diff options
author | Ludovic Courtès <ludo@gnu.org> | 2018-12-05 16:16:05 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2018-12-05 16:24:50 +0100 |
commit | 970ebdae8cef6488c196ed899a774cda54da3588 (patch) | |
tree | 004b49f617f36a44b3aef968d23c06443cbf4202 | |
parent | eeedb094ec93ac63e92f733165a3e6883f6002ba (diff) | |
download | guix-970ebdae8cef6488c196ed899a774cda54da3588.tar guix-970ebdae8cef6488c196ed899a774cda54da3588.tar.gz |
services: guix-daemon: Fix authorization of multiple keys.
Previously, the 'unless (file-exists? "/etc/guix/acl")' guard would mean
that only the first key in the list would get registered since were were
generating one registration snippet per key. This fixes that.
* gnu/services/base.scm (hydra-key-authorization): Change to be a
'for-each' loop iterating on #$KEYS.
-rw-r--r-- | gnu/services/base.scm | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index cee9898d79..89e39f7690 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1499,26 +1499,27 @@ starting at FIRST-UID, and under GID." 1+ 1)) -(define (hydra-key-authorization key guix) - "Return a gexp with code to register KEY, a file containing a 'guix archive' -public key, with GUIX." +(define (hydra-key-authorization keys guix) + "Return a gexp with code to register KEYS, a list of files containing 'guix +archive' public keys, with GUIX." #~(unless (file-exists? "/etc/guix/acl") - (let ((pid (primitive-fork))) - (case pid - ((0) - (let* ((key #$key) - (port (open-file key "r0b"))) - (format #t "registering public key '~a'...~%" key) - (close-port (current-input-port)) - (dup port 0) - (execl #$(file-append guix "/bin/guix") - "guix" "archive" "--authorize") - (exit 1))) - (else - (let ((status (cdr (waitpid pid)))) - (unless (zero? status) - (format (current-error-port) "warning: \ -failed to register public key '~a': ~a~%" key status)))))))) + (for-each (lambda (key) + (let ((pid (primitive-fork))) + (case pid + ((0) + (let* ((port (open-file key "r0b"))) + (format #t "registering public key '~a'...~%" key) + (close-port (current-input-port)) + (dup port 0) + (execl #$(file-append guix "/bin/guix") + "guix" "archive" "--authorize") + (primitive-exit 1))) + (else + (let ((status (cdr (waitpid pid)))) + (unless (zero? status) + (format (current-error-port) "warning: \ +failed to register public key '~a': ~a~%" key status))))))) + '(#$@keys)))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. @@ -1632,8 +1633,7 @@ failed to register public key '~a': ~a~%" key status)))))))) ;; Optionally authorize substitute server keys. (if authorize-key? - #~(begin - #$@(map (cut hydra-key-authorization <> guix) keys)) + (hydra-key-authorization keys guix) #~#f)))) (define* (references-file item #:optional (name "references")) |