GNU bug report logs -
#39819
guix-service-type authorized keys are not honored when /etc/guix/acl exists
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
On 2020-10-21, Ludovic Courtès wrote:
> diff --git a/doc/guix.texi b/doc/guix.texi
> index c161012da5..50d2d9a730 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
...
> @@ -14583,6 +14598,27 @@ Whether to use substitutes.
> @item @code{substitute-urls} (default: @code{%default-substitute-urls})
> The list of URLs where to look for substitutes by default.
>
> +Support you would like to fetch substitutes from @code{guix.example.org}
(substitute* "Support" "Suppose")
?
> +in addition to @code{@value{SUBSTITUTE-SERVER}}. You will need to do
> +two things: (1) add @code{guix.example.org} to @code{substitute-urls},
> +and (2) authorize its signing key, having done appropriate checks
> +(@pxref{Substitute Server Authorization}). The configuration below does
> +exactly that:
> +
> +@lisp
> +(guix-configuration
> + (substitute-urls
> + (append (list "https://guix.example.org")
> + %default-substitute-urls))
> + (authorized-keys
> + (append (list (local-file "./guix.example.org-key.pub"))
> + %default-authorized-guix-keys)))
> +@end lisp
> +
> +This example assumes that the file @file{./guix.example.org-key.pub}
> +contains the public key that @code{guix.example.org} uses to sign
> +substitutes.
> +
> @item @code{max-silent-time} (default: @code{0})
> @itemx @code{timeout} (default: @code{0})
> The number of seconds of silence and the number of seconds of activity,
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 212 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.