diff options
author | Ludovic Courtès <ludo@gnu.org> | 2014-06-04 16:07:09 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2014-06-04 18:15:50 +0200 |
commit | 2c5c696c39b2d80b1e1b1f477822a6711d779b71 (patch) | |
tree | de72ce0c717bf6c1734797fdd33b70fb1f6625f4 | |
parent | 202adef2ec8d7bbfb6a7c216e96b2306e03c759f (diff) | |
download | guix-2c5c696c39b2d80b1e1b1f477822a6711d779b71.tar guix-2c5c696c39b2d80b1e1b1f477822a6711d779b71.tar.gz |
install: Register the hydra.gnu.org key on the installation image.
* gnu/services/base.scm (hydra-key-authorization): New procedure.
(guix-service): Add #:authorize-hydra-key? parameter; honor it using
'hydra-key-authorization'.
* gnu/system/install.scm (installation-services): Pass
#:authorize-hydra-key? #t.
-rw-r--r-- | gnu/services/base.scm | 35 | ||||
-rw-r--r-- | gnu/system/install.scm | 7 |
2 files changed, 38 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 4442203524..463185d53c 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -330,10 +330,37 @@ starting at FIRST-UID, and under GID." 1+ 1)))) +(define (hydra-key-authorization guix) + "Return a gexp with code to register the hydra.gnu.org public key with +GUIX." + #~(unless (file-exists? "/etc/guix/acl") + (let ((pid (primitive-fork))) + (case pid + ((0) + (let* ((key (string-append #$guix + "/share/guix/hydra.gnu.org.pub")) + (port (open-file key "r0b"))) + (format #t "registering public key '~a'...~%" key) + (close-port (current-input-port)) + ;; (close-fdes 0) + (dup port 0) + (execl (string-append #$guix "/bin/guix") + "guix" "archive" "--authorize") + (exit 1))) + (else + (let ((status (cdr (waitpid pid)))) + (unless (zero? status) + (format (current-error-port) "warning: \ +failed to register hydra.gnu.org public key: ~a~%" status)))))))) + (define* (guix-service #:key (guix guix) (builder-group "guixbuild") - (build-accounts 10)) + (build-accounts 10) authorize-hydra-key?) "Return a service that runs the build daemon from GUIX, and has -BUILD-ACCOUNTS user accounts available under BUILD-USER-GID." +BUILD-ACCOUNTS user accounts available under BUILD-USER-GID. + +When AUTHORIZE-HYDRA-KEY? is true, the hydra.gnu.org public key provided by +GUIX is authorized upon activation, meaning that substitutes from +hydra.gnu.org are used by default." (mlet %store-monad ((accounts (guix-build-accounts build-accounts #:group builder-group))) (return (service @@ -349,7 +376,9 @@ BUILD-ACCOUNTS user accounts available under BUILD-USER-GID." (user-groups (list (user-group (name builder-group) (members (map user-account-name - user-accounts))))))))) + user-accounts))))) + (activate (and authorize-hydra-key? + (hydra-key-authorization guix))))))) (define %base-services ;; Convenience variable holding the basic services. diff --git a/gnu/system/install.scm b/gnu/system/install.scm index c69e51b2b5..707f6b6c86 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -77,7 +77,12 @@ You have been warned. Thanks for being so brave. ;; The usual services. (syslog-service) - (guix-service) + + ;; The build daemon. Register the hydra.gnu.org key as trusted. + ;; This allows the installation process to use substitutes by + ;; default. + (guix-service #:authorize-hydra-key? #t) + (nscd-service)))) (define %issue |