Hi Ludo, l...@gnu.org (Ludovic Courtès) writes:
> Hello, > > Maxim Cournoyer <maxim.courno...@gmail.com> skribis: > >> I've read the documentation carefully many times, but I still can't make >> `guix offload' work. It always fails like so: >> >> guix offload test >> guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'... >> guix offload: '192.168.1.105' is running guile (GNU Guile) 2.2.3 >> guix offload: Guix is usable on '192.168.1.105' (test returned >> "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test") >> sending 1 store item to '192.168.1.105'... >> exporting path `/gnu/store/wrv01knf5xa76j73afscj066pbqq1na3-export-test' >> guix offload: error: build failed: program `guix-authenticate' failed with >> exit code 1 > > Presumably what this means is that the remote machine rejected the store > item we sent it. > > To fix it, you need to authorize the signing key of the first machine on > the second machine, using ‘guix archive --authorize’. > You also need to do the reverse and ‘guix offload test’ will also check > that. > > Can you make sure the machines are authorized by each other? (Check > /etc/guix/acl on each.) I've verified this a couple times, following the manual carefully. Here's a sample of what I did: * On the main machine $ sudo guix archive --generate-key guix archive: error: key pair exists under '/etc/guix'; remove it first $ cat /etc/guix/signing-key.pub (public-key (ecc (curve Ed25519) (q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#) ) ) $ scp /etc/guix/signing-key.pub x220:/tmp signing-key.pub 100% 118 46.5KB/s 00:00 * On the offload machine $ ssh x220 $ sudo -E guix archive --authorize < /tmp/signing-key.pub # on x220 machine On my offload machine, the authorized key is added to /usr/local/etc/guix/acl rather than /etc/guix/acl. I'm not sure why that is, since this Guix was guix pulled, so it should be standard. But it shouldn't matter since that running guix-daemon in gdb allowed me to see that it was using a nixConfDir value set to "/usr/local/etc/guix". $ sudo cat /etc/guix/acl --8<---------------cut here---------------start------------->8--- (acl (entry (public-key (rsa (n #00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268E82D4BBE0E35298C481C9DA1551642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B538A0E990A8825DEB73081D317001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D400658974D7DAD1F6B7B63C192B9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F330908CFDA9C3C8C32B64F7DD088457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F667080BA941D80D015CE87B0FB6A91A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15FC7B8785A3E86BA6592B2916CA22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D88B6A618F84DD73AEBED8270BCB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70A9C27CB5B7B050C9090590D3A9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF19963A191967054E9FD97DC14D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE97B89043E95BD1B70DE61DA666893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE551A3C447C12E104E65#) (e #010001#) ) ) (tag (guix import) ) ) ) --8<---------------cut here---------------end--------------->8--- $ sudo cat /usr/local/etc/guix/acl --8<---------------cut here---------------start------------->8--- (acl (entry (public-key (ecc (curve Ed25519) (q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#) ) ) (tag (guix import) ) ) (entry (public-key (ecc (curve Ed25519) (q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#) ) ) (tag (guix import) ) ) (entry (public-key (ecc (curve Ed25519) (q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#) ) ) (tag (guix import) ) ) (entry (public-key (ecc (curve Ed25519) (q #EEA139318243D36EB4C728DB96856AB15C47AB64C765FA134CCFB12444B82A7C#) ) ) (tag (guix import) ) ) (entry (public-key (ecc (curve Ed25519) (q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#) ) ) (tag (guix import) ) ) ) --8<---------------cut here---------------end--------------->8--- Notice that the same key can be added multiple times by using the --authorize command, but cleaning up the file doesn't seem to help. $ sudo -E guix archive --generate-key guix archive: error: key pair exists under '/usr/local/etc/guix'; remove it first $ cat /usr/local/etc/guix/signing-key.pub (public-key (ecc (curve Ed25519) (q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#) ) ) * Back to my main machine $ scp x220:/usr/local/etc/guix/signing-key.pub /tmp signing-key.pub 100% 118 35.3KB/s 00:00 $ sudo -E guix archive --authorize < /tmp/signing-key.pub $ sudo cat /etc/guix/acl --8<---------------cut here---------------start------------->8--- (acl (entry (public-key (ecc (curve Ed25519) (q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#) ) ) (tag (guix import) ) ) (entry (public-key (ecc (curve Ed25519) (q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#) ) ) (tag (guix import) ) ) (entry (public-key (ecc (curve Ed25519) (q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#) ) ) (tag (guix import) ) ) (entry (public-key (ecc (curve Ed25519) (q #5ED0F681F77731AD676285A6DB5986DA5252DE1AA597DFC56835FF948C150834#) ) ) (tag (guix import) ) ) (entry (public-key (ecc (curve Ed25519) (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#) ) ) (tag (guix import) ) ) ) --8<---------------cut here---------------end--------------->8--- $ guix offload test --8<---------------cut here---------------start------------->8--- Connection to 192.168.1.105 closed. maxim@apteryx ~$ guix offload test guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'... guix offload: '192.168.1.105' is running guile (GNU Guile) 2.2.3 guix offload: Guix is usable on '192.168.1.105' (test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test") sending 1 store item to '192.168.1.105'... exporting path `/gnu/store/smgzvgc9krglk0mjpcscg5450l05w4dg-export-test' guix offload: error: build failed: program `guix-authenticate' failed with exit code 1 --8<---------------cut here---------------end--------------->8--- Any other ideas? Thank you! Maxim