offloading: Add support for keyfile-less keys as used by GnuPG

DoneSubmitted by ng0.
Details
2 participants
  • Ludovic Courtès
  • ng0
Owner
unassigned
Severity
normal
N
(address . bug-guix@gnu.org)
20170615185615.2mvxprvn6bn523gn@abyayala
At the moment the field (private-key) in /etc/guix/machines.scm expectsto be a file.When you use GnuPG authentication keys for ssh logins, you have nopubkey file, but you have a very long pubkey which can be used with~/.ssh/authorized_keys and similar mechanisms.
Example:
user@abyayala ~/src/guix/guix$ cat /etc/guix/machines.scm(list (build-machine (privat-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgRM0G+Dnl/wlrHNb9sr3/yW9tHA8weIbwvfly/NRW6LHSLIPvsLksabVQsYbUH6i2aK2ZlE3Oo+H/R2wrs7dmVCo57O4MbZk8Kb0fatN3qhq6g/+bNobVIexS5XN6g5JcmXM4ZzR8Q0rEd46oaxFWy8nDSw4RR1d+OU5/Z/LHR1VUTCQKU0Q1Jv//4YFVq/BEf6oj4SU9+/Li9kUo9f++i4PaiWyrQDm1FAYtMGW5MBKH3ohO1dlPgqNjdeqTjZfgvCMPdbyV6Xwtz7KVkCR0+r9u7JefCCKUXL3Ap4VPtjhyCLoRuqJ+ZIp9XR2wf3rVGR6KRcLWPEXLkGfAPCs+7uAnfReBxNiWYt+FHuQpeyUld8u8E0G8u9FSf/l25A85QrQK0EUrVHdFc1q8tcCeq0EomoIPl7GnwtDIwYmkWtViCz0ivVRvNBUTXvq0XtI/9kLgcBgKfzap8dLeVSXJrUhYlbcOZNnstzkmut1ce8my5TwSRzr2dxgUF8563cM3cdLu+C9bdMWvR/s4xwu6Q5opbehdFHd2Hj/Lnqv+xwNKNFkhZCHiyum8L/VKQAsboXgJ7/sB7CHsEcBif73RWj3bFcMnPHHlJgxXB1aOH4kM+y6fF8wW/bGC/9gGiYXzovdbopv3B89oyuT73aoXg4TIPz6gv6Bg1OiGpfseGw== (none)")-- ng0OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588https://krosos.org/~/ng0/https://www.infotropique.org
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllC2E8ACgkQ4i+bv+40hYhY0RAAuIt0ttIBwjAxhPMOCJqXnr7+rbQ3BJPnazJXlPsz7k8+mudFlpPsJh4ccijaQqFBPsrO1KnEU5EaiHkbT8avFFlYj4VnLIxd3hbUwGqZXf5w3fCpaQOBVZ06ri8SWHn91FugPvp+MCnCdxrLEAoQxCF5HAMWJvCkPQUrSi3cA36zXQ6V7ZfPMmUmarP48Q+fUGPF9ZDxKoWdJRDrhwDdkYxFjzBAKMbRYgRVv0Lmt7bDdV/ucSZjOoNUCrkSVkBSncy6tFd1xdd21d+85q41qGU6T63vTGjjRlUrJDkCQAqinMcVgN/XXu7fw/PxbIcQeLESx0yts/TfzYU9m/88KN+kMpKKoM+HS4EeHn7XZBR9EbKGFOtFPKFWFopVWzv73toAYJFCtazGlS+vxwJx5dhWUJLojneqjEVuEDha/k12saqB6tQLeLNrcVj8CnOggt66M/COSl3Hgh1aU9P58mVfD9uG3yZwhuSVPn5UZfmzYtFGVocg94VoruPDpi+cnl6YYogFGr0XcUDMOX4upSNygc+uHt2/zHiW4UhCC3HeW1gyPF9PWkmlYN4g7/Ua3JRFUnh9Amfq2x54BhhX6NRNbOWhlzNpJMYq25skqtGW97b9rPwyxWRaevli0DIRH6xWxNi4c5jEgu0MlWNYOo5st1QXOaMtNDMO38hGWlY==+Kom-----END PGP SIGNATURE-----

N
(address . 27388@debbugs.gnu.org)
20170615191359.ysym3dv4c7f5lwek@abyayala
ng0 transcribed 2.3K bytes:
Toggle quote (14 lines)> At the moment the field (private-key) in /etc/guix/machines.scm expects> to be a file.> When you use GnuPG authentication keys for ssh logins, you have no> pubkey file, but you have a very long pubkey which can be used with> ~/.ssh/authorized_keys and similar mechanisms.> > Example:> > user@abyayala ~/src/guix/guix$ cat /etc/guix/machines.scm> (list (build-machine> …> (privat-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgRM0G+Dnl/wlrHNb9sr3/yW9tHA8weIbwvfly/NRW6LHSLIPvsLksabVQsYbUH6i2aK2ZlE3Oo+H/R2wrs7dmVCo57O4MbZk8Kb0fatN3qhq6g/+bNobVIexS5XN6g5JcmXM4ZzR8Q0rEd46oaxFWy8nDSw4RR1d+OU5/Z/LHR1VUTCQKU0Q1Jv//4YFVq/BEf6oj4SU9+/Li9kUo9f++i4PaiWyrQDm1FAYtMGW5MBKH3ohO1dlPgqNjdeqTjZfgvCMPdbyV6Xwtz7KVkCR0+r9u7JefCCKUXL3Ap4VPtjhyCLoRuqJ+ZIp9XR2wf3rVGR6KRcLWPEXLkGfAPCs+7uAnfReBxNiWYt+FHuQpeyUld8u8E0G8u9FSf/l25A85QrQK0EUrVHdFc1q8tcCeq0EomoIPl7GnwtDIwYmkWtViCz0ivVRvNBUTXvq0XtI/9kLgcBgKfzap8dLeVSXJrUhYlbcOZNnstzkmut1ce8my5TwSRzr2dxgUF8563cM3cdLu+C9bdMWvR/s4xwu6Q5opbehdFHd2Hj/Lnqv+xwNKNFkhZCHiyum8L/VKQAsboXgJ7/sB7CHsEcBif73RWj3bFcMnPHHlJgxXB1aOH4kM+y6fF8wW/bGC/9gGiYXzovdbopv3B89oyuT73aoXg4TIPz6gv6Bg1OiGpfseGw== (none)")> …
Actually this might be the wrong approach.
The key you see above is the public key equivalent to the ssh pubkey.The private key is only in the GnuPG keyring.
Solution for this kind of situations are welcome. For now I'll usessh pubkeys.-- ng0OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588https://krosos.org/~/ng0/https://www.infotropique.org
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllC3HcACgkQ4i+bv+40hYg4VRAAkxOaJaKoJJzkNugBwakU1ICjWECbydQBDbrMgIrAirJhZ0HYS/zD5l0io+iwkKQERBgoVIG/aPjkv4Kah4S0aXilWXTdZLQ/F42U+xOfY7361JL0pDGpIw70/NbZ4gUC+LNSnn5JwGzg7lbM3WWdnBfZMYwwmAORQ23p1hhyd3bDGvOmtl2i7YPQvwoDbHAqZ78nmHI04wqLoKSyjAHMI9HMlMfS+NT4k2Cvj7tuk8vWDLhN33f0m/atmlDzPDKczgPNFqHAVW6ruu6uvuDw0cBJ79P6BrVfTMt2UGmmK6fu/zkpfOzBMVdITLILtp9mqrHNM4WMLUWdF+tUH7Cu4vZkU6yjV0qS0JVDn3zZTNe7/zoyadVeWJx44IQTFiKvcWvfPWz4jYiKuB8gVxGR/etT18SBE6Z9UvV25sCPc8s0WWBcDfXwqoL048hKiuLP/aQYUbHR4gtsIpFSPAm17rHyD1mHrTbj0L7IquBnJp+u04QXn/BjlgITCLWtNpw4evuO0bKsepk7EvilPudEpgEsMYxTBua4z7tKVfQcUtfl8RNsSnbH2tshay04SYtnkhhvsnM4ItVpFAs2qyCdYq4cnAM/Q/OM84z4fBFgiBa9CxqL7HUx15JJTfsD1LmVIRzspEevAn+VnGZjcvwe142EHSWhbhynbAgC5vLRYp0==lrXm-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 26 Jun 2017 21:57
control message for bug #27388
(address . control@debbugs.gnu.org)
87o9ta7c9g.fsf@gnu.org
tags 27388 notabugclose 27388
N
Re: bug#27388 acknowledged by developer (control message for bug #27388)
(address . 27388@debbugs.gnu.org)(name . ng0)(address . ng0@infotropique.org)
20170626211742.77hmsiu2ld3gpm5d@abyayala
GNU bug Tracking System transcribed 0.4K bytes:
Toggle quote (15 lines)> This is an automatic notification regarding your bug report> #27388: offloading: Add support for keyfile-less keys as used by GnuPG,> which was filed against the guix package.> > Thank you for your report, which has now been closed.> You can view the full report at> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27388> > If you require further information, please followup to 27388@debbugs.gnu.org.> > debbugs.gnu.org maintainers> (administrator, GNU bugs database)> >
Could someone tell me why this has been closed?-- ng0OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588infotropique: https://www.infotropique.orgpersonal: https://ng-0.github.iohttps://krosos.org/
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllRefYACgkQ4i+bv+40hYiD+xAAl6uij1JqNtU8VzO7kXgmo8NC3AS/4ZtUPGTnXh/tSwYBowAdoYp0V5YgBLiYsgeXHjmorTHNKgfhiCglblIORxP6LhGH29Hbcm2dXCbWceEofwd32ZqIyhqp6Ltlb/8/SWNanuY91m4+HP0r7/souzV8Wz7aRs/EQOz/9KK597+Q1kynEGDVnYKy2YuPWeWfZhw1HvU5b+3IxTNbPpV1aok1tTPhFpLGtwK94EGKuQvlFzoklgrn3pIbYswnCg7aIJj09goB9oco701+tBPyC6gOR/O50Ol0hG6VD2y+sAAAQ5VJ7L0Bxq4UuNsy3dLZp7lfJeZ6RnZrXun0GdfWPAFO/xCsgIFU7Vf65fNyh5Br31JCdNz0vQnTMDhqk/y0tUOa6Qp1PC28h7gu+D6QaW4/hCobKqOtLAm1l/14XW7wG1CfuEQxSLkIz82aIXFsZ8Hkyxao2kEZRz4HN2mWkuLQTNWOeR9HVkFo9Ie63oVdh15rfKZ/UVsIpLq5mqmEMLMWKt8NeK5n0Oo+QcaKSlthXJJQBknyK0ByfbVpr3x8PZRxeK3UZtHmPx5DvWsLR7avNaGctQ70fseB1U0Szf7p1yzrbC0ZZlxuYHhqTmZTAalAgfqkdr8kDonYcOKMFCmGIm/CnVqgEC7L8E7Ij5e+Zg47+XwEWQFR/YW+3Vc==nflA-----END PGP SIGNATURE-----

N
Re: bug#27388: offloading: Add support for keyfile-less keys as used by GnuPG
(address . 27388@debbugs.gnu.org)
20170703221656.3lhbbpvqs2ynh3ib@abyayala
ng0 transcribed 2.6K bytes:
Toggle quote (27 lines)> ng0 transcribed 2.3K bytes:> > At the moment the field (private-key) in /etc/guix/machines.scm expects> > to be a file.> > When you use GnuPG authentication keys for ssh logins, you have no> > pubkey file, but you have a very long pubkey which can be used with> > ~/.ssh/authorized_keys and similar mechanisms.> > > > Example:> > > > user@abyayala ~/src/guix/guix$ cat /etc/guix/machines.scm> > (list (build-machine> > …> > (privat-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgRM0G+Dnl/wlrHNb9sr3/yW9tHA8weIbwvfly/NRW6LHSLIPvsLksabVQsYbUH6i2aK2ZlE3Oo+H/R2wrs7dmVCo57O4MbZk8Kb0fatN3qhq6g/+bNobVIexS5XN6g5JcmXM4ZzR8Q0rEd46oaxFWy8nDSw4RR1d+OU5/Z/LHR1VUTCQKU0Q1Jv//4YFVq/BEf6oj4SU9+/Li9kUo9f++i4PaiWyrQDm1FAYtMGW5MBKH3ohO1dlPgqNjdeqTjZfgvCMPdbyV6Xwtz7KVkCR0+r9u7JefCCKUXL3Ap4VPtjhyCLoRuqJ+ZIp9XR2wf3rVGR6KRcLWPEXLkGfAPCs+7uAnfReBxNiWYt+FHuQpeyUld8u8E0G8u9FSf/l25A85QrQK0EUrVHdFc1q8tcCeq0EomoIPl7GnwtDIwYmkWtViCz0ivVRvNBUTXvq0XtI/9kLgcBgKfzap8dLeVSXJrUhYlbcOZNnstzkmut1ce8my5TwSRzr2dxgUF8563cM3cdLu+C9bdMWvR/s4xwu6Q5opbehdFHd2Hj/Lnqv+xwNKNFkhZCHiyum8L/VKQAsboXgJ7/sB7CHsEcBif73RWj3bFcMnPHHlJgxXB1aOH4kM+y6fF8wW/bGC/9gGiYXzovdbopv3B89oyuT73aoXg4TIPz6gv6Bg1OiGpfseGw== (none)")> > …> > Actually this might be the wrong approach.> > The key you see above is the public key equivalent to the ssh pubkey.> The private key is only in the GnuPG keyring.> > Solution for this kind of situations are welcome. For now I'll use> ssh pubkeys.> -- > ng0> OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588> https://krosos.org/~/ng0/ https://www.infotropique.org
Ignore the second message in this thread. I tried to providea possible solution which lead to the believe that this isconsidered solved. It isn't. This wishlist bug is still wanted.-- ng0GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588GnuPG: https://n0is.noblogs.org/my-keyshttps://www.infotropique.orghttps://krosos.org
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllawlgACgkQ4i+bv+40hYiRCQ/9G6RwJ2ogc6HEZ2G6V4npw495HePVru9+g6JyCUV+ZbAZXjJtFqFv0xODOpcfBq2G+zmF2iLV8ZPtxVTj9ZGHKdAOSty1jo+2ehluVA5YrPKS/g035uZJPpTceqXIJU1w3UxHHJStMXP9HjGnLDR2TGrARmLnLY8kkItEDWO68gVTtfhRu+KN/WKssi1VKUelOcb91qkmvV+ixc/uR/spRvGF5/rZE43kz2NOWxwqubadYXc/H5+SPhX3P0eilmajuCy3dOcbdgcyDaxmXfvNE/MAMgl7Lxo56qM7DnA04RWAP36/p6SCQ74xXbIoEUrd8ii9i9ZWXLspluFpIQF9AL5tj7LQGn6FuC7L0wIv90L1+AYfewx7IE5K01UIYvE2n6VUwwtlGeq+gZfcr/OMRPcYDP6YY+K8mC+pCBz55yJLdGL9mZxo3RfusXzRAKm+Zl3JzDxyahbc+HmiinuRb4yVc0JSsVvJEGfS8qKCrckp3dui19lYSXOdJxto4Mz2jJSWlM4pkZmsaGMuBJHIBLYy3Cxuo/I5dUo/5ZtJpSJa+TfxIow1pfQf8bEJ/s70nZBCGpFU2tlXZatN5XCJbEgd4awMuigCTyW0+CxgX3zvbGHPePMA7m18oJB2zMQ1YjDt8CeppLT7t5KZmXYWmo5P7He0cHbSY7NYsEV4FWE==2p1A-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 27 Jul 2017 14:26
control message for bug #27388
(address . control@debbugs.gnu.org)
87pocm3w2p.fsf@gnu.org
tags 27388 fixedclose 27388
?
Your comment

This issue is archived.

To comment on this conversation send email to 27388@debbugs.gnu.org