GNU bug report logs - #39819
guix-service-type authorized keys are not honored when /etc/guix/acl exists

Previous Next

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Fri, 28 Feb 2020 04:31:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: 39819 <at> debbugs.gnu.org
Subject: bug#39819: guix-service-type authorized keys are not honored when /etc/guix/acl exists
Date: Thu, 27 Feb 2020 23:30:33 -0500

Hello,

I spent the evening debugging why my authorized keys for the
guix-service-type wouldn't appear under /etc/guix/acl upon
reconfiguration (and 'guix offload test' would be unhelpfully reporting
"guix offload: error: program
`/gnu/store/n9633hls7097236l4j8i1aiv5bppyf0q-guix-1.0.1-13.50299ad/bin/guix'
failed with exit code 1", see issue <https://bugs.gnu.org/34786>).

It turns out that the guix-activation script that is supposed to add the authorized keys does this:

--8<---------------cut here---------------start------------->8---
   (unless (file-exists? "/etc/guix/acl")
     (mkdir-p "/etc/guix")
     (copy-file #+default-acl "/etc/guix/acl")
     (chmod "/etc/guix/acl" #o600)))))
--8<---------------cut here---------------end--------------->8---

i.e., it doesn't do anything if a /etc/guix/acl file already exists.
This means that the only time it ought to do anything is the first time
the system was reconfigured (or perhaps, init?).

I would have expected the keys declared in my operating system
configuration to be used along those with /etc/guix/acl, or added to it.

Maxim
This bug report was last modified 4 years and 267 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.