offloading: Add support for keyfile-less keys as used by GnuPG

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • ng0
Owner
unassigned
Submitted by
ng0
Severity
normal
N
(address . bug-guix@gnu.org)
20170615185615.2mvxprvn6bn523gn@abyayala
At the moment the field (private-key) in /etc/guix/machines.scm expects
to be a file.
When you use GnuPG authentication keys for ssh logins, you have no
pubkey file, but you have a very long pubkey which can be used with
~/.ssh/authorized_keys and similar mechanisms.

Example:

user@abyayala ~/src/guix/guix$ cat /etc/guix/machines.scm
(list (build-machine
(privat-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgRM0G+Dnl/wlrHNb9sr3/yW9tHA8weIbwvfly/NRW6LHSLIPvsLksabVQsYbUH6i2aK2ZlE3Oo+H/R2wrs7dmVCo57O4MbZk8Kb0fatN3qhq6g/+bNobVIexS5XN6g5JcmXM4ZzR8Q0rEd46oaxFWy8nDSw4RR1d+OU5/Z/LHR1VUTCQKU0Q1Jv//4YFVq/BEf6oj4SU9+/Li9kUo9f++i4PaiWyrQDm1FAYtMGW5MBKH3ohO1dlPgqNjdeqTjZfgvCMPdbyV6Xwtz7KVkCR0+r9u7JefCCKUXL3Ap4VPtjhyCLoRuqJ+ZIp9XR2wf3rVGR6KRcLWPEXLkGfAPCs+7uAnfReBxNiWYt+FHuQpeyUld8u8E0G8u9FSf/l25A85QrQK0EUrVHdFc1q8tcCeq0EomoIPl7GnwtDIwYmkWtViCz0ivVRvNBUTXvq0XtI/9kLgcBgKfzap8dLeVSXJrUhYlbcOZNnstzkmut1ce8my5TwSRzr2dxgUF8563cM3cdLu+C9bdMWvR/s4xwu6Q5opbehdFHd2Hj/Lnqv+xwNKNFkhZCHiyum8L/VKQAsboXgJ7/sB7CHsEcBif73RWj3bFcMnPHHlJgxXB1aOH4kM+y6fF8wW/bGC/9gGiYXzovdbopv3B89oyuT73aoXg4TIPz6gv6Bg1OiGpfseGw== (none)")
--
ng0
OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://krosos.org/~/ng0/https://www.infotropique.org
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllC2E8ACgkQ4i+bv+40
hYhY0RAAuIt0ttIBwjAxhPMOCJqXnr7+rbQ3BJPnazJXlPsz7k8+mudFlpPsJh4c
cijaQqFBPsrO1KnEU5EaiHkbT8avFFlYj4VnLIxd3hbUwGqZXf5w3fCpaQOBVZ06
ri8SWHn91FugPvp+MCnCdxrLEAoQxCF5HAMWJvCkPQUrSi3cA36zXQ6V7ZfPMmUm
arP48Q+fUGPF9ZDxKoWdJRDrhwDdkYxFjzBAKMbRYgRVv0Lmt7bDdV/ucSZjOoNU
CrkSVkBSncy6tFd1xdd21d+85q41qGU6T63vTGjjRlUrJDkCQAqinMcVgN/XXu7f
w/PxbIcQeLESx0yts/TfzYU9m/88KN+kMpKKoM+HS4EeHn7XZBR9EbKGFOtFPKFW
FopVWzv73toAYJFCtazGlS+vxwJx5dhWUJLojneqjEVuEDha/k12saqB6tQLeLNr
cVj8CnOggt66M/COSl3Hgh1aU9P58mVfD9uG3yZwhuSVPn5UZfmzYtFGVocg94Vo
ruPDpi+cnl6YYogFGr0XcUDMOX4upSNygc+uHt2/zHiW4UhCC3HeW1gyPF9PWkml
YN4g7/Ua3JRFUnh9Amfq2x54BhhX6NRNbOWhlzNpJMYq25skqtGW97b9rPwyxWRa
evli0DIRH6xWxNi4c5jEgu0MlWNYOo5st1QXOaMtNDMO38hGWlY=
=+Kom
-----END PGP SIGNATURE-----


N
(address . 27388@debbugs.gnu.org)
20170615191359.ysym3dv4c7f5lwek@abyayala
ng0 transcribed 2.3K bytes:
Toggle quote (14 lines)
> At the moment the field (private-key) in /etc/guix/machines.scm expects
> to be a file.
> When you use GnuPG authentication keys for ssh logins, you have no
> pubkey file, but you have a very long pubkey which can be used with
> ~/.ssh/authorized_keys and similar mechanisms.
>
> Example:
>
> user@abyayala ~/src/guix/guix$ cat /etc/guix/machines.scm
> (list (build-machine
> …
> (privat-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgRM0G+Dnl/wlrHNb9sr3/yW9tHA8weIbwvfly/NRW6LHSLIPvsLksabVQsYbUH6i2aK2ZlE3Oo+H/R2wrs7dmVCo57O4MbZk8Kb0fatN3qhq6g/+bNobVIexS5XN6g5JcmXM4ZzR8Q0rEd46oaxFWy8nDSw4RR1d+OU5/Z/LHR1VUTCQKU0Q1Jv//4YFVq/BEf6oj4SU9+/Li9kUo9f++i4PaiWyrQDm1FAYtMGW5MBKH3ohO1dlPgqNjdeqTjZfgvCMPdbyV6Xwtz7KVkCR0+r9u7JefCCKUXL3Ap4VPtjhyCLoRuqJ+ZIp9XR2wf3rVGR6KRcLWPEXLkGfAPCs+7uAnfReBxNiWYt+FHuQpeyUld8u8E0G8u9FSf/l25A85QrQK0EUrVHdFc1q8tcCeq0EomoIPl7GnwtDIwYmkWtViCz0ivVRvNBUTXvq0XtI/9kLgcBgKfzap8dLeVSXJrUhYlbcOZNnstzkmut1ce8my5TwSRzr2dxgUF8563cM3cdLu+C9bdMWvR/s4xwu6Q5opbehdFHd2Hj/Lnqv+xwNKNFkhZCHiyum8L/VKQAsboXgJ7/sB7CHsEcBif73RWj3bFcMnPHHlJgxXB1aOH4kM+y6fF8wW/bGC/9gGiYXzovdbopv3B89oyuT73aoXg4TIPz6gv6Bg1OiGpfseGw== (none)")
> …

Actually this might be the wrong approach.

The key you see above is the public key equivalent to the ssh pubkey.
The private key is only in the GnuPG keyring.

Solution for this kind of situations are welcome. For now I'll use
ssh pubkeys.
--
ng0
OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://krosos.org/~/ng0/https://www.infotropique.org
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllC3HcACgkQ4i+bv+40
hYg4VRAAkxOaJaKoJJzkNugBwakU1ICjWECbydQBDbrMgIrAirJhZ0HYS/zD5l0i
o+iwkKQERBgoVIG/aPjkv4Kah4S0aXilWXTdZLQ/F42U+xOfY7361JL0pDGpIw70
/NbZ4gUC+LNSnn5JwGzg7lbM3WWdnBfZMYwwmAORQ23p1hhyd3bDGvOmtl2i7YPQ
vwoDbHAqZ78nmHI04wqLoKSyjAHMI9HMlMfS+NT4k2Cvj7tuk8vWDLhN33f0m/at
mlDzPDKczgPNFqHAVW6ruu6uvuDw0cBJ79P6BrVfTMt2UGmmK6fu/zkpfOzBMVdI
TLILtp9mqrHNM4WMLUWdF+tUH7Cu4vZkU6yjV0qS0JVDn3zZTNe7/zoyadVeWJx4
4IQTFiKvcWvfPWz4jYiKuB8gVxGR/etT18SBE6Z9UvV25sCPc8s0WWBcDfXwqoL0
48hKiuLP/aQYUbHR4gtsIpFSPAm17rHyD1mHrTbj0L7IquBnJp+u04QXn/BjlgIT
CLWtNpw4evuO0bKsepk7EvilPudEpgEsMYxTBua4z7tKVfQcUtfl8RNsSnbH2tsh
ay04SYtnkhhvsnM4ItVpFAs2qyCdYq4cnAM/Q/OM84z4fBFgiBa9CxqL7HUx15JJ
TfsD1LmVIRzspEevAn+VnGZjcvwe142EHSWhbhynbAgC5vLRYp0=
=lrXm
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 26 Jun 2017 21:57
control message for bug #27388
(address . control@debbugs.gnu.org)
87o9ta7c9g.fsf@gnu.org
tags 27388 notabug
close 27388
N
Re: bug#27388 acknowledged by developer (control message for bug #27388)
(address . 27388@debbugs.gnu.org)(name . ng0)(address . ng0@infotropique.org)
20170626211742.77hmsiu2ld3gpm5d@abyayala
GNU bug Tracking System transcribed 0.4K bytes:
Toggle quote (15 lines)
> This is an automatic notification regarding your bug report
> #27388: offloading: Add support for keyfile-less keys as used by GnuPG,
> which was filed against the guix package.
>
> Thank you for your report, which has now been closed.
> You can view the full report at
> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27388
>
> If you require further information, please followup to 27388@debbugs.gnu.org.
>
> debbugs.gnu.org maintainers
> (administrator, GNU bugs database)
>
>

Could someone tell me why this has been closed?
--
ng0
OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
personal: https://ng-0.github.iohttps://krosos.org/
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllRefYACgkQ4i+bv+40
hYiD+xAAl6uij1JqNtU8VzO7kXgmo8NC3AS/4ZtUPGTnXh/tSwYBowAdoYp0V5Yg
BLiYsgeXHjmorTHNKgfhiCglblIORxP6LhGH29Hbcm2dXCbWceEofwd32ZqIyhqp
6Ltlb/8/SWNanuY91m4+HP0r7/souzV8Wz7aRs/EQOz/9KK597+Q1kynEGDVnYKy
2YuPWeWfZhw1HvU5b+3IxTNbPpV1aok1tTPhFpLGtwK94EGKuQvlFzoklgrn3pIb
YswnCg7aIJj09goB9oco701+tBPyC6gOR/O50Ol0hG6VD2y+sAAAQ5VJ7L0Bxq4U
uNsy3dLZp7lfJeZ6RnZrXun0GdfWPAFO/xCsgIFU7Vf65fNyh5Br31JCdNz0vQnT
MDhqk/y0tUOa6Qp1PC28h7gu+D6QaW4/hCobKqOtLAm1l/14XW7wG1CfuEQxSLkI
z82aIXFsZ8Hkyxao2kEZRz4HN2mWkuLQTNWOeR9HVkFo9Ie63oVdh15rfKZ/UVsI
pLq5mqmEMLMWKt8NeK5n0Oo+QcaKSlthXJJQBknyK0ByfbVpr3x8PZRxeK3UZtHm
Px5DvWsLR7avNaGctQ70fseB1U0Szf7p1yzrbC0ZZlxuYHhqTmZTAalAgfqkdr8k
DonYcOKMFCmGIm/CnVqgEC7L8E7Ij5e+Zg47+XwEWQFR/YW+3Vc=
=nflA
-----END PGP SIGNATURE-----


N
Re: bug#27388: offloading: Add support for keyfile-less keys as used by GnuPG
(address . 27388@debbugs.gnu.org)
20170703221656.3lhbbpvqs2ynh3ib@abyayala
ng0 transcribed 2.6K bytes:
Toggle quote (27 lines)
> ng0 transcribed 2.3K bytes:
> > At the moment the field (private-key) in /etc/guix/machines.scm expects
> > to be a file.
> > When you use GnuPG authentication keys for ssh logins, you have no
> > pubkey file, but you have a very long pubkey which can be used with
> > ~/.ssh/authorized_keys and similar mechanisms.
> >
> > Example:
> >
> > user@abyayala ~/src/guix/guix$ cat /etc/guix/machines.scm
> > (list (build-machine
> > …
> > (privat-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgRM0G+Dnl/wlrHNb9sr3/yW9tHA8weIbwvfly/NRW6LHSLIPvsLksabVQsYbUH6i2aK2ZlE3Oo+H/R2wrs7dmVCo57O4MbZk8Kb0fatN3qhq6g/+bNobVIexS5XN6g5JcmXM4ZzR8Q0rEd46oaxFWy8nDSw4RR1d+OU5/Z/LHR1VUTCQKU0Q1Jv//4YFVq/BEf6oj4SU9+/Li9kUo9f++i4PaiWyrQDm1FAYtMGW5MBKH3ohO1dlPgqNjdeqTjZfgvCMPdbyV6Xwtz7KVkCR0+r9u7JefCCKUXL3Ap4VPtjhyCLoRuqJ+ZIp9XR2wf3rVGR6KRcLWPEXLkGfAPCs+7uAnfReBxNiWYt+FHuQpeyUld8u8E0G8u9FSf/l25A85QrQK0EUrVHdFc1q8tcCeq0EomoIPl7GnwtDIwYmkWtViCz0ivVRvNBUTXvq0XtI/9kLgcBgKfzap8dLeVSXJrUhYlbcOZNnstzkmut1ce8my5TwSRzr2dxgUF8563cM3cdLu+C9bdMWvR/s4xwu6Q5opbehdFHd2Hj/Lnqv+xwNKNFkhZCHiyum8L/VKQAsboXgJ7/sB7CHsEcBif73RWj3bFcMnPHHlJgxXB1aOH4kM+y6fF8wW/bGC/9gGiYXzovdbopv3B89oyuT73aoXg4TIPz6gv6Bg1OiGpfseGw== (none)")
> > …
>
> Actually this might be the wrong approach.
>
> The key you see above is the public key equivalent to the ssh pubkey.
> The private key is only in the GnuPG keyring.
>
> Solution for this kind of situations are welcome. For now I'll use
> ssh pubkeys.
> --
> ng0
> OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> https://krosos.org/~/ng0/ https://www.infotropique.org

Ignore the second message in this thread. I tried to provide
a possible solution which lead to the believe that this is
considered solved. It isn't. This wishlist bug is still wanted.
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllawlgACgkQ4i+bv+40
hYiRCQ/9G6RwJ2ogc6HEZ2G6V4npw495HePVru9+g6JyCUV+ZbAZXjJtFqFv0xOD
OpcfBq2G+zmF2iLV8ZPtxVTj9ZGHKdAOSty1jo+2ehluVA5YrPKS/g035uZJPpTc
eqXIJU1w3UxHHJStMXP9HjGnLDR2TGrARmLnLY8kkItEDWO68gVTtfhRu+KN/WKs
si1VKUelOcb91qkmvV+ixc/uR/spRvGF5/rZE43kz2NOWxwqubadYXc/H5+SPhX3
P0eilmajuCy3dOcbdgcyDaxmXfvNE/MAMgl7Lxo56qM7DnA04RWAP36/p6SCQ74x
XbIoEUrd8ii9i9ZWXLspluFpIQF9AL5tj7LQGn6FuC7L0wIv90L1+AYfewx7IE5K
01UIYvE2n6VUwwtlGeq+gZfcr/OMRPcYDP6YY+K8mC+pCBz55yJLdGL9mZxo3Rfu
sXzRAKm+Zl3JzDxyahbc+HmiinuRb4yVc0JSsVvJEGfS8qKCrckp3dui19lYSXOd
Jxto4Mz2jJSWlM4pkZmsaGMuBJHIBLYy3Cxuo/I5dUo/5ZtJpSJa+TfxIow1pfQf
8bEJ/s70nZBCGpFU2tlXZatN5XCJbEgd4awMuigCTyW0+CxgX3zvbGHPePMA7m18
oJB2zMQ1YjDt8CeppLT7t5KZmXYWmo5P7He0cHbSY7NYsEV4FWE=
=2p1A
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 27 Jul 2017 14:26
control message for bug #27388
(address . control@debbugs.gnu.org)
87pocm3w2p.fsf@gnu.org
tags 27388 fixed
close 27388
?
Your comment

This issue is archived.

To comment on this conversation send an email to 27388@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 27388
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch