Merge pull request #3425 from mkg20001/pr

Add user@address:port support

Author: Ericson2314

doc/manual/rl-next/port-in-store-uris.md

@@ -0,0 +1,13 @@
+---
+synopsis: "Add support for user@address:port syntax in store URIs"
+prs: [3425]
+issues: [7044]
+---
+
+It's now possible to specify the port used for the SSH stores directly in the store URL in accordance with [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986). Previously the only way to specify custom ports was via `ssh_config` or `NIX_SSHOPTS` environment variable, because Nix incorrectly passed the port number together with the host name to the SSH executable. This has now been fixed.
+
+This change affects [store references](@docroot@/store/types/index.md#store-url-format) passed via the `--store` and similar flags in CLI as well as in the configuration for [remote builders](@docroot@/command-ref/conf-file.md#conf-builders). For example, the following store URIs now work:
+
+- `ssh://127.0.0.1:2222`
+- `ssh://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
+- `ssh-ng://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`

src/libfetchers/git-lfs-fetch.cc

@@ -44,16 +44,19 @@ static void downloadToSink(
 
 static std::string getLfsApiToken(const ParsedURL & url)
 {
+    assert(url.authority.has_value());
+
+    // FIXME: Not entirely correct.
     auto [status, output] = runProgram(
         RunOptions{
             .program = "ssh",
-            .args = {*url.authority, "git-lfs-authenticate", url.path, "download"},
+            .args = {url.authority->to_string(), "git-lfs-authenticate", url.path, "download"},
         });
 
     if (output.empty())
         throw Error(
             "git-lfs-authenticate: no output (cmd: ssh %s git-lfs-authenticate %s download)",
-            url.authority.value_or(""),
+            url.authority.value_or(ParsedURL::Authority{}).to_string(),
             url.path);
 
     auto queryResp = nlohmann::json::parse(output);

src/libfetchers/path.cc

@@ -15,7 +15,7 @@ struct PathInputScheme : InputScheme
         if (url.scheme != "path")
             return {};
 
-        if (url.authority && *url.authority != "")
+        if (url.authority && url.authority->host.size())
             throw Error("path URL '%s' should not have an authority ('%s')", url, *url.authority);
 
         Input input{settings};

src/libflake/flakeref.cc

@@ -142,7 +142,7 @@ std::pair<FlakeRef, std::string> parsePathFlakeRefWithFragment(
                 if (pathExists(flakeRoot + "/.git")) {
                     auto parsedURL = ParsedURL{
                         .scheme = "git+file",
-                        .authority = "",
+                        .authority = ParsedURL::Authority{},
                         .path = flakeRoot,
                         .query = query,
                         .fragment = fragment,
@@ -172,7 +172,7 @@ std::pair<FlakeRef, std::string> parsePathFlakeRefWithFragment(
 
     return fromParsedURL(
         fetchSettings,
-        {.scheme = "path", .authority = "", .path = path, .query = query, .fragment = fragment},
+        {.scheme = "path", .authority = ParsedURL::Authority{}, .path = path, .query = query, .fragment = fragment},
         isFlake);
 }
 
@@ -192,7 +192,7 @@ parseFlakeIdRef(const fetchers::Settings & fetchSettings, const std::string & ur
     if (std::regex_match(url, match, flakeRegex)) {
         auto parsedURL = ParsedURL{
             .scheme = "flake",
-            .authority = "",
+            .authority = ParsedURL::Authority{},
             .path = match[1],
         };
 

src/libstore-tests/machines.cc

@@ -39,6 +39,14 @@ TEST(machines, getMachinesUriOnly)
     EXPECT_THAT(actual[0], Field(&Machine::sshPublicHostKey, SizeIs(0)));
 }
 
+TEST(machines, getMachinesUriWithPort)
+{
+    auto actual = Machine::parseConfig({"TEST_ARCH-TEST_OS"}, "nix@scratchy.labs.cs.uu.nl:2222");
+    ASSERT_THAT(actual, SizeIs(1));
+    EXPECT_THAT(
+        actual[0], Field(&Machine::storeUri, Eq(StoreReference::parse("ssh://nix@scratchy.labs.cs.uu.nl:2222"))));
+}
+
 TEST(machines, getMachinesDefaults)
 {
     auto actual = Machine::parseConfig({"TEST_ARCH-TEST_OS"}, "nix@scratchy.labs.cs.uu.nl - - - - - - -");

src/libstore/common-ssh-store-config.cc

@@ -5,33 +5,22 @@
 
 namespace nix {
 
-static std::string extractConnStr(std::string_view scheme, std::string_view _connStr)
+CommonSSHStoreConfig::CommonSSHStoreConfig(std::string_view scheme, std::string_view authority, const Params & params)
+    : CommonSSHStoreConfig(scheme, ParsedURL::Authority::parse(authority), params)
 {
-    if (_connStr.empty())
-        throw UsageError("`%s` store requires a valid SSH host as the authority part in Store URI", scheme);
-
-    std::string connStr{_connStr};
-
-    std::smatch result;
-    static std::regex v6AddrRegex("^((.*)@)?\\[(.*)\\]$");
-
-    if (std::regex_match(connStr, result, v6AddrRegex)) {
-        connStr = result[1].matched ? result.str(1) + result.str(3) : result.str(3);
-    }
-
-    return connStr;
 }
 
-CommonSSHStoreConfig::CommonSSHStoreConfig(std::string_view scheme, std::string_view host, const Params & params)
+CommonSSHStoreConfig::CommonSSHStoreConfig(
+    std::string_view scheme, const ParsedURL::Authority & authority, const Params & params)
     : StoreConfig(params)
-    , host(extractConnStr(scheme, host))
+    , authority(authority)
 {
 }
 
 SSHMaster CommonSSHStoreConfig::createSSHMaster(bool useMaster, Descriptor logFD) const
 {
     return {
-        host,
+        authority,
         sshKey.get(),
         sshPublicHostKey.get(),
         useMaster,

src/libstore/include/nix/store/common-ssh-store-config.hh

@@ -2,6 +2,7 @@
 ///@file
 
 #include "nix/store/store-api.hh"
+#include "nix/util/url.hh"
 
 namespace nix {
 
@@ -11,7 +12,8 @@ struct CommonSSHStoreConfig : virtual StoreConfig
 {
     using StoreConfig::StoreConfig;
 
-    CommonSSHStoreConfig(std::string_view scheme, std::string_view host, const Params & params);
+    CommonSSHStoreConfig(std::string_view scheme, const ParsedURL::Authority & authority, const Params & params);
+    CommonSSHStoreConfig(std::string_view scheme, std::string_view authority, const Params & params);
 
     const Setting<Path> sshKey{
         this, "", "ssh-key", "Path to the SSH private key used to authenticate to the remote machine."};
@@ -32,23 +34,9 @@ struct CommonSSHStoreConfig : virtual StoreConfig
         )"};
 
     /**
-     * The `parseURL` function supports both IPv6 URIs as defined in
-     * RFC2732, but also pure addresses. The latter one is needed here to
-     * connect to a remote store via SSH (it's possible to do e.g. `ssh root@::1`).
-     *
-     * When initialized, the following adjustments are made:
-     *
-     * - If the URL looks like `root@[::1]` (which is allowed by the URL parser and probably
-     *   needed to pass further flags), it
-     *   will be transformed into `root@::1` for SSH (same for `[::1]` -> `::1`).
-     *
-     * - If the URL looks like `root@::1` it will be left as-is.
-     *
-     * - In any other case, the string will be left as-is.
-     *
-     * Will throw an error if `connStr` is empty too.
+     * Authority representing the SSH host to connect to.
      */
-    std::string host;
+    ParsedURL::Authority authority;
 
     /**
      * Small wrapper around `SSHMaster::SSHMaster` that gets most

src/libstore/include/nix/store/globals.hh

@@ -291,7 +291,7 @@ public:
           Only the first element is required.
           To leave a field at its default, set it to `-`.
 
-          1. The URI of the remote store in the format `ssh://[username@]hostname`.
+          1. The URI of the remote store in the format `ssh://[username@]hostname[:port]`.
 
              > **Example**
              >

src/libstore/include/nix/store/ssh.hh

@@ -2,6 +2,7 @@
 ///@file
 
 #include "nix/util/sync.hh"
+#include "nix/util/url.hh"
 #include "nix/util/processes.hh"
 #include "nix/util/file-system.hh"
 
@@ -11,7 +12,8 @@ class SSHMaster
 {
 private:
 
-    const std::string host;
+    ParsedURL::Authority authority;
+    std::string hostnameAndUser;
     bool fakeSSH;
     const std::string keyFile;
     /**
@@ -43,7 +45,7 @@ private:
 public:
 
     SSHMaster(
-        std::string_view host,
+        const ParsedURL::Authority & authority,
         std::string_view keyFile,
         std::string_view sshPublicHostKey,
         bool useMaster,

src/libstore/legacy-ssh-store.cc

@@ -18,7 +18,7 @@ namespace nix {
 
 LegacySSHStoreConfig::LegacySSHStoreConfig(std::string_view scheme, std::string_view authority, const Params & params)
     : StoreConfig(params)
-    , CommonSSHStoreConfig(scheme, authority, params)
+    , CommonSSHStoreConfig(scheme, ParsedURL::Authority::parse(authority), params)
 {
 }
 
@@ -71,25 +71,26 @@ ref<LegacySSHStore::Connection> LegacySSHStore::openConnection()
     TeeSource tee(conn->from, saved);
     try {
         conn->remoteVersion =
-            ServeProto::BasicClientConnection::handshake(conn->to, tee, SERVE_PROTOCOL_VERSION, config->host);
+            ServeProto::BasicClientConnection::handshake(conn->to, tee, SERVE_PROTOCOL_VERSION, config->authority.host);
     } catch (SerialisationError & e) {
         // in.close(): Don't let the remote block on us not writing.
         conn->sshConn->in.close();
         {
             NullSink nullSink;
             tee.drainInto(nullSink);
         }
-        throw Error("'nix-store --serve' protocol mismatch from '%s', got '%s'", config->host, chomp(saved.s));
+        throw Error(
+            "'nix-store --serve' protocol mismatch from '%s', got '%s'", config->authority.host, chomp(saved.s));
     } catch (EndOfFile & e) {
-        throw Error("cannot connect to '%1%'", config->host);
+        throw Error("cannot connect to '%1%'", config->authority.host);
     }
 
     return conn;
 };
 
 std::string LegacySSHStore::getUri()
 {
-    return *Config::uriSchemes().begin() + "://" + config->host;
+    return *Config::uriSchemes().begin() + "://" + config->authority.to_string();
 }
 
 std::map<StorePath, UnkeyedValidPathInfo> LegacySSHStore::queryPathInfosUncached(const StorePathSet & paths)
@@ -99,7 +100,10 @@ std::map<StorePath, UnkeyedValidPathInfo> LegacySSHStore::queryPathInfosUncached
     /* No longer support missing NAR hash */
     assert(GET_PROTOCOL_MINOR(conn->remoteVersion) >= 4);
 
-    debug("querying remote host '%s' for info on '%s'", config->host, concatStringsSep(", ", printStorePathSet(paths)));
+    debug(
+        "querying remote host '%s' for info on '%s'",
+        config->authority.host,
+        concatStringsSep(", ", printStorePathSet(paths)));
 
     auto infos = conn->queryPathInfos(*this, paths);
 
@@ -136,7 +140,7 @@ void LegacySSHStore::queryPathInfoUncached(
 
 void LegacySSHStore::addToStore(const ValidPathInfo & info, Source & source, RepairFlag repair, CheckSigsFlag checkSigs)
 {
-    debug("adding path '%s' to remote host '%s'", printStorePath(info.path), config->host);
+    debug("adding path '%s' to remote host '%s'", printStorePath(info.path), config->authority.host);
 
     auto conn(connections->get());
 
@@ -157,7 +161,8 @@ void LegacySSHStore::addToStore(const ValidPathInfo & info, Source & source, Rep
         conn->to.flush();
 
         if (readInt(conn->from) != 1)
-            throw Error("failed to add path '%s' to remote host '%s'", printStorePath(info.path), config->host);
+            throw Error(
+                "failed to add path '%s' to remote host '%s'", printStorePath(info.path), config->authority.host);
 
     } else {