GNU bug report logs - #39819
guix-service-type authorized keys are not honored when /etc/guix/acl exists

Previous Next

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Fri, 28 Feb 2020 04:31:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Jan Nieuwenhuizen <janneke <at> gnu.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: guix-devel <at> gnu.org, 39819 <at> debbugs.gnu.org
Subject: bug#39819: Declarative /etc/guix/acl?
Date: Mon, 12 Oct 2020 22:26:51 +0200

Ludovic Courtès writes:

Hello,

> Jan Nieuwenhuizen <janneke <at> gnu.org> skribis:
>
>> Ludovic Courtès writes:
>
>> However, if you have your own substitute server, you now can run guix
>> archive --authorize < ..., e.g. at bootstrap/install time.  For such
>> cases, IWBN to have a --authorized-key argument to guix build / guix
>> system.
>
> There’s already an ‘authorized-keys’ field in ‘guix-configuration’:
>
>   https://guix.gnu.org/manual/devel/en/html_node/Base-Services.html#index-guix_002dconfiguration
>
> So you would just list keys there.  Is that what you have in mind?
>
> The option is already there, it’s just non-authoritative.

I was thinking about the initial installer scenario; when guix-daemon is
already running and you didn't build the guix system yourself.  But
yeah, I guess this is an exceptional or corner case and you can always
build your own installer and add the key there.

Janneke

-- 
Jan Nieuwenhuizen <janneke <at> gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
This bug report was last modified 4 years and 212 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.