From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id EMi4CrHEumG7EgEAgWs5BA (envelope-from ) for ; Thu, 16 Dec 2021 05:46:41 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id YMdKBrHEumElFQAAbx9fmQ (envelope-from ) for ; Thu, 16 Dec 2021 04:46:41 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id ADF02327F3 for ; Thu, 16 Dec 2021 05:46:40 +0100 (CET) Received: from localhost ([::1]:44038 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mxif9-000375-PK for larch@yhetil.org; Wed, 15 Dec 2021 23:46:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49712) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mxieY-00033l-Sf for bug-guix@gnu.org; Wed, 15 Dec 2021 23:46:07 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:50910) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mxieY-0001V5-Jz for bug-guix@gnu.org; Wed, 15 Dec 2021 23:46:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mxieY-0003Lb-Hz for bug-guix@gnu.org; Wed, 15 Dec 2021 23:46:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#52533: guix deploy breaks SSH access with a PAM error Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 16 Dec 2021 04:46:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 52533 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 52533@debbugs.gnu.org X-Debbugs-Original-To: bug-guix Received: via spool by submit@debbugs.gnu.org id=B.163962993512814 (code B ref -1); Thu, 16 Dec 2021 04:46:02 +0000 Received: (at submit) by debbugs.gnu.org; 16 Dec 2021 04:45:35 +0000 Received: from localhost ([127.0.0.1]:34223 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxie6-0003KX-PQ for submit@debbugs.gnu.org; Wed, 15 Dec 2021 23:45:35 -0500 Received: from lists.gnu.org ([209.51.188.17]:44718) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxie4-0003KQ-Fb for submit@debbugs.gnu.org; Wed, 15 Dec 2021 23:45:32 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49586) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mxie4-0002PJ-5b for bug-guix@gnu.org; Wed, 15 Dec 2021 23:45:32 -0500 Received: from [2607:f8b0:4864:20::834] (port=40913 helo=mail-qt1-x834.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mxie1-0001Ln-Ke for bug-guix@gnu.org; Wed, 15 Dec 2021 23:45:30 -0500 Received: by mail-qt1-x834.google.com with SMTP id t34so24253988qtc.7 for ; Wed, 15 Dec 2021 20:45:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:mime-version; bh=jeHqo5+i6D6n4LpHpLK/pkoeEniJ9zgxswDzI5s65ow=; b=SktdOdrUJqJjAaPOYuQh/st1gKWs9y/JKGSA+K1hf1oI9SEa3jtSUkFzR45I7hJCSi N9o026HTnJrXp0Q+/CpPFfhXc34lSZjLgWl0VO1QZuVEgDqPaLMmTn6HffPM9a45rOJC TGbjfYT3KCwILw8yXn4lAE3nKwqnIJmIB103r3gEw9WEQVuVXHArXoqHvLIPZmPnw4kK 2i1wjUgW2ncE2zNdENy9bRB3KKgQ7dGDjTX6ym38OpBNdynz9zJMKKN7DGhCdYK1cTr2 pSBlUc7nT84qZxZoO3NfPiN8lORs03Sg9+x8C5RO0D95dPrxnW18XbhTX7bN0vzLnRIf GYHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=jeHqo5+i6D6n4LpHpLK/pkoeEniJ9zgxswDzI5s65ow=; b=Xu/qguEkDDkFWpLLPTIJF2Vxi2ATtHVhGDG4/tkgEWeApJElUgpIe/3gb1K89ZAn/a R0RPgq6PMvJAwKpkTjKtmsYJntoZNn2WqGWAdRUcsJ/aXjmVVvhapY4rQuV8xeC0RXQ2 FGlF3oq3UooqdHBWCeUc6mhOhsnULIcs9FOLvVCIJNnCg2lHiOW/s3FPtj/f7oWBcTuB MEfHlRRWls7ZW7yNy3AEvpOIjIytA3x35aZDzxu5B8Axp/djQclDdE9nN9PdlLOrS5Vt 5ONacPWwRwJmEzGsdsNQvFmeCSEn6wONM44niMmvPqcP2gs/gispV19/3tcnN9X/0Oz4 unzA== X-Gm-Message-State: AOAM533xWSjKhv66taYg0DBlUBvgbdQ5V/Xf/Zn8nlKM5VxU50qwVthH yUcPgaVyEfc3v14r+Wt3Mo4vC4WExtM= X-Google-Smtp-Source: ABdhPJzXdmffLz6QCnWYD9qvHrHI+Q5JfxfB17+kIt72WV7JsMHMHgEQ62fb7o16pXNH8ES16/FtFg== X-Received: by 2002:a05:622a:1056:: with SMTP id f22mr15422957qte.429.1639629927707; Wed, 15 Dec 2021 20:45:27 -0800 (PST) Received: from hurd (dsl-10-146-110.b2b2c.ca. [72.10.146.110]) by smtp.gmail.com with ESMTPSA id r20sm2268882qkp.21.2021.12.15.20.45.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Dec 2021 20:45:27 -0800 (PST) From: Maxim Cournoyer Date: Wed, 15 Dec 2021 23:45:24 -0500 Message-ID: <87czlx88ez.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::834 (failed) Received-SPF: pass client-ip=2607:f8b0:4864:20::834; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qt1-x834.google.com X-Spam_score_int: 0 X-Spam_score: -0.1 X-Spam_bar: / X-Spam_report: (-0.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1639630000; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=jeHqo5+i6D6n4LpHpLK/pkoeEniJ9zgxswDzI5s65ow=; b=qHlL74Zer5bgsRqAvxQYCgv5Lihjz2+0JhdafMCDyaVYUq/Gq/5WPzmeyrlDfGYdwQx9Co d/Gw19WRBMUGDOw7Q8X4Ke99AVqRVLR85Ya5f8KkRq9+wk7nVnjfeasyBbFOC9JEXJqzvM jJJVWlUE8EvQfZcXbrnVrSe65WdHDRAiabp7MO3i3RcKXHZdHWLm4PVkxmc3o8xZZ6JLxf 7CyeJIJqdmBz1i6U7h/+UDhZqQ+oiWfO2Uv7S+DIx4xUrgLd5QJLzNTgpH4fhyxAMn4Q5S 8D71zHziqEGlgrLPsQ6MwKUPP6skstQT877Cx5Y5IdWz+iUPGIsFAHg3yM0H0w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1639630000; a=rsa-sha256; cv=none; b=JNguDNYJojMHCWrTgBzQxd+9i5lf2NcrZJeoqQwdrgIfGjm9/JxvtCIRRDd7z8s6a1FbYK f0Rd7CgwyL0X4DtPzlZq5wSrmzoNDf7EZl8QxT8lyNc+WAgsdG2c6iZbrsb2kPJ5PAt4d3 DwVhX5jV9fazWmYpuykBOU/tvATYR+bbE+JoqRIVph596zH5EtF2UCt0DI5Mmb/Tpr9dZZ XPX+thJi9E8s9sBlPnhOPNlh1vFsLrSg3TuBYd/7kjXi8hovMgUimbFdWvCZVrDnTabvUh n3CrgV3i4g+lAcqjqRPA71KfsTU7hxNAbNxYe/av682L7FsY/dgbqfxnxAC19Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=SktdOdrU; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.49 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=SktdOdrU; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: ADF02327F3 X-Spam-Score: -4.49 X-Migadu-Scanner: scn0.migadu.com X-TUID: C1mXOiI4fWYa Hello Guix! Following the big merge of the core-updates-frozen branch into master, I've noticed now on two counts the following: running 'guix deploy' leaves the remote machine unreachable by SSH. The connection passes authentication but then gets closed immediately. /var/log/messages reveals the following error: --8<---------------cut here---------------start------------->8--- sshd[29578]: error: PAM: pam_open_session(): Module is unknown --8<---------------cut here---------------end--------------->8--- The machines updated were running Guix System revisions predating the core-updates-frozen merge. The 'guix deploy' command doesn't succeed due to SSH starting to fail at 99% completion or similar; the bootloader configuration is not updated so rebooting boots into the same old system generation (and SSH works again): --8<---------------cut here---------------start------------->8--- guix deploy: deploying to x200... guix deploy: sending 0 store items (0 MiB) to 'x200.local'... guix deploy: sending 0 store items (0 MiB) to 'x200.local'... substitute: updating substitutes from 'http://127.0.0.1:8181'... 100.0% substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% The following derivations will be built: /gnu/store/049wr939gjpgl3471wrk8b1waqgswrdi-remote-exp.scm.drv /gnu/store/y1mgddpa2qkrmc01knpdam917b60yxlq-switch-to-system.scm.drv /gnu/store/vgadszcfklbhr7d8yl8jprzipjy6b0vj-system.drv /gnu/store/ypyaf6ib1w5nc4kr0xgjm4par407cnzk-provenance.drv building /gnu/store/ypyaf6ib1w5nc4kr0xgjm4par407cnzk-provenance.drv... building /gnu/store/vgadszcfklbhr7d8yl8jprzipjy6b0vj-system.drv... building /gnu/store/y1mgddpa2qkrmc01knpdam917b60yxlq-switch-to-system.scm.drv... building /gnu/store/049wr939gjpgl3471wrk8b1waqgswrdi-remote-exp.scm.drv... guix deploy: sending 5 store items (0 MiB) to 'x200.local'... guix deploy: error: failed to deploy x200: failed to start 'guix repl' on 'x200.local' $ guix deploy ~/stow/guix/machines/x200.scm --no-offload The following 1 machine will be deployed: x200 guix deploy: deploying to x200... guix deploy: error: failed to deploy x200: remote command '/run/setuid-programs/sudo -n -- guix repl -t machine' failed with status 254 $ ssh x200 Last login: Wed Dec 15 23:28:02 2021 from 192.168.10.15 Connection to x200.local closed. --8<---------------cut here---------------end--------------->8--- This is obviously embarrassing in scenarios where the SSH connection is the main way to reach to the remote machine. Ideas? Thank you, Maxim