GNU bug report logs - #31825
guix offload fails with guix-authenticate error

Previous Next

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Thu, 14 Jun 2018 03:55:02 UTC

Severity: normal

Merged with 34786

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#34786: closed (“guix offload
 test” doesn’t report missing key
 pairs on the remote host)
Date: Sun, 08 Aug 2021 04:10:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sun, 08 Aug 2021 00:09:20 -0400
with message-id <87lf5c37db.fsf <at> gmail.com>
and subject line Re: bug#31825: guix offload fails with guix-authenticate error
has caused the debbugs.gnu.org bug report #31825,
regarding “guix offload test” doesn’t report missing key pairs on the remote host
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
31825: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=31825
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: Bug Guix <bug-guix <at> gnu.org>
Cc: Andreas Enge <andreas <at> enge.fr>
Subject: “guix offload test” doesn’t report missing key pairs on the remote host
Date: Fri, 08 Mar 2019 17:38:50 +0100

Hello,

When trying to offload to a remote machine R that doesn’t have a key
pair in /etc/guix, ‘guix offload test’ currently fails like this:

--8<---------------cut here---------------start------------->8---
guix offload: testing 3 build machines defined in '/etc/guix/machines.scm'...
guix offload: Guix is usable on 'R' (test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
guix offload: 'R' is running GNU Guile 2.2.4
sending 1 store item (0 MiB) to 'R'...
exporting path `/gnu/store/dbs25m05x1v43s66frh1060ibxdy3q70-export-test'
guix offload: 'R' successfully imported '/gnu/store/dbs25m05x1v43s66frh1060ibxdy3q70-export-test'
retrieving 1 store item from 'R'...
guix offload: error: implementation cannot deal with > 32-bit integers
--8<---------------cut here---------------end--------------->8---

When stracing “guix offload test”, we see this:

--8<---------------cut here---------------start------------->8---
write(1, "retrieving 1 store item from 'RRRRR.guix.info'...\n", 50) = 50
write(16, "\33\0\0\0\0\0\0\0", 8)       = 8
read(16, "atad\0\0\0\0", 8)             = 8
read(16, "\0\200\0\0\0\0\0\0", 8)       = 8

[...]

write(16, "M\1\0\0\0\0\0\0\1\0\0\0\0\0\0\0\r\0\0\0\0\0\0\0nix-archive-1\0\0\0\1\0\0\0\0\0\0\0(\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0type\0\0\0\0\7\0\0\0\0\0\0\0regular\0\10\0\0\0\0\0\0\0contents\26\0\0\0\0\0\0\0RRRRR.guix.info-966879\0\0\1\0\0\0\0\0\0\0)\0\0\0\0\0\0\0NIXE\0\0\0\0007\0\0\0\0\0\0\0/gnu/store/3bxyihakqhhcwckb2yz3h7fzmfii0wsn-import-test\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0(protocol-error 1 \"getting status of `/etc/guix/signing-key.sec': No such file or directory\")\0\0\0", 344) = 344
read(16, "ptxc\0\0\0\0", 8)             = 8
read(16, "1\0\0\0\0\0\0\0", 8)          = 8
read(16, "implementation cannot deal with > 32-bit integers", 49) = 49
read(16, "\0\0\0\0\0\0\0", 7)           = 7
read(16, "\1", 1)                       = 1
read(16, "\0\0\0\0\0\0\0", 7)           = 7
--8<---------------cut here---------------end--------------->8---

Ludo’.



[Message part 3 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: 31825-done <at> debbugs.gnu.org
Subject: Re: bug#31825: guix offload fails with guix-authenticate error
Date: Sun, 08 Aug 2021 00:09:20 -0400

Hi,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:

> Just as a follow-up; I've managed to fall into this trap again,
> attempting to authorize the keys by adding them to the 'authorize-keys'
> field of guix-configuration record.
>
> On the local machine:
>
> guix offload test /etc/guix/machines.scm 127.0.0.1
> guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'...
> guix offload: Guix is usable on '127.0.0.1' (test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
> guix offload: '127.0.0.1' is running GNU Guile 3.0.0
> sending 1 store item (0 MiB) to '127.0.0.1'...
> exporting path `/gnu/store/l9mph3k5l26nm8mb50imsklbsz0bji0b-export-test'
> guix offload: error: program `/gnu/store/amjsgks2n05k9lkck78z64nphad1dkqr-guix-1.0.1-13.50299ad/bin/guix' failed with exit code 1
>
>
> On the remote machine:
>
> sudo strace -p 15683 -p 15716 -f -s345 -o /tmp/log
>
> And found within /tmp/log:
>
> 16120 write(2, "guix authenticate: error: error: unauthorized public
> key: (public-key \n (ecc \n (curve Ed25519)\n (q #MY-PUBLIC-KEY#)\n
> )\n )\n", 176) = 176
>
> So, still actual :-)
>
> Maxim

I think many things have been improved in the diagnostics of guix
offload since the original report.  The last gotcha I had hit described
above appears to had been caused by the keys added to the
'authorized-keys' field of the 'guix-configuration' record not being
taken into account when a /etc/guix/acl file was already populated (it
used to not be declarative).

Closing this forgotten issue.

Thanks,

Maxim
This bug report was last modified 4 years and 9 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.