aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-06-04 16:07:09 +0200
committerLudovic Courtès <ludo@gnu.org>2014-06-04 18:15:50 +0200
commit2c5c696c39b2d80b1e1b1f477822a6711d779b71 (patch)
treede72ce0c717bf6c1734797fdd33b70fb1f6625f4
parent202adef2ec8d7bbfb6a7c216e96b2306e03c759f (diff)
downloadguix-2c5c696c39b2d80b1e1b1f477822a6711d779b71.tar
guix-2c5c696c39b2d80b1e1b1f477822a6711d779b71.tar.gz
install: Register the hydra.gnu.org key on the installation image.
* gnu/services/base.scm (hydra-key-authorization): New procedure. (guix-service): Add #:authorize-hydra-key? parameter; honor it using 'hydra-key-authorization'. * gnu/system/install.scm (installation-services): Pass #:authorize-hydra-key? #t.
-rw-r--r--gnu/services/base.scm35
-rw-r--r--gnu/system/install.scm7
2 files changed, 38 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 4442203524..463185d53c 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -330,10 +330,37 @@ starting at FIRST-UID, and under GID."
1+
1))))
+(define (hydra-key-authorization guix)
+ "Return a gexp with code to register the hydra.gnu.org public key with
+GUIX."
+ #~(unless (file-exists? "/etc/guix/acl")
+ (let ((pid (primitive-fork)))
+ (case pid
+ ((0)
+ (let* ((key (string-append #$guix
+ "/share/guix/hydra.gnu.org.pub"))
+ (port (open-file key "r0b")))
+ (format #t "registering public key '~a'...~%" key)
+ (close-port (current-input-port))
+ ;; (close-fdes 0)
+ (dup port 0)
+ (execl (string-append #$guix "/bin/guix")
+ "guix" "archive" "--authorize")
+ (exit 1)))
+ (else
+ (let ((status (cdr (waitpid pid))))
+ (unless (zero? status)
+ (format (current-error-port) "warning: \
+failed to register hydra.gnu.org public key: ~a~%" status))))))))
+
(define* (guix-service #:key (guix guix) (builder-group "guixbuild")
- (build-accounts 10))
+ (build-accounts 10) authorize-hydra-key?)
"Return a service that runs the build daemon from GUIX, and has
-BUILD-ACCOUNTS user accounts available under BUILD-USER-GID."
+BUILD-ACCOUNTS user accounts available under BUILD-USER-GID.
+
+When AUTHORIZE-HYDRA-KEY? is true, the hydra.gnu.org public key provided by
+GUIX is authorized upon activation, meaning that substitutes from
+hydra.gnu.org are used by default."
(mlet %store-monad ((accounts (guix-build-accounts build-accounts
#:group builder-group)))
(return (service
@@ -349,7 +376,9 @@ BUILD-ACCOUNTS user accounts available under BUILD-USER-GID."
(user-groups (list (user-group
(name builder-group)
(members (map user-account-name
- user-accounts)))))))))
+ user-accounts)))))
+ (activate (and authorize-hydra-key?
+ (hydra-key-authorization guix)))))))
(define %base-services
;; Convenience variable holding the basic services.
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index c69e51b2b5..707f6b6c86 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -77,7 +77,12 @@ You have been warned. Thanks for being so brave.
;; The usual services.
(syslog-service)
- (guix-service)
+
+ ;; The build daemon. Register the hydra.gnu.org key as trusted.
+ ;; This allows the installation process to use substitutes by
+ ;; default.
+ (guix-service #:authorize-hydra-key? #t)
+
(nscd-service))))
(define %issue