From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id QHviOTH8eWGbhQEAgWs5BA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 28 Oct 2021 03:26:09 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id qFCkNTH8eWEvXgAAB5/wlQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 28 Oct 2021 01:26:09 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id A95191346F
	for <larch@yhetil.org>; Thu, 28 Oct 2021 03:26:09 +0200 (CEST)
Received: from localhost ([::1]:53924 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1mfuBE-0005NF-Te
	for larch@yhetil.org; Wed, 27 Oct 2021 21:26:08 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47084)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mfuB8-0005N4-E6
 for bug-guix@gnu.org; Wed, 27 Oct 2021 21:26:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:39367)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mfuB8-0002aA-3D
 for bug-guix@gnu.org; Wed, 27 Oct 2021 21:26:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mfuB7-0001rg-LS
 for bug-guix@gnu.org; Wed, 27 Oct 2021 21:26:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#46760: guix deploy doesn't seem to be authorizing the machine
 that is deploying to the remote
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 28 Oct 2021 01:26:01 +0000
Resent-Message-ID: <handler.46760.B46760.16353843137097@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 46760
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Andrew Tropin <andrew@trop.in>
Received: via spool by 46760-submit@debbugs.gnu.org id=B46760.16353843137097
 (code B ref 46760); Thu, 28 Oct 2021 01:26:01 +0000
Received: (at 46760) by debbugs.gnu.org; 28 Oct 2021 01:25:13 +0000
Received: from localhost ([127.0.0.1]:50913 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mfuAL-0001qP-74
 for submit@debbugs.gnu.org; Wed, 27 Oct 2021 21:25:13 -0400
Received: from mail-qv1-f54.google.com ([209.85.219.54]:46836)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1mfuAJ-0001q4-EI
 for 46760@debbugs.gnu.org; Wed, 27 Oct 2021 21:25:12 -0400
Received: by mail-qv1-f54.google.com with SMTP id g25so2052659qvf.13
 for <46760@debbugs.gnu.org>; Wed, 27 Oct 2021 18:25:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; 
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=JMErUR6SpLQZ98c0IKCCf7rZX7NvbYchaUQpYOcQEXg=;
 b=DYGk+AD3y5ozAx20L2+7X0OJ5r0Rdv/fzmN1uWIP/mpyl0UP3sB10cddkss5KYAIYW
 OaijVoXX3KsFZ6+IknS1R2URxbSjBJIWXxY9Ljtj09Yf1sYW20Nq4WKCCepG2ELxJ2+Y
 E7EApqsnnh0hFu2w+VVcv4E5K9eTQ7fXSc178wXZWwZHOG9w/Qe8aStAlitRlrg1hX4x
 4xkLHYscaOp9LQFrj/xf1RFdOq0vIUZIH4w4QdJjxZDz3/Ah3BnX8belHFwsZjbxyQQN
 /DEz4ELT1zP1xpyr7gt4/7dzkglZ+UsmoQaRhHrvAO43QA0F8c77cR15rohxZ4tMh1Rm
 0YXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=JMErUR6SpLQZ98c0IKCCf7rZX7NvbYchaUQpYOcQEXg=;
 b=FI7MlB3dFD07/d2nqLfO5BZn81Q90L32J6Cs5+3bFiwkY4S9FUNvc7n8Sdn1oy+irI
 qvgv10UYMNZtSTe1pWl7gpQ4jbiaNQF1n3szfwT/FWlVyAiSziAUshlsQFJsTnm/Tjin
 cwRS5GU/EQYXmYIfuuR9g5EXfGyw6bFFOmrfxiitRb83Dnu+d6MqI6ASI8fFKYVTFf9B
 34Zs0fjCSc6dUGds7ujedfvBsmUMAkpwqribe6HcNoEfm4qRijAPzp8hk8lwEDgW9L6U
 Och1FZnM4Rv00eRnsVDrCq2CxmmV1ICJlgTNcdDI20KhuOz0LD+0bD1yTkUBADIC17Z7
 uiAA==
X-Gm-Message-State: AOAM531jLPlipFYEDI7N/VcErBo+C7ZBfBig9PFmICPEO1DuScYI+Twm
 PbB/7nxsrv4X47Cv121BMKUaaNZyZeE=
X-Google-Smtp-Source: ABdhPJyqP3XuyTn+njs8MGrVWdEpCJGH9kuttTKXgyXsNXXbAsq/9LlZS28yQzm8y2k8KtWttRk2QA==
X-Received: by 2002:a05:6214:20c:: with SMTP id
 i12mr1366278qvt.34.1635384305912; 
 Wed, 27 Oct 2021 18:25:05 -0700 (PDT)
Received: from hurd (dsl-152-69.b2b2c.ca. [66.158.152.69])
 by smtp.gmail.com with ESMTPSA id t1sm1087804qkm.9.2021.10.27.18.25.05
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 27 Oct 2021 18:25:05 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
References: <20210224235608.31825f91@runbox.com> <871r5fg0wo.fsf@trop.in>
Date: Wed, 27 Oct 2021 21:25:04 -0400
In-Reply-To: <871r5fg0wo.fsf@trop.in> (Andrew Tropin's message of "Thu, 23 Sep
 2021 11:18:47 +0300")
Message-ID: <877ddyaqkv.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Cc: 46760@debbugs.gnu.org, pkill9 <pkill9@runbox.com>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1635384369;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=JMErUR6SpLQZ98c0IKCCf7rZX7NvbYchaUQpYOcQEXg=;
	b=dJ6loODR74vyY2nR6AtjrlPjskgJ7jVdstF2bbVk845xoqwupw9yTLq8hNOsIcyJqlydHU
	dkuWUnHK0iHfzGFzwqYVeB4acsWeOccVqImlPzDtfSswdT5ASDyTfjfwncneKTcqbPYjbA
	tFu5UmV0MgmMr/x+W4hUrbh0SLmOk3Px4vqGQDP1tqsoEllvTxiq+apy6UNgYxMTHZ+8QN
	N9oBnJ8QwzVYdhJfUQkKUxZbopT4rofAkYJH9uVaz5OWUgADtNeavTMYtUJTJRjgxFXLRR
	utYNOMr3PDjuRKY0XO0dc3rJyd0759zgU3IbG1otB8s0ifVESV3Ubay6HPpvLg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1635384369; a=rsa-sha256; cv=none;
	b=quXyMdBhJsTXNQOm5jy0t9i7ue7NawCdlwHVearXxmZXoqFDetVbAsv+1V6I3WhVRXpmiO
	eBRu4j+fcwZEfMFvDruluYHBUila9tdkLn9j0e9rVGeJ1CV5yJ8ICla8H3ryTIimkH1T6Q
	+uf3h+oj2pboSOfVPT8xXAQCMwuUCZ4n6lMqURDsiLI/iFjth6APvKEfRD0XcRSo5Ks9t/
	K6XMqeeUdwtemTp9VSOgGcZUpbyltfyyHja5flGXwJuocUDg8JpOt3GI1VrS4B8REQuf8x
	KUkz/uwDMNtnXAY1dowwkDgS49v5c1mIiTqBOFvi/b/E7aRa+/Cs0tw0q/iNxA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=DYGk+AD3;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Spam-Score: -1.32
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=DYGk+AD3;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Queue-Id: A95191346F
X-Spam-Score: -1.32
X-Migadu-Scanner: scn0.migadu.com
X-TUID: 29KfcR/FyER1

Hello,

Andrew Tropin <andrew@trop.in> writes:

> On 2021-02-24 23:56, pkill9 wrote:
>
>> I'm using the machine-ssh-configuration, I set `(authorize? #t)` which
>> the manual states should authorize the deploying machine onto the
>> remote host, but I get an error:
>> ```
>> guix deploy: error: unauthorized public key: (public-key...
>> ```
>>
>> So I add to the OS definition:
>>
>> ```
>>  (guix-configuration
>>                    (authorized-keys (append `(,(local-file
>> "/etc/guix/signing-key.pub")) %default-authorized-guix-keys))))
>>
>> ```
>>
>> Which makes the error go away. I'm under the impression however that
>> the 'authorize? #t' field should be doing this without me needing to
>> add it to the OS configuration.
>
> `(authorize? #t)` seems working, it does `guix archive --authorize <
> local-key` on remote machine before reconfiguring, but after
> reconfiguration is finished the value of /etc/guix/acl is reset by
> guix-service-type and for some reason the error message you mentioned
> appears.  Despite the error message the new generation is created and
> new configuration is applied.  It seems something like copying auxiliary
> file to remote store happens after reconfiguration is finished.  Will
> try to investigate that, when will have some free time.
>
> For now I do the same trick with changing the configuration for
> guix-service-type:
> https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s

It probably has to do with commit
3b6e4e5fd05e72b8a32ff1a2d5e21464260e21e6, which made /etc/guix/acl
declarative by default.

Thanks,

Maxim