From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id ILOqDos4TGFvHQAAgWs5BA (envelope-from ) for ; Thu, 23 Sep 2021 10:19:23 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id oF00Cos4TGHfGAAAbx9fmQ (envelope-from ) for ; Thu, 23 Sep 2021 08:19:23 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5DAAF9FA5 for ; Thu, 23 Sep 2021 10:19:22 +0200 (CEST) Received: from localhost ([::1]:44680 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mTJwv-0004au-CW for larch@yhetil.org; Thu, 23 Sep 2021 04:19:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33464) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mTJwc-0004ZZ-EY for bug-guix@gnu.org; Thu, 23 Sep 2021 04:19:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41103) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mTJwc-0002n5-6R for bug-guix@gnu.org; Thu, 23 Sep 2021 04:19:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mTJwc-00026f-2I for bug-guix@gnu.org; Thu, 23 Sep 2021 04:19:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote Resent-From: Andrew Tropin Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 23 Sep 2021 08:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46760 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: pkill9 , 46760@debbugs.gnu.org Received: via spool by 46760-submit@debbugs.gnu.org id=B46760.16323851398087 (code B ref 46760); Thu, 23 Sep 2021 08:19:02 +0000 Received: (at 46760) by debbugs.gnu.org; 23 Sep 2021 08:18:59 +0000 Received: from localhost ([127.0.0.1]:52649 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mTJwZ-00026M-9L for submit@debbugs.gnu.org; Thu, 23 Sep 2021 04:18:59 -0400 Received: from mail-lf1-f50.google.com ([209.85.167.50]:43687) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mTJwX-000267-0V for 46760@debbugs.gnu.org; Thu, 23 Sep 2021 04:18:58 -0400 Received: by mail-lf1-f50.google.com with SMTP id e15so23302706lfr.10 for <46760@debbugs.gnu.org>; Thu, 23 Sep 2021 01:18:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop-in.20210112.gappssmtp.com; s=20210112; h=from:to:subject:in-reply-to:references:date:message-id:mime-version; bh=5XDqglIm6d3QQiL7GwYIqNGleLRH5D6Wb0wJqo7kdfA=; b=8JLoIIfBZchX/TyCuxD0vGZzA8CYNFbU0VfYMWKO/1Y5gaavAIP+v23psI/FGRI2nl csR5L6zJ1uV9zbtuSKObfYIUDMIGSk7xDHGhLYbJpeKpl+Nnd7jL0blxsqz6lmogehU9 3RMQCxI73oXh7z0/CRSgmB7615cS3ozJiFVZdxQt+MlLZyVcN6GBPV+Jpg94wnREWWhT on6vaQQdGhHlmzxoy8Bu0GaccPgEkLfejP7cG1hx4ZjTKgzvNWZlL2yWAeXx/ZA5o0VG 6Xct7ITk+zKlGFRnLImONKloKc+XUAGzrsdHjlzp9Tq2DAhu9LamK5EHZaELr2c8orze 2+jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version; bh=5XDqglIm6d3QQiL7GwYIqNGleLRH5D6Wb0wJqo7kdfA=; b=myRHAWbqcLfC8K9BAVHlKONPAO3oNN4APf/7E+p49BU4gHX6JaFEZI04/4/1oQb+DZ G8baY9o9rK+Lyv5zDSqJZjQnS+GR5ngRD2b9KcoWWdaORGmyys6FBk4Wyjsf2BBvn6j2 6AYZYkzMFEqxAPYqcNxyGKV+hBH7tAiVRSgpfXwtF/pXj3Lvi/ZyOdvfjfS+CwA1l4x5 64UzMvV7F2/8cRrFyUdivCBQtVmlGjSKkLnTaV1v8XrOBZWZ83c1Kcv36TmA29+uZxqc wU/BABXi2dk74GbTD1cckzDcbqWIBb+Dtjv5JXf3bXG2gEZF3bpOcch0MIcL1fFr+77d kIvQ== X-Gm-Message-State: AOAM530Z+TPj8+ODXoONk/cef8I7OQb5OTfILO/REYTzmLg8/YUSf095 zS/FD82JYI21amET0YtjzAFUEA== X-Google-Smtp-Source: ABdhPJwsglpCsYRUSILjigax3YQppnkUW09jhZiE5fwReM/+VBK9vHW50DyBrXwS/Luw640N8Yas0g== X-Received: by 2002:a05:6512:1047:: with SMTP id c7mr3235745lfb.26.1632385130993; Thu, 23 Sep 2021 01:18:50 -0700 (PDT) Received: from localhost ([109.252.93.92]) by smtp.gmail.com with ESMTPSA id r13sm498179ljh.61.2021.09.23.01.18.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Sep 2021 01:18:50 -0700 (PDT) From: Andrew Tropin In-Reply-To: <20210224235608.31825f91@runbox.com> References: <20210224235608.31825f91@runbox.com> Date: Thu, 23 Sep 2021 11:18:47 +0300 Message-ID: <871r5fg0wo.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1632385162; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=5XDqglIm6d3QQiL7GwYIqNGleLRH5D6Wb0wJqo7kdfA=; b=ONM0BpXWIOui58WLjjinieL0shxcg+BkWS29r3TbA8Dw1RFBlhUbfGpwdVlD7SHVI+RNdl HwQJ868OAqVv5tsiBwOTCv9/Huv+/IDGZJM8k+Ej/EO0sMo1TSlFa7t8eK3dZ7tpIkPLR9 DNhGWxuDskRUey0PqTbms5HBV+5CvH0kTAW02dskH2YHgSWc+smUFIfvJ1ka8tQY04Kk2i 0q7T+1qTeFhaIX8iKYRS4lly6gL+g6nN6Q6na+pV3C7FOloIYsSzgniGBxB4cDS9TJ7N4A 5H4Srsjd1inlGhI5rnVARd0Yt1CP+ybUenpb8u52+yaSVOMiTwrWPNvl9r1IBQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632385162; a=rsa-sha256; cv=none; b=Q6zLi3YYgpwIj3f66kyHS/z3yfcozzx5tOsHs/oCBGZqvs9ByvEARtu1ldRHJs6+TsbvI2 mlcxaRFNpCARn3Blro+7kVu4kMATnXBzmeqlySZ29w9KeWOnkVtbXiez+O0IRhi2EOY91C n6dZyJ+ScfS1Lv5PM2EoMWKaFfHfFjPU7hTP5aE2jUG8qgxFuWzGz4YUZ9IiJi761BeSiR emeDALpDvNVqiBnP9IPBM4Ym8Wa1PG+3/+WT2dEQ6yktsAnzW4nSiBAMqeqam3GJ40xWnL cmx2oB3nPzfI7Yi+YJ4Wjc7maZv5XLQyAEejk2Dbmw6LoctnOiRcfqYYUTRh7A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=trop-in.20210112.gappssmtp.com header.s=20210112 header.b=8JLoIIfB; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -3.49 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=trop-in.20210112.gappssmtp.com header.s=20210112 header.b=8JLoIIfB; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 5DAAF9FA5 X-Spam-Score: -3.49 X-Migadu-Scanner: scn0.migadu.com X-TUID: JhTQYAcbVXaQ --=-=-= Content-Type: text/plain On 2021-02-24 23:56, pkill9 wrote: > I'm using the machine-ssh-configuration, I set `(authorize? #t)` which > the manual states should authorize the deploying machine onto the > remote host, but I get an error: > ``` > guix deploy: error: unauthorized public key: (public-key... > ``` > > So I add to the OS definition: > > ``` > (guix-configuration > (authorized-keys (append `(,(local-file > "/etc/guix/signing-key.pub")) %default-authorized-guix-keys)))) > > ``` > > Which makes the error go away. I'm under the impression however that > the 'authorize? #t' field should be doing this without me needing to > add it to the OS configuration. `(authorize? #t)` seems working, it does `guix archive --authorize < local-key` on remote machine before reconfiguring, but after reconfiguration is finished the value of /etc/guix/acl is reset by guix-service-type and for some reason the error message you mentioned appears. Despite the error message the new generation is created and new configuration is applied. It seems something like copying auxiliary file to remote store happens after reconfiguration is finished. Will try to investigate that, when will have some free time. For now I do the same trick with changing the configuration for guix-service-type: https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmFMOGcACgkQIgjSCVjB 3rAEtg//ZRwOAzdRG9P6afCLFFK3aku4NVcAChHpaAX0PKhU/htMxm1CbTdrHCP6 jR6CbfIotRPnXSbgLvdtpWjmoLMr1qsfL/hPH53ZIFBdzJqJD7IMNEWAtpg+et19 xOyBZjGwBoVubQPXs1fsPAGJ91QHWzlkvvZ5GlYg6UMPajEJUaYZS5b6PEbrF+YU JLq5e7gcHuaM8xZPIhjU7QaLCnEwwMP/3ZVPOj59lufb8ZDACSBh11crUuKOwnmE HKociMmbQPHhhSBXhwE/aAZdpiqp1eH6xllrcCJDHRjZHodB2+A3tZGS74v6LjUA 5/lQh/ibkrdyI2KvDtJMDDSTxp+hcHQEXn+7i80vuBkMRWbwo4huozWsoUCyoCiI MQLw5x8ddnS1IQZ9t2ceW/f39RrT6VuP3CcqnneqTaR24uRJHTPCngxKt9wEKbn3 Uo0EFyWPLbx7lq74pFab8wZcVSrCQPdwtnaN4PCp/L03J4YqYIWLYoOtqAeYscH2 WNJZm8hZxRtrzZHnuEiyFl+M3Qy8FvPNlICQDSLWRyeP+00oB3oYrNMwlVjsbE4d o5bsXqEVKRrQW0cr1RKInf40plhEinWsXe8awFX2GC8XYIOEUvCn/7TJZcc3/hrv OCWY7qn5ti+juVwKzNebCQy1zNamUP8YWPd18fZwOqO7iyW+xUg= =K485 -----END PGP SIGNATURE----- --=-=-=--