GNU bug report logs -
#45911
'authorized-keys' field is badly documented
Previous Next
To reply to this bug, email your comments to 45911 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sat, 16 Jan 2021 03:32:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
raingloom <raingloom <at> riseup.net>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Sat, 16 Jan 2021 03:32:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
guix archive --authorize started issuing a warning some time ago
pointing to "authorized-keys" in "operating-system".
* that is not a valid field of operating-system
* there is no such item in the Guix info page's index
* the relevant example loads a single key from a file, without
indicating what the syntax of the file is
* trying to store /etc/guix/signing-key.pub as a Scheme file results in
a parser error due to the hexadecimal syntax being incompatible with
some Scheme syntax weirdness
So, how the hecc do I add keys permanently the Official Way? Because I
have no idea. I'll try to update the docs when I figure it out.
OOoor... the person who introduced the change could document it. :|
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sat, 16 Jan 2021 06:12:02 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
raingloom <raingloom <at> riseup.net> writes:
> guix archive --authorize started issuing a warning some time ago
> pointing to "authorized-keys" in "operating-system".
>
> * that is not a valid field of operating-system
That’s right. It’s a field of guix-configuration, which is documented
in 10.8.1 Base Services.
--
Ricardo
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sat, 16 Jan 2021 06:12:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sun, 17 Jan 2021 00:42:02 GMT)
Full text and
rfc822 format available.
Message #14 received at submit <at> debbugs.gnu.org (full text, mbox):
On Sat, 16 Jan 2021 07:10:47 +0100
Ricardo Wurmus <rekado <at> elephly.net> wrote:
> raingloom <raingloom <at> riseup.net> writes:
>
> > guix archive --authorize started issuing a warning some time ago
> > pointing to "authorized-keys" in "operating-system".
> >
> > * that is not a valid field of operating-system
>
> That’s right. It’s a field of guix-configuration, which is documented
> in 10.8.1 Base Services.
>
Thanks, I found that out already, that's how I ran into the other
issues.
I'm still confused about what the proper way to store the config info
is. Like how I should even store it as Scheme source code.
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sun, 17 Jan 2021 00:42:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sun, 17 Jan 2021 03:23:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 45911 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
I think you need to pass a file-like object, not a scheme expression. Don't try to modify or interpret the public key file, just pass it directly as-is.
Le 16 janvier 2021 19:34:49 GMT-05:00, raingloom <raingloom <at> riseup.net> a écrit :
>On Sat, 16 Jan 2021 07:10:47 +0100
>Ricardo Wurmus <rekado <at> elephly.net> wrote:
>
>> raingloom <raingloom <at> riseup.net> writes:
>>
>> > guix archive --authorize started issuing a warning some time ago
>> > pointing to "authorized-keys" in "operating-system".
>> >
>> > * that is not a valid field of operating-system
>>
>> That’s right. It’s a field of guix-configuration, which is
>documented
>> in 10.8.1 Base Services.
>>
>
>Thanks, I found that out already, that's how I ran into the other
>issues.
>I'm still confused about what the proper way to store the config info
>is. Like how I should even store it as Scheme source code.
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sun, 17 Jan 2021 03:25:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 45911 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Actually, here's how I use it: https://framagit.org/tyreunom/system-configuration/-/blob/master/systems/tachikoma.scm#L69
And the key file is the one generated by guix, unmodified: https://framagit.org/tyreunom/system-configuration/-/blob/master/keys/xana.pub
Le 16 janvier 2021 19:34:49 GMT-05:00, raingloom <raingloom <at> riseup.net> a écrit :
>On Sat, 16 Jan 2021 07:10:47 +0100
>Ricardo Wurmus <rekado <at> elephly.net> wrote:
>
>> raingloom <raingloom <at> riseup.net> writes:
>>
>> > guix archive --authorize started issuing a warning some time ago
>> > pointing to "authorized-keys" in "operating-system".
>> >
>> > * that is not a valid field of operating-system
>>
>> That’s right. It’s a field of guix-configuration, which is
>documented
>> in 10.8.1 Base Services.
>>
>
>Thanks, I found that out already, that's how I ran into the other
>issues.
>I'm still confused about what the proper way to store the config info
>is. Like how I should even store it as Scheme source code.
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Wed, 20 Jan 2021 08:50:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 45911 <at> debbugs.gnu.org (full text, mbox):
Hi,
raingloom <raingloom <at> riseup.net> skribis:
> I'm still confused about what the proper way to store the config info
> is. Like how I should even store it as Scheme source code.
Did you see this section and do you find it helpful?
https://guix.gnu.org/manual/en/html_node/Getting-Substitutes-from-Other-Servers.html
Ludo’.
Changed bug title to ''authorized-keys' field is badly documented' from 'authorized-fields is not/badly documented'
Request was from
Ludovic Courtès <ludo <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Wed, 20 Jan 2021 08:50:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Wed, 20 Jan 2021 20:44:02 GMT)
Full text and
rfc822 format available.
Message #31 received at 45911 <at> debbugs.gnu.org (full text, mbox):
On Sat, 16 Jan 2021 22:24:16 -0500
Julien Lepiller <julien <at> lepiller.eu> wrote:
> Actually, here's how I use it:
> https://framagit.org/tyreunom/system-configuration/-/blob/master/systems/tachikoma.scm#L69
>
> And the key file is the one generated by guix, unmodified:
> https://framagit.org/tyreunom/system-configuration/-/blob/master/keys/xana.pub
>
> Le 16 janvier 2021 19:34:49 GMT-05:00, raingloom
> <raingloom <at> riseup.net> a écrit :
> >On Sat, 16 Jan 2021 07:10:47 +0100
> >Ricardo Wurmus <rekado <at> elephly.net> wrote:
> >
> >> raingloom <raingloom <at> riseup.net> writes:
> >>
> >> > guix archive --authorize started issuing a warning some time ago
> >> > pointing to "authorized-keys" in "operating-system".
> >> >
> >> > * that is not a valid field of operating-system
> >>
> >> That’s right. It’s a field of guix-configuration, which is
> >documented
> >> in 10.8.1 Base Services.
> >>
> >
> >Thanks, I found that out already, that's how I ran into the other
> >issues.
> >I'm still confused about what the proper way to store the config info
> >is. Like how I should even store it as Scheme source code.
Thanks, guess I'll go down the file route for now, but this is an
unsatisfactory solution IMHO.
What if you have multiple keys, or want to only include a subset of
keys in a given machine?
Having to use a file object to store a sexp is an odd choice when every
other part of Guix tries as hard as it can to use sexps and Scheme data
structures for configuration.
If no one wants to fix it, mind if I give it a go?
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Wed, 20 Jan 2021 21:16:02 GMT)
Full text and
rfc822 format available.
Message #34 received at 45911 <at> debbugs.gnu.org (full text, mbox):
Le 20 janvier 2021 15:34:11 GMT-05:00, raingloom <raingloom <at> riseup.net> a écrit :
>On Sat, 16 Jan 2021 22:24:16 -0500
>Julien Lepiller <julien <at> lepiller.eu> wrote:
>
>> Actually, here's how I use it:
>>
>https://framagit.org/tyreunom/system-configuration/-/blob/master/systems/tachikoma.scm#L69
>>
>> And the key file is the one generated by guix, unmodified:
>>
>https://framagit.org/tyreunom/system-configuration/-/blob/master/keys/xana.pub
>>
>> Le 16 janvier 2021 19:34:49 GMT-05:00, raingloom
>> <raingloom <at> riseup.net> a écrit :
>> >On Sat, 16 Jan 2021 07:10:47 +0100
>> >Ricardo Wurmus <rekado <at> elephly.net> wrote:
>> >
>> >> raingloom <raingloom <at> riseup.net> writes:
>> >>
>> >> > guix archive --authorize started issuing a warning some time ago
>> >> > pointing to "authorized-keys" in "operating-system".
>> >> >
>> >> > * that is not a valid field of operating-system
>> >>
>> >> That’s right. It’s a field of guix-configuration, which is
>> >documented
>> >> in 10.8.1 Base Services.
>> >>
>> >
>> >Thanks, I found that out already, that's how I ran into the other
>> >issues.
>> >I'm still confused about what the proper way to store the config
>info
>> >is. Like how I should even store it as Scheme source code.
>
>Thanks, guess I'll go down the file route for now, but this is an
>unsatisfactory solution IMHO.
>What if you have multiple keys, or want to only include a subset of
>keys in a given machine?
>Having to use a file object to store a sexp is an odd choice when every
>other part of Guix tries as hard as it can to use sexps and Scheme data
>structures for configuration.
>
>If no one wants to fix it, mind if I give it a go?
Go ahead :)
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sat, 23 Jan 2021 05:40:01 GMT)
Full text and
rfc822 format available.
Message #37 received at 45911 <at> debbugs.gnu.org (full text, mbox):
On Wed, 20 Jan 2021 09:49:09 +0100
Ludovic Courtès <ludo <at> gnu.org> wrote:
> Hi,
>
> raingloom <raingloom <at> riseup.net> skribis:
>
> > I'm still confused about what the proper way to store the config
> > info is. Like how I should even store it as Scheme source code.
>
> Did you see this section and do you find it helpful?
>
> https://guix.gnu.org/manual/en/html_node/Getting-Substitutes-from-Other-Servers.html
>
> Ludo’.
I have, that's how I found out where the setting even is.
An issue that I only now noticed is that it doesn't explain where to
obtain the signing key from, or the new behaviour of `guix archive
--authorize`.
If no one wants to fix it, I'll submit a patch once I'm done setting up
Snapper and some backups.
Edit after this sat in my queue for a few days:
Okay, so I figured out that I should use a G-Expression if I want to
compute the file, instead of just include it. Still not sure how to
store it as Scheme data, but I have an untested idea involving the
"pipe" syntax for symbols.
Thanks for the pointers!
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Sat, 23 Jan 2021 09:11:02 GMT)
Full text and
rfc822 format available.
Message #40 received at 45911 <at> debbugs.gnu.org (full text, mbox):
raingloom <raingloom <at> riseup.net> writes:
> Okay, so I figured out that I should use a G-Expression if I want to
> compute the file, instead of just include it. Still not sure how to
> store it as Scheme data, but I have an untested idea involving the
> "pipe" syntax for symbols.
Use computed-file instead of local-file.
--
Ricardo
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Mon, 25 Jan 2021 23:05:02 GMT)
Full text and
rfc822 format available.
Message #43 received at 45911 <at> debbugs.gnu.org (full text, mbox):
On Sat, 23 Jan 2021 10:10:15 +0100
Ricardo Wurmus <rekado <at> elephly.net> wrote:
> raingloom <raingloom <at> riseup.net> writes:
>
> > Okay, so I figured out that I should use a G-Expression if I want to
> > compute the file, instead of just include it. Still not sure how to
> > store it as Scheme data, but I have an untested idea involving the
> > "pipe" syntax for symbols.
>
> Use computed-file instead of local-file.
>
I know about computed-file, the issue is that the syntax of the key is
not strictly Scheme. The long hexadecimal block isn't parsed as a
number:
```
(with-input-from-file "/etc/guix/signing-key.pub" read)
...
/etc/guix/signing-key.pub:4:8: Unknown # object: #\C
```
Trying to store it as a module results in the same error.
So I can't just have an associative list of hostnames and signing keys
and filter it based on the hostname, I have to store each key as an
opaque file, completely bypassing the module system.
Information forwarded
to
bug-guix <at> gnu.org:
bug#45911; Package
guix.
(Tue, 26 Jan 2021 07:15:01 GMT)
Full text and
rfc822 format available.
Message #46 received at 45911 <at> debbugs.gnu.org (full text, mbox):
raingloom <raingloom <at> riseup.net> writes:
> On Sat, 23 Jan 2021 10:10:15 +0100
> Ricardo Wurmus <rekado <at> elephly.net> wrote:
>
>> raingloom <raingloom <at> riseup.net> writes:
>>
>> > Okay, so I figured out that I should use a G-Expression if I want to
>> > compute the file, instead of just include it. Still not sure how to
>> > store it as Scheme data, but I have an untested idea involving the
>> > "pipe" syntax for symbols.
>>
>> Use computed-file instead of local-file.
>>
>
> I know about computed-file, the issue is that the syntax of the key is
> not strictly Scheme. The long hexadecimal block isn't parsed as a
> number:
> ```
> (with-input-from-file "/etc/guix/signing-key.pub" read)
> ...
> /etc/guix/signing-key.pub:4:8: Unknown # object: #\C
> ```
These are canonical s-expressions. You can read them with
“read-file-sexp” from (gcrypt pk-crypto). Or you can convert them to
readable s-expressions with “canonical-sexp->sexp”. Or you can create
them from strings with “string->canonical-sexp”.
--
Ricardo
This bug report was last modified 4 years and 140 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.