aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2018-12-05 16:16:05 +0100
committerLudovic Courtès <ludo@gnu.org>2018-12-05 16:24:50 +0100
commit970ebdae8cef6488c196ed899a774cda54da3588 (patch)
tree004b49f617f36a44b3aef968d23c06443cbf4202
parenteeedb094ec93ac63e92f733165a3e6883f6002ba (diff)
downloadguix-970ebdae8cef6488c196ed899a774cda54da3588.tar
guix-970ebdae8cef6488c196ed899a774cda54da3588.tar.gz
services: guix-daemon: Fix authorization of multiple keys.
Previously, the 'unless (file-exists? "/etc/guix/acl")' guard would mean that only the first key in the list would get registered since were were generating one registration snippet per key. This fixes that. * gnu/services/base.scm (hydra-key-authorization): Change to be a 'for-each' loop iterating on #$KEYS.
-rw-r--r--gnu/services/base.scm42
1 files changed, 21 insertions, 21 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index cee9898d79..89e39f7690 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1499,26 +1499,27 @@ starting at FIRST-UID, and under GID."
1+
1))
-(define (hydra-key-authorization key guix)
- "Return a gexp with code to register KEY, a file containing a 'guix archive'
-public key, with GUIX."
+(define (hydra-key-authorization keys guix)
+ "Return a gexp with code to register KEYS, a list of files containing 'guix
+archive' public keys, with GUIX."
#~(unless (file-exists? "/etc/guix/acl")
- (let ((pid (primitive-fork)))
- (case pid
- ((0)
- (let* ((key #$key)
- (port (open-file key "r0b")))
- (format #t "registering public key '~a'...~%" key)
- (close-port (current-input-port))
- (dup port 0)
- (execl #$(file-append guix "/bin/guix")
- "guix" "archive" "--authorize")
- (exit 1)))
- (else
- (let ((status (cdr (waitpid pid))))
- (unless (zero? status)
- (format (current-error-port) "warning: \
-failed to register public key '~a': ~a~%" key status))))))))
+ (for-each (lambda (key)
+ (let ((pid (primitive-fork)))
+ (case pid
+ ((0)
+ (let* ((port (open-file key "r0b")))
+ (format #t "registering public key '~a'...~%" key)
+ (close-port (current-input-port))
+ (dup port 0)
+ (execl #$(file-append guix "/bin/guix")
+ "guix" "archive" "--authorize")
+ (primitive-exit 1)))
+ (else
+ (let ((status (cdr (waitpid pid))))
+ (unless (zero? status)
+ (format (current-error-port) "warning: \
+failed to register public key '~a': ~a~%" key status)))))))
+ '(#$@keys))))
(define %default-authorized-guix-keys
;; List of authorized substitute keys.
@@ -1632,8 +1633,7 @@ failed to register public key '~a': ~a~%" key status))))))))
;; Optionally authorize substitute server keys.
(if authorize-key?
- #~(begin
- #$@(map (cut hydra-key-authorization <> guix) keys))
+ (hydra-key-authorization keys guix)
#~#f))))
(define* (references-file item #:optional (name "references"))