From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:49251) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvLNI-0001hj-Vu for guix-patches@gnu.org; Wed, 07 Aug 2019 08:49:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvLNH-0006LM-GM for guix-patches@gnu.org; Wed, 07 Aug 2019 08:49:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57588) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hvLNG-0006L6-PV for guix-patches@gnu.org; Wed, 07 Aug 2019 08:49:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hvLNG-0000Rv-Mq for guix-patches@gnu.org; Wed, 07 Aug 2019 08:49:02 -0400 Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key. Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:49094) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvLMf-0001Qh-48 for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvLMd-0005m1-T7 for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:25 -0400 Received: from mx.sdf.org ([205.166.94.20]:64903) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hvLMd-0005lI-LL for guix-patches@gnu.org; Wed, 07 Aug 2019 08:48:23 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x77CmLU8020701 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO) for ; Wed, 7 Aug 2019 12:48:22 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Date: Wed, 07 Aug 2019 08:45:10 -0400 Message-ID: <87ef1x4015.fsf@sdf.lonestar.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 36956@debbugs.gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * guix/ssh.scm (remote-authorize-signing-key): New variable. * gnu/machine/ssh.scm (deploy-managed-host): Authorize coordinator's signing key before any invocations of 'remote-eval'. * guix/scripts/deploy.scm (guix-deploy): Display an error if a signing key does not exist. * doc/guix.texi (Invoking guix deploy): Remove section describing manual signing key authorization. =2D-- doc/guix.texi | 16 ---------------- gnu/machine/ssh.scm | 7 +++++++ guix/scripts/deploy.scm | 7 +++++++ guix/ssh.scm | 23 +++++++++++++++++++++++ 4 files changed, 37 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 734206a4b2..64ca44d494 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25530,22 +25530,6 @@ complex deployment may involve, for example, start= ing virtual machines through a Virtual Private Server (VPS) provider. In such a case, a different @var{environment} type would be used. =20 =2DDo note that you first need to generate a key pair on the coordinator ma= chine =2Dto allow the daemon to export signed archives of files from the store =2D(@pxref{Invoking guix archive}). =2D =2D@example =2D# guix archive --generate-key =2D@end example =2D =2D@noindent =2DEach target machine must authorize the key of the master machine so that= it =2Daccepts store items it receives from the coordinator: =2D =2D@example =2D# guix archive --authorize < coordinator-public-key.txt =2D@end example =2D @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 1f16d9a5ea..90deff19a8 100644 =2D-- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -28,13 +28,16 @@ #:use-module (guix i18n) #:use-module (guix modules) #:use-module (guix monads) + #:use-module (guix pki) #:use-module (guix records) #:use-module (guix remote) #:use-module (guix scripts system reconfigure) #:use-module (guix ssh) #:use-module (guix store) #:use-module (guix utils) + #:use-module (gcrypt pk-crypto) #:use-module (ice-9 match) + #:use-module (ice-9 textual-ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) @@ -329,6 +332,10 @@ the 'should-roll-back' field set to SHOULD-ROLL-BACK?" "Internal implementation of 'deploy-machine' for MACHINE instances with = an environment type of 'managed-host." (maybe-raise-unsupported-configuration-error machine) + (remote-authorize-signing-key (call-with-input-file %public-key-file + (lambda (port) + (string->canonical-sexp (get-string-al= l port)))) + (machine-ssh-session machine)) (mlet %store-monad ((_ (check-deployment-sanity machine)) (boot-parameters (machine-boot-parameters machine))) (let* ((os (machine-operating-system machine)) diff --git a/guix/scripts/deploy.scm b/guix/scripts/deploy.scm index 6a67985c8b..075c74d395 100644 =2D-- a/guix/scripts/deploy.scm +++ b/guix/scripts/deploy.scm @@ -20,6 +20,7 @@ (define-module (guix scripts deploy) #:use-module (gnu machine) #:use-module (guix discovery) + #:use-module (guix pki) #:use-module (guix scripts) #:use-module (guix scripts build) #:use-module (guix store) @@ -83,6 +84,12 @@ Perform the deployment specified by FILE.\n")) (define (guix-deploy . args) (define (handle-argument arg result) (alist-cons 'file arg result)) + + (unless (file-exists? %public-key-file) + (leave (G_ "no signing key '~a' +have you run 'guix archive --generate-key?'~%") + %public-key-file)) + (let* ((opts (parse-command-line args %options (list %default-options) #:argument-handler handle-argument)) (file (assq-ref opts 'file)) diff --git a/guix/ssh.scm b/guix/ssh.scm index 9b5ca68894..5186c646ca 100644 =2D-- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -21,6 +21,7 @@ #:use-module (guix inferior) #:use-module (guix i18n) #:use-module ((guix utils) #:select (&fix-hint)) + #:use-module (gcrypt pk-crypto) #:use-module (ssh session) #:use-module (ssh auth) #:use-module (ssh key) @@ -40,6 +41,7 @@ remote-daemon-channel connect-to-remote-daemon remote-system + remote-authorize-signing-key send-files retrieve-files retrieve-files* @@ -289,6 +291,27 @@ the machine on the other end of SESSION." (inferior-remote-eval '(begin (use-modules (guix utils)) (%current-syste= m)) session)) =20 +(define (remote-authorize-signing-key key session) + "Send KEY, a canonical sexp containing a public key, over SESSION and ad= d it +to the system ACL file if it has not yet been authorized." + (inferior-remote-eval + `(begin + (use-modules (guix build utils) + (guix pki) + (guix utils) + (gcrypt pk-crypto) + (srfi srfi-26)) + + (define acl (current-acl)) + (define key (string->canonical-sexp ,(canonical-sexp->string key))) + + (unless (authorized-key? key) + (let ((acl (public-keys->acl (cons key (acl->public-keys acl))))) + (mkdir-p (dirname %acl-file)) + (with-atomic-file-output %acl-file + (cut write-acl acl <>))))) + session)) + (define* (send-files local files remote #:key recursive? =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1Kx9YACgkQ9Qb9Fp2P 2VpmcxAAnAGpa4RPKS+w2N9GBP8MlCBcduVQptguNKAIGRMQt3a6ZK+WTf10xtWk un9fEthxEwdowrhEEAb7WdJFvQku652sN+7XEwSVEg8ELDl1nXy1cVrm6HZHdxRf kuzH6Lhc4X51RgoH5k+ORUF0E7gmGp0gG8I2kB1LrROZkYX2SqzhVTV9gpG/Ve4D GnQk63osKFIXMtQiteGgJCX6GWMDBPdp9GRJ1t4gfxNkac9j3VO45ots0IGDTjUC 7qU5P8wsbs1OMd0s4oGYwMy5DJQzj4/HJH205oP3N4gQIntfCCuYt5TI7j2Uolb5 jPXN9CGrAxoWKMADnqpBx5LIhYL/+tKaxPcPs7snuB/hL65xhgJQ6sHiItIfGJ6g fbzfirJn8AF/KzyhmRl+7bchw1N6cPXZb+Hnxl8U9sMFywa3cm19F3qnv8IARf9W smodzOOvOkKtP7Va4rMn5Q7Hzj/OAS7aJEaL9oG1ukPpl4uQrrMHboyRqZuqCCFF ZLh0CYDLNrSq4PoQCYZRfLklmhhF331b7kYq9ckuo1ICF44ridQ1UMoy+ngHIrEE He6Ky5nvWsW8C4ZksotcDBfU90gMfkr1Y049NEzs016H8hAFrwu+UPJwDYKME1fi daAZFe3e9qQYZ5SNvE6Wx7e7u/ZaQRklwX5ZMAnJW/meiJlmlkw= =kkbD -----END PGP SIGNATURE----- --=-=-=--