GNU bug report logs -
#31825
guix offload fails with guix-authenticate error
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Sun, 08 Aug 2021 00:09:20 -0400
with message-id <87lf5c37db.fsf <at> gmail.com>
and subject line Re: bug#31825: guix offload fails with guix-authenticate error
has caused the debbugs.gnu.org bug report #31825,
regarding guix offload fails with guix-authenticate error
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
31825: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=31825
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Hello!
I've read the documentation carefully many times, but I still can't make
`guix offload' work. It always fails like so:
--8<---------------cut here---------------start------------->8---
guix offload test
guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'...
guix offload: '192.168.1.105' is running guile (GNU Guile) 2.2.3
guix offload: Guix is usable on '192.168.1.105' (test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
sending 1 store item to '192.168.1.105'...
exporting path `/gnu/store/wrv01knf5xa76j73afscj066pbqq1na3-export-test'
guix offload: error: build failed: program `guix-authenticate' failed with exit code 1
--8<---------------cut here---------------end--------------->8---
In GDB, I've attempted to follow the forks but without success. The
most useful hint I've got was the following message about
guix-authenticate not being found:
--8<---------------cut here---------------start------------->8---
sudo gdb --args guix-daemon --build-users-group=guixbuild
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
[...]
(gdb) r
Starting program: /home/mcournoyer/src/guix/guix-daemon --build-users-group=guixbuild
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/gnu/store/4sqaib7c2dfjv62ivrg9b8wa7bh226la-glibc-2.26.105-g0890d5379c/lib/libthread_db.so.1".
accepted connection from pid 2241, user mcournoyer
accepted connection from pid 29024, user mcournoyer
accepted connection from pid 2241, user mcournoyer
accepted connection from pid 29068, user mcournoyer
error: executing `guix-authenticate': No such file or directory
--8<---------------cut here---------------end--------------->8---
Things I've tried without success:
1. Installing guix into my user's profile and then this to the ~/.bashrc
on the remote machine:
--8<---------------cut here---------------start------------->8---
GUIX_PROFILE=$HOME/.guix-profile
source $GUIX_PROFILE/etc/profile
# Hack to make guix-authenticate available
export PATH=$PATH:$GUIX_PROFILE/libexec
--8<---------------cut here---------------end--------------->8---
2. Noticing that the guix-daemon I was debugging (the one at
~/src/guix/guix-daemon) was using nixLibexecDir = "/usr/local/libexec"
and that the guix-daemon has code doing this in guix-daemon.cc:469:
--8<---------------cut here---------------start------------->8---
/* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
is known as 'OPENSSL_PATH' here. */
std::string search_path;
search_path = settings.nixLibexecDir;
if (getenv ("PATH") != NULL)
{
search_path += ":";
search_path += getenv ("PATH");
}
setenv ("PATH", search_path.c_str (), 1);
--8<---------------cut here---------------end--------------->8---
I tried:
--8<---------------cut here---------------start------------->8---
sudo ln -s /var/guix/profiles/per-user/mcournoyer/guix-profile/libexec /usr/local/libexec
--8<---------------cut here---------------end--------------->8---
I'm motivated to get this working; would be pleased to debug further
given fresh ideas.
Thanks,
Maxim
[Message part 3 (message/rfc822, inline)]
Hi,
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> Just as a follow-up; I've managed to fall into this trap again,
> attempting to authorize the keys by adding them to the 'authorize-keys'
> field of guix-configuration record.
>
> On the local machine:
>
> guix offload test /etc/guix/machines.scm 127.0.0.1
> guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'...
> guix offload: Guix is usable on '127.0.0.1' (test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
> guix offload: '127.0.0.1' is running GNU Guile 3.0.0
> sending 1 store item (0 MiB) to '127.0.0.1'...
> exporting path `/gnu/store/l9mph3k5l26nm8mb50imsklbsz0bji0b-export-test'
> guix offload: error: program `/gnu/store/amjsgks2n05k9lkck78z64nphad1dkqr-guix-1.0.1-13.50299ad/bin/guix' failed with exit code 1
>
>
> On the remote machine:
>
> sudo strace -p 15683 -p 15716 -f -s345 -o /tmp/log
>
> And found within /tmp/log:
>
> 16120 write(2, "guix authenticate: error: error: unauthorized public
> key: (public-key \n (ecc \n (curve Ed25519)\n (q #MY-PUBLIC-KEY#)\n
> )\n )\n", 176) = 176
>
> So, still actual :-)
>
> Maxim
I think many things have been improved in the diagnostics of guix
offload since the original report. The last gotcha I had hit described
above appears to had been caused by the keys added to the
'authorized-keys' field of the 'guix-configuration' record not being
taken into account when a /etc/guix/acl file was already populated (it
used to not be declarative).
Closing this forgotten issue.
Thanks,
Maxim
This bug report was last modified 4 years and 9 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.