[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I install a file with custom permissions?

From: Julien Lepiller
Subject: Re: How do I install a file with custom permissions?
Date: Tue, 29 Nov 2022 20:34:21 +0100
User-agent: K-9 Mail for Android

Hi Timo,

Files in the store are always world-readable and there's nothing you can do to 
change that. There has been discussions in the past about how to handle secrets 
in the store, but no solution so far.

One thing you can do, if wireguard allows it, is to have the pre-shared key in 
a separate file out of the store and simply point the config to that file 
(instead of using a file-like object). This is how we handle other secrets so 

Le 29 novembre 2022 20:24:13 GMT+01:00, Timo Wilken <> a écrit :
>Hi Guixers,
>I'm trying to patch the `wireguard-service-type' to accept pre-shared
>keys and add them to the generated config. This all seems to work
>fine, except that I can't get guix to generate a non-world-readable
>configuration file.
>I've tried adding a `(chmod port #o400)' call to the end of the lambda
>that generates the config file (gnu/services/vpn.scm lines 784-838),
>but that seems to have no effect -- the resulting file at
>/gnu/store/...-wireguard-config/wg0.conf is still
>world-readable. Adding `(chmod #$config-file #o400)' after the
>`call-with-output-file' call doesn't work either.
>What do I need to do to make guix install the generated config file
>with 0400 permissions?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]