GNU bug report logs -
#53752
guix home cannot configure authorized_keys
Previous Next
Full log
Message #31 received at 53752 <at> debbugs.gnu.org (full text, mbox):
Am Montag, dem 07.02.2022 um 22:02 +0100 schrieb Maxime Devos:
> Zacchaeus Scheffer schreef op ma 07-02-2022 om 14:47 [-0500]:
> > I was able create the desired effect with the following service
> > definition:
> > (simple-service
> > 'my-activation-service
> > home-activation-service-type
> > (gexp
> > (begin
> > (chdir (ungexp user-home))
> > (if (not (file-exists? ".ssh"))
> > (mkdir ".ssh"))
> > (chmod ".ssh" #o700)
> > (chdir ".ssh")
> > (let ((port (open-output-file "authorized_keys")))
> > (display (ungexp authorized-keys) port)
> > (close-port port))
> > (chmod "authorized_keys" #o600)
> > (chdir ".."))))
> > where 'user-home and 'authorized-keys are appropriate strings
> > defined earlier in the file.
> >
> > I believe that resolves the issue,
>
> Users shouldn't have to do this (relatively) huge block of relatively
> inscrutable code though, I believe something along these lines (or a
> different solution) needs to be implemented in Guix itself somewhere
> before the issue is resolved.
I'll again be pointing at the "don't put secrets into your store"
shield. We'd have to find a reasonable way of encrypting sensitive
data before we can do a home-ssh-service-type.
@Zacchaeus, your code can likely be simplified to
#~(with-directory-excursion #$user-home
(mkdir-p ".ssh")
(chmod ".ssh" #o700)
(with-directory-excursion ".ssh"
(copy-file #$authorized-keys "authorized_keys")
(chmod "authorized_keys" #o600)))
though perhaps there's some magic incantation to import (guix build
utils) for mkdir-p and with-directory-excursion that I'm missing here.
Cheers
This bug report was last modified 3 years and 183 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.