--- Begin Message ---
Subject: |
guix offload fails with guix-authenticate error |
Date: |
Wed, 13 Jun 2018 23:54:15 -0400 |
Hello!
I've read the documentation carefully many times, but I still can't make
`guix offload' work. It always fails like so:
--8<---------------cut here---------------start------------->8---
guix offload test
guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'...
guix offload: '192.168.1.105' is running guile (GNU Guile) 2.2.3
guix offload: Guix is usable on '192.168.1.105' (test returned
"/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
sending 1 store item to '192.168.1.105'...
exporting path `/gnu/store/wrv01knf5xa76j73afscj066pbqq1na3-export-test'
guix offload: error: build failed: program `guix-authenticate' failed with exit
code 1
--8<---------------cut here---------------end--------------->8---
In GDB, I've attempted to follow the forks but without success. The
most useful hint I've got was the following message about
guix-authenticate not being found:
--8<---------------cut here---------------start------------->8---
sudo gdb --args guix-daemon --build-users-group=guixbuild
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
[...]
(gdb) r
Starting program: /home/mcournoyer/src/guix/guix-daemon
--build-users-group=guixbuild
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/gnu/store/4sqaib7c2dfjv62ivrg9b8wa7bh226la-glibc-2.26.105-g0890d5379c/lib/libthread_db.so.1".
accepted connection from pid 2241, user mcournoyer
accepted connection from pid 29024, user mcournoyer
accepted connection from pid 2241, user mcournoyer
accepted connection from pid 29068, user mcournoyer
error: executing `guix-authenticate': No such file or directory
--8<---------------cut here---------------end--------------->8---
Things I've tried without success:
1. Installing guix into my user's profile and then this to the ~/.bashrc
on the remote machine:
--8<---------------cut here---------------start------------->8---
GUIX_PROFILE=$HOME/.guix-profile
source $GUIX_PROFILE/etc/profile
# Hack to make guix-authenticate available
export PATH=$PATH:$GUIX_PROFILE/libexec
--8<---------------cut here---------------end--------------->8---
2. Noticing that the guix-daemon I was debugging (the one at
~/src/guix/guix-daemon) was using nixLibexecDir = "/usr/local/libexec"
and that the guix-daemon has code doing this in guix-daemon.cc:469:
--8<---------------cut here---------------start------------->8---
/* Hackily help 'local-store.cc' find our 'guix-authenticate' program,
which
is known as 'OPENSSL_PATH' here. */
std::string search_path;
search_path = settings.nixLibexecDir;
if (getenv ("PATH") != NULL)
{
search_path += ":";
search_path += getenv ("PATH");
}
setenv ("PATH", search_path.c_str (), 1);
--8<---------------cut here---------------end--------------->8---
I tried:
--8<---------------cut here---------------start------------->8---
sudo ln -s /var/guix/profiles/per-user/mcournoyer/guix-profile/libexec
/usr/local/libexec
--8<---------------cut here---------------end--------------->8---
I'm motivated to get this working; would be pleased to debug further
given fresh ideas.
Thanks,
Maxim
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#31825: guix offload fails with guix-authenticate error |
Date: |
Sun, 08 Aug 2021 00:09:20 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
> Just as a follow-up; I've managed to fall into this trap again,
> attempting to authorize the keys by adding them to the 'authorize-keys'
> field of guix-configuration record.
>
> On the local machine:
>
> guix offload test /etc/guix/machines.scm 127.0.0.1
> guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'...
> guix offload: Guix is usable on '127.0.0.1' (test returned
> "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
> guix offload: '127.0.0.1' is running GNU Guile 3.0.0
> sending 1 store item (0 MiB) to '127.0.0.1'...
> exporting path `/gnu/store/l9mph3k5l26nm8mb50imsklbsz0bji0b-export-test'
> guix offload: error: program
> `/gnu/store/amjsgks2n05k9lkck78z64nphad1dkqr-guix-1.0.1-13.50299ad/bin/guix'
> failed with exit code 1
>
>
> On the remote machine:
>
> sudo strace -p 15683 -p 15716 -f -s345 -o /tmp/log
>
> And found within /tmp/log:
>
> 16120 write(2, "guix authenticate: error: error: unauthorized public
> key: (public-key \n (ecc \n (curve Ed25519)\n (q #MY-PUBLIC-KEY#)\n
> )\n )\n", 176) = 176
>
> So, still actual :-)
>
> Maxim
I think many things have been improved in the diagnostics of guix
offload since the original report. The last gotcha I had hit described
above appears to had been caused by the keys added to the
'authorized-keys' field of the 'guix-configuration' record not being
taken into account when a /etc/guix/acl file was already populated (it
used to not be declarative).
Closing this forgotten issue.
Thanks,
Maxim
--- End Message ---