From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#31825: guix offload fails with guix-authenticate error Date: Wed, 20 Jun 2018 16:06:11 +0200 Message-ID: <87fu1hsgbw.fsf@gnu.org> References: <87y3firpjs.fsf@gmail.com> <877en1xbpq.fsf@gnu.org> <87bmc87rlm.fsf@gmail.com> <87zhzswl4s.fsf@gnu.org> <87bmc75wqv.fsf@gmail.com> <8736xjqg5c.fsf@gnu.org> <871sd354mb.fsf@gmail.com> <871sd2u8zo.fsf@gnu.org> <87vaae40wh.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38439) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVdlJ-0005jz-Q9 for bug-guix@gnu.org; Wed, 20 Jun 2018 10:07:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fVdlI-0004VN-NL for bug-guix@gnu.org; Wed, 20 Jun 2018 10:07:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:49880) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fVdlI-0004VE-J4 for bug-guix@gnu.org; Wed, 20 Jun 2018 10:07:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fVdlI-0000Ye-Bj for bug-guix@gnu.org; Wed, 20 Jun 2018 10:07:04 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87vaae40wh.fsf@gmail.com> (Maxim Cournoyer's message of "Tue, 19 Jun 2018 23:01:02 -0400") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Maxim Cournoyer Cc: 31825@debbugs.gnu.org Hello! Maxim Cournoyer skribis: > I just did: > > sudo cp /usr/local/etc/guix/signing* /etc/guix/ > > And it is now working. Ouf! Woohoo! > Summarizing this adventure: > > 0) Make sure your .bashrc doesn't exit early when it is executed in > non-interactive mode (as is the case in Ubuntu). > > 1) Make sure the guix-authenticate program is available on the host as > well as the offload machines, by installing guix (guix package -i guix) > in the corresponding user profiles and sourcing > $HOME/guix.profile/etc/profile in the ~/.bashrc. > > 2) Make sure all your guix-daemons are configured to use /etc/guix as > their sysconfdir, as Guix offload currently seems hardcoded to only look > things under /etc/guix. Hmm nothing=E2=80=99s hard-coded; it=E2=80=99s the daemon on the remote hos= t that knows where to look for keys etc. I suspect there was a mixture of Guix with --sysconfdir=3D/etc and with --sysconfdir=3D/usr/local/etc, perhaps due to an earlier installation built from source or something, and that this is what led to the mess. I=E2=80=99m afraid there=E2=80=99s not much Guix itself can do, but if you = investigate and manage to determine how we ended up with this confusion, perhaps we=E2=80=99ll have ideas on how to avoid it. > 3) Don't trust any errors output by guix offload ;) Yeah we can definitely do better. :-) > It'd be nice if this was as simple as setting up a Jenkins node... You > tell Guix which machine you want to use and give it SSH access, and it > does the required setup without having the user messing around with keys > and what not. The security implications of authorizing each other=E2=80=99s keys are seri= ous, and have to be made by root on both machines. So I=E2=80=99m not sure we c= ould easily automate it. It=E2=80=99s quite common for SSH daemons to disallow = root logins by default, for instance, which prevents automation in this case. > But I'm seeing far ahead. For now, we could start by adding some points > to the `guix offload` info manual. Then we can try to modify the code to > better capture the error messages.=20 Yes, I=E2=80=99d say improving =E2=80=98guix offload status=E2=80=99 should= be the priority. To be honest, I=E2=80=99m not sure anything important is missing in the manual, looking at the items above. Thanks, Ludo=E2=80=99.