[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#31825: guix offload fails with guix-authenticate error
|
From: |
Maxim Cournoyer |
|
Subject: |
bug#31825: guix offload fails with guix-authenticate error |
|
Date: |
Sun, 17 Jun 2018 22:31:33 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Hi Ludo,
address@hidden (Ludovic Courtès) writes:
> Hello,
>
> Maxim Cournoyer <address@hidden> skribis:
>
>> I've read the documentation carefully many times, but I still can't make
>> `guix offload' work. It always fails like so:
>>
>> guix offload test
>> guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'...
>> guix offload: '192.168.1.105' is running guile (GNU Guile) 2.2.3
>> guix offload: Guix is usable on '192.168.1.105' (test returned
>> "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
>> sending 1 store item to '192.168.1.105'...
>> exporting path `/gnu/store/wrv01knf5xa76j73afscj066pbqq1na3-export-test'
>> guix offload: error: build failed: program `guix-authenticate' failed with
>> exit code 1
>
> Presumably what this means is that the remote machine rejected the store
> item we sent it.
>
> To fix it, you need to authorize the signing key of the first machine on
> the second machine, using ‘guix archive --authorize’.
> You also need to do the reverse and ‘guix offload test’ will also check
> that.
>
> Can you make sure the machines are authorized by each other? (Check
> /etc/guix/acl on each.)
I've verified this a couple times, following the manual
carefully. Here's a sample of what I did:
* On the main machine
$ sudo guix archive --generate-key
guix archive: error: key pair exists under '/etc/guix'; remove it first
$ cat /etc/guix/signing-key.pub
(public-key
(ecc
(curve Ed25519)
(q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)
)
)
$ scp /etc/guix/signing-key.pub x220:/tmp
signing-key.pub 100% 118 46.5KB/s 00:00
* On the offload machine
$ ssh x220
$ sudo -E guix archive --authorize < /tmp/signing-key.pub # on x220 machine
On my offload machine, the authorized key is added to
/usr/local/etc/guix/acl rather than /etc/guix/acl. I'm not sure why that
is, since this Guix was guix pulled, so it should be standard. But it
shouldn't matter since that running guix-daemon in gdb allowed me to see
that it was using a nixConfDir value set to "/usr/local/etc/guix".
$ sudo cat /etc/guix/acl
--8<---------------cut here---------------start------------->8---
(acl
(entry
(public-key
(rsa
(n
#00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268E82D4BBE0E35298C481C9DA1551642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B538A0E990A8825DEB73081D317001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D400658974D7DAD1F6B7B63C192B9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F330908CFDA9C3C8C32B64F7DD088457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F667080BA941D80D015CE87B0FB6A91A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15FC7B8785A3E86BA6592B2916CA22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D88B6A618F84DD73AEBED8270BCB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70A9C27CB5B7B050C9090590D3A9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF19963A191967054E9FD97DC14D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE97B89043E95BD1B70DE61DA666893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE551A3C447C12E104E65#)
(e #010001#)
)
)
(tag
(guix import)
)
)
)
--8<---------------cut here---------------end--------------->8---
$ sudo cat /usr/local/etc/guix/acl
--8<---------------cut here---------------start------------->8---
(acl
(entry
(public-key
(ecc
(curve Ed25519)
(q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)
)
)
(tag
(guix import)
)
)
(entry
(public-key
(ecc
(curve Ed25519)
(q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)
)
)
(tag
(guix import)
)
)
(entry
(public-key
(ecc
(curve Ed25519)
(q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)
)
)
(tag
(guix import)
)
)
(entry
(public-key
(ecc
(curve Ed25519)
(q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)
)
)
(tag
(guix import)
)
)
(entry
(public-key
(ecc
(curve Ed25519)
(q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#)
)
)
(tag
(guix import)
)
)
)
--8<---------------cut here---------------end--------------->8---
Notice that the same key can be added multiple times by using the
--authorize command, but cleaning up the file doesn't seem to help.
$ sudo -E guix archive --generate-key
guix archive: error: key pair exists under '/usr/local/etc/guix'; remove it
first
$ cat /usr/local/etc/guix/signing-key.pub
(public-key
(ecc
(curve Ed25519)
(q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#)
)
)
* Back to my main machine
$ scp x220:/usr/local/etc/guix/signing-key.pub /tmp
signing-key.pub 100% 118 35.3KB/s 00:00
$ sudo -E guix archive --authorize < /tmp/signing-key.pub
$ sudo cat /etc/guix/acl
--8<---------------cut here---------------start------------->8---
(acl
(entry
(public-key
(ecc
(curve Ed25519)
(q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#)
)
)
(tag
(guix import)
)
)
(entry
(public-key
(ecc
(curve Ed25519)
(q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#)
)
)
(tag
(guix import)
)
)
(entry
(public-key
(ecc
(curve Ed25519)
(q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#)
)
)
(tag
(guix import)
)
)
(entry
(public-key
(ecc
(curve Ed25519)
(q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#)
)
)
(tag
(guix import)
)
)
(entry
(public-key
(ecc
(curve Ed25519)
(q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)
)
)
(tag
(guix import)
)
)
)
--8<---------------cut here---------------end--------------->8---
$ guix offload test
--8<---------------cut here---------------start------------->8---
Connection to 192.168.1.105 closed.
address@hidden ~$ guix offload test
guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'...
guix offload: '192.168.1.105' is running guile (GNU Guile) 2.2.3
guix offload: Guix is usable on '192.168.1.105' (test returned
"/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
sending 1 store item to '192.168.1.105'...
exporting path `/gnu/store/smgzvgc9krglk0mjpcscg5450l05w4dg-export-test'
guix offload: error: build failed: program `guix-authenticate' failed
with exit code 1
--8<---------------cut here---------------end--------------->8---
Any other ideas?
Thank you!
Maxim
- bug#31825: guix offload fails with guix-authenticate error, Maxim Cournoyer, 2018/06/13
- bug#31825: guix offload fails with guix-authenticate error, Ludovic Courtès, 2018/06/14
- bug#31825: guix offload fails with guix-authenticate error,
Maxim Cournoyer <=
- bug#31825: guix offload fails with guix-authenticate error, Ludovic Courtès, 2018/06/18
- bug#31825: guix offload fails with guix-authenticate error, Maxim Cournoyer, 2018/06/19
- bug#31825: guix offload fails with guix-authenticate error, Ludovic Courtès, 2018/06/19
- Message not available
- bug#31825: guix offload fails with guix-authenticate error, Ludovic Courtès, 2018/06/19
- bug#31825: guix offload fails with guix-authenticate error, Maxim Cournoyer, 2018/06/19
- bug#31825: guix offload fails with guix-authenticate error, swedebugia, 2018/06/19
- bug#31825: guix offload fails with guix-authenticate error, Maxim Cournoyer, 2018/06/21
- bug#31825: guix offload fails with guix-authenticate error, Ludovic Courtès, 2018/06/20