* bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote
@ 2021-02-24 23:56 pkill9
2021-09-23 8:18 ` Andrew Tropin
0 siblings, 1 reply; 3+ messages in thread
From: pkill9 @ 2021-02-24 23:56 UTC (permalink / raw)
To: 46760
I'm using the machine-ssh-configuration, I set `(authorize? #t)` which
the manual states should authorize the deploying machine onto the
remote host, but I get an error:
```
guix deploy: error: unauthorized public key: (public-key...
```
So I add to the OS definition:
```
(guix-configuration
(authorized-keys (append `(,(local-file
"/etc/guix/signing-key.pub")) %default-authorized-guix-keys))))
```
Which makes the error go away. I'm under the impression however that
the 'authorize? #t' field should be doing this without me needing to
add it to the OS configuration.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote
2021-02-24 23:56 bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote pkill9
@ 2021-09-23 8:18 ` Andrew Tropin
2021-10-28 1:25 ` Maxim Cournoyer
0 siblings, 1 reply; 3+ messages in thread
From: Andrew Tropin @ 2021-09-23 8:18 UTC (permalink / raw)
To: pkill9, 46760
[-- Attachment #1: Type: text/plain, Size: 1342 bytes --]
On 2021-02-24 23:56, pkill9 wrote:
> I'm using the machine-ssh-configuration, I set `(authorize? #t)` which
> the manual states should authorize the deploying machine onto the
> remote host, but I get an error:
> ```
> guix deploy: error: unauthorized public key: (public-key...
> ```
>
> So I add to the OS definition:
>
> ```
> (guix-configuration
> (authorized-keys (append `(,(local-file
> "/etc/guix/signing-key.pub")) %default-authorized-guix-keys))))
>
> ```
>
> Which makes the error go away. I'm under the impression however that
> the 'authorize? #t' field should be doing this without me needing to
> add it to the OS configuration.
`(authorize? #t)` seems working, it does `guix archive --authorize <
local-key` on remote machine before reconfiguring, but after
reconfiguration is finished the value of /etc/guix/acl is reset by
guix-service-type and for some reason the error message you mentioned
appears. Despite the error message the new generation is created and
new configuration is applied. It seems something like copying auxiliary
file to remote store happens after reconfiguration is finished. Will
try to investigate that, when will have some free time.
For now I do the same trick with changing the configuration for
guix-service-type:
https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote
2021-09-23 8:18 ` Andrew Tropin
@ 2021-10-28 1:25 ` Maxim Cournoyer
0 siblings, 0 replies; 3+ messages in thread
From: Maxim Cournoyer @ 2021-10-28 1:25 UTC (permalink / raw)
To: Andrew Tropin; +Cc: 46760, pkill9
Hello,
Andrew Tropin <andrew@trop.in> writes:
> On 2021-02-24 23:56, pkill9 wrote:
>
>> I'm using the machine-ssh-configuration, I set `(authorize? #t)` which
>> the manual states should authorize the deploying machine onto the
>> remote host, but I get an error:
>> ```
>> guix deploy: error: unauthorized public key: (public-key...
>> ```
>>
>> So I add to the OS definition:
>>
>> ```
>> (guix-configuration
>> (authorized-keys (append `(,(local-file
>> "/etc/guix/signing-key.pub")) %default-authorized-guix-keys))))
>>
>> ```
>>
>> Which makes the error go away. I'm under the impression however that
>> the 'authorize? #t' field should be doing this without me needing to
>> add it to the OS configuration.
>
> `(authorize? #t)` seems working, it does `guix archive --authorize <
> local-key` on remote machine before reconfiguring, but after
> reconfiguration is finished the value of /etc/guix/acl is reset by
> guix-service-type and for some reason the error message you mentioned
> appears. Despite the error message the new generation is created and
> new configuration is applied. It seems something like copying auxiliary
> file to remote store happens after reconfiguration is finished. Will
> try to investigate that, when will have some free time.
>
> For now I do the same trick with changing the configuration for
> guix-service-type:
> https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s
It probably has to do with commit
3b6e4e5fd05e72b8a32ff1a2d5e21464260e21e6, which made /etc/guix/acl
declarative by default.
Thanks,
Maxim
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-28 1:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-24 23:56 bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote pkill9
2021-09-23 8:18 ` Andrew Tropin
2021-10-28 1:25 ` Maxim Cournoyer
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.