services: openssh: Listen on both IPv4 and IPv6.

Fixes <https://issues.guix.gnu.org/55335>.
Reported by Christopher Baines <mail@cbaines.net>.

* gnu/services/ssh.scm (openssh-shepherd-service)[inetd-style?]: New variable.
<start>: Use it.  When using 'make-inetd-constructor', pass a list of
endpoints as is possible with the Shepherd 0.9.1.
<stop>: Adjust accordingly.
* gnu/tests/ssh.scm (run-ssh-test)["wait for port 22"]: Rename to...
["wait for port 22, IPv4"]: ... this.
["wait for port 22, IPv6"]: New test.
This commit is contained in:
Ludovic Courtès 2022-05-22 20:12:27 +02:00
parent 52aceda4fd
commit d2b3400f79
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 28 additions and 5 deletions

View file

@ -528,19 +528,32 @@ (define openssh-command
#~(list (string-append #$(openssh-configuration-openssh config) "/sbin/sshd")
"-D" "-f" #$(openssh-config-file config)))
(define inetd-style?
;; Whether to use 'make-inetd-constructor'. That procedure appeared in
;; Shepherd 0.9.0, but in 0.9.0, 'make-inetd-constructor' wouldn't let us
;; pass a list of endpoints, and it wouldn't let us define a service
;; listening on both IPv4 and IPv6, hence the conditional below.
#~(and (defined? 'make-inetd-constructor)
(not (string=? (@ (shepherd config) Version) "0.9.0"))))
(list (shepherd-service
(documentation "OpenSSH server.")
(requirement '(syslogd loopback))
(provision '(ssh-daemon ssh sshd))
(start #~(if (defined? 'make-inetd-constructor)
(start #~(if #$inetd-style?
(make-inetd-constructor
(append #$openssh-command '("-i"))
(make-socket-address AF_INET INADDR_ANY
#$port-number)
(list (endpoint
(make-socket-address AF_INET INADDR_ANY
#$port-number))
(endpoint
(make-socket-address AF_INET6 IN6ADDR_ANY
#$port-number)))
#:max-connections #$max-connections)
(make-forkexec-constructor #$openssh-command
#:pid-file #$pid-file)))
(stop #~(if (defined? 'make-inetd-destructor)
(stop #~(if #$inetd-style?
(make-inetd-destructor)
(make-kill-destructor)))
(auto-start? (openssh-auto-start? config)))))

View file

@ -136,9 +136,19 @@ (define (call-with-connected-session/auth proc)
(= pid (wait-for-file #$pid-file marionette))
pid)))
(test-assert "wait for port 22"
(test-assert "wait for port 22, IPv4"
(wait-for-tcp-port 22 marionette))
(test-assert "wait for port 22, IPv6"
;; Make sure it's also available as IPv6.
;; See <https://issues.guix.gnu.org/55335>.
(wait-for-tcp-port 22 marionette
#:address
`(make-socket-address
AF_INET6
(inet-pton AF_INET6 "::1")
22)))
;; Connect to the guest over SSH. Make sure we can run a shell
;; command there.
(test-equal "shell command"