From mboxrd@z Thu Jan 1 00:00:00 1970 From: swedebugia Subject: bug#31825: guix offload fails with guix-authenticate error Date: Wed, 20 Jun 2018 05:54:44 +0200 Message-ID: References: <87y3firpjs.fsf@gmail.com> <877en1xbpq.fsf@gnu.org> <87bmc87rlm.fsf@gmail.com> <87zhzswl4s.fsf@gnu.org> <87bmc75wqv.fsf@gmail.com> <8736xjqg5c.fsf@gnu.org> <871sd354mb.fsf@gmail.com> <871sd2u8zo.fsf@gnu.org> <87vaae40wh.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----O9J9PG2A0JCX7AP334MCXX5PBNPDVX" Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52583) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVUD3-0003Ol-QP for bug-guix@gnu.org; Tue, 19 Jun 2018 23:55:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fVUD0-0004hu-Jb for bug-guix@gnu.org; Tue, 19 Jun 2018 23:55:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:48914) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fVUD0-0004hq-Fi for bug-guix@gnu.org; Tue, 19 Jun 2018 23:55:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fVUD0-0007Sk-5z for bug-guix@gnu.org; Tue, 19 Jun 2018 23:55:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87vaae40wh.fsf@gmail.com> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 31825@debbugs.gnu.org, maxim.cournoyer@gmail.com, ludo@gnu.org ------O9J9PG2A0JCX7AP334MCXX5PBNPDVX Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi On June 20, 2018 5:01:02 AM GMT+02:00, Maxim Cournoyer wrote: >Hi! > >ludo@gnu=2Eorg (Ludovic Court=C3=A8s) writes: > >> Maxim Cournoyer skribis: >> >>> Attached is the log for the offloading machine=2E >>> >>> From what I can see, the guix-daemon is trying to find the >authorized >>> key in /etc/guix/acl, but the key is added by Guix to >>> /usr/local/etc/guix/acl=2E=2E=2E >> >> Hmm you may be using two different =E2=80=98guix=E2=80=99 commands no? >> >>> 2=2E The error message should capture the complete error output to >ease >>> debugging: we can see the useful message "25056 write(2, "guix >>> authenticate: error: error: unauthorized public key: (public-key \n >(ecc >>> \n (curve Ed25519)\n (q >>> >#EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)\n >>> )\n )\n", 176) =3D 176" in strace=2E Had I seen this from the start, w= e >>> would have saved some debugging time :)=2E >> >> I agree=2E >> >>> I could work around the issue by copying manually the authorized key >>> sexp to /etc/guix/acl; I now see: >>> >>> guix offload: testing 1 build machines defined in >'/etc/guix/machines=2Escm'=2E=2E=2E >>> guix offload: '192=2E168=2E1=2E105' is running guile (GNU Guile) 2=2E2= =2E3 >>> guix offload: Guix is usable on '192=2E168=2E1=2E105' (test returned >"/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test") >>> sending 1 store item to '192=2E168=2E1=2E105'=2E=2E=2E >>> exporting path >`/gnu/store/np9jwqvxjvasz41nrrh6g3gyn4rpkscw-export-test' >>> guix offload: '192=2E168=2E1=2E105' successfully imported >'/gnu/store/np9jwqvxjvasz41nrrh6g3gyn4rpkscw-export-test' >>> retrieving 1 store item from '192=2E168=2E1=2E105'=2E=2E=2E >>> guix offload: error: build failed: implementation cannot deal with > >32-bit integers >> >> The log has this: >> >> 10529 write(4, "atad\0\0\0\0\0\200\0\0\0\0\0\0", 16) =3D 16 >> 10529 read(4, >"W\1\0\0\0\0\0\0\1\0\0\0\0\0\0\0\r\0\0\0\0\0\0\0nix-archive-1\0\0\0\1\0\0= \0\0\0\0\0(\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0type\0\0\0\0\7\0\0\0\0\0\0\0regula= r\0\10\0\0\0\0\0\0\0contents\23\0\0\0\0\0\0\000192=2E168=2E1=2E105-83353\0\= 0\0\0\0\1\0\0\0\0\0\0\0)\0\0\0\0\0\0\0NIXE\0\0\0\0007\0\0\0\0\0\0\0/gnu/sto= re/wf774mzvfjpw306y5x06wid80d9k90qq-import-test\0\0\0\0\0\0\0\0\0\0\0\0\0\0= \0\0\0\1\0\0\0\0\0\0\0(protocol-error >1 \"getting status of `/etc/guix/signing-key=2Esec': Aucun fichier ou >dossier de ce "=2E=2E=2E, 32768) =3D 352 >> >> Again the error should be reported=E2=80=A6 > >Yes, this error was totally wrong, thanks for pointing it out=2E The >actual error was the 192=2E168=2E1=2E105 offload machine not finding the = key >at /etc/guix/singning-key=2Esec (since it using the prefix >/usr/local/etc/guix for some reason)=2E > >I just did: > >--8<---------------cut here---------------start------------->8--- >sudo cp /usr/local/etc/guix/signing* /etc/guix/ >--8<---------------cut here---------------end--------------->8--- > >And it is now working=2E Ouf! > >Summarizing this adventure: > >0) Make sure your =2Ebashrc doesn't exit early when it is executed in >non-interactive mode (as is the case in Ubuntu)=2E > >1) Make sure the guix-authenticate program is available on the host as >well as the offload machines, by installing guix (guix package -i guix) >in the corresponding user profiles and sourcing >$HOME/guix=2Eprofile/etc/profile in the ~/=2Ebashrc=2E > >2) Make sure all your guix-daemons are configured to use /etc/guix as >their sysconfdir, as Guix offload currently seems hardcoded to only >look >things under /etc/guix=2E > >3) Don't trust any errors output by guix offload ;) > >It'd be nice if this was as simple as setting up a Jenkins node=2E=2E=2E = You >tell Guix which machine you want to use and give it SSH access, and it >does the required setup without having the user messing around with >keys >and what not=2E > >But I'm seeing far ahead=2E For now, we could start by adding some points >to the `guix offload` info manual=2E Then we can try to modify the code >to >better capture the error messages=2E=20 > >I'll start with the documentation=2E > >Thank you, > >Maxim Good job hunting the bug=2E =F0=9F=98=80 Are you going to report a new bug about incorrect or insufficient error me= ssages?=20 Thanks for the summary=2E=20 --=20 Cheers Swedebugia ------O9J9PG2A0JCX7AP334MCXX5PBNPDVX Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi

On June 20, 2= 018 5:01:02 AM GMT+02:00, Maxim Cournoyer <maxim=2Ecournoyer@gmail=2Ecom= > wrote:
Hi!

ludo@gnu=2Eorg (Ludovic Court=C3=A8s) wri= tes:

Maxim Cournoy= er <maxim=2Ecournoyer@gmail=2Ecom> skribis:

Attached is the log for the offloading mac= hine=2E

From what I can see, the guix-daemon is trying to find the = authorized
key in /etc/guix/acl, but the key is added by Guix to
/u= sr/local/etc/guix/acl=2E=2E=2E

Hmm you may be using tw= o different =E2=80=98guix=E2=80=99 commands no?

2=2E The error message should capture the com= plete error output to ease
debugging: we can see the useful message "25= 056 write(2, "guix
authenticate: error: error: unauthorized public key:= (public-key \n (ecc
\n (curve Ed25519)\n (q
#EEA139318243D36EB4C= 728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#)\n
)\n )\n", 176) =3D 17= 6" in strace=2E Had I seen this from the start, we
would have saved som= e debugging time :)=2E

I agree=2E

I could work around the issue by copyi= ng manually the authorized key
sexp to /etc/guix/acl; I now see:
guix offload: testing 1 build machines defined in '/etc/guix/machines=2Es= cm'=2E=2E=2E
guix offload: '192=2E168=2E1=2E105' is running guile (GNU = Guile) 2=2E2=2E3
guix offload: Guix is usable on '192=2E168=2E1=2E105' = (test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test")
send= ing 1 store item to '192=2E168=2E1=2E105'=2E=2E=2E
exporting path `/gnu= /store/np9jwqvxjvasz41nrrh6g3gyn4rpkscw-export-test'
guix offload: '192= =2E168=2E1=2E105' successfully imported '/gnu/store/np9jwqvxjvasz41nrrh6g3g= yn4rpkscw-export-test'
retrieving 1 store item from '192=2E168=2E1=2E10= 5'=2E=2E=2E
guix offload: error: build failed: implementation cannot de= al with > 32-bit integers

The log has this:

= 10529 write(4, "atad\0\0\0\0\0\200\0\0\0\0\0\0", 16) =3D 16
10529 read= (4, "W\1\0\0\0\0\0\0\1\0\0\0\0\0\0\0\r\0\0\0\0\0\0\0nix-archive-1\0\0\0\1\0= \0\0\0\0\0\0(\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0type\0\0\0\0\7\0\0\0\0\0\0\0regu= lar\0\10\0\0\0\0\0\0\0contents\23\0\0\0\0\0\0\000192=2E168=2E1=2E105-83353\= 0\0\0\0\0\1\0\0\0\0\0\0\0)\0\0\0\0\0\0\0NIXE\0\0\0\0007\0\0\0\0\0\0\0/gnu/s= tore/wf774mzvfjpw306y5x06wid80d9k90qq-import-test\0\0\0\0\0\0\0\0\0\0\0\0\0= \0\0\0\0\1\0\0\0\0\0\0\0(protocol-error 1 \"getting status of `/etc/guix/si= gning-key=2Esec': Aucun fichier ou dossier de ce "=2E=2E=2E, 32768) =3D 352=

Again the error should be reported=E2=80=A6

Ye= s, this error was totally wrong, thanks for pointing it out=2E The
actua= l error was the 192=2E168=2E1=2E105 offload machine not finding the key
= at /etc/guix/singning-key=2Esec (since it using the prefix
/usr/local/et= c/guix for some reason)=2E

I just did:

--8<---------------= cut here---------------start------------->8---
sudo cp /usr/local/etc= /guix/signing* /etc/guix/
--8<---------------cut here---------------e= nd--------------->8---

And it is now working=2E Ouf!

Summa= rizing this adventure:

0) Make sure your =2Ebashrc doesn't exit earl= y when it is executed in
non-interactive mode (as is the case in Ubuntu)= =2E

1) Make sure the guix-authenticate program is available on the h= ost as
well as the offload machines, by installing guix (guix package -i= guix)
in the corresponding user profiles and sourcing
$HOME/guix=2Ep= rofile/etc/profile in the ~/=2Ebashrc=2E

2) Make sure all your guix-= daemons are configured to use /etc/guix as
their sysconfdir, as Guix off= load currently seems hardcoded to only look
things under /etc/guix=2E
3) Don't trust any errors output by guix offload ;)

It'd be nic= e if this was as simple as setting up a Jenkins node=2E=2E=2E You
tell G= uix which machine you want to use and give it SSH access, and it
does th= e required setup without having the user messing around with keys
and wh= at not=2E

But I'm seeing far ahead=2E For now, we could start by add= ing some points
to the `guix offload` info manual=2E Then we can try to = modify the code to
better capture the error messages=2E

I'll sta= rt with the documentation=2E

Thank you,

Maxim



=

Good job hunting the bug=2E =F0=9F=98=80
Are you going to report a new bug about incorrect or insufficient error me= ssages?
Thanks for the summary=2E
--
Cheers Swedebugia ------O9J9PG2A0JCX7AP334MCXX5PBNPDVX--