From unknown Thu Sep 11 13:39:42 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 07 Aug 2019 12:49:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 36956 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 36956@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15651821081671 (code B ref -1); Wed, 07 Aug 2019 12:49:02 +0000 Received: (at submit) by debbugs.gnu.org; 7 Aug 2019 12:48:28 +0000 Received: from localhost ([127.0.0.1]:38176 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvLMi-0000Qs-1l for submit@debbugs.gnu.org; Wed, 07 Aug 2019 08:48:28 -0400 Received: from lists.gnu.org ([209.51.188.17]:37546) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvLMg-0000Qj-Gs for submit@debbugs.gnu.org; Wed, 07 Aug 2019 08:48:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49094) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvLMf-0001Qh-48 for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:26 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvLMd-0005m1-T7 for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:25 -0400 Received: from mx.sdf.org ([205.166.94.20]:64903) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvLMd-0005lI-LL for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:23 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x77CmLU8020701 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO) for ; Wed, 7 Aug 2019 12:48:22 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Date: Wed, 07 Aug 2019 08:45:10 -0400 Message-ID: <87ef1x4015.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 205.166.94.20 X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. * guix/scripts/deploy.scm (guix-deploy): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. =2D-- doc/guix.texi | 16 ---------------- gnu/machine/ssh.scm | 7 +++++++ guix/scripts/deploy.scm | 7 +++++++ guix/ssh.scm | 23 +++++++++++++++++++++++ 4 files changed, 37 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 734206a4b2..64ca44d494 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25530,22 +25530,6 @@ complex deployment may involve, for example, start= ing virtual machines through a Virtual Private Server (VPS) provider. In such a case, a different @var{environment} type would be used. =20 =2DDo note that you first need to generate a key pair on the coordinator ma= chine =2Dto allow the daemon to export signed archives of files from the store =2D(@pxref{Invoking guix archive}). =2D =2D@example =2D# guix archive --generate-key =2D@end example =2D =2D@noindent =2DEach target machine must authorize the key of the master machine so that= it =2Daccepts store items it receives from the coordinator: =2D =2D@example =2D# guix archive --authorize < coordinator-public-key.txt =2D@end example =2D @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 1f16d9a5ea..90deff19a8 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -28,13 +28,16 @@ #:use-module (guix i18n) #:use-module (guix modules) #:use-module (guix monads) + #:use-module (guix pki) #:use-module (guix records) #:use-module (guix remote) #:use-module (guix scripts system reconfigure) #:use-module (guix ssh) #:use-module (guix store) #:use-module (guix utils) + #:use-module (gcrypt pk-crypto) #:use-module (ice-9 match) + #:use-module (ice-9 textual-ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) @@ -329,6 +332,10 @@ the 'should-roll-back' field set to SHOULD-ROLL-BACK?" "Internal implementation of 'deploy-machine' for MACHINE instances with = an environment type of 'managed-host." (maybe-raise-unsupported-configuration-error machine) + (remote-authorize-signing-key (call-with-input-file %public-key-file + (lambda (port) + (string->canonical-sexp (get-string-al= l port)))) + (machine-ssh-session machine)) (mlet %store-monad ((_ (check-deployment-sanity machine)) (boot-parameters (machine-boot-parameters machine))) (let* ((os (machine-operating-system machine)) diff --git a/guix/scripts/deploy.scm b/guix/scripts/deploy.scm index 6a67985c8b..075c74d395 100644 =2D-- a/guix/scripts/deploy.scm +++ b/guix/scripts/deploy.scm @@ -20,6 +20,7 @@ (define-module (guix scripts deploy) #:use-module (gnu machine) #:use-module (guix discovery) + #:use-module (guix pki) #:use-module (guix scripts) #:use-module (guix scripts build) #:use-module (guix store) @@ -83,6 +84,12 @@ Perform the deployment specified by FILE.\n")) (define (guix-deploy . args) (define (handle-argument arg result) (alist-cons 'file arg result)) + + (unless (file-exists? %public-key-file) + (leave (G_ "no signing key '~a' +have you run 'guix archive --generate-key?'~%") + %public-key-file)) + (let* ((opts (parse-command-line args %options (list %default-options) #:argument-handler handle-argument)) (file (assq-ref opts 'file)) diff --git a/guix/ssh.scm b/guix/ssh.scm index 9b5ca68894..5186c646ca 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -21,6 +21,7 @@ #:use-module (guix inferior) #:use-module (guix i18n) #:use-module ((guix utils) #:select (&fix-hint)) + #:use-module (gcrypt pk-crypto) #:use-module (ssh session) #:use-module (ssh auth) #:use-module (ssh key) @@ -40,6 +41,7 @@ remote-daemon-channel connect-to-remote-daemon remote-system + remote-authorize-signing-key send-files retrieve-files retrieve-files* @@ -289,6 +291,27 @@ the machine on the other end of SESSION." (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-syste= m)) session)) =20 +(define (remote-authorize-signing-key key session) + "Send KEY, a canonical sexp containing a public key, over SESSION and ad= d it +to the system ACL file if it has not yet been authorized." + (inferior-remote-eval + `(begin + (use-modules (guix build utils) + (guix pki) + (guix utils) + (gcrypt pk-crypto) + (srfi srfi-26)) + + (define acl (current-acl)) + (define key (string->canonical-sexp ,(canonical-sexp->string key))) + + (unless (authorized-key? key) + (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) + (mkdir-p (dirname %acl-file)) + (with-atomic-file-output %acl-file + (cut write-acl acl <>))))) + session)) + (define* (send-files local files remote #:key recursive? =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1Kx9YACgkQ9Qb9Fp2P 2VpmcxAAnAGpa4RPKS+w2N9GBP8MlCBcduVQptguNKAIGRMQt3a6ZK+WTf10xtWk un9fEthxEwdowrhEEAb7WdJFvQku652sN+7XEwSVEg8ELDl1nXy1cVrm6HZHdxRf kuzH6Lhc4X51RgoH5k+ORUF0E7gmGp0gG8I2kB1LrROZkYX2SqzhVTV9gpG/Ve4D GnQk63osKFIXMtQiteGgJCX6GWMDBPdp9GRJ1t4gfxNkac9j3VO45ots0IGDTjUC 7qU5P8wsbs1OMd0s4oGYwMy5DJQzj4/HJH205oP3N4gQIntfCCuYt5TI7j2Uolb5 jPXN9CGrAxoWKMADnqpBx5LIhYL/+tKaxPcPs7snuB/hL65xhgJQ6sHiItIfGJ6g fbzfirJn8AF/KzyhmRl+7bchw1N6cPXZb+Hnxl8U9sMFywa3cm19F3qnv8IARf9W smodzOOvOkKtP7Va4rMn5Q7Hzj/OAS7aJEaL9oG1ukPpl4uQrrMHboyRqZuqCCFF ZLh0CYDLNrSq4PoQCYZRfLklmhhF331b7kYq9ckuo1ICF44ridQ1UMoy+ngHIrEE He6Ky5nvWsW8C4ZksotcDBfU90gMfkr1Y049NEzs016H8hAFrwu+UPJwDYKME1fi daAZFe3e9qQYZ5SNvE6Wx7e7u/ZaQRklwX5ZMAnJW/meiJlmlkw= =kkbD -----END PGP SIGNATURE----- --=-=-=-- From unknown Thu Sep 11 13:39:42 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. Resent-From: Christopher Lemmer Webber Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 07 Aug 2019 19:22:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36956 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 36956@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Cc: 36956@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15652056924029 (code B ref -1); Wed, 07 Aug 2019 19:22:03 +0000 Received: (at submit) by debbugs.gnu.org; 7 Aug 2019 19:21:32 +0000 Received: from localhost ([127.0.0.1]:39410 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvRV5-00012s-Va for submit@debbugs.gnu.org; Wed, 07 Aug 2019 15:21:32 -0400 Received: from lists.gnu.org ([209.51.188.17]:34845) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvRV3-00012V-5e for submit@debbugs.gnu.org; Wed, 07 Aug 2019 15:21:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48978) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvRV0-0002vb-QG for guix-patches@gnu.org; Wed, 07 Aug 2019 15:21:29 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvRUw-0005V4-H4 for guix-patches@gnu.org; Wed, 07 Aug 2019 15:21:23 -0400 Received: from dustycloud.org ([50.116.34.160]:44830) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvRUw-0005UV-Bk for guix-patches@gnu.org; Wed, 07 Aug 2019 15:21:22 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 9EABD2661E; Wed, 7 Aug 2019 15:21:17 -0400 (EDT) References: <87ef1x4015.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber In-reply-to: <87ef1x4015.fsf@sdf.lonestar.org> Date: Wed, 07 Aug 2019 15:18:47 -0400 Message-ID: <874l2spyw8.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 50.116.34.160 X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) This seems like a good usability improvement. For clarity, I assume that it's still configurable, however? Would be important if pushing builds to a different machine. Jakob L. Kreuze writes: > * guix/ssh.scm (remote-authorize-signing-key): New variable. > * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's > signing key before any invocations of 'remote-eval'. > * guix/scripts/deploy.scm (guix-deploy): Display an error if a signing > key does not exist. > * doc/guix.texi (Invoking guix deploy): Remove section describing manual > signing key authorization. > --- > doc/guix.texi | 16 ---------------- > gnu/machine/ssh.scm | 7 +++++++ > guix/scripts/deploy.scm | 7 +++++++ > guix/ssh.scm | 23 +++++++++++++++++++++++ > 4 files changed, 37 insertions(+), 16 deletions(-) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 734206a4b2..64ca44d494 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -25530,22 +25530,6 @@ complex deployment may involve, for example, starting virtual machines through > a Virtual Private Server (VPS) provider. In such a case, a different > @var{environment} type would be used. > > -Do note that you first need to generate a key pair on the coordinator machine > -to allow the daemon to export signed archives of files from the store > -(@pxref{Invoking guix archive}). > - > -@example > -# guix archive --generate-key > -@end example > - > -@noindent > -Each target machine must authorize the key of the master machine so that it > -accepts store items it receives from the coordinator: > - > -@example > -# guix archive --authorize < coordinator-public-key.txt > -@end example > - > @deftp {Data Type} machine > This is the data type representing a single machine in a heterogeneous Guix > deployment. > diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm > index 1f16d9a5ea..90deff19a8 100644 > --- a/gnu/machine/ssh.scm > +++ b/gnu/machine/ssh.scm > @@ -28,13 +28,16 @@ > #:use-module (guix i18n) > #:use-module (guix modules) > #:use-module (guix monads) > + #:use-module (guix pki) > #:use-module (guix records) > #:use-module (guix remote) > #:use-module (guix scripts system reconfigure) > #:use-module (guix ssh) > #:use-module (guix store) > #:use-module (guix utils) > + #:use-module (gcrypt pk-crypto) > #:use-module (ice-9 match) > + #:use-module (ice-9 textual-ports) > #:use-module (srfi srfi-1) > #:use-module (srfi srfi-19) > #:use-module (srfi srfi-26) > @@ -329,6 +332,10 @@ the 'should-roll-back' field set to SHOULD-ROLL-BACK?" > "Internal implementation of 'deploy-machine' for MACHINE instances with an > environment type of 'managed-host." > (maybe-raise-unsupported-configuration-error machine) > + (remote-authorize-signing-key (call-with-input-file %public-key-file > + (lambda (port) > + (string->canonical-sexp (get-string-all port)))) > + (machine-ssh-session machine)) > (mlet %store-monad ((_ (check-deployment-sanity machine)) > (boot-parameters (machine-boot-parameters machine))) > (let* ((os (machine-operating-system machine)) > diff --git a/guix/scripts/deploy.scm b/guix/scripts/deploy.scm > index 6a67985c8b..075c74d395 100644 > --- a/guix/scripts/deploy.scm > +++ b/guix/scripts/deploy.scm > @@ -20,6 +20,7 @@ > (define-module (guix scripts deploy) > #:use-module (gnu machine) > #:use-module (guix discovery) > + #:use-module (guix pki) > #:use-module (guix scripts) > #:use-module (guix scripts build) > #:use-module (guix store) > @@ -83,6 +84,12 @@ Perform the deployment specified by FILE.\n")) > (define (guix-deploy . args) > (define (handle-argument arg result) > (alist-cons 'file arg result)) > + > + (unless (file-exists? %public-key-file) > + (leave (G_ "no signing key '~a' > +have you run 'guix archive --generate-key?'~%") > + %public-key-file)) > + > (let* ((opts (parse-command-line args %options (list %default-options) > #:argument-handler handle-argument)) > (file (assq-ref opts 'file)) > diff --git a/guix/ssh.scm b/guix/ssh.scm > index 9b5ca68894..5186c646ca 100644 > --- a/guix/ssh.scm > +++ b/guix/ssh.scm > @@ -21,6 +21,7 @@ > #:use-module (guix inferior) > #:use-module (guix i18n) > #:use-module ((guix utils) #:select (&fix-hint)) > + #:use-module (gcrypt pk-crypto) > #:use-module (ssh session) > #:use-module (ssh auth) > #:use-module (ssh key) > @@ -40,6 +41,7 @@ > remote-daemon-channel > connect-to-remote-daemon > remote-system > + remote-authorize-signing-key > send-files > retrieve-files > retrieve-files* > @@ -289,6 +291,27 @@ the machine on the other end of SESSION." > (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-system)) > session)) > > +(define (remote-authorize-signing-key key session) > + "Send KEY, a canonical sexp containing a public key, over SESSION and add it > +to the system ACL file if it has not yet been authorized." > + (inferior-remote-eval > + `(begin > + (use-modules (guix build utils) > + (guix pki) > + (guix utils) > + (gcrypt pk-crypto) > + (srfi srfi-26)) > + > + (define acl (current-acl)) > + (define key (string->canonical-sexp ,(canonical-sexp->string key))) > + > + (unless (authorized-key? key) > + (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) > + (mkdir-p (dirname %acl-file)) > + (with-atomic-file-output %acl-file > + (cut write-acl acl <>))))) > + session)) > + > (define* (send-files local files remote > #:key > recursive? From unknown Thu Sep 11 13:39:42 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 07 Aug 2019 19:41:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36956 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Jakob L. Kreuze Cc: 36956@debbugs.gnu.org Received: via spool by 36956-submit@debbugs.gnu.org id=B36956.15652068056220 (code B ref 36956); Wed, 07 Aug 2019 19:41:01 +0000 Received: (at 36956) by debbugs.gnu.org; 7 Aug 2019 19:40:05 +0000 Received: from localhost ([127.0.0.1]:39451 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvRn2-0001cG-JC for submit@debbugs.gnu.org; Wed, 07 Aug 2019 15:40:04 -0400 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21286) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvRmz-0001bj-6e for 36956@debbugs.gnu.org; Wed, 07 Aug 2019 15:40:03 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1565206796; cv=none; d=zoho.com; s=zohoarc; b=eGoNyLgqlIxDiZWR6fUYLzjkVfGaKTbfX/WXJHVh19mG3DX8vGdKEUYgLFpuN8oUYJQJZaJ5udMRzJxcgldxug4+4v50hefvCGICbhnNqSPdV52Ks82H/Vij6gtyPB/lMnMtMFljviXdx4ceRN/Bpw3h0jzjKiaDjH7macvwzRc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1565206796; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=JV3GsD6D+3yHWbSCrByujH3xGdyMChvNgQQ5aeDFE3E=; b=NuTzZjZbubLDQxCQYTI1NNNCR50tLbgSEiPcylvMyvR9a/kjIEVGPeOMqXtcjTwB7TBsDYc1QcZwmdGbE2kIOngmRCJeAWKnajtAl0jslpNJlZZbMQZA2Psa8e6FdUl/vy+6KWlS6eH83BNsKLgnzQybKjg5ptLvPxb7jvYTtvk= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1565206796; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type; l=989; bh=JV3GsD6D+3yHWbSCrByujH3xGdyMChvNgQQ5aeDFE3E=; b=FwnndZ+JUusPKbaj0U+xP6tAHmNYvod+Rzg8/6/NXAQt/v5KdMeUDDt28YRecBFe Xcl9FKYUX5AZSLGyO08SUswqoqoWyCJGSV6w3TY1c7lIGiTphUvYDswQVyKaEgyBnJa ilybqTuDKwQQv/FjmbFU1V73BJGVuGmEu+01SaQE= Received: from localhost (p54AD4F61.dip0.t-ipconnect.de [84.173.79.97]) by mx.zohomail.com with SMTPS id 1565206795607695.990957731765; Wed, 7 Aug 2019 12:39:55 -0700 (PDT) References: <87ef1x4015.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus In-reply-to: <87ef1x4015.fsf@sdf.lonestar.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Wed, 07 Aug 2019 21:39:51 +0200 Message-ID: <874l2sydbs.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Jakob L. Kreuze writes: > +(define (remote-authorize-signing-key key session) > + "Send KEY, a canonical sexp containing a public key, over SESSION and add it > +to the system ACL file if it has not yet been authorized." > + (inferior-remote-eval > + `(begin > + (use-modules (guix build utils) > + (guix pki) > + (guix utils) > + (gcrypt pk-crypto) > + (srfi srfi-26)) > + > + (define acl (current-acl)) > + (define key (string->canonical-sexp ,(canonical-sexp->string key))) > + > + (unless (authorized-key? key) > + (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) > + (mkdir-p (dirname %acl-file)) > + (with-atomic-file-output %acl-file > + (cut write-acl acl <>))))) > + session)) > + This will overwrite an existing acl file on the remote with a copy that differs only in the newly added key. Is there a chance for corruption, e.g. if acl->public-keys returns something unexpected? -- Ricardo From unknown Thu Sep 11 13:39:42 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 07 Aug 2019 20:56:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36956 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber , Ricardo Wurmus Cc: 36956@debbugs.gnu.org Received: via spool by 36956-submit@debbugs.gnu.org id=B36956.156521134831453 (code B ref 36956); Wed, 07 Aug 2019 20:56:01 +0000 Received: (at 36956) by debbugs.gnu.org; 7 Aug 2019 20:55:48 +0000 Received: from localhost ([127.0.0.1]:39553 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvSyK-0008BF-FD for submit@debbugs.gnu.org; Wed, 07 Aug 2019 16:55:48 -0400 Received: from mx.sdf.org ([205.166.94.20]:55203) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvSyI-0008B7-RH for 36956@debbugs.gnu.org; Wed, 07 Aug 2019 16:55:47 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x77KtiA2009174 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Wed, 7 Aug 2019 20:55:45 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87ef1x4015.fsf@sdf.lonestar.org> <874l2sydbs.fsf@elephly.net> Date: Wed, 07 Aug 2019 16:52:33 -0400 In-Reply-To: <874l2sydbs.fsf@elephly.net> (Ricardo Wurmus's message of "Wed, 07 Aug 2019 21:39:51 +0200") Message-ID: <87zhkkk8a6.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Hi Chris and Ricardo, Christopher Lemmer Webber writes: > This seems like a good usability improvement. For clarity, I assume > that it's still configurable, however? Would be important if pushing > builds to a different machine. No, but you raise a good point :) I'll update this patch to make it configurable. Ricardo Wurmus writes: > This will overwrite an existing acl file on the remote with a copy > that differs only in the newly added key. > > Is there a chance for corruption, e.g. if acl->public-keys returns > something unexpected? I suppose it's possible. 'guix archive --authorize' doesn't seem to do any specific handling for it, but it doesn't hurt to be paranoid -- we "atomically" overwrite the GC root for the bootloader configuration, for example, and we could do something similar here. I'll include it in the updated patch. Regards, Jakob --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1LOhEACgkQ9Qb9Fp2P 2VpqPQ//TbUjZNEDExLpBNeLTAJg+0WOOdBViO/29MyRKraPxDqmGYGpZZdYVDYG jrNZ3gvhWCdJ7qQINAFS4b/571fM2VYcGB0jW+34mXLSkTB3GaAhMTpLNva+P8HK ZUAG+wPiBXL+eJZonZzOV+d2WJ3jrfWB2mx6cesATWSf44bb1d6/dMdiEm+QQxMF cUj/GqEPS/tMoumMi8do4DF8OeklkED+6E2DchHA5wqoENzJgXJjRDqfRlQRbf2+ 7NA5pgeT04x/MR+tDA//r97fAIoybF2GUO721agGZAahe4HJIXSexaJymw+7TVd0 pt/BPmRnzoAGMbff1K9Y1ql2cN/bjEGsoBFWDfVyiqUbPPB4Xc0cBExE6M9AYpeW KQqa1x3ugW9+4OWNe+d1lyAgwNfXp9oDPC2s7POgjvWzBkWwVP0oYG6oVfooC0FC DPtmO7UIaahQQqetHI+f7lms0K735Vp2cFjCdR1nSUFM9um+c+0d77hhrjHIUmRe LuuycEqtIhSWRuVdU3pCgUJWeTAgoNM/HR06hWMpkEpKAPKKkGXfkosh9PI0UQuL BgoF48h/1MErFRTjS3NArqZ3n83TOKAw2R22TBnWnjOYmHS/+JxcAwyKY6F27j8l AQ2O44ygbAQosL6QinvH85Biacc+9mWuuTZusf3vb4N67/Cx80g= =nYwb -----END PGP SIGNATURE----- --=-=-=-- From unknown Thu Sep 11 13:39:42 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36956] [PATCH v2] machine: Automatically authorize the coordinator's signing Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 09 Aug 2019 15:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36956 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber Cc: Ricardo Wurmus , 36956@debbugs.gnu.org Received: via spool by 36956-submit@debbugs.gnu.org id=B36956.156536574924747 (code B ref 36956); Fri, 09 Aug 2019 15:50:02 +0000 Received: (at 36956) by debbugs.gnu.org; 9 Aug 2019 15:49:09 +0000 Received: from localhost ([127.0.0.1]:43145 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hw78e-0006R4-HA for submit@debbugs.gnu.org; Fri, 09 Aug 2019 11:49:08 -0400 Received: from mx.sdf.org ([205.166.94.20]:55452) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hw78c-0006Qw-PC for 36956@debbugs.gnu.org; Fri, 09 Aug 2019 11:49:07 -0400 Received: from Upsilon (92-111-222-18.static.v4.ziggozakelijk.nl [92.111.222.18]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x79FmqRF019434 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Fri, 9 Aug 2019 15:48:54 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87ef1x4015.fsf@sdf.lonestar.org> <874l2sydbs.fsf@elephly.net> <87zhkkk8a6.fsf@sdf.lonestar.org> Date: Fri, 09 Aug 2019 11:48:48 -0400 In-Reply-To: <87zhkkk8a6.fsf@sdf.lonestar.org> (Jakob L. Kreuze's message of "Wed, 07 Aug 2019 16:52:33 -0400") Message-ID: <87k1bmnxun.fsf_-_@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. (deploy-managed-host): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. (Invoking guix deploy): Add section describing the 'authorize?' field. =2D-- doc/guix.texi | 3 +++ gnu/machine/ssh.scm | 31 +++++++++++++++++++++++++------ guix/ssh.scm | 23 +++++++++++++++++++++++ 3 files changed, 51 insertions(+), 6 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 1478749d7d..e9a0d7aa22 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25583,6 +25583,9 @@ with an @code{environment} of @code{managed-host-en= vironment-type}. =20 @table @asis @item @code{host-name} +@item @code{authorize?} (default: @code{#t}) +If true, the coordinator's signing key will be added to the remote's ACL +keyring. @item @code{port} (default: @code{22}) @item @code{user} (default: @code{"root"}) @item @code{identity} (default: @code{#f}) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 57af0e4bff..320bc7fdb4 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -28,13 +28,16 @@ #:use-module (guix i18n) #:use-module (guix modules) #:use-module (guix monads) + #:use-module (guix pki) #:use-module (guix records) #:use-module (guix remote) #:use-module (guix scripts system reconfigure) #:use-module (guix ssh) #:use-module (guix store) #:use-module (guix utils) + #:use-module (gcrypt pk-crypto) #:use-module (ice-9 match) + #:use-module (ice-9 textual-ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) @@ -48,6 +51,7 @@ =20 machine-ssh-configuration-host-name machine-ssh-configuration-build-locally? + machine-ssh-configuration-authorize? machine-ssh-configuration-port machine-ssh-configuration-user machine-ssh-configuration-session)) @@ -70,16 +74,18 @@ make-machine-ssh-configuration machine-ssh-configuration? this-machine-ssh-configuration =2D (host-name machine-ssh-configuration-host-name) ; string =2D (build-locally? machine-ssh-configuration-build-locally? + (host-name machine-ssh-configuration-host-name) ; string + (build-locally? machine-ssh-configuration-build-locally? ; boolean (default #t)) =2D (port machine-ssh-configuration-port ; integer + (authorize? machine-ssh-configuration-authorize? ; boolean + (default #t)) + (port machine-ssh-configuration-port ; integer (default 22)) =2D (user machine-ssh-configuration-user ; string + (user machine-ssh-configuration-user ; string (default "root")) =2D (identity machine-ssh-configuration-identity ; path to a priva= te key + (identity machine-ssh-configuration-identity ; path to a pri= vate key (default #f)) =2D (session machine-ssh-configuration-session ; session + (session machine-ssh-configuration-session ; session (default #f))) =20 (define (machine-ssh-session machine) @@ -339,6 +345,19 @@ the 'should-roll-back' field set to SHOULD-ROLL-BACK?" "Internal implementation of 'deploy-machine' for MACHINE instances with = an environment type of 'managed-host." (maybe-raise-unsupported-configuration-error machine) + (when (machine-ssh-configuration-authorize? + (machine-configuration machine)) + (unless (file-exists? %public-key-file) + (raise (condition + (&message + (message (format #f (G_ "no signing key '~a'. \ +have you run 'guix archive --generate-key?'") + %public-key-file)))))) + (remote-authorize-signing-key (call-with-input-file %public-key-file + (lambda (port) + (string->canonical-sexp + (get-string-all port)))) + (machine-ssh-session machine))) (mlet %store-monad ((_ (check-deployment-sanity machine)) (boot-parameters (machine-boot-parameters machine))) (let* ((os (machine-operating-system machine)) diff --git a/guix/ssh.scm b/guix/ssh.scm index 90311127a1..24834c6f68 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -21,6 +21,7 @@ #:use-module (guix inferior) #:use-module (guix i18n) #:use-module ((guix utils) #:select (&fix-hint)) + #:use-module (gcrypt pk-crypto) #:use-module (ssh session) #:use-module (ssh auth) #:use-module (ssh key) @@ -40,6 +41,7 @@ remote-daemon-channel connect-to-remote-daemon remote-system + remote-authorize-signing-key send-files retrieve-files retrieve-files* @@ -300,6 +302,27 @@ the machine on the other end of SESSION." (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-syste= m)) session)) =20 +(define (remote-authorize-signing-key key session) + "Send KEY, a canonical sexp containing a public key, over SESSION and ad= d it +to the system ACL file if it has not yet been authorized." + (inferior-remote-eval + `(begin + (use-modules (guix build utils) + (guix pki) + (guix utils) + (gcrypt pk-crypto) + (srfi srfi-26)) + + (define acl (current-acl)) + (define key (string->canonical-sexp ,(canonical-sexp->string key))) + + (unless (authorized-key? key) + (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) + (mkdir-p (dirname %acl-file)) + (with-atomic-file-output %acl-file + (cut write-acl acl <>))))) + session)) + (define* (send-files local files remote #:key recursive? =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1NleAACgkQ9Qb9Fp2P 2Vq3Yw/+PtbtOBDpQUVXkd6NHYJufLBVVOVM3A8OuG99SLIbn1vPOs2WVOeIOdN2 ZdmX3N9EgQQ/+hhhrDQyqwfqU8CaJlRzaNy0LNtiaKPqjr7As1orMgFDChiOKcpQ BYJVz0QsJlgIFxsLWF18NTBy22U1ISrLBt1eicu5KumoEYYi7J5NaB/Dk4YMs6yn eCTVo1/msuNKxyNhYVgDjDCXDQtl+y25P4sJ6r10ytg4l4M4uLrZDwmykmcS2ymx +KxNkqPxBMLPIeBU10s4rJPzqGxxYHZrUxtTBL63rIodyqCZw5oGX07vanaYBBad ZToSCimhgs2/SX4PFYG0tcFv8PnA5rUweaVDX9uh/u3px3mqKh1RC/0m4M6M9f1t 59JLgRC2Hkwnqe4ApCpgU73BN56u/tGMsByCcDe0DkoN40PulY+rb6PuVuxuIXwy wIkFMNC71+s1hePF4zw5j2m9fXLWUn5KI3YTWDW6N54GmKyWr8f0NlM362EPuAGM TMbgcSet7YrZwR9uukMLXDqxZDOQFrMktJizbjAGnMu+VYLollLH+DI8UGrelupp lVuTsUvVARIHZzs5Y1cdJ37S0FnRMFzFazj2TmSDpvQa+r5GDCf7MEfKGNUsChoQ CfHna1988pwGIT661xr82DADaOREhs+e9abARROHbgFrlrZ61Nw= =W/25 -----END PGP SIGNATURE----- --=-=-=-- From unknown Thu Sep 11 13:39:42 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 09 Aug 2019 15:53:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36956 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber Cc: Ricardo Wurmus , 36956@debbugs.gnu.org Received: via spool by 36956-submit@debbugs.gnu.org id=B36956.156536596225052 (code B ref 36956); Fri, 09 Aug 2019 15:53:01 +0000 Received: (at 36956) by debbugs.gnu.org; 9 Aug 2019 15:52:42 +0000 Received: from localhost ([127.0.0.1]:43149 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hw7C6-0006Vz-6J for submit@debbugs.gnu.org; Fri, 09 Aug 2019 11:52:42 -0400 Received: from mx.sdf.org ([205.166.94.20]:54608) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hw7C3-0006Vq-73 for 36956@debbugs.gnu.org; Fri, 09 Aug 2019 11:52:40 -0400 Received: from Upsilon (92-111-222-18.static.v4.ziggozakelijk.nl [92.111.222.18]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x79FqYGk028618 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO); Fri, 9 Aug 2019 15:52:37 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87ef1x4015.fsf@sdf.lonestar.org> <874l2sydbs.fsf@elephly.net> <87zhkkk8a6.fsf@sdf.lonestar.org> Date: Fri, 09 Aug 2019 11:52:26 -0400 In-Reply-To: <87zhkkk8a6.fsf@sdf.lonestar.org> (Jakob L. Kreuze's message of "Wed, 07 Aug 2019 16:52:33 -0400") Message-ID: <87ftmanxol.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) writes: > Hi Chris and Ricardo, > > Christopher Lemmer Webber writes: > >> This seems like a good usability improvement. For clarity, I assume >> that it's still configurable, however? Would be important if pushing >> builds to a different machine. > > No, but you raise a good point :) I'll update this patch to make it > configurable. > > Ricardo Wurmus writes: > >> This will overwrite an existing acl file on the remote with a copy >> that differs only in the newly added key. >> >> Is there a chance for corruption, e.g. if acl->public-keys returns >> something unexpected? > > I suppose it's possible. 'guix archive --authorize' doesn't seem to do > any specific handling for it, but it doesn't hurt to be paranoid -- we > "atomically" overwrite the GC root for the bootloader configuration, for > example, and we could do something similar here. I'll include it in the > updated patch. > > Regards, > Jakob > I didn't think this all the way through when I wrote this response. We're already using 'with-atomic-file-output', so we're already "atomically" overwriting the ACL. Also, it wouldn't solve the issue of 'acl->public-keys' returning something unexpected. I'm not sure I have a good solution for this at the moment. Regards, Jakob --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1NlroACgkQ9Qb9Fp2P 2VpCNA//abCG+W8GMq71/q4wjxkmX3KQcmZSINPMTLPFw68DLDAJpOn2ZATFoK39 KMOTanQ0/DVx8k2LMI1EIPypmOo7KvXW0tIWXNxNUnBWJ5eIjPhdFPq2kLaL9Tdp h1g/tZ/BbS7ytS8z8Gb+jLipeVcGUflyCEGUEbQFf7Tzv/iNObD0j1E933c7CFMb lJiTtGiB/J01tDhhxedFjEp8mdPRzBxVvcr6Jr9KElsZTC4JK1CHCkbeVBoHULsr 0vcvdXeZeufbZUvRJeQ8oD2kpPxPHwCZQKXIWMaB2en3zvOrFDC6QKf9cHVjyZBO j+dwL/oBuNVjF4aqSWUaVcf6DEpU9qjgctmEdgHOO8pVPBIS1S/UwxJeoUR0gevG RGtrkj9IEI9o6WbsjPD4huk5J19ovsA199PTf9dGk1y38TE+d1omJ7zKw4tlhn7t 4Nf3clzbz0kBzix4pcm95y4ny5bMV7mMgi7l0uVPiSclvKP0QmkmkXcz4EVbGeeS UALQGkYoaQbX9tKKKjHFdHwRN4z6RWP9tPBaE1TsyQTeziDWPzI4TcC1tEnr4+VP dbDn+PfmO50EFG3cQ7RUDQiCckUVU1846IXh2zlwE2Vbj1/V9UE1rgip1xzT4hwU Oj00kcR/LnckKiXb9plGvzitdjZIAKPYQrGxpOLONu7zTkLPPE8= =xHvn -----END PGP SIGNATURE----- --=-=-=-- From unknown Thu Sep 11 13:39:42 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. Resent-From: Christopher Lemmer Webber Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 14 Aug 2019 20:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36956 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: "Jakob L. Kreuze" Cc: Ricardo Wurmus , 36956@debbugs.gnu.org Received: via spool by 36956-submit@debbugs.gnu.org id=B36956.15658158872629 (code B ref 36956); Wed, 14 Aug 2019 20:52:02 +0000 Received: (at 36956) by debbugs.gnu.org; 14 Aug 2019 20:51:27 +0000 Received: from localhost ([127.0.0.1]:49788 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hy0Ew-0000gK-Pj for submit@debbugs.gnu.org; Wed, 14 Aug 2019 16:51:27 -0400 Received: from dustycloud.org ([50.116.34.160]:40244) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hy0Ev-0000gB-4R for 36956@debbugs.gnu.org; Wed, 14 Aug 2019 16:51:25 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id A750B26630; Wed, 14 Aug 2019 16:51:24 -0400 (EDT) References: <87ef1x4015.fsf@sdf.lonestar.org> <874l2sydbs.fsf@elephly.net> <87zhkkk8a6.fsf@sdf.lonestar.org> <87ftmanxol.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber In-reply-to: <87ftmanxol.fsf@sdf.lonestar.org> Date: Wed, 14 Aug 2019 16:51:24 -0400 Message-ID: <87imqzxygj.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Jakob L. Kreuze writes: > zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) writes: > >> Hi Chris and Ricardo, >> >> Christopher Lemmer Webber writes: >> >>> This seems like a good usability improvement. For clarity, I assume >>> that it's still configurable, however? Would be important if pushing >>> builds to a different machine. >> >> No, but you raise a good point :) I'll update this patch to make it >> configurable. >> >> Ricardo Wurmus writes: >> >>> This will overwrite an existing acl file on the remote with a copy >>> that differs only in the newly added key. >>> >>> Is there a chance for corruption, e.g. if acl->public-keys returns >>> something unexpected? >> >> I suppose it's possible. 'guix archive --authorize' doesn't seem to do >> any specific handling for it, but it doesn't hurt to be paranoid -- we >> "atomically" overwrite the GC root for the bootloader configuration, for >> example, and we could do something similar here. I'll include it in the >> updated patch. >> >> Regards, >> Jakob >> > > I didn't think this all the way through when I wrote this response. > We're already using 'with-atomic-file-output', so we're already > "atomically" overwriting the ACL. Also, it wouldn't solve the issue of > 'acl->public-keys' returning something unexpected. > > I'm not sure I have a good solution for this at the moment. But it's only a problem for guix deploy so far, right? So it shouldn't break existing, hopefully-stable guix systems and rather only bleeding-edge guix deploy systems, right? :) If that's true then let's file a bug about this issue and get this code merged after you get this in patch series form. From unknown Thu Sep 11 13:39:42 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 15 Aug 2019 05:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36956 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Lemmer Webber Cc: "Jakob L. Kreuze" , 36956@debbugs.gnu.org Received: via spool by 36956-submit@debbugs.gnu.org id=B36956.156584837511465 (code B ref 36956); Thu, 15 Aug 2019 05:53:02 +0000 Received: (at 36956) by debbugs.gnu.org; 15 Aug 2019 05:52:55 +0000 Received: from localhost ([127.0.0.1]:50437 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hy8gw-0002yr-SV for submit@debbugs.gnu.org; Thu, 15 Aug 2019 01:52:55 -0400 Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21379) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hy8gr-0002ye-Ke for 36956@debbugs.gnu.org; Thu, 15 Aug 2019 01:52:53 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1565848361; cv=none; d=zoho.com; s=zohoarc; b=K+cKem6lY3m5u+rcpvau/woXPxZyqT4JTRUMU2lOOOhEIVAoinx0tcz8gqlnfPgo1GG4455coLgbjT8VG0dmp8Etzd9tLZ0rerjGiBfKid4e7YoMSCEIIS/5QIFygW9I5lDnZkPuTG5bIAsQhhyhnB/ZRB2PQP8jN+tpai7KrYQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1565848361; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=qKg04XMEvOygug0ZIhecYZfiXXUSnhjziPavOXzy3Vs=; b=lG68IBPjRXq/xHGHIjPTuALJzGgfVpOWM0F8qQrT53IBqvw77ULi3MmRWiR2ss8ToZ+2Y87hfAYrAiVCpznIRizsj896nuptrraNjxtdse+BqKDVH/NQBXjLibOz+URBCrIdVN7G564rICOUpHuKzPx+lDI0Bhf7FJl5LlZa7uA= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1565848361; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=2051; bh=qKg04XMEvOygug0ZIhecYZfiXXUSnhjziPavOXzy3Vs=; b=KNVE++jlxMI2gE9pRI4q34D70HhCuh1g8rbm1SrXafQmJ48LoVUY8jZhExDUM4vU Y2okKFq31A/OeqntXuwXfcKiS86608SpOL3a/55mabvMONQ+dO7YWnLwaLs0JmxYjCY dtSnuK/ejyRTCUcNudHzfnPU+9qP+S72ljIj1jhw= Received: from localhost (p4FD5AC81.dip0.t-ipconnect.de [79.213.172.129]) by mx.zohomail.com with SMTPS id 156584835831481.52731430360791; Wed, 14 Aug 2019 22:52:38 -0700 (PDT) References: <87ef1x4015.fsf@sdf.lonestar.org> <874l2sydbs.fsf@elephly.net> <87zhkkk8a6.fsf@sdf.lonestar.org> <87ftmanxol.fsf@sdf.lonestar.org> <87imqzxygj.fsf@dustycloud.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus In-reply-to: <87imqzxygj.fsf@dustycloud.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Thu, 15 Aug 2019 07:52:33 +0200 Message-ID: <8736i3ug9q.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Christopher Lemmer Webber writes: > Jakob L. Kreuze writes: > >> zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) writes: >> >>> Hi Chris and Ricardo, >>> >>> Christopher Lemmer Webber writes: >>> >>>> This seems like a good usability improvement. For clarity, I assume >>>> that it's still configurable, however? Would be important if pushing >>>> builds to a different machine. >>> >>> No, but you raise a good point :) I'll update this patch to make it >>> configurable. >>> >>> Ricardo Wurmus writes: >>> >>>> This will overwrite an existing acl file on the remote with a copy >>>> that differs only in the newly added key. >>>> >>>> Is there a chance for corruption, e.g. if acl->public-keys returns >>>> something unexpected? >>> >>> I suppose it's possible. 'guix archive --authorize' doesn't seem to do >>> any specific handling for it, but it doesn't hurt to be paranoid -- we >>> "atomically" overwrite the GC root for the bootloader configuration, for >>> example, and we could do something similar here. I'll include it in the >>> updated patch. >>> >>> Regards, >>> Jakob >>> >> >> I didn't think this all the way through when I wrote this response. >> We're already using 'with-atomic-file-output', so we're already >> "atomically" overwriting the ACL. Also, it wouldn't solve the issue of >> 'acl->public-keys' returning something unexpected. >> >> I'm not sure I have a good solution for this at the moment. > > But it's only a problem for guix deploy so far, right? So it shouldn't > break existing, hopefully-stable guix systems and rather only > bleeding-edge guix deploy systems, right? :) It has the potential to break systems that are the target of =E2=80=9Cguix deploy=E2=80=9D. The expected breakage would be minor as the acl can be regenerated. > If that's true then let's file a bug about this issue and get this code > merged after you get this in patch series form. I agree. -- Ricardo From unknown Thu Sep 11 13:39:42 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Subject: bug#36956: closed (Re: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key.) Message-ID: References: <87ef1my7ni.fsf@dustycloud.org> <87ef1x4015.fsf@sdf.lonestar.org> X-Gnu-PR-Message: they-closed 36956 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 36956@debbugs.gnu.org Date: Thu, 15 Aug 2019 11:46:04 +0000 Content-Type: multipart/mixed; boundary="----------=_1565869564-14521-1" This is a multi-part message in MIME format... ------------=_1565869564-14521-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #36956: [PATCH] machine: Automatically authorize the coordinator's signing = key. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 36956@debbugs.gnu.org. --=20 36956: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D36956 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1565869564-14521-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 36956-done) by debbugs.gnu.org; 15 Aug 2019 11:45:08 +0000 Received: from localhost ([127.0.0.1]:50732 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyEBo-0003ju-4v for submit@debbugs.gnu.org; Thu, 15 Aug 2019 07:45:08 -0400 Received: from dustycloud.org ([50.116.34.160]:43304) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyEBm-0003jm-M7 for 36956-done@debbugs.gnu.org; Thu, 15 Aug 2019 07:45:06 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 426D7266AD; Thu, 15 Aug 2019 07:45:06 -0400 (EDT) References: <87ef1x4015.fsf@sdf.lonestar.org> <874l2sydbs.fsf@elephly.net> <87zhkkk8a6.fsf@sdf.lonestar.org> <87ftmanxol.fsf@sdf.lonestar.org> <87imqzxygj.fsf@dustycloud.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber To: "Jakob L. Kreuze" Subject: Re: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. In-reply-to: <87imqzxygj.fsf@dustycloud.org> Date: Thu, 15 Aug 2019 07:45:05 -0400 Message-ID: <87ef1my7ni.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 36956-done Cc: 36956-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Christopher Lemmer Webber writes: > If that's true then let's file a bug about this issue and get this code > merged after you get this in patch series form. Merged and pushed! ------------=_1565869564-14521-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 7 Aug 2019 12:48:28 +0000 Received: from localhost ([127.0.0.1]:38176 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvLMi-0000Qs-1l for submit@debbugs.gnu.org; Wed, 07 Aug 2019 08:48:28 -0400 Received: from lists.gnu.org ([209.51.188.17]:37546) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hvLMg-0000Qj-Gs for submit@debbugs.gnu.org; Wed, 07 Aug 2019 08:48:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49094) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvLMf-0001Qh-48 for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:26 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvLMd-0005m1-T7 for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:25 -0400 Received: from mx.sdf.org ([205.166.94.20]:64903) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvLMd-0005lI-LL for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:23 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x77CmLU8020701 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO) for ; Wed, 7 Aug 2019 12:48:22 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: guix-patches@gnu.org Subject: [PATCH] machine: Automatically authorize the coordinator's signing key. Date: Wed, 07 Aug 2019 08:45:10 -0400 Message-ID: <87ef1x4015.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 205.166.94.20 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. * guix/scripts/deploy.scm (guix-deploy): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. =2D-- doc/guix.texi | 16 ---------------- gnu/machine/ssh.scm | 7 +++++++ guix/scripts/deploy.scm | 7 +++++++ guix/ssh.scm | 23 +++++++++++++++++++++++ 4 files changed, 37 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 734206a4b2..64ca44d494 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25530,22 +25530,6 @@ complex deployment may involve, for example, start= ing virtual machines through a Virtual Private Server (VPS) provider. In such a case, a different @var{environment} type would be used. =20 =2DDo note that you first need to generate a key pair on the coordinator ma= chine =2Dto allow the daemon to export signed archives of files from the store =2D(@pxref{Invoking guix archive}). =2D =2D@example =2D# guix archive --generate-key =2D@end example =2D =2D@noindent =2DEach target machine must authorize the key of the master machine so that= it =2Daccepts store items it receives from the coordinator: =2D =2D@example =2D# guix archive --authorize < coordinator-public-key.txt =2D@end example =2D @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 1f16d9a5ea..90deff19a8 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -28,13 +28,16 @@ #:use-module (guix i18n) #:use-module (guix modules) #:use-module (guix monads) + #:use-module (guix pki) #:use-module (guix records) #:use-module (guix remote) #:use-module (guix scripts system reconfigure) #:use-module (guix ssh) #:use-module (guix store) #:use-module (guix utils) + #:use-module (gcrypt pk-crypto) #:use-module (ice-9 match) + #:use-module (ice-9 textual-ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) @@ -329,6 +332,10 @@ the 'should-roll-back' field set to SHOULD-ROLL-BACK?" "Internal implementation of 'deploy-machine' for MACHINE instances with = an environment type of 'managed-host." (maybe-raise-unsupported-configuration-error machine) + (remote-authorize-signing-key (call-with-input-file %public-key-file + (lambda (port) + (string->canonical-sexp (get-string-al= l port)))) + (machine-ssh-session machine)) (mlet %store-monad ((_ (check-deployment-sanity machine)) (boot-parameters (machine-boot-parameters machine))) (let* ((os (machine-operating-system machine)) diff --git a/guix/scripts/deploy.scm b/guix/scripts/deploy.scm index 6a67985c8b..075c74d395 100644 =2D-- a/guix/scripts/deploy.scm +++ b/guix/scripts/deploy.scm @@ -20,6 +20,7 @@ (define-module (guix scripts deploy) #:use-module (gnu machine) #:use-module (guix discovery) + #:use-module (guix pki) #:use-module (guix scripts) #:use-module (guix scripts build) #:use-module (guix store) @@ -83,6 +84,12 @@ Perform the deployment specified by FILE.\n")) (define (guix-deploy . args) (define (handle-argument arg result) (alist-cons 'file arg result)) + + (unless (file-exists? %public-key-file) + (leave (G_ "no signing key '~a' +have you run 'guix archive --generate-key?'~%") + %public-key-file)) + (let* ((opts (parse-command-line args %options (list %default-options) #:argument-handler handle-argument)) (file (assq-ref opts 'file)) diff --git a/guix/ssh.scm b/guix/ssh.scm index 9b5ca68894..5186c646ca 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -21,6 +21,7 @@ #:use-module (guix inferior) #:use-module (guix i18n) #:use-module ((guix utils) #:select (&fix-hint)) + #:use-module (gcrypt pk-crypto) #:use-module (ssh session) #:use-module (ssh auth) #:use-module (ssh key) @@ -40,6 +41,7 @@ remote-daemon-channel connect-to-remote-daemon remote-system + remote-authorize-signing-key send-files retrieve-files retrieve-files* @@ -289,6 +291,27 @@ the machine on the other end of SESSION." (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-syste= m)) session)) =20 +(define (remote-authorize-signing-key key session) + "Send KEY, a canonical sexp containing a public key, over SESSION and ad= d it +to the system ACL file if it has not yet been authorized." + (inferior-remote-eval + `(begin + (use-modules (guix build utils) + (guix pki) + (guix utils) + (gcrypt pk-crypto) + (srfi srfi-26)) + + (define acl (current-acl)) + (define key (string->canonical-sexp ,(canonical-sexp->string key))) + + (unless (authorized-key? key) + (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) + (mkdir-p (dirname %acl-file)) + (with-atomic-file-output %acl-file + (cut write-acl acl <>))))) + session)) + (define* (send-files local files remote #:key recursive? =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1Kx9YACgkQ9Qb9Fp2P 2VpmcxAAnAGpa4RPKS+w2N9GBP8MlCBcduVQptguNKAIGRMQt3a6ZK+WTf10xtWk un9fEthxEwdowrhEEAb7WdJFvQku652sN+7XEwSVEg8ELDl1nXy1cVrm6HZHdxRf kuzH6Lhc4X51RgoH5k+ORUF0E7gmGp0gG8I2kB1LrROZkYX2SqzhVTV9gpG/Ve4D GnQk63osKFIXMtQiteGgJCX6GWMDBPdp9GRJ1t4gfxNkac9j3VO45ots0IGDTjUC 7qU5P8wsbs1OMd0s4oGYwMy5DJQzj4/HJH205oP3N4gQIntfCCuYt5TI7j2Uolb5 jPXN9CGrAxoWKMADnqpBx5LIhYL/+tKaxPcPs7snuB/hL65xhgJQ6sHiItIfGJ6g fbzfirJn8AF/KzyhmRl+7bchw1N6cPXZb+Hnxl8U9sMFywa3cm19F3qnv8IARf9W smodzOOvOkKtP7Va4rMn5Q7Hzj/OAS7aJEaL9oG1ukPpl4uQrrMHboyRqZuqCCFF ZLh0CYDLNrSq4PoQCYZRfLklmhhF331b7kYq9ckuo1ICF44ridQ1UMoy+ngHIrEE He6Ky5nvWsW8C4ZksotcDBfU90gMfkr1Y049NEzs016H8hAFrwu+UPJwDYKME1fi daAZFe3e9qQYZ5SNvE6Wx7e7u/ZaQRklwX5ZMAnJW/meiJlmlkw= =kkbD -----END PGP SIGNATURE----- --=-=-=-- ------------=_1565869564-14521-1--