GNU bug report logs - #39819
guix-service-type authorized keys are not honored when /etc/guix/acl exists

Previous Next

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Fri, 28 Feb 2020 04:31:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #45 received at 39819 <at> debbugs.gnu.org (full text, mbox):

From: Jan Nieuwenhuizen <janneke <at> gnu.org>
To: 39819 <at> debbugs.gnu.org
Cc: ludo <at> gnu.org, maxim.cournoyer <at> gmail.com
Subject: Re: bug#39819: [PATCH 1/2] services: guix: Make /etc/guix/acl
 really declarative by default.
Date: Sun, 25 Oct 2020 06:59:08 +0100

Ludovic Courtès writes:

Hello,

> I went ahead and pushed this as c6ef627c97e5e6a94688baf20892ae3429f86897
> with the changes below, accounting for Vagrant’s comment and for the
> fact that childhurds rely on the non-declarative behavior (which hadn’t
> occurred to me before), as well as fixing other typos.
>
>
> +               ;; By default, the secret service introduces a pre-initialized
> +               ;; /etc/guix/acl file in the childhurd.  Thus, clear
> +               ;; 'authorize-key?' so that it's not overridden at activation
> +               ;; time.
> +               (modify-services %base-services/hurd
> +                 (guix-service-type config =>
> +                                    (guix-configuration
> +                                     (inherit config)
> +                                     (authorize-key? #f))))))))

Ah, good catch!

Janneke

-- 
Jan Nieuwenhuizen <janneke <at> gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
This bug report was last modified 4 years and 212 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.