Re: Archive authentication & ‘guix challenge’

[myglc2]

On 02/14/2017 at 09:20 Ludovic Courtès writes:

> myglc2 <address@hidden> skribis:
>
>> On 02/13/2017 at 14:05 Ludovic Courtès writes:
>>
>>> Hi Maxim,
>>>
>>> Maxim Cournoyer <address@hidden> skribis:
>>>
>>>> address@hidden (Ludovic Courtès) writes:
>>>>
>>>>> myglc2 <address@hidden> skribis:
>>>>>
>>>>>> On 02/09/2017 at 17:36 Ludovic Courtès writes:
>>>>>
>>>>> [...]
>>>>>
>>>>>>> Could it be that the ‘guix archive’ you ran uses a configuration
>>>>>>> directory other than this one?  What does:
>>>>>>>
>>>>>>>   guile -c '(use-modules (guix config)) (pk %config-directory)'
>>>>>>>
>>>>>>> print?
>>>>
>>>> I remember being equally confused by not finding the key imported in the
>>>> /etc/guix/acl file, as per the manual.
>>>>
>>>> On my GuixSD system, the value of %config-directory is:
>>>> "/usr/local/etc/guix", and the file "/usr/local/etc/guix/acl" does
>>>> contain multiple times the public key of Bayfront, which must be due
>>>> to passed attempts at adding the Bayfront key using "guix archive".
>>>
>>> I suppose that’s because you installed Guix in /usr/local at some point?
>>>
>>> myglc2, are you in a similar situation?
>>
>> Hmm, apparently so ...
>>
>> guile -c '(use-modules (guix config)) (pk %config-directory)'
>>
>> ... returns ...
>>
>> ;;; ("/etc/guix")
>>
>> ... but in the REPL I get ...
>>
>> (use-modules (guix config))
>> (pk %config-directory)
>>
>> => "/usr/local/etc/guix"
>>
>> ... /usr/local/etc/guix/acl is the only file under /usr and I didn't
>> install in /usr/local.  The system was created with 'guix init' on a
>> previous GuixSD system and has since been modified by 'guix reconfigure'
>> and 'guix package', running either from 'git pull' or git checkout.
>>
>> I don't know if this is related, but I see that guix config.log
>> (attached) has ...
>>
>> guix_sysconfdir='/usr/local/etc'
>>
>> Also, you may recall that, on the previous system, we had to make
>> /usr/local/sbin/guix-register a symlink to guix-register to get 'guix
>> init' to work ...
>
> Right.
>
> ‘guix pull’ preserves your (guix config) module.  So if the ‘guix’ you
> run was configured to use /etc, it’ll keep using that; if it was
> configured to use /usr/local/etc, it’ll keep using that.
>
> If you run “./pre-inst-env guix pull”, then you end up using (guix
> config) from your build tree, which is configured to use /usr/local/etc
> by default.  That’s probably what happened, no?
>
> To fix it, you can either run:
>
>   rm -f ~/.config/guix/latest && guix pull
>
> or just do:
>
>   ./configure --sysconfdir=/etc
>
> in your checkout.

Hi Ludo,

I tried both approaches but ...

sudo guix archive --authorize < bayfront.guixsd.org.pub

... continues to add the key to /usr/local/etc/guix/acl

:-(

Like Maxim, I usually run from the git checkout with
/home/g1/.config/guix/latest pointing to the checkout.

But after ...

rm -f ~/.config/guix/latest && guix pull

... I confirmed ...

stat ~/.config/guix/latest | grep File
  File: '/home/g1/.config/guix/latest' ->
  '/gnu/store/8ag16yziir9gl7rq02vswr31ip4k33ab-guix-latest'

I have attached the config log again in hopes it might provide
insight. I can also provide shell logs if they are of interest.


Also, FWIW, when I did ...

address@hidden ~/src/guix [env]$ ./configure --sysconfdir=/etc

... it gave this message ...

[...]
checking the current installation's localstatedir... /var
configure: error: chosen localstatedir '/usr/local/var' does not match that of 
the existing installation '/var'
Installing may corrupt /gnu/store!
Use './configure --localstatedir=/var'.

... which left me wondering if it meant ...

1) it failed, or

2) it worked, but results would be unpredictable

So maybe this message should be made more clear.

config.log.gz
Description: Binary data