From mboxrd@z Thu Jan 1 00:00:00 1970 From: swedebugia Subject: bug#31825: guix offload fails with guix-authenticate error Date: Wed, 20 Jun 2018 05:54:44 +0200 Message-ID: References: <87y3firpjs.fsf@gmail.com> <877en1xbpq.fsf@gnu.org> <87bmc87rlm.fsf@gmail.com> <87zhzswl4s.fsf@gnu.org> <87bmc75wqv.fsf@gmail.com> <8736xjqg5c.fsf@gnu.org> <871sd354mb.fsf@gmail.com> <871sd2u8zo.fsf@gnu.org> <87vaae40wh.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----O9J9PG2A0JCX7AP334MCXX5PBNPDVX" Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52583) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVUD3-0003Ol-QP for bug-guix@gnu.org; Tue, 19 Jun 2018 23:55:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fVUD0-0004hu-Jb for bug-guix@gnu.org; Tue, 19 Jun 2018 23:55:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:48914) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fVUD0-0004hq-Fi for bug-guix@gnu.org; Tue, 19 Jun 2018 23:55:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fVUD0-0007Sk-5z for bug-guix@gnu.org; Tue, 19 Jun 2018 23:55:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87vaae40wh.fsf@gmail.com> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 31825@debbugs.gnu.org, maxim.cournoyer@gmail.com, ludo@gnu.org ------O9J9PG2A0JCX7AP334MCXX5PBNPDVX Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi On June 20, 2018 5:01:02 AM GMT+02:00, Maxim Cournoyer wrote: >Hi! > >ludo@gnu=2Eorg (Ludovic Court=C3=A8s) writes: > >> Maxim Cournoyer skribis: >> >>> Attached is the log for the offloading machine=2E >>> >>> From what I can see, the guix-daemon is trying to find the >authorized >>> key in /etc/guix/acl, but the key is added by Guix to >>> /usr/local/etc/guix/acl=2E=2E=2E >> >> Hmm you may be using two different =E2=80=98guix=E2=80=99 commands no? >> >>> 2=2E The error message should capture the complete error output to >ease >>> debugging: we can see the useful message "25056 write(2, "guix >>> authenticate: error: error: unauthorized public key: (public-key \n >(ecc >>> \n (curve Ed25519)\n (q >>> >#EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)\n >>> )\n )\n", 176) =3D 176" in strace=2E Had I seen this from the start, w= e >>> would have saved some debugging time :)=2E >> >> I agree=2E >> >>> I could work around the issue by copying manually the authorized key >>> sexp to /etc/guix/acl; I now see: >>> >>> guix offload: testing 1 build machines defined in >'/etc/guix/machines=2Escm'=2E=2E=2E >>> guix offload: '192=2E168=2E1=2E105' is running guile (GNU Guile) 2=2E2= =2E3 >>> guix offload: Guix is usable on '192=2E168=2E1=2E105' (test returned >"/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test") >>> sending 1 store item to '192=2E168=2E1=2E105'=2E=2E=2E >>> exporting path >`/gnu/store/np9jwqvxjvasz41nrrh6g3gyn4rpkscw-export-test' >>> guix offload: '192=2E168=2E1=2E105' successfully imported >'/gnu/store/np9jwqvxjvasz41nrrh6g3gyn4rpkscw-export-test' >>> retrieving 1 store item from '192=2E168=2E1=2E105'=2E=2E=2E >>> guix offload: error: build failed: implementation cannot deal with > >32-bit integers >> >> The log has this: >> >> 10529 write(4, "atad\0\0\0\0\0\200\0\0\0\0\0\0", 16) =3D 16 >> 10529 read(4, >"W\1\0\0\0\0\0\0\1\0\0\0\0\0\0\0\r\0\0\0\0\0\0\0nix-archive-1\0\0\0\1\0\0= \0\0\0\0\0(\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0type\0\0\0\0\7\0\0\0\0\0\0\0regula= r\0\10\0\0\0\0\0\0\0contents\23\0\0\0\0\0\0\000192=2E168=2E1=2E105-83353\0\= 0\0\0\0\1\0\0\0\0\0\0\0)\0\0\0\0\0\0\0NIXE\0\0\0\0007\0\0\0\0\0\0\0/gnu/sto= re/wf774mzvfjpw306y5x06wid80d9k90qq-import-test\0\0\0\0\0\0\0\0\0\0\0\0\0\0= \0\0\0\1\0\0\0\0\0\0\0(protocol-error >1 \"getting status of `/etc/guix/signing-key=2Esec': Aucun fichier ou >dossier de ce "=2E=2E=2E, 32768) =3D 352 >> >> Again the error should be reported=E2=80=A6 > >Yes, this error was totally wrong, thanks for pointing it out=2E The >actual error was the 192=2E168=2E1=2E105 offload machine not finding the = key >at /etc/guix/singning-key=2Esec (since it using the prefix >/usr/local/etc/guix for some reason)=2E > >I just did: > >--8<---------------cut here---------------start------------->8--- >sudo cp /usr/local/etc/guix/signing* /etc/guix/ >--8<---------------cut here---------------end--------------->8--- > >And it is now working=2E Ouf! > >Summarizing this adventure: > >0) Make sure your =2Ebashrc doesn't exit early when it is executed in >non-interactive mode (as is the case in Ubuntu)=2E > >1) Make sure the guix-authenticate program is available on the host as >well as the offload machines, by installing guix (guix package -i guix) >in the corresponding user profiles and sourcing >$HOME/guix=2Eprofile/etc/profile in the ~/=2Ebashrc=2E > >2) Make sure all your guix-daemons are configured to use /etc/guix as >their sysconfdir, as Guix offload currently seems hardcoded to only >look >things under /etc/guix=2E > >3) Don't trust any errors output by guix offload ;) > >It'd be nice if this was as simple as setting up a Jenkins node=2E=2E=2E = You >tell Guix which machine you want to use and give it SSH access, and it >does the required setup without having the user messing around with >keys >and what not=2E > >But I'm seeing far ahead=2E For now, we could start by adding some points >to the `guix offload` info manual=2E Then we can try to modify the code >to >better capture the error messages=2E=20 > >I'll start with the documentation=2E > >Thank you, > >Maxim Good job hunting the bug=2E =F0=9F=98=80 Are you going to report a new bug about incorrect or insufficient error me= ssages?=20 Thanks for the summary=2E=20 --=20 Cheers Swedebugia ------O9J9PG2A0JCX7AP334MCXX5PBNPDVX Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi

On June 20, 2= 018 5:01:02 AM GMT+02:00, Maxim Cournoyer <maxim=2Ecournoyer@gmail=2Ecom= > wrote:
Hi!

ludo@gnu=2Eorg (Ludovic Court=C3=A8s) wri=
tes:

 Maxim Cournoy=
er <maxim=2Ecournoyer@gmail=2Ecom> skribis:

 Attached is the log for the offloading mac=
hine=2E

 From what I can see, the guix-daemon is trying to find the =
authorized
 key in /etc/guix/acl, but the key is added by Guix to
 /u=
sr/local/etc/guix/acl=2E=2E=2E

 Hmm you may be using tw=
o different =E2=80=98guix=E2=80=99 commands no?

 2=2E The error message should capture the com=
plete error output to ease
 debugging: we can see the useful message "25=
056 write(2, "guix
 authenticate: error: error: unauthorized public key:=
 (public-key \n (ecc
 \n  (curve Ed25519)\n  (q
 #EEA139318243D36EB4C=
728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)\n
 )\n )\n", 176) =3D 17=
6" in strace=2E Had I seen this from the start, we
 would have saved som=
e debugging time :)=2E

 I agree=2E

 I could work around the issue by copyi=
ng manually the authorized key
 sexp to /etc/guix/acl; I now see:
 guix offload: testing 1 build machines defined in '/etc/guix/machines=2Es=
cm'=2E=2E=2E
 guix offload: '192=2E168=2E1=2E105' is running guile (GNU =
Guile) 2=2E2=2E3
 guix offload: Guix is usable on '192=2E168=2E1=2E105' =
(test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
 send=
ing 1 store item to '192=2E168=2E1=2E105'=2E=2E=2E
 exporting path `/gnu=
/store/np9jwqvxjvasz41nrrh6g3gyn4rpkscw-export-test'
 guix offload: '192=
=2E168=2E1=2E105' successfully imported '/gnu/store/np9jwqvxjvasz41nrrh6g3g=
yn4rpkscw-export-test'
 retrieving 1 store item from '192=2E168=2E1=2E10=
5'=2E=2E=2E
 guix offload: error: build failed: implementation cannot de=
al with > 32-bit integers

 The log has this:

=
 10529 write(4, "atad\0\0\0\0\0\200\0\0\0\0\0\0", 16) =3D 16
 10529 read=
(4, "W\1\0\0\0\0\0\0\1\0\0\0\0\0\0\0\r\0\0\0\0\0\0\0nix-archive-1\0\0\0\1\0=
\0\0\0\0\0\0(\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0type\0\0\0\0\7\0\0\0\0\0\0\0regu=
lar\0\10\0\0\0\0\0\0\0contents\23\0\0\0\0\0\0\000192=2E168=2E1=2E105-83353\=
0\0\0\0\0\1\0\0\0\0\0\0\0)\0\0\0\0\0\0\0NIXE\0\0\0\0007\0\0\0\0\0\0\0/gnu/s=
tore/wf774mzvfjpw306y5x06wid80d9k90qq-import-test\0\0\0\0\0\0\0\0\0\0\0\0\0=
\0\0\0\0\1\0\0\0\0\0\0\0(protocol-error 1 \"getting status of `/etc/guix/si=
gning-key=2Esec': Aucun fichier ou dossier de ce "=2E=2E=2E, 32768) =3D 352=


 Again the error should be reported=E2=80=A6

Ye=
s, this error was totally wrong, thanks for pointing it out=2E The
actua=
l error was the 192=2E168=2E1=2E105 offload machine not finding the key
=
at /etc/guix/singning-key=2Esec (since it using the prefix
/usr/local/et=
c/guix for some reason)=2E

I just did:

--8<---------------=
cut here---------------start------------->8---
sudo cp /usr/local/etc=
/guix/signing* /etc/guix/
--8<---------------cut here---------------e=
nd--------------->8---

And it is now working=2E Ouf!

Summa=
rizing this adventure:

0) Make sure your =2Ebashrc doesn't exit earl=
y when it is executed in
non-interactive mode (as is the case in Ubuntu)=
=2E

1) Make sure the guix-authenticate program is available on the h=
ost as
well as the offload machines, by installing guix (guix package -i=
 guix)
in the corresponding user profiles and sourcing
$HOME/guix=2Ep=
rofile/etc/profile in the ~/=2Ebashrc=2E

2) Make sure all your guix-=
daemons are configured to use /etc/guix as
their sysconfdir, as Guix off=
load currently seems hardcoded to only look
things under /etc/guix=2E
3) Don't trust any errors output by guix offload ;)

It'd be nic=
e if this was as simple as setting up a Jenkins node=2E=2E=2E You
tell G=
uix which machine you want to use and give it SSH access, and it
does th=
e required setup without having the user messing around with keys
and wh=
at not=2E

But I'm seeing far ahead=2E For now, we could start by add=
ing some points
to the `guix offload` info manual=2E Then we can try to =
modify the code to
better capture the error messages=2E 

I'll sta=
rt with the documentation=2E

Thank you,

Maxim



=

Good job hunting the bug=2E =F0=9F=98=80
Are you going to report a new bug about incorrect or insufficient error me= ssages?
Thanks for the summary=2E
--
Cheers Swedebugia ------O9J9PG2A0JCX7AP334MCXX5PBNPDVX--