[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/05: services: guix: Add 'generate-substitute-key?' field.
From: |
guix-commits |
Subject: |
01/05: services: guix: Add 'generate-substitute-key?' field. |
Date: |
Thu, 10 Mar 2022 17:51:01 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 5e34e873af088ef9aa417290bcddf5b095501614
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Thu Mar 10 22:27:04 2022 +0100
services: guix: Add 'generate-substitute-key?' field.
* gnu/services/base.scm (<guix-configuration>)[generate-substitute-key?]:
New field.
(guix-activation): Honor it.
* doc/guix.texi (Base Services): Document it.
---
doc/guix.texi | 12 ++++++++++++
gnu/services/base.scm | 8 ++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index f479fe05ff..01c16ba85d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -17030,6 +17030,18 @@ This example assumes that the file
@file{./guix.example.org-key.pub}
contains the public key that @code{guix.example.org} uses to sign
substitutes.
+@item @code{generate-substitute-key?} (default: @code{#t})
+Whether to generate a @dfn{substitute key pair} under
+@file{/etc/guix/signing-key.pub} and @file{/etc/guix/signing-key.sec} if
+there is not already one.
+
+This key pair is used when exporting store items, for instance with
+@command{guix publish} (@pxref{Invoking guix publish}) or @command{guix
+archive} (@pxref{Invoking guix archive}). Generating a key pair takes a
+few seconds when enough entropy is available and is only done once; you
+might want to turn it off for instance in a virtual machine that does
+not need it and where the extra boot time is a problem.
+
@item @code{max-silent-time} (default: @code{0})
@itemx @code{timeout} (default: @code{0})
The number of seconds of silence and the number of seconds of activity,
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 463f034305..f278cb76de 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -183,6 +183,7 @@
guix-configuration-authorized-keys
guix-configuration-use-substitutes?
guix-configuration-substitute-urls
+ guix-configuration-generate-substitute-key?
guix-configuration-extra-options
guix-configuration-log-file
@@ -1565,6 +1566,8 @@ archive' public keys, with GUIX."
(default #t))
(substitute-urls guix-configuration-substitute-urls ;list of strings
(default %default-substitute-urls))
+ (generate-substitute-key? guix-configuration-generate-substitute-key?
+ (default #t)) ;Boolean
(chroot-directories guix-configuration-chroot-directories ;list of
file-like/strings
(default '()))
(max-silent-time guix-configuration-max-silent-time ;integer
@@ -1749,14 +1752,15 @@ proxy of 'guix-daemon'...~%")
(define (guix-activation config)
"Return the activation gexp for CONFIG."
(match-record config <guix-configuration>
- (guix authorize-key? authorized-keys)
+ (guix generate-substitute-key? authorize-key? authorized-keys)
#~(begin
;; Assume that the store has BUILD-GROUP as its group. We could
;; otherwise call 'chown' here, but the problem is that on a COW
overlayfs,
;; chown leads to an entire copy of the tree, which is a bad idea.
;; Generate a key pair and optionally authorize substitute server keys.
- (unless (file-exists? "/etc/guix/signing-key.pub")
+ (unless (or #$(not generate-substitute-key?)
+ (file-exists? "/etc/guix/signing-key.pub"))
(system* #$(file-append guix "/bin/guix") "archive"
"--generate-key"))