GNU bug report logs -
#39819
guix-service-type authorized keys are not honored when /etc/guix/acl exists
Previous Next
Full log
Message #42 received at 39819 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
BTW, attached it the script I used to retrieve the signing keys of all
the build nodes of the build farm so we can have them declared in the
config of the head node. You may find it handy if you have a similar
setup!
Ludo’.
[fetch-signing-keys.scm (text/plain, inline)]
(use-modules (guix scripts offload)
(guix ssh)
(guix inferior)
(ssh session)
(srfi srfi-34)
(ice-9 match))
(define open-ssh-session
(@@ (guix scripts offload) open-ssh-session))
(define build-machine-name (@@ (guix scripts offload) build-machine-name))
(define build-machine-port (@@ (guix scripts offload) build-machine-port))
(define (fetch-key machine)
(format #t "fetching key from ~s...~%" machine)
(let* ((session (open-ssh-session machine 5))
(inferior (remote-inferior session)))
(define key
(inferior-eval '(begin
(use-modules (rnrs io ports))
(with-fluids ((%default-port-encoding "ISO-8859-1"))
(call-with-input-file "/etc/guix/signing-key.pub"
get-string-all)))
inferior))
(define file
(string-append (build-machine-name machine)
(match (build-machine-port machine)
(22 "")
(port
(string-append ":"
(number->string
port))))
".pub"))
(with-fluids ((%default-port-encoding "ISO-8859-1"))
(call-with-output-file file
(lambda (port)
(display key port))))
(close-inferior inferior)
(disconnect! session)))
(let ((machines (load "/etc/guix/machines.scm")))
(for-each (lambda (machine)
(guard (c (pk 'fail c))
(fetch-key machine)))
machines))
This bug report was last modified 4 years and 212 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.