugs.gnu.org
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.166198888832199
(code B ref 39136); Wed, 31 Aug 2022 23:35:02 +0000
Received: (at 39136) by debbugs.gnu.org; 31 Aug 2022 23:34:48 +0000
Received: from localhost ([127.0.0.1]:40736 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oTXEO-0008NH-Et
for submit <at> debbugs.gnu.org; Wed, 31 Aug 2022 19:34:48 -0400
Received: from mx1.dismail.de ([78.46.223.134]:17537)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1oTXEL-0008N0-O2
for 39136 <at> debbugs.gnu.org; Wed, 31 Aug 2022 19:34:47 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 924e9f0c;
Thu, 1 Sep 2022 01:34:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=
mime-version:date:content-type:content-transfer-encoding:from
:message-id:subject:to:cc:in-reply-to:references; s=20190914;
bh=pRBogABCYoErypTkDyHzWfRAXnGaIIbkk9CKjgbdUjc=; b=WTC7yOdzc8Ca
zXsZje+WkjVorMLQud35y+jxoYJzamgRE5uJJUwUqcczJctWnJpPiw0ShAvekc/V
mTCoRH/LkPjOFG6fph00s9LEPIPI7ONK+KZKAlQflDNpnCfZEXXLYD1Wh5EWR0Gg
guo4GcFePcs0umHyn92hT++NccXh2quYZtdWtoiQ7JZuydAm+nCWt5dJHMK5icfd
0UEDWVKXacjX6I2IxdTPmAZ/upevgvaQ2EtGzNBhTxsbQNHiux+50MbRTZCQIpfW
e4uVo5FIWlOtmMLaVvttgJ1qCWGzWNGMrizNmILc/Bp4cLfZUmKuG7dPpbszojvK
E6KS2QtiUw==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
by mx1.dismail.de (OpenSMTPD) with ESMTP id aceae057;
Thu, 1 Sep 2022 01:34:37 +0200 (CEST)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
by smtp1.dismail.de (OpenSMTPD) with ESMTP id dde0b43b;
Thu, 1 Sep 2022 01:34:37 +0200 (CEST)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 7caab8b5
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Thu, 1 Sep 2022 01:34:37 +0200 (CEST)
MIME-Version: 1.0
Date: Wed, 31 Aug 2022 23:34:36 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: RainLoop/1.16.0a
From: jbranso@HIDDEN
Message-ID: <1c810968a4114879ea1c9c1e7c927d28@HIDDEN>
In-Reply-To: <87o7w0bsci.fsf_-_@HIDDEN>
References: <87o7w0bsci.fsf_-_@HIDDEN>
<20210315162949.17092-1-jbranso@HIDDEN>
<20210315162949.17092-2-jbranso@HIDDEN>
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
August 31, 2022 6:49 AM, "Ludovic Court=C3=A8s" <ludo@HIDDEN> wrote:
> Hi Joshua,
>=20
>=20Joshua Branson <jbranso@HIDDEN> skribis:
>=20
>>=20doc: endlessh service documentation.
>>=20
>>=20* doc/guix.texi (Networking Services): New endlessh-service-type sec=
tion.
>>=20
>>=20services: containerized endlessh
>>=20
>>=20* gnu/services/ssh.scm (endlessh-config->conf): make-forkexec-contru=
ctor ->
>> make-forkexec-constructor/container. and attempted to enable logging t=
o syslog.
>> (define-record-type* <endlessh-configuration>)
>> move default values of endlessh configuration to separate line.
>> Add copyright line for Nicolo.
>=20
>=20Could you merge both patch #1 and patch #2? Usually doc is added in t=
he
> same commit as the thing being documented.
>=20
>>=20+@cindex Endlessh
>> +@deffn {Scheme Variable} endlessh-service-type
>> +This is the type for the @uref{https://github.com/skeeto/endlessh,
>> +Endlessh} program that delays ssh clients for days at a time by
>=20
>=20Nitpick: s/ssh/SSH/.
>=20
>>=20+@emph{very slowly} sending a random and endless SSH banner. The sma=
rt
>> +hacker will put endlessh running on port 22, and let crackers get stu=
ck
>=20
>=20Maybe =E2=80=9CThe smart hacker will put=E2=80=9D -> =E2=80=9CYou wou=
ld typically run=E2=80=9D
>=20
>>=20+ (start #~(make-forkexec-constructor/container
>=20
>=20Let=E2=80=99s forget about =E2=80=98/container=E2=80=99 for now if it=
doesn=E2=80=99t work yet.
>=20
>=20Perhaps we can have a minimal system test to make sure the thing is
> running and listening on the right port? There are tests for
> full-fledged SSH servers in (gnu tests ssh) that could serve as
> inspiration.
>=20
>=20Could you send a (hopefully) last version with these changes?
Will merge the doc and code changes and submit an updated patch soon.
Thanks!
Joshua
>=20
>=20Thanks in advance,
> Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] * gnu: endlessh: new service
References: <874kwx91k6.fsf@HIDDEN>
In-Reply-To: <874kwx91k6.fsf@HIDDEN>
Resent-From: Joshua Branson <jbranso@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 30 Sep 2022 17:04:01 +0000
Resent-Message-ID: <handler.39136.B39136.166455741719269 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 39136 <at> debbugs.gnu.org
Cc: ludo@HIDDEN, =?UTF-8?Q?Nicol=C3=B2?= Balzarotti <nicolo@HIDDEN>
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.166455741719269
(code B ref 39136); Fri, 30 Sep 2022 17:04:01 +0000
Received: (at 39136) by debbugs.gnu.org; 30 Sep 2022 17:03:37 +0000
Received: from localhost ([127.0.0.1]:42820 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oeJQG-00050i-EE
for submit <at> debbugs.gnu.org; Fri, 30 Sep 2022 13:03:36 -0400
Received: from mx1.dismail.de ([78.46.223.134]:48344)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1oeJQA-00050R-8B
for 39136 <at> debbugs.gnu.org; Fri, 30 Sep 2022 13:03:34 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 81f45e3b;
Fri, 30 Sep 2022 19:03:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:date:message-id:mime-version:content-type
:content-transfer-encoding; s=20190914; bh=2bz8z2cvINgNOa7KNCOgw
bW4BV4sOi/jRH/vioDDsYc=; b=hx7VO6l7enwCGsX7ckmvaM+Z8/M/IOdIaLMEE
Eaacavg0lEOypdJ5cPk7q8C3yseiOj+wfTZIn88VxH72LUA5U5E7I1CUQP9T6U0V
0iW1cMceAYkNZj2r5Xepbvn4SaV2ra/R2hV2aGCO9//6jiMh5JaQAgzt+KfJaOUZ
/gfWxmZBR5bWRrhDpq38vu4eC3yH4+jvHwosQxWchTvqetErSkhyU/LfNQzmjfdY
1BuAkKYls8cqCxR0l1Mi6iQ3htzX5BfH2zH4xNUBM7A/ssTA4a3xTwMI80s7Easp
DxBGOmPmSOKoUwkCBN3Nj0dWiHdoeMqpJVS0r3BHDTNh0NHzg==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 4be987a2;
Fri, 30 Sep 2022 19:03:23 +0200 (CEST)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
by smtp1.dismail.de (OpenSMTPD) with ESMTP id 9d81ceeb;
Fri, 30 Sep 2022 19:03:23 +0200 (CEST)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 05cba35b
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Fri, 30 Sep 2022 19:03:22 +0200 (CEST)
From: Joshua Branson <jbranso@HIDDEN>
Date: Fri, 30 Sep 2022 13:03:01 -0400
Message-Id: <20220930170301.21324-1-jbranso@HIDDEN>
X-Mailer: git-send-email 2.37.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: =?UTF-8?Q?Nicol=C3=B2?= Balzarotti <nicolo@HIDDEN> Here is an attempted
merger of patch 1 and 2. I hope that it applies cleanly to master, but if
it does not, please let me know! Thanks!
Content analysis details: (1.3 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: nixo.xyz (xyz)]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust
[78.46.223.134 listed in list.dnswl.org]
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)
From: Nicolò Balzarotti <nicolo@HIDDEN>
Here is an attempted merger of patch 1 and 2. I hope that it applies
cleanly to master, but if it does not, please let me know!
Thanks!
Joshua
* gnu/services/ssh.scm: Add endlessh service
endlessh-configuration>): New record type.
(endlessh-config->conf, endlessh-shepherd-service, endlessh-service-type): New procedures.
* doc/guix.texi: added documnetation for the endlessh service.
---
doc/guix.texi | 60 ++++++++++++++++++++++++++++++++++++
gnu/services/ssh.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 133 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 99f8ba6c54..9a1e2801dd 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20393,6 +20393,66 @@ may cause undefined behaviour.
@end table
@end deftp
+@cindex Endlessh
+@deffn {Scheme Variable} endlessh-service-type
+This is the type for the @uref{https://github.com/skeeto/endlessh,
+Endlessh} service, which is an ssh tarbit. It delays ssh clients for
+days at a time by @emph{very slowly} sending a random and endless SSH
+banner. The smart hacker will run endlessh on port 22, and let crackers
+get stuck in this tarpit. This lets your real ssh server run more
+securely on a non-standard port.
+
+For example:
+
+@lisp
+(service endlessh-service-type
+ (endlessh-configuration
+ (port-number 22)))
+@end lisp
+
+@end deffn
+
+@deftp {Data Type} endlessh-configuration
+Data type representing the configuration for @code{endlessh-service}.
+@table @asis
+@item @code{package} (default: @var{endlessh})
+@code{endlessh} package to use.
+
+@item @code{bind-family} (default: @code{'(ipv4 ipv6)})
+This specifies if endlessh should use ipv4 and/or ipv6.
+
+@item @code{delay} (default: @code{10000})
+The endless banner is sent one line at a time. This is the delay
+in milliseconds between individual lines.
+
+@item @code{length} (default: @code{32})
+The length of each line is randomized. This controls the maximum length
+of each line. Shorter lines may keep clients on for longer if they give
+up after a certain number of bytes.
+
+@item @code{max-clients} (default: @code{4096})
+Maximum number of connections to accept at a time. Connections beyond
+this are not immediately rejected, but will wait in the queue.
+
+@item @code{port-number} (default: @code{2222})
+The port on which to listen for new SSH connections. Most users who
+want to use endlessh as intended should set this port number to
+@code{22}.
+
+@item @code{log-level} (default: @code{0})
+Set the detail level for the log.
+@table @asis
+@item 0 = Quiet
+@item 1 = Standard, useful log messages
+@item 2 = Very noisy debugging information
+@end table
+
+@item @code{syslog} (default: @code{#f})
+Print diagnostics to syslog instead of standard output
+
+@end table
+@end deftp
+
@cindex WebSSH
@deffn {Scheme Variable} webssh-service-type
This is the type for the @uref{https://webssh.huashengdun.org/, WebSSH}
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 72e7183590..2e547b63cd 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -58,6 +58,10 @@ (define-module (gnu services ssh)
autossh-configuration?
autossh-service-type
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type
+
webssh-configuration
webssh-configuration?
webssh-service-type
@@ -802,6 +806,75 @@ (define autossh-service-type
autossh-service-activation)))
(default-value (autossh-configuration))))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
+
;;;
;;; WebSSH
--
2.37.3
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] * gnu: endlessh: new service
References: <874kwx91k6.fsf@HIDDEN>
In-Reply-To: <874kwx91k6.fsf@HIDDEN>
Resent-From: Joshua Branson <jbranso@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 30 Sep 2022 17:09:02 +0000
Resent-Message-ID: <handler.39136.B39136.166455773519756 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 39136 <at> debbugs.gnu.org
Cc: ludo@HIDDEN, =?UTF-8?Q?Nicol=C3=B2?= Balzarotti <nicolo@HIDDEN>
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.166455773519756
(code B ref 39136); Fri, 30 Sep 2022 17:09:02 +0000
Received: (at 39136) by debbugs.gnu.org; 30 Sep 2022 17:08:55 +0000
Received: from localhost ([127.0.0.1]:42828 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oeJVO-00058Y-ES
for submit <at> debbugs.gnu.org; Fri, 30 Sep 2022 13:08:54 -0400
Received: from mx1.dismail.de ([78.46.223.134]:43699)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1oeJVM-00058E-4U
for 39136 <at> debbugs.gnu.org; Fri, 30 Sep 2022 13:08:52 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id b1bcbc06;
Fri, 30 Sep 2022 19:08:46 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:date:message-id:mime-version:content-type
:content-transfer-encoding; s=20190914; bh=6rExRGHV+rkNfS7vfCoI2
Jkf0qPhceIpJni39TCgutA=; b=jcuzMmy3NBnzdjfepRP/pvdBJFUhdgp5OQ8w9
K/2NxOO+cr7qGxn/1yMnneHxE4eQ89YDl14IHRDmEhGVxRs8G/dzBq1S0Nti1ODd
yKXy56gU3yfuJR+T5Q2drxCG6eiEZWVK/VXtsXtl0P6svbWGYEhRB3NGmsxLkSI8
qH+gypp73cq5iyuFJq1qxWwQgn6Of4J7RpcLh0gbriSCGlivqw8vkLNmYJ3n7u7W
scoaF8qU8ZmlLBnbI6NUedIyZhiVupVaEBygskqvxCec/jUJg/56lLAbrOrK3dND
QAkb9CC+RNMsGyi23G8rJQdafOLW7BN4oyvbjXxi9fIM8tWVw==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 74520a27;
Fri, 30 Sep 2022 19:08:45 +0200 (CEST)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id fa4e56ec;
Fri, 30 Sep 2022 19:08:45 +0200 (CEST)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 58f8398c
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Fri, 30 Sep 2022 19:08:44 +0200 (CEST)
From: Joshua Branson <jbranso@HIDDEN>
Date: Fri, 30 Sep 2022 13:08:36 -0400
Message-Id: <20220930170836.26828-1-jbranso@HIDDEN>
X-Mailer: git-send-email 2.37.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: =?UTF-8?Q?Nicol=C3=B2?= Balzarotti <nicolo@HIDDEN> * gnu/services/ssh.scm:
Add endlessh service endlessh-configuration>): New record type. (endlessh-config->conf,
endlessh-shepherd-service, endlessh-service-type): New procedures.
Content analysis details: (1.3 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust
[78.46.223.134 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: nixo.xyz (xyz)]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)
From: Nicolò Balzarotti <nicolo@HIDDEN>
* gnu/services/ssh.scm: Add endlessh service
endlessh-configuration>): New record type.
(endlessh-config->conf, endlessh-shepherd-service, endlessh-service-type): New procedures.
* doc/guix.texi: added documnetation for the endlessh service.
---
doc/guix.texi | 60 ++++++++++++++++++++++++++++++++++++
gnu/services/ssh.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 133 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 99f8ba6c54..9a1e2801dd 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20393,6 +20393,66 @@ may cause undefined behaviour.
@end table
@end deftp
+@cindex Endlessh
+@deffn {Scheme Variable} endlessh-service-type
+This is the type for the @uref{https://github.com/skeeto/endlessh,
+Endlessh} service, which is an ssh tarbit. It delays ssh clients for
+days at a time by @emph{very slowly} sending a random and endless SSH
+banner. The smart hacker will run endlessh on port 22, and let crackers
+get stuck in this tarpit. This lets your real ssh server run more
+securely on a non-standard port.
+
+For example:
+
+@lisp
+(service endlessh-service-type
+ (endlessh-configuration
+ (port-number 22)))
+@end lisp
+
+@end deffn
+
+@deftp {Data Type} endlessh-configuration
+Data type representing the configuration for @code{endlessh-service}.
+@table @asis
+@item @code{package} (default: @var{endlessh})
+@code{endlessh} package to use.
+
+@item @code{bind-family} (default: @code{'(ipv4 ipv6)})
+This specifies if endlessh should use ipv4 and/or ipv6.
+
+@item @code{delay} (default: @code{10000})
+The endless banner is sent one line at a time. This is the delay
+in milliseconds between individual lines.
+
+@item @code{length} (default: @code{32})
+The length of each line is randomized. This controls the maximum length
+of each line. Shorter lines may keep clients on for longer if they give
+up after a certain number of bytes.
+
+@item @code{max-clients} (default: @code{4096})
+Maximum number of connections to accept at a time. Connections beyond
+this are not immediately rejected, but will wait in the queue.
+
+@item @code{port-number} (default: @code{2222})
+The port on which to listen for new SSH connections. Most users who
+want to use endlessh as intended should set this port number to
+@code{22}.
+
+@item @code{log-level} (default: @code{0})
+Set the detail level for the log.
+@table @asis
+@item 0 = Quiet
+@item 1 = Standard, useful log messages
+@item 2 = Very noisy debugging information
+@end table
+
+@item @code{syslog} (default: @code{#f})
+Print diagnostics to syslog instead of standard output
+
+@end table
+@end deftp
+
@cindex WebSSH
@deffn {Scheme Variable} webssh-service-type
This is the type for the @uref{https://webssh.huashengdun.org/, WebSSH}
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 72e7183590..2e547b63cd 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -58,6 +58,10 @@ (define-module (gnu services ssh)
autossh-configuration?
autossh-service-type
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type
+
webssh-configuration
webssh-configuration?
webssh-service-type
@@ -802,6 +806,75 @@ (define autossh-service-type
autossh-service-activation)))
(default-value (autossh-configuration))))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
+
;;;
;;; WebSSH
--
2.37.3
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 01 Sep 2023 02:38:01 +0000
Resent-Message-ID: <handler.39136.B39136.169353584112860 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Joshua Branson <jbranso@HIDDEN>
Cc: Oleg Pykhalov <go.wigust@HIDDEN>, 39136 <at> debbugs.gnu.org
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.169353584112860
(code B ref 39136); Fri, 01 Sep 2023 02:38:01 +0000
Received: (at 39136) by debbugs.gnu.org; 1 Sep 2023 02:37:21 +0000
Received: from localhost ([127.0.0.1]:59544 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qbu2C-0003LL-K2
for submit <at> debbugs.gnu.org; Thu, 31 Aug 2023 22:37:20 -0400
Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]:53741)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1qbu2A-0003L6-RY
for 39136 <at> debbugs.gnu.org; Thu, 31 Aug 2023 22:37:19 -0400
Received: by mail-qv1-xf2d.google.com with SMTP id
6a1803df08f44-64aaf3c16c2so8543316d6.3
for <39136 <at> debbugs.gnu.org>; Thu, 31 Aug 2023 19:37:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1693535824; x=1694140624; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:user-agent:message-id
:in-reply-to:date:references:subject:cc:to:from:from:to:cc:subject
:date:message-id:reply-to;
bh=u+D86msENzAWpfFA/SRLPIM/0lrkCccnXQzn4U8USiE=;
b=eOJO1XjxPmk1fZiYa0j8QAB/6RLQB254BlC3owMUye4oEHPJ/BNvV046LRthuY9grk
TMkAqNfXntGUWGS4JnBsGedDM3gycvcJedFGP9HBnnQb2FY5XYo+Bg2tv6r4UzsmP7fD
jML3xecZ7pCRmfWVIEV03yvHmpAy0BhfYVQgoyhOGgS9TbxQMjzaZPM/pLL2dIy28c0I
2GJQ6sOPaDxyNaxrIZkhZX1ERjhk/mNFVpZybtCiJiEh7XIo4v6VVWzJCvBdK2MPdI6/
i65ajs6fOKLcQ+5F8uAfDrpdvn8tfsbpihRMAdJf9Q3qIU6Ib+YE3Sfgcd13ikdGidLI
FL4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1693535824; x=1694140624;
h=content-transfer-encoding:mime-version:user-agent:message-id
:in-reply-to:date:references:subject:cc:to:from:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=u+D86msENzAWpfFA/SRLPIM/0lrkCccnXQzn4U8USiE=;
b=ZAi66wSGTrGKpDAtsg0G8RloxPEe8YTmljCtS4tXFzmcS8uvu2SlW2PQjUzbyt8lOX
enwDPJ+xemlg+ddTk6Aosimdni34HPblNttQal1GvK+qMDjD1+K4QsKv+nl99SYeXXUB
MzfZBHyd1htTOjrRwC6I5gSnFphVn59RRTwB+gUyu2mLounixxwSa3fuNZP24g18SdTL
WaiISWbsZBkfGcW2OkAzPS4CyMvLA+tvI5fMOXvc+A5RzOBVfZSkEruKRS6li3DSbXRr
pIkTgmk+kNFImixDLDroPpFIEocFuiYa0A5yDaW5Owy3taaxYlvR41RZEkvfkpmG5Uvd
Y1/w==
X-Gm-Message-State: AOJu0Yz+eVZdvp7zX1VvP3c2Q52WC5+qbZwqHoEHq1F1VuNEVnxyouSj
w//QpBw8djvQBZ8SnlndIggcv09tC90=
X-Google-Smtp-Source: AGHT+IH95MoBmAVOB5m0oFSwxy5rqYePcaPlDxWfRVH7koIP1L2Vqs0W8CHSgU072TazOzLReKWdWA==
X-Received: by 2002:a0c:e084:0:b0:649:af66:e828 with SMTP id
l4-20020a0ce084000000b00649af66e828mr1070183qvk.45.1693535824279;
Thu, 31 Aug 2023 19:37:04 -0700 (PDT)
Received: from hurd (dsl-10-128-23.b2b2c.ca. [72.10.128.23])
by smtp.gmail.com with ESMTPSA id
u12-20020a0cdd0c000000b0064f5d312babsm1096135qvk.46.2023.08.31.19.37.03
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 31 Aug 2023 19:37:03 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
References: <874kwx91k6.fsf@HIDDEN>
<87a6r39ksa.fsf@HIDDEN> <87h7l7kt9r.fsf_-_@HIDDEN>
<87zgyv2fjd.fsf_-_@HIDDEN> <878s5ymb08.fsf_-_@HIDDEN>
Date: Thu, 31 Aug 2023 22:37:02 -0400
In-Reply-To: <878s5ymb08.fsf_-_@HIDDEN> (Joshua Branson's message of "Sun,
04 Apr 2021 09:31:51 -0400")
Message-ID: <875y4u7h69.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hello,
Joshua Branson <jbranso@HIDDEN> writes:
> Oleg Pykhalov <go.wigust@HIDDEN> writes:
>
>> Hello,
>>
>> I failed to test endlessh with "services: containerized endlessh" patch
>> in a virtual machine. Unfortunately at the moment I'm not familiar with
>> =E2=80=98make-forkexec-constructor/container=E2=80=99 machinery, and hav=
e no idea about
>> that causing the issue of boot hang. Failed VM config in attachment.
>>
>>
>>
>>
>> I succeeded to test without "services: containerized endlessh". If wish
>> to fix a problem, ping me then you done. Otherwise I could push a
>> working version without containerization.
>
> Oh, I suppose that I will try to get containerization working on this
> service. I'd prefer to have it containerized, since it is running as
> root.
This was 2 years ago :-). Any update?
--=20
Thanks,
Maxim
Received: (at control) by debbugs.gnu.org; 1 Sep 2023 02:37:25 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Aug 31 22:37:25 2023 Received: from localhost ([127.0.0.1]:59547 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1qbu2G-0003Lc-UU for submit <at> debbugs.gnu.org; Thu, 31 Aug 2023 22:37:25 -0400 Received: from mail-qv1-xf30.google.com ([2607:f8b0:4864:20::f30]:47537) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1qbu2E-0003LA-89 for control <at> debbugs.gnu.org; Thu, 31 Aug 2023 22:37:22 -0400 Received: by mail-qv1-xf30.google.com with SMTP id 6a1803df08f44-64f383be0d4so8556106d6.3 for <control <at> debbugs.gnu.org>; Thu, 31 Aug 2023 19:37:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1693535827; x=1694140627; darn=debbugs.gnu.org; h=subject:from:to:message-id:date:from:to:cc:subject:date:message-id :reply-to; bh=oLWFqIfI6Kv536G4Fj7IeCNtjloyLum9nkZNNXt6JOg=; b=A7ULkldYVoR6bcIBsyz+nhSOFVvG/4Y/1636yjWk4L0eF4gj494uGxJ0f5irYANro5 8cuYuO756QONT5EwEdinz7XB5zmECCZ06W+seM0zsgWUVX6bburPPeMpG+MPE35B9Ugu pfq77kRnaQTQWb7EichjRIU4wI/2ZrzXoPmLaYILbDeGeY4/eGzj5LM5hfV8NMFrVNnx gl9ePsT9NRipvIZeWcwp+KSA9lz3Z10DG1GEP2RfeIzreJbGZYHcEFUWXG40rPeeXc3C 7rdawTOJsuSQimj8TpAflSze7GiRmy526++r6jYmoE3680ACiamFCuxXUYCN8Wcc6UUV zXUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693535827; x=1694140627; h=subject:from:to:message-id:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oLWFqIfI6Kv536G4Fj7IeCNtjloyLum9nkZNNXt6JOg=; b=S4htOkqaJsm+gWR/wH1N2b8N9Sfa7FdDrhxtp4M5bd6xf8H3l6ALLWdbOm3r3RboRQ MwCIr7r9pmmr87FM4y+bUYO9DkZDj+66TAomiP9M4u3dHBGjtL+rwCoXvDnxiXMn8D3C YvhT0mm252Ff7xCjlSaaqBOIeytB2i8nwl/62apxs0aiVl/+456dAW9r7H/I0FgFJSSi DNeWQF2VUGIPy2Ex5epSeI5x9Cuy65PAz4rMXjuSaFaNI1+t//E/yr/lyyQT+F3QYI9b UKIYMjvyAdZTgZSg1D5f8f3biMqLYJfqxaLdd5rwd9ymacstTzFiwEL+3e7T/UCRl9jR YQCA== X-Gm-Message-State: AOJu0Yxyvnqy8Bw730Dwm2TlcUYwh2U2QcNXsHIsU3NbMvCOAUK6W3X0 NfOMQB5s/QQS+0rs8DmSiOHIF1uOPPQ= X-Google-Smtp-Source: AGHT+IF3T9dmALE7HVHbBWNmo2Th7NufL6VkSi6uIk449F7821D34MmbYWchN+FzWyHWbV8U3CGk7g== X-Received: by 2002:a0c:f290:0:b0:649:1f7b:5bd6 with SMTP id k16-20020a0cf290000000b006491f7b5bd6mr965079qvl.54.1693535827518; Thu, 31 Aug 2023 19:37:07 -0700 (PDT) Received: from hurd (dsl-10-128-23.b2b2c.ca. [72.10.128.23]) by smtp.gmail.com with ESMTPSA id i8-20020a0cf108000000b0064910f273aesm1069560qvl.146.2023.08.31.19.37.06 for <control <at> debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Aug 2023 19:37:07 -0700 (PDT) Date: Thu, 31 Aug 2023 22:37:06 -0400 Message-Id: <874jke7h65.fsf@HIDDEN> To: control <at> debbugs.gnu.org From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> Subject: control message for bug #39136 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) tags 39136 + moreinfo quit
X-Loop: help-debbugs@HIDDEN
Subject: [bug#39136] [PATCH] gnu: services: Add endlessh.
Resent-From: jbranso@HIDDEN
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 01 Sep 2023 18:43:01 +0000
Resent-Message-ID: <handler.39136.B39136.169359375110510 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39136
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: moreinfo patch
To: "Maxim Cournoyer" <maxim.cournoyer@HIDDEN>
Cc: Oleg Pykhalov <go.wigust@HIDDEN>, 39136 <at> debbugs.gnu.org
Received: via spool by 39136-submit <at> debbugs.gnu.org id=B39136.169359375110510
(code B ref 39136); Fri, 01 Sep 2023 18:43:01 +0000
Received: (at 39136) by debbugs.gnu.org; 1 Sep 2023 18:42:31 +0000
Received: from localhost ([127.0.0.1]:33864 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qc96E-0002jS-Ky
for submit <at> debbugs.gnu.org; Fri, 01 Sep 2023 14:42:30 -0400
Received: from mx1.dismail.de ([78.46.223.134]:17188)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1qc96B-0002jC-Re
for 39136 <at> debbugs.gnu.org; Fri, 01 Sep 2023 14:42:29 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id f80fdf19;
Fri, 1 Sep 2023 20:42:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=
mime-version:date:content-type:content-transfer-encoding:from
:message-id:subject:to:cc:in-reply-to:references; s=20190914;
bh=h8xhtIFYPFS0cSElRFpwcxooaRLnc2j540NozqXI5vA=; b=E8zzAJS0Myh9
RXFMEfvhyCEAUO+3WNtUTqGSd48pZ6JFLkILOD6hPybhZ18ewISnr3W496tHr1DI
CkOltbS0ltd3wabfRPdjU3rfILDqDP2FMlxk7RMmJRcpfgLA+hCU6SLzj+3MnBF3
IeiCp7/hsbVUHO03sP4/CdbLvbXaWUiD2+x9sbriEV09x/HuXXm4kJ8bdWI3CR7O
7vIwwQA8t/4VJb7PxfR5YupuHGM5zM1JecegmI/KJXmSsSS0y5dCuMdW9+RooENU
LdiEsDDaQKBF/Dkf0zNEuj7IkGiw/K4/mvCngVPmpucjsWv74BgAKCLPSQdzuCFR
p0mlL5xdug==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 44a12299;
Fri, 1 Sep 2023 20:42:10 +0200 (CEST)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
by smtp1.dismail.de (OpenSMTPD) with ESMTP id 15de4efe;
Fri, 1 Sep 2023 20:42:10 +0200 (CEST)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id eb95af2f
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Fri, 1 Sep 2023 20:42:10 +0200 (CEST)
MIME-Version: 1.0
Date: Fri, 01 Sep 2023 18:42:09 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: RainLoop/1.17.0
From: jbranso@HIDDEN
Message-ID: <8e02c5bdc649f9d24708090e1217125e@HIDDEN>
In-Reply-To: <875y4u7h69.fsf_-_@HIDDEN>
References: <875y4u7h69.fsf_-_@HIDDEN>
<874kwx91k6.fsf@HIDDEN>
<87a6r39ksa.fsf@HIDDEN> <87h7l7kt9r.fsf_-_@HIDDEN>
<87zgyv2fjd.fsf_-_@HIDDEN> <878s5ymb08.fsf_-_@HIDDEN>
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
August 31, 2023 10:37 PM, "Maxim Cournoyer" <maxim.cournoyer@HIDDEN> w=
rote:
> Hello,
>=20
>=20Joshua Branson <jbranso@HIDDEN> writes:
>=20
>>=20Oleg Pykhalov <go.wigust@HIDDEN> writes:
>>=20
>>>=20Hello,
>>>=20
>>>=20I failed to test endlessh with "services: containerized endlessh" p=
atch
>>> in a virtual machine. Unfortunately at the moment I'm not familiar wi=
th
>>> =E2=80=98make-forkexec-constructor/container=E2=80=99 machinery, and =
have no idea about
>>> that causing the issue of boot hang. Failed VM config in attachment.
>>>=20
>>>=20I succeeded to test without "services: containerized endlessh". If =
wish
>>> to fix a problem, ping me then you done. Otherwise I could push a
>>> working version without containerization.
>>=20
>>=20Oh, I suppose that I will try to get containerization working on thi=
s
>> service. I'd prefer to have it containerized, since it is running as
>> root.
>=20
>=20This was 2 years ago :-). Any update?
If you are ok with a non-containerized endlessh, then I can submit a patc=
h=20
adding=20that. Endlessh works on guix system, but I was not able to get
the containerized version working.
>=20
>=20--
> Thanks,
> Maxim
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.