[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#39819: guix-service-type authorized keys are not honored when /etc/g
bug#39819: guix-service-type authorized keys are not honored when /etc/guix/acl exists
Thu, 27 Feb 2020 23:32:53 -0500
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
Maxim Cournoyer <address@hidden> writes:
> I spent the evening debugging why my authorized keys for the
> guix-service-type wouldn't appear under /etc/guix/acl upon
> reconfiguration (and 'guix offload test' would be unhelpfully reporting
> "guix offload: error: program
> failed with exit code 1", see issue <https://bugs.gnu.org/34786>).
> It turns out that the guix-activation script that is supposed to add the
> authorized keys does this:
> (unless (file-exists? "/etc/guix/acl")
> (mkdir-p "/etc/guix")
> (copy-file #+default-acl "/etc/guix/acl")
> (chmod "/etc/guix/acl" #o600)))))
> i.e., it doesn't do anything if a /etc/guix/acl file already exists.
> This means that the only time it ought to do anything is the first time
> the system was reconfigured (or perhaps, init?).
> I would have expected the keys declared in my operating system
> configuration to be used along those with /etc/guix/acl, or added to it.
I forgot to mention, the above code is from (gnu services base), more
specifically from the `substitute-key-authorization' procedure.