Hello, Andrew Tropin <and...@trop.in> writes:
> On 2021-02-24 23:56, pkill9 wrote: > >> I'm using the machine-ssh-configuration, I set `(authorize? #t)` which >> the manual states should authorize the deploying machine onto the >> remote host, but I get an error: >> ``` >> guix deploy: error: unauthorized public key: (public-key... >> ``` >> >> So I add to the OS definition: >> >> ``` >> (guix-configuration >> (authorized-keys (append `(,(local-file >> "/etc/guix/signing-key.pub")) %default-authorized-guix-keys)))) >> >> ``` >> >> Which makes the error go away. I'm under the impression however that >> the 'authorize? #t' field should be doing this without me needing to >> add it to the OS configuration. > > `(authorize? #t)` seems working, it does `guix archive --authorize < > local-key` on remote machine before reconfiguring, but after > reconfiguration is finished the value of /etc/guix/acl is reset by > guix-service-type and for some reason the error message you mentioned > appears. Despite the error message the new generation is created and > new configuration is applied. It seems something like copying auxiliary > file to remote store happens after reconfiguration is finished. Will > try to investigate that, when will have some free time. > > For now I do the same trick with changing the configuration for > guix-service-type: > https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s It probably has to do with commit 3b6e4e5fd05e72b8a32ff1a2d5e21464260e21e6, which made /etc/guix/acl declarative by default. Thanks, Maxim