| 16 Oct 2023 |
 l0b0 | * The ugliness comes from several issues:
- The
ssh-audit exit code is the only unambiguous indication of success. ssh-audit always prints to stdout, even in case of success, and doesn't print errors to stderr.
ssh-audit has to run asynchronously because a client needs to talk to it to produce the report.- I can't use
wait_for_open_port because that triggers ssh-audit to exit - it's not meant to be a permanent service, after all.
- In case of error I have to look at the output to see which changes it recommends to my configuration, so I have to redirect
ssh-audit stdout to /dev/console.
| 05:39:10 |
| l0b0 | * The ugliness comes from several issues:
- The
ssh-audit exit code is the only unambiguous indication of success. ssh-audit always prints to stdout, even in case of success, and doesn't print errors to stderr.
ssh-audit has to run asynchronously because a client needs to talk to it to produce the report.- I can't use
wait_for_open_port because that triggers ssh-audit to exit - it's not meant to be a permanent service, after all. ssh-audit doesn't print anything to indicate it's ready to receive connections, so I also can't check for specific output to verify that it's ready.
- In case of error I have to look at the output to see which changes it recommends to my configuration, so I have to redirect
ssh-audit stdout to /dev/console.
| 05:41:00 |
 Artturin | l0b0:
$ bash -c "exit 3"
$ echo $?
3
$ systemd-run --user bash -c "exit 3"
Running as unit: run-r87bbe16cbe554be0965fc147cc7ecc81.service
$ systemctl show --user run-r87bbe16cbe554be0965fc147cc7ecc81.service --property="ExecMainStatus"
ExecMainStatus=3
| 05:48:08 |
| l0b0 | In reply to @artturin:matrix.org
l0b0:
$ bash -c "exit 3"
$ echo $?
3
$ systemd-run --user bash -c "exit 3"
Running as unit: run-r87bbe16cbe554be0965fc147cc7ecc81.service
$ systemctl show --user run-r87bbe16cbe554be0965fc147cc7ecc81.service --property="ExecMainStatus"
ExecMainStatus=3
Oh, nifty! Can I control the unit name, or do I have to parse stdout to get it? | 05:48:56 |
| l0b0 | In reply to @artturin:matrix.org
l0b0:
$ bash -c "exit 3"
$ echo $?
3
$ systemd-run --user bash -c "exit 3"
Running as unit: run-r87bbe16cbe554be0965fc147cc7ecc81.service
$ systemctl show --user run-r87bbe16cbe554be0965fc147cc7ecc81.service --property="ExecMainStatus"
ExecMainStatus=3
* Oh, nifty! ~Can I control the unit name, or do I have to parse stdout to get it?~ I'll just check… | 05:49:10 |
| Artturin | you can with -u | 05:49:18 |
| Artturin | according to help | 05:49:28 |
| Artturin | Maybe you can wait with https://github.com/NixOS/nixpkgs/blob/master/nixos/lib/test-driver/test_driver/machine.py#L506 | 05:49:51 |
| Artturin | require_unit_state | 05:49:54 |
| Artturin | Waiting for a failed | 05:50:22 |
| Artturin | Seems you don't even have to use the systemd-run command but can do it in python https://github.com/NixOS/nixpkgs/blob/4ef910059530798af9f36376f812488edf39d751/nixos/lib/test-driver/test_driver/machine.py#L461 | 05:52:33 |
| Artturin | info = self.get_unit_info(unit, user)
if info["ExecMainStatus"] == "123":
| 05:53:14 |
| Artturin | * check the check_active in wait_for_unit
info = self.get_unit_info(unit, user)
if info["ExecMainStatus"] == "123":
| 05:53:43 |
| l0b0 | I'm running into something odd while trying this:
server: must succeed: systemd-run --unit=ssh-audit.service --user /nix/store/cqsj9477bs0r92cnvdbnhxhgp3csmzkl-ssh-audit-2.9.0/bin/ssh-audit --client-audit --port=2222
server # Failed to connect to bus: No medium found
| 06:01:38 |
| Artturin | The environment is almost completely cleared | 06:04:27 |
| Artturin | In reply to @vengmark2:matrix.org
I'm running into something odd while trying this:
server: must succeed: systemd-run --unit=ssh-audit.service --user /nix/store/cqsj9477bs0r92cnvdbnhxhgp3csmzkl-ssh-audit-2.9.0/bin/ssh-audit --client-audit --port=2222
server # Failed to connect to bus: No medium found
Oh that's coming from systemd https://github.com/search?q=%2FFailed+to+connect+to+bus%3A+No+medium%2F&type=code | 06:06:52 |
| Artturin | Try no --user | 06:07:22 |
| Artturin | Not a good error :/ | 06:08:18 |
| l0b0 | I really wish there was a wait_for_unit_state… | 06:10:03 |
