bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote
Hello, Andrew Tropin writes: > On 2021-02-24 23:56, pkill9 wrote: > >> I'm using the machine-ssh-configuration, I set `(authorize? #t)` which >> the manual states should authorize the deploying machine onto the >> remote host, but I get an error: >> ``` >> guix deploy: error: unauthorized public key: (public-key... >> ``` >> >> So I add to the OS definition: >> >> ``` >> (guix-configuration >>(authorized-keys (append `(,(local-file >> "/etc/guix/signing-key.pub")) %default-authorized-guix-keys >> >> ``` >> >> Which makes the error go away. I'm under the impression however that >> the 'authorize? #t' field should be doing this without me needing to >> add it to the OS configuration. > > `(authorize? #t)` seems working, it does `guix archive --authorize < > local-key` on remote machine before reconfiguring, but after > reconfiguration is finished the value of /etc/guix/acl is reset by > guix-service-type and for some reason the error message you mentioned > appears. Despite the error message the new generation is created and > new configuration is applied. It seems something like copying auxiliary > file to remote store happens after reconfiguration is finished. Will > try to investigate that, when will have some free time. > > For now I do the same trick with changing the configuration for > guix-service-type: > https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s It probably has to do with commit 3b6e4e5fd05e72b8a32ff1a2d5e21464260e21e6, which made /etc/guix/acl declarative by default. Thanks, Maxim
bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote
On 2021-02-24 23:56, pkill9 wrote: > I'm using the machine-ssh-configuration, I set `(authorize? #t)` which > the manual states should authorize the deploying machine onto the > remote host, but I get an error: > ``` > guix deploy: error: unauthorized public key: (public-key... > ``` > > So I add to the OS definition: > > ``` > (guix-configuration >(authorized-keys (append `(,(local-file > "/etc/guix/signing-key.pub")) %default-authorized-guix-keys > > ``` > > Which makes the error go away. I'm under the impression however that > the 'authorize? #t' field should be doing this without me needing to > add it to the OS configuration. `(authorize? #t)` seems working, it does `guix archive --authorize < local-key` on remote machine before reconfiguring, but after reconfiguration is finished the value of /etc/guix/acl is reset by guix-service-type and for some reason the error message you mentioned appears. Despite the error message the new generation is created and new configuration is applied. It seems something like copying auxiliary file to remote store happens after reconfiguration is finished. Will try to investigate that, when will have some free time. For now I do the same trick with changing the configuration for guix-service-type: https://diode.zone/w/fJNN6ExYA35NC19BRiHw2L?start=37m5s signature.asc Description: PGP signature
bug#46760: guix deploy doesn't seem to be authorizing the machine that is deploying to the remote
I'm using the machine-ssh-configuration, I set `(authorize? #t)` which the manual states should authorize the deploying machine onto the remote host, but I get an error: ``` guix deploy: error: unauthorized public key: (public-key... ``` So I add to the OS definition: ``` (guix-configuration (authorized-keys (append `(,(local-file "/etc/guix/signing-key.pub")) %default-authorized-guix-keys ``` Which makes the error go away. I'm under the impression however that the 'authorize? #t' field should be doing this without me needing to add it to the OS configuration.