GNU bug report logs -
#39819
guix-service-type authorized keys are not honored when /etc/guix/acl exists
Previous Next
Full log
Message #8 received at 39819 <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> Hello,
>
> I spent the evening debugging why my authorized keys for the
> guix-service-type wouldn't appear under /etc/guix/acl upon
> reconfiguration (and 'guix offload test' would be unhelpfully reporting
> "guix offload: error: program
> `/gnu/store/n9633hls7097236l4j8i1aiv5bppyf0q-guix-1.0.1-13.50299ad/bin/guix'
> failed with exit code 1", see issue <https://bugs.gnu.org/34786>).
>
> It turns out that the guix-activation script that is supposed to add the authorized keys does this:
>
> (unless (file-exists? "/etc/guix/acl")
> (mkdir-p "/etc/guix")
> (copy-file #+default-acl "/etc/guix/acl")
> (chmod "/etc/guix/acl" #o600)))))
>
> i.e., it doesn't do anything if a /etc/guix/acl file already exists.
> This means that the only time it ought to do anything is the first time
> the system was reconfigured (or perhaps, init?).
>
> I would have expected the keys declared in my operating system
> configuration to be used along those with /etc/guix/acl, or added to it.
I forgot to mention, the above code is from (gnu services base), more
specifically from the `substitute-key-authorization' procedure.
This bug report was last modified 4 years and 268 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.