From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 24 18:56:26 2021 Received: (at submit) by debbugs.gnu.org; 24 Feb 2021 23:56:26 +0000 Received: from localhost ([127.0.0.1]:36232 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lF413-0002kO-Fv for submit@debbugs.gnu.org; Wed, 24 Feb 2021 18:56:26 -0500 Received: from lists.gnu.org ([209.51.188.17]:36830) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lF411-0002kA-2V for submit@debbugs.gnu.org; Wed, 24 Feb 2021 18:56:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:53366) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lF410-0008RP-LE for bug-guix@gnu.org; Wed, 24 Feb 2021 18:56:22 -0500 Received: from aibo.runbox.com ([91.220.196.211]:53436) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lF40w-0002MS-7p for bug-guix@gnu.org; Wed, 24 Feb 2021 18:56:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=runbox.com; s=selector2; h=Content-Transfer-Encoding:Content-Type:MIME-Version: Message-ID:Subject:To:From:Date; bh=xbfxcR+CP1h58P7MO441qa5gCRy31dy0HQdB6awrX2U=; b=VbcwyGuJCwnFDWNZBNc5GHsfdj /Ht4t0WURr5k+FU2CQBcX5jD9FrJK7xw1qKxmYVmYsTEy2rqz/TskUlvqHnIrb5TO2LhB/DgESCnc WLJSkudf05I+NpbU+jPouKHENq4TzuJv6fT5YbePNBGqDKl7hz8ReMe/FQA5ZMofPMURg2gjVNOms UEDIpw5dH6KJImGb8FtgwqNKg+GbLcN0Z/677XEtjpu8rl3vZm9M0lmsNkZCAKUF2Y97jcjJPZ1pD OpK1XtBChUeQarZWsmtwK4OBTTIfW640LRzFVifxvuVcocQvFrr2c8OjmU2qKnJIEWJBPKwFwmvKj Z3l1t1dQ==; Received: from [10.9.9.72] (helo=submission01.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1lF40s-0000Xf-6d for bug-guix@gnu.org; Thu, 25 Feb 2021 00:56:14 +0100 Received: by submission01.runbox with esmtpsa [Authenticated alias (780724)] (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) id 1lF40p-0000uy-8z for bug-guix@gnu.org; Thu, 25 Feb 2021 00:56:11 +0100 Date: Wed, 24 Feb 2021 23:56:08 +0000 From: pkill9 To: bug-guix@gnu.org Subject: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote Message-ID: <20210224235608.31825f91@runbox.com> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=91.220.196.211; envelope-from=pkill9@runbox.com; helo=aibo.runbox.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) I'm using the machine-ssh-configuration, I set `(authorize? #t)` which the manual states should authorize the deploying machine onto the remote host, but I get an error: ``` guix deploy: error: unauthorized public key: (public-key... ``` So I add to the OS definition: ``` (guix-configuration (authorized-keys (append `(,(local-file "/etc/guix/signing-key.pub")) %default-authorized-guix-keys)))) ``` Which makes the error go away. I'm under the impression however that the 'authorize? #t' field should be doing this without me needing to add it to the OS configuration. From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 23 04:18:59 2021 Received: (at 46760) by debbugs.gnu.org; 23 Sep 2021 08:18:59 +0000 Received: from localhost ([127.0.0.1]:52649 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mTJwZ-00026M-9L for submit@debbugs.gnu.org; Thu, 23 Sep 2021 04:18:59 -0400 Received: from mail-lf1-f50.google.com ([209.85.167.50]:43687) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mTJwX-000267-0V for 46760@debbugs.gnu.org; Thu, 23 Sep 2021 04:18:58 -0400 Received: by mail-lf1-f50.google.com with SMTP id e15so23302706lfr.10 for <46760@debbugs.gnu.org>; Thu, 23 Sep 2021 01:18:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop-in.20210112.gappssmtp.com; s=20210112; h=from:to:subject:in-reply-to:references:date:message-id:mime-version; bh=5XDqglIm6d3QQiL7GwYIqNGleLRH5D6Wb0wJqo7kdfA=; b=8JLoIIfBZchX/TyCuxD0vGZzA8CYNFbU0VfYMWKO/1Y5gaavAIP+v23psI/FGRI2nl csR5L6zJ1uV9zbtuSKObfYIUDMIGSk7xDHGhLYbJpeKpl+Nnd7jL0blxsqz6lmogehU9 3RMQCxI73oXh7z0/CRSgmB7615cS3ozJiFVZdxQt+MlLZyVcN6GBPV+Jpg94wnREWWhT on6vaQQdGhHlmzxoy8Bu0GaccPgEkLfejP7cG1hx4ZjTKgzvNWZlL2yWAeXx/ZA5o0VG 6Xct7ITk+zKlGFRnLImONKloKc+XUAGzrsdHjlzp9Tq2DAhu9LamK5EHZaELr2c8orze 2+jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version; bh=5XDqglIm6d3QQiL7GwYIqNGleLRH5D6Wb0wJqo7kdfA=; b=myRHAWbqcLfC8K9BAVHlKONPAO3oNN4APf/7E+p49BU4gHX6JaFEZI04/4/1oQb+DZ G8baY9o9rK+Lyv5zDSqJZjQnS+GR5ngRD2b9KcoWWdaORGmyys6FBk4Wyjsf2BBvn6j2 6AYZYkzMFEqxAPYqcNxyGKV+hBH7tAiVRSgpfXwtF/pXj3Lvi/ZyOdvfjfS+CwA1l4x5 64UzMvV7F2/8cRrFyUdivCBQtVmlGjSKkLnTaV1v8XrOBZWZ83c1Kcv36TmA29+uZxqc wU/BABXi2dk74GbTD1cckzDcbqWIBb+Dtjv5JXf3bXG2gEZF3bpOcch0MIcL1fFr+77d kIvQ== X-Gm-Message-State: AOAM530Z+TPj8+ODXoONk/cef8I7OQb5OTfILO/REYTzmLg8/YUSf095 zS/FD82JYI21amET0YtjzAFUEA== X-Google-Smtp-Source: ABdhPJwsglpCsYRUSILjigax3YQppnkUW09jhZiE5fwReM/+VBK9vHW50DyBrXwS/Luw640N8Yas0g== X-Received: by 2002:a05:6512:1047:: with SMTP id c7mr3235745lfb.26.1632385130993; Thu, 23 Sep 2021 01:18:50 -0700 (PDT) Received: from localhost ([109.252.93.92]) by smtp.gmail.com with ESMTPSA id r13sm498179ljh.61.2021.09.23.01.18.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Sep 2021 01:18:50 -0700 (PDT) From: Andrew Tropin To: pkill9 , 46760@debbugs.gnu.org Subject: Re: bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote In-Reply-To: <20210224235608.31825f91@runbox.com> References: <20210224235608.31825f91@runbox.com> Date: Thu, 23 Sep 2021 11:18:47 +0300 Message-ID: <871r5fg0wo.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 46760 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2021-02-24 23:56, pkill9 wrote: > I'm using the machine-ssh-configuration, I set `(authorize? #t)` which > the manual states should authorize the deploying machine onto the > remote host, but I get an error: > ``` > guix deploy: error: unauthorized public key: (public-key... > ``` > > So I add to the OS definition: > > ``` > (guix-configuration > (authorized-keys (append `(,(local-file > "/etc/guix/signing-key.pub")) %default-authorized-guix-keys)))) > > ``` > > Which makes the error go away. I'm under the impression however that > the 'authorize? #t' field should be doing this without me needing to > add it to the OS configuration. `(authorize? #t)` seems working, it does `guix archive --authorize < local-key` on remote machine before reconfiguring, but after reconfiguration is finished the value of /etc/guix/acl is reset by guix-service-type and for some reason the error message you mentioned appears. Despite the error message the new generation is created and new configuration is applied. It seems something like copying auxiliary file to remote store happens after reconfiguration is finished. Will try to investigate that, when will have some free time. For now I do the same trick with changing the configuration for guix-service-type: https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmFMOGcACgkQIgjSCVjB 3rAEtg//ZRwOAzdRG9P6afCLFFK3aku4NVcAChHpaAX0PKhU/htMxm1CbTdrHCP6 jR6CbfIotRPnXSbgLvdtpWjmoLMr1qsfL/hPH53ZIFBdzJqJD7IMNEWAtpg+et19 xOyBZjGwBoVubQPXs1fsPAGJ91QHWzlkvvZ5GlYg6UMPajEJUaYZS5b6PEbrF+YU JLq5e7gcHuaM8xZPIhjU7QaLCnEwwMP/3ZVPOj59lufb8ZDACSBh11crUuKOwnmE HKociMmbQPHhhSBXhwE/aAZdpiqp1eH6xllrcCJDHRjZHodB2+A3tZGS74v6LjUA 5/lQh/ibkrdyI2KvDtJMDDSTxp+hcHQEXn+7i80vuBkMRWbwo4huozWsoUCyoCiI MQLw5x8ddnS1IQZ9t2ceW/f39RrT6VuP3CcqnneqTaR24uRJHTPCngxKt9wEKbn3 Uo0EFyWPLbx7lq74pFab8wZcVSrCQPdwtnaN4PCp/L03J4YqYIWLYoOtqAeYscH2 WNJZm8hZxRtrzZHnuEiyFl+M3Qy8FvPNlICQDSLWRyeP+00oB3oYrNMwlVjsbE4d o5bsXqEVKRrQW0cr1RKInf40plhEinWsXe8awFX2GC8XYIOEUvCn/7TJZcc3/hrv OCWY7qn5ti+juVwKzNebCQy1zNamUP8YWPd18fZwOqO7iyW+xUg= =K485 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 27 21:25:13 2021 Received: (at 46760) by debbugs.gnu.org; 28 Oct 2021 01:25:13 +0000 Received: from localhost ([127.0.0.1]:50913 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mfuAL-0001qP-74 for submit@debbugs.gnu.org; Wed, 27 Oct 2021 21:25:13 -0400 Received: from mail-qv1-f54.google.com ([209.85.219.54]:46836) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mfuAJ-0001q4-EI for 46760@debbugs.gnu.org; Wed, 27 Oct 2021 21:25:12 -0400 Received: by mail-qv1-f54.google.com with SMTP id g25so2052659qvf.13 for <46760@debbugs.gnu.org>; Wed, 27 Oct 2021 18:25:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=JMErUR6SpLQZ98c0IKCCf7rZX7NvbYchaUQpYOcQEXg=; b=DYGk+AD3y5ozAx20L2+7X0OJ5r0Rdv/fzmN1uWIP/mpyl0UP3sB10cddkss5KYAIYW OaijVoXX3KsFZ6+IknS1R2URxbSjBJIWXxY9Ljtj09Yf1sYW20Nq4WKCCepG2ELxJ2+Y E7EApqsnnh0hFu2w+VVcv4E5K9eTQ7fXSc178wXZWwZHOG9w/Qe8aStAlitRlrg1hX4x 4xkLHYscaOp9LQFrj/xf1RFdOq0vIUZIH4w4QdJjxZDz3/Ah3BnX8belHFwsZjbxyQQN /DEz4ELT1zP1xpyr7gt4/7dzkglZ+UsmoQaRhHrvAO43QA0F8c77cR15rohxZ4tMh1Rm 0YXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=JMErUR6SpLQZ98c0IKCCf7rZX7NvbYchaUQpYOcQEXg=; b=FI7MlB3dFD07/d2nqLfO5BZn81Q90L32J6Cs5+3bFiwkY4S9FUNvc7n8Sdn1oy+irI qvgv10UYMNZtSTe1pWl7gpQ4jbiaNQF1n3szfwT/FWlVyAiSziAUshlsQFJsTnm/Tjin cwRS5GU/EQYXmYIfuuR9g5EXfGyw6bFFOmrfxiitRb83Dnu+d6MqI6ASI8fFKYVTFf9B 34Zs0fjCSc6dUGds7ujedfvBsmUMAkpwqribe6HcNoEfm4qRijAPzp8hk8lwEDgW9L6U Och1FZnM4Rv00eRnsVDrCq2CxmmV1ICJlgTNcdDI20KhuOz0LD+0bD1yTkUBADIC17Z7 uiAA== X-Gm-Message-State: AOAM531jLPlipFYEDI7N/VcErBo+C7ZBfBig9PFmICPEO1DuScYI+Twm PbB/7nxsrv4X47Cv121BMKUaaNZyZeE= X-Google-Smtp-Source: ABdhPJyqP3XuyTn+njs8MGrVWdEpCJGH9kuttTKXgyXsNXXbAsq/9LlZS28yQzm8y2k8KtWttRk2QA== X-Received: by 2002:a05:6214:20c:: with SMTP id i12mr1366278qvt.34.1635384305912; Wed, 27 Oct 2021 18:25:05 -0700 (PDT) Received: from hurd (dsl-152-69.b2b2c.ca. [66.158.152.69]) by smtp.gmail.com with ESMTPSA id t1sm1087804qkm.9.2021.10.27.18.25.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Oct 2021 18:25:05 -0700 (PDT) From: Maxim Cournoyer To: Andrew Tropin Subject: Re: bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote References: <20210224235608.31825f91@runbox.com> <871r5fg0wo.fsf@trop.in> Date: Wed, 27 Oct 2021 21:25:04 -0400 In-Reply-To: <871r5fg0wo.fsf@trop.in> (Andrew Tropin's message of "Thu, 23 Sep 2021 11:18:47 +0300") Message-ID: <877ddyaqkv.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 46760 Cc: 46760@debbugs.gnu.org, pkill9 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Andrew Tropin writes: > On 2021-02-24 23:56, pkill9 wrote: > >> I'm using the machine-ssh-configuration, I set `(authorize? #t)` which >> the manual states should authorize the deploying machine onto the >> remote host, but I get an error: >> ``` >> guix deploy: error: unauthorized public key: (public-key... >> ``` >> >> So I add to the OS definition: >> >> ``` >> (guix-configuration >> (authorized-keys (append `(,(local-file >> "/etc/guix/signing-key.pub")) %default-authorized-guix-keys)))) >> >> ``` >> >> Which makes the error go away. I'm under the impression however that >> the 'authorize? #t' field should be doing this without me needing to >> add it to the OS configuration. > > `(authorize? #t)` seems working, it does `guix archive --authorize < > local-key` on remote machine before reconfiguring, but after > reconfiguration is finished the value of /etc/guix/acl is reset by > guix-service-type and for some reason the error message you mentioned > appears. Despite the error message the new generation is created and > new configuration is applied. It seems something like copying auxiliary > file to remote store happens after reconfiguration is finished. Will > try to investigate that, when will have some free time. > > For now I do the same trick with changing the configuration for > guix-service-type: > https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s It probably has to do with commit 3b6e4e5fd05e72b8a32ff1a2d5e21464260e21e6, which made /etc/guix/acl declarative by default. Thanks, Maxim