--- Begin Message ---
Subject: |
“guix offload test” doesn’t report missing key pairs on the remote host |
Date: |
Fri, 08 Mar 2019 17:38:50 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hello,
When trying to offload to a remote machine R that doesn’t have a key
pair in /etc/guix, ‘guix offload test’ currently fails like this:
--8<---------------cut here---------------start------------->8---
guix offload: testing 3 build machines defined in '/etc/guix/machines.scm'...
guix offload: Guix is usable on 'R' (test returned
"/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
guix offload: 'R' is running GNU Guile 2.2.4
sending 1 store item (0 MiB) to 'R'...
exporting path `/gnu/store/dbs25m05x1v43s66frh1060ibxdy3q70-export-test'
guix offload: 'R' successfully imported
'/gnu/store/dbs25m05x1v43s66frh1060ibxdy3q70-export-test'
retrieving 1 store item from 'R'...
guix offload: error: implementation cannot deal with > 32-bit integers
--8<---------------cut here---------------end--------------->8---
When stracing “guix offload test”, we see this:
--8<---------------cut here---------------start------------->8---
write(1, "retrieving 1 store item from 'RRRRR.guix.info'...\n", 50) = 50
write(16, "\33\0\0\0\0\0\0\0", 8) = 8
read(16, "atad\0\0\0\0", 8) = 8
read(16, "\0\200\0\0\0\0\0\0", 8) = 8
[...]
write(16,
"M\1\0\0\0\0\0\0\1\0\0\0\0\0\0\0\r\0\0\0\0\0\0\0nix-archive-1\0\0\0\1\0\0\0\0\0\0\0(\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0type\0\0\0\0\7\0\0\0\0\0\0\0regular\0\10\0\0\0\0\0\0\0contents\26\0\0\0\0\0\0\0RRRRR.guix.info-966879\0\0\1\0\0\0\0\0\0\0)\0\0\0\0\0\0\0NIXE\0\0\0\0007\0\0\0\0\0\0\0/gnu/store/3bxyihakqhhcwckb2yz3h7fzmfii0wsn-import-test\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0(protocol-error
1 \"getting status of `/etc/guix/signing-key.sec': No such file or
directory\")\0\0\0", 344) = 344
read(16, "ptxc\0\0\0\0", 8) = 8
read(16, "1\0\0\0\0\0\0\0", 8) = 8
read(16, "implementation cannot deal with > 32-bit integers", 49) = 49
read(16, "\0\0\0\0\0\0\0", 7) = 7
read(16, "\1", 1) = 1
read(16, "\0\0\0\0\0\0\0", 7) = 7
--8<---------------cut here---------------end--------------->8---
Ludo’.
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#31825: guix offload fails with guix-authenticate error |
Date: |
Sun, 08 Aug 2021 00:09:20 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
> Just as a follow-up; I've managed to fall into this trap again,
> attempting to authorize the keys by adding them to the 'authorize-keys'
> field of guix-configuration record.
>
> On the local machine:
>
> guix offload test /etc/guix/machines.scm 127.0.0.1
> guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'...
> guix offload: Guix is usable on '127.0.0.1' (test returned
> "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
> guix offload: '127.0.0.1' is running GNU Guile 3.0.0
> sending 1 store item (0 MiB) to '127.0.0.1'...
> exporting path `/gnu/store/l9mph3k5l26nm8mb50imsklbsz0bji0b-export-test'
> guix offload: error: program
> `/gnu/store/amjsgks2n05k9lkck78z64nphad1dkqr-guix-1.0.1-13.50299ad/bin/guix'
> failed with exit code 1
>
>
> On the remote machine:
>
> sudo strace -p 15683 -p 15716 -f -s345 -o /tmp/log
>
> And found within /tmp/log:
>
> 16120 write(2, "guix authenticate: error: error: unauthorized public
> key: (public-key \n (ecc \n (curve Ed25519)\n (q #MY-PUBLIC-KEY#)\n
> )\n )\n", 176) = 176
>
> So, still actual :-)
>
> Maxim
I think many things have been improved in the diagnostics of guix
offload since the original report. The last gotcha I had hit described
above appears to had been caused by the keys added to the
'authorized-keys' field of the 'guix-configuration' record not being
taken into account when a /etc/guix/acl file was already populated (it
used to not be declarative).
Closing this forgotten issue.
Thanks,
Maxim
--- End Message ---