GNU bug report logs - #66667
[PATCH] Socket forwarding in emacsclient --tramp-prefix example

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 66667 in the body.
You can then email your comments to 66667 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Peter Oliver <p.d.oliver <at> mavit.org.uk>
To: bug-gnu-emacs <at> gnu.org
Cc: Peter Oliver <git <at> mavit.org.uk>
Subject: [PATCH] Socket forwarding in emacsclient --tramp-prefix example
Date: Sat, 21 Oct 2023 16:01:27 +0100

Previously, the emacsclient --tramp-prefix documentation suggested
using it in conjunction with a forwarded TCP port.  However, OpenSSH
has supported forwarding sockets since version 6.7 (released 2014), so
let’s suggest that instead.  Sockets require less manual configuration
than ports, are less likely to clash, and are more secure, so will be
a better choice for the majority of people looking to set up this
facility for the first time.

* doc/emacs/misc.texi (emacsclient Options): Suggest forwarding sockets.
---
 doc/emacs/misc.texi | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
index a05b7f6c6ea..93771832ff5 100644
--- a/doc/emacs/misc.texi
+++ b/doc/emacs/misc.texi
@@ -2158,8 +2158,9 @@ emacsclient Options
 Set the prefix to add to filenames for Emacs to locate files on remote
 machines (@pxref{Remote Files}) using TRAMP (@pxref{Top, The Tramp
 Manual,, tramp, The Tramp Manual}).  This is mostly useful in
-combination with using the Emacs server over TCP (@pxref{TCP Emacs
-server}).  By ssh-forwarding the listening port and making the
+combination with using the Emacs server from a remote host.  By
+ssh-forwarding the listening socket, or ssh-forwarding the listening
+port @pxref{TCP Emacs server} and making the
 @var{server-file} available on a remote machine, programs on the
 remote machine can use @command{emacsclient} as the value for the
 @env{EDITOR} and similar environment variables, but instead of talking
@@ -2171,16 +2172,13 @@ emacsclient Options
 effect as using the @samp{-T} option.  If both are specified, the
 command-line option takes precedence.
 
-For example, assume two hosts, @samp{local} and @samp{remote}, and
-that the local Emacs listens on tcp port 12345.  Assume further that
-@file{/home} is on a shared file system, so that the server file
-@file{~/.emacs.d/server/server} is readable on both hosts.
+For example, assume two hosts, @samp{local} and @samp{remote}.
 
 @example
-local$ ssh -R12345:localhost:12345 remote
-remote$ export EDITOR="emacsclient \
-        --server-file=server \
-        --tramp=/ssh:remote:"
+local$ ssh -R "/tmp/emacs-%r.socket":"$@{XDG_RUNTIME_DIR:-$@{TMPDIR:-/tmp@}/emacs%i@}$@{XDG_RUNTIME_DIR:+/emacs@}/server" remote
+remote$ export EMACS_SOCKET_NAME=/tmp/emacs-$USER.socket
+remote$ export EMACSCLIENT_TRAMP=/ssh:remote:
+remote$ export EDITOR=emacsclient
 remote$ $EDITOR /tmp/foo.txt #Should open in local emacs.
 @end example
 
-- 
2.41.0

Message #8 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Peter Oliver <p.d.oliver <at> mavit.org.uk>
Cc: 66667 <at> debbugs.gnu.org, Peter Oliver <git <at> mavit.org.uk>
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient
 --tramp-prefix example
Date: Sat, 21 Oct 2023 18:57:59 +0200

Peter Oliver <p.d.oliver <at> mavit.org.uk> writes:

Hi Peter,

> Previously, the emacsclient --tramp-prefix documentation suggested
> using it in conjunction with a forwarded TCP port.  However, OpenSSH
> has supported forwarding sockets since version 6.7 (released 2014), so
> let’s suggest that instead.  Sockets require less manual configuration
> than ports, are less likely to clash, and are more secure, so will be
> a better choice for the majority of people looking to set up this
> facility for the first time.

Thanks for this. However, I don't believe we shall document this instead
of server ports. Better would be to document both variants. The reason
is, that sockets don't exists on every platform, see the "#ifdef
SOCKETS_IN_FILE_SYSTEM" directive in emacsclient.c.

Furthermore, people might run older sshd servers on remote systems,
which don't support socket forwarding. It must be also at least OpenSSH
6.7, like the client on the local side. Think about routers, NAS
systems, and alike, which aren't upgraded over years. As Tramp
maintainer I know what I'm speaking about.

The %TOKEN percent expansion (your %r and %i tokens) exists since
OpenSSH 8.2 only.

Best regards, Michael.

Message #11 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Peter Oliver <p.d.oliver <at> mavit.org.uk>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: 66667 <at> debbugs.gnu.org
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient --tramp-prefix
 example
Date: Sat, 21 Oct 2023 20:28:17 +0100 (BST)

[Message part 1 (text/plain, inline)]

On Sat, 21 Oct 2023, Michael Albinus wrote:

> Think about routers, NAS systems, and alike, which aren't upgraded over
> years.

You’re right about these kinds of systems, of course, but the old example already left a lot as an exercise for the reader: it assumes that you’d suitably configured server-port and server-use-tcp, then somehow made ~/.emacs.d/server/server accessible to the client.  Deciding on a suitable ssh -R argument for TCP forwarding doesn’t seem like the hardest part.

So, I’m not certain that one and a half examples is better than one complete example, but, anyway, here’s an updated patch.

-- 
Peter Oliver

[0001-Socket-forwarding-in-emacsclient-tramp-prefix-exampl.patch (text/plain, attachment)]

Message #14 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Björn Bidar <bjorn.bidar <at> thaodan.de>
To: Peter Oliver <p.d.oliver <at> mavit.org.uk>
Cc: 66667 <at> debbugs.gnu.org, Peter Oliver <git <at> mavit.org.uk>
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient
 --tramp-prefix example
Date: Sun, 22 Oct 2023 04:05:57 +0300

Peter Oliver <p.d.oliver <at> mavit.org.uk> writes:

> Previously, the emacsclient --tramp-prefix documentation suggested
> using it in conjunction with a forwarded TCP port.  However, OpenSSH
> has supported forwarding sockets since version 6.7 (released 2014), so
> let’s suggest that instead.  Sockets require less manual configuration
> than ports, are less likely to clash, and are more secure, so will be
> a better choice for the majority of people looking to set up this
> facility for the first time.
>
> * doc/emacs/misc.texi (emacsclient Options): Suggest forwarding sockets.
> ---
>  doc/emacs/misc.texi | 18 ++++++++----------
>  1 file changed, 8 insertions(+), 10 deletions(-)
>
> diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
> index a05b7f6c6ea..93771832ff5 100644
> --- a/doc/emacs/misc.texi
> +++ b/doc/emacs/misc.texi
> @@ -2158,8 +2158,9 @@ emacsclient Options
>  Set the prefix to add to filenames for Emacs to locate files on remote
>  machines (@pxref{Remote Files}) using TRAMP (@pxref{Top, The Tramp
>  Manual,, tramp, The Tramp Manual}).  This is mostly useful in
> -combination with using the Emacs server over TCP (@pxref{TCP Emacs
> -server}).  By ssh-forwarding the listening port and making the
> +combination with using the Emacs server from a remote host.  By
> +ssh-forwarding the listening socket, or ssh-forwarding the listening
> +port @pxref{TCP Emacs server} and making the
>  @var{server-file} available on a remote machine, programs on the
>  remote machine can use @command{emacsclient} as the value for the
>  @env{EDITOR} and similar environment variables, but instead of talking
> @@ -2171,16 +2172,13 @@ emacsclient Options
>  effect as using the @samp{-T} option.  If both are specified, the
>  command-line option takes precedence.
>  
> -For example, assume two hosts, @samp{local} and @samp{remote}, and
> -that the local Emacs listens on tcp port 12345.  Assume further that
> -@file{/home} is on a shared file system, so that the server file
> -@file{~/.emacs.d/server/server} is readable on both hosts.
> +For example, assume two hosts, @samp{local} and @samp{remote}.
>  
>  @example
> -local$ ssh -R12345:localhost:12345 remote
> -remote$ export EDITOR="emacsclient \
> -        --server-file=server \
> -        --tramp=/ssh:remote:"
> +local$ ssh -R "/tmp/emacs-%r.socket":"$@{XDG_RUNTIME_DIR:-$@{TMPDIR:-/tmp@}/emacs%i@}$@{XDG_RUNTIME_DIR:+/emacs@}/server" remote
> +remote$ export EMACS_SOCKET_NAME=/tmp/emacs-$USER.socket
If the host has run /run/user it would make sense to setup the Emacs
socket inside this directory.
If the socket fie is in /tmp every other user can read it, using /run/user is
more secure.
On older systems this might be /var/run/user I think.

> +remote$ export EMACSCLIENT_TRAMP=/ssh:remote:
> +remote$ export EDITOR=emacsclient
>  remote$ $EDITOR /tmp/foo.txt #Should open in local emacs.
>  @end example

Message #17 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Peter Oliver <p.d.oliver <at> mavit.org.uk>
Cc: 66667 <at> debbugs.gnu.org
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient
 --tramp-prefix example
Date: Sun, 22 Oct 2023 09:43:20 +0200

Peter Oliver <p.d.oliver <at> mavit.org.uk> writes:

Hi Peter,

> So, I’m not certain that one and a half examples is better than one complete example, but, anyway, here’s an updated patch.

Thanks. LGTM, just two nits:

> +If you are using a platform that does not have Unix domain sockets
> +(i.e., MS-Windows), or SSH implementations that are not able to

I'm not sure whether MS-Windows supports UNIX domain sockets or not. Eli
might know this.

> +forward them (e.g., OpenSSH before version 6.7), you can forward a TCP
> +port instead.  In this example, assume that the local Emacs listens on
> +tcp port 12345.  Assume further that
>  @file{/home} is on a shared file system, so that the server file
>  @file{~/.emacs.d/server/server} is readable on both hosts.
>
>  @example
>  local$ ssh -R12345:localhost:12345 remote
> -remote$ export EDITOR="emacsclient \
> -        --server-file=server \
> -        --tramp=/ssh:remote:"
> +remote$ export EMACSCLIENT_TRAMP=/ssh:remote:
> +remote$ export EDITOR=emacsclient

Here we need also

remote$ export EMACS_SERVER_FILE=server

Otherwise, the "Implicit local socket" rule comes to play, see
set_socket in emacsclient.c.

Otherwise, it is fine. Eli, can we still install it in the emacs-29 branch?

And another question. You have already contributed to Emacs. That
contribution, and your proposed changes here and in bug#66598 bring you
close to the limit of changes (~15 lines), which are accepted without
formal paperwork. In order to make further contributions from you
possible: would you like to assign the copyright of your future
contributions to the Free Software Foundation?

> Peter Oliver

Best regards, Michael.

Message #20 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: 66667 <at> debbugs.gnu.org, p.d.oliver <at> mavit.org.uk
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient --tramp-prefix
 example
Date: Sun, 22 Oct 2023 12:26:40 +0300

> Cc: 66667 <at> debbugs.gnu.org
> From: Michael Albinus <michael.albinus <at> gmx.de>
> Date: Sun, 22 Oct 2023 09:43:20 +0200
> 
> > +If you are using a platform that does not have Unix domain sockets
> > +(i.e., MS-Windows), or SSH implementations that are not able to
> 
> I'm not sure whether MS-Windows supports UNIX domain sockets or not.

It supports them only ion latest builds of Windows 10 and 11.

> Eli, can we still install it in the emacs-29 branch?

Yes, thanks.

Message #23 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Peter Oliver <p.d.oliver <at> mavit.org.uk>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: 66667 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient --tramp-prefix
 example
Date: Sun, 22 Oct 2023 17:53:46 +0100 (BST)

[Message part 1 (text/plain, inline)]

On Sun, 22 Oct 2023, Eli Zaretskii wrote:

>> Cc: 66667 <at> debbugs.gnu.org
>> From: Michael Albinus <michael.albinus <at> gmx.de>
>> Date: Sun, 22 Oct 2023 09:43:20 +0200
>>
>>> +If you are using a platform that does not have Unix domain sockets
>>> +(i.e., MS-Windows), or SSH implementations that are not able to
>>
>> I'm not sure whether MS-Windows supports UNIX domain sockets or not.
>
> It supports them only ion latest builds of Windows 10 and 11.

I see from lib-src/emacsclient.c that they’re used only if SOCKETS_IN_FILE_SYSTEM is defined, which is only the case if WINDOWSNT is not defined.  I’ll update the wording not to imply that they don’t exist, only that we don’t use them.

-- 
Peter Oliver

Message #26 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Peter Oliver <p.d.oliver <at> mavit.org.uk>
To: Björn Bidar <bjorn.bidar <at> thaodan.de>
Cc: 66667 <at> debbugs.gnu.org
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient --tramp-prefix
 example
Date: Sun, 22 Oct 2023 18:09:05 +0100 (BST)

[Message part 1 (text/plain, inline)]

On Sun, 22 Oct 2023, Björn Bidar wrote:

>>  @example
>> -local$ ssh -R12345:localhost:12345 remote
>> -remote$ export EDITOR="emacsclient \
>> -        --server-file=server \
>> -        --tramp=/ssh:remote:"
>> +local$ ssh -R "/tmp/emacs-%r.socket":"$@{XDG_RUNTIME_DIR:-$@{TMPDIR:-/tmp@}/emacs%i@}$@{XDG_RUNTIME_DIR:+/emacs@}/server" remote
>> +remote$ export EMACS_SOCKET_NAME=/tmp/emacs-$USER.socket
>
> If the host has run /run/user it would make sense to setup the Emacs
> socket inside this directory.
> On older systems this might be /var/run/user I think.

It would, sure, but you can’t in general tell from the local side whether the remote side has /run, nor what your UID is there.  You’d need an extra round trip, for which you need ssh’s ControlPersist option to make performant.  This is too complicated for a simple example.

> If the socket fie is in /tmp every other user can read it, using /run/user is
> more secure.

No, the socket will have permissions 0700, so other users won’t be able to read it.  The risk is that other users will be able to cause a nuisance by creating a file of the same name in its place.  Perhaps it’s better to suggest putting the socket in the user’s home directory (which I originally discounted in case of shared NFS home directories)?

-- 
Peter Oliver

Message #33 received at 66667-done <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Peter Oliver <p.d.oliver <at> mavit.org.uk>
Cc: 66667-done <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient
 --tramp-prefix example
Date: Wed, 10 Jan 2024 11:14:46 +0100

Version: 29.2

Peter Oliver <p.d.oliver <at> mavit.org.uk> writes:

> I see from lib-src/emacsclient.c that they’re used only if
> SOCKETS_IN_FILE_SYSTEM is defined, which is only the case if WINDOWSNT
> is not defined.  I’ll update the wording not to imply that they don’t
> exist, only that we don’t use them.

Documentation was adapted in the emacs-29 branch, so I'm closing the
bug.

Best regards, Michael.

Message #44 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Peter Oliver <p.d.oliver <at> mavit.org.uk>
To: 66667 <at> debbugs.gnu.org
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient --tramp-prefix
 example
Date: Mon, 8 Apr 2024 12:26:59 +0100 (BST)

[Message part 1 (text/plain, inline)]

On Sun, 22 Oct 2023, Peter Oliver wrote:

> On Sun, 22 Oct 2023, Björn Bidar wrote:
>
>>>  @ example
>>>  -local$ ssh -R12345:localhost:12345 remote
>>>  -remote$ export EDITOR="emacsclient \
>>>  -        --server-file=server \
>>>  -        --tramp=/ssh:remote:"
>>>  +local$ ssh -R
>>>  "/tmp/emacs-%r.socket":"$@{XDG_RUNTIME_DIR:-$@{TMPDIR:-/tmp@}/emacs%i@}$@{XDG_RUNTIME_DIR:+/emacs@}/server"
>>>  remote
>>>  +remote$ export EMACS_SOCKET_NAME=/tmp/emacs-$USER.socket
>>
>>  If the host has run /run/user it would make sense to setup the Emacs
>>  socket inside this directory.
>>  On older systems this might be /var/run/user I think.
>
> It would, sure, but you can’t in general tell from the local side whether the 
> remote side has /run, nor what your UID is there.  You’d need an extra round 
> trip, for which you need ssh’s ControlPersist option to make performant. 
> This is too complicated for a simple example.
>
>>  If the socket fie is in /tmp every other user can read it, using /run/user
>>  is
>>  more secure.
>
> No, the socket will have permissions 0700, so other users won’t be able to 
> read it.  The risk is that other users will be able to cause a nuisance by 
> creating a file of the same name in its place.  Perhaps it’s better to 
> suggest putting the socket in the user’s home directory (which I originally 
> discounted in case of shared NFS home directories)?

Here is an update patch that does that.

I’m not sure why this bug was closed already.

-- 
Peter Oliver

[0001-Socket-forwarding-in-emacsclient-tramp-prefix-exampl.patch (text/plain, attachment)]

Message #49 received at 66667-done <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Peter Oliver <p.d.oliver <at> mavit.org.uk>
Cc: 66667-done <at> debbugs.gnu.org
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient
 --tramp-prefix example
Date: Wed, 10 Apr 2024 10:48:45 +0200

Version: 29.4

Peter Oliver <p.d.oliver <at> mavit.org.uk> writes:

Hi Peter,

> Here is an update patch that does that.

Thanks, I've pushed this to the emacs-29 branch. Closing the bug (again).

> I’m not sure why this bug was closed already.

You've been quiet for months, so I've assumed you've lost interest.

Best regards, Michael.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.