GNU bug report logs - #39819
guix-service-type authorized keys are not honored when /etc/guix/acl exists

Previous Next

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Fri, 28 Feb 2020 04:31:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Jan Nieuwenhuizen <janneke <at> gnu.org>
Cc: guix-devel <at> gnu.org, 39819 <at> debbugs.gnu.org
Subject: bug#39819: Declarative /etc/guix/acl?
Date: Mon, 12 Oct 2020 14:53:24 +0200

Hi,

Jan Nieuwenhuizen <janneke <at> gnu.org> skribis:

> Ludovic Courtès writes:
>
> Hello!
>
>> For some reason, /etc/guix/acl is not declarative on Guix System: we let
>> users modify it and assume it’s stateful, which can surprise users as in
>> <https://issues.guix.gnu.org/39819>.
>>
>> Should we make it declarative, just like most of /etc?  I think so.
>
> Yes, I think so too.

OK.

> However, if you have your own substitute server, you now can run guix
> archive --authorize < ..., e.g. at bootstrap/install time.  For such
> cases, IWBN to have a --authorized-key argument to guix build / guix
> system.

There’s already an ‘authorized-keys’ field in ‘guix-configuration’:

  https://guix.gnu.org/manual/devel/en/html_node/Base-Services.html#index-guix_002dconfiguration

So you would just list keys there.  Is that what you have in mind?

The option is already there, it’s just non-authoritative.

Ludo’.

This bug report was last modified 4 years and 212 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #39819 guix-service-type authorized keys are not honored when /etc/guix/acl exists

GNU bug report logs - #39819
guix-service-type authorized keys are not honored when /etc/guix/acl exists