GNU bug report logs - #46760
guix deploy doesn't seem to be authorizing the machine that is deploying to the remote

Previous Next

Full log

View this message in rfc822 format

From: Andrew Tropin <andrew <at> trop.in>
To: pkill9 <pkill9 <at> runbox.com>, 46760 <at> debbugs.gnu.org
Subject: bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote
Date: Thu, 23 Sep 2021 11:18:47 +0300

[Message part 1 (text/plain, inline)]

On 2021-02-24 23:56, pkill9 wrote:

> I'm using the machine-ssh-configuration, I set `(authorize? #t)` which
> the manual states should authorize the deploying machine onto the
> remote host, but I get an error:
> ```
> guix deploy: error: unauthorized public key: (public-key...
> ```
>
> So I add to the OS definition:
>
> ```
>  (guix-configuration
>                    (authorized-keys (append `(,(local-file
> "/etc/guix/signing-key.pub")) %default-authorized-guix-keys))))
>
> ```
>
> Which makes the error go away. I'm under the impression however that
> the 'authorize? #t' field should be doing this without me needing to
> add it to the OS configuration.

`(authorize? #t)` seems working, it does `guix archive --authorize <
local-key` on remote machine before reconfiguring, but after
reconfiguration is finished the value of /etc/guix/acl is reset by
guix-service-type and for some reason the error message you mentioned
appears.  Despite the error message the new generation is created and
new configuration is applied.  It seems something like copying auxiliary
file to remote store happens after reconfiguration is finished.  Will
try to investigate that, when will have some free time.

For now I do the same trick with changing the configuration for
guix-service-type:
https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.