bug#52517: inconstency with offloading

[Ludovic Courtès]

Hi,

zimoun <zimon.toutoune@gmail.com> skribis:

> On Mon, 03 Jan 2022 at 17:52, Ludovic Courtès <ludo@gnu.org> wrote:
>
>> This is because guix-daemon spawns ‘guix offload’ as root.
>
> Yes.  The issue is I cannot offload to a machine where I have an SSH
> account and where Guix is installed if the sysadmin does not configure
> correctly this /root/.ssh/.

True.  That’s admittedly not as flexible as it could be.

Interestingly, GUIX_DAEMON_SOCKET=ssh://… almost achieves that.

Perhaps we could implement “user-level offloading”, probably in addition
to system-wide offloading?  Food for thought…

>> diff --git a/doc/guix.texi b/doc/guix.texi
>> index 43549da388..9c1f30e83f 100644
>> --- a/doc/guix.texi
>> +++ b/doc/guix.texi
>> @@ -1250,9 +1250,10 @@ The @file{/etc/guix/machines.scm} file typically 
>> looks like this:
>>          (systems (list "aarch64-linux"))
>>          (host-key "ssh-rsa AAAAB3Nza@dots{}")
>>          (user "alice")
>> -        (private-key
>> -         (string-append (getenv "HOME")
>> -                        "/.ssh/identity-for-guix"))))
>> +
>> +        ;; Remember 'guix offload' is spawned by
>> +        ;; 'guix-daemon' as root.
>> +        (private-key "/root/.ssh/identity-for-guix")))
>
> This patch LGTM.  At least, it could save time for people configuring
> offload. :-)

Alright, committing.

> I am fine to close the issue but, as I said, the fix seems to be able to
> offload without root access but just an SSH access.

Yes, we can discuss that separately.

A simple design would be to have clients install a “build handler”; when
the handler is called, it selects a machine, open a remote store
connection, copies missing inputs, starts the build, retrieves
outputs—all that from the client.  Of course admins still have to
authorize keys both ways, but at least that gives more flexibility.  (We
could also have a model where keys are authorized just one-way.)

Thanks,
Ludo’.