diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-09-27 14:55:32 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-09-29 21:56:27 +0200 |
commit | d367a7f3d00de20d5c6a88123297f878b3044fee (patch) | |
tree | 9077d6ae6d06fc0ecac778eace9ec4f261b4f7be /gnu/services | |
parent | 8ac318068b22b34fbee9980e607020f45a5b549e (diff) | |
download | guix-d367a7f3d00de20d5c6a88123297f878b3044fee.tar guix-d367a7f3d00de20d5c6a88123297f878b3044fee.tar.gz |
services: guix: Generate key pair if needed during activation.
* gnu/services/base.scm (guix-activation): Invoke "guix archive
--generate-key".
* doc/guix.texi (Invoking guix archive)
(Invoking guix deploy): Mention that 'guix-service-type' takes care of
generating the key pair.
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/base.scm | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index bef4eef241..04bc991356 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1653,10 +1653,15 @@ proxy of 'guix-daemon'...~%") ;; otherwise call 'chown' here, but the problem is that on a COW overlayfs, ;; chown leads to an entire copy of the tree, which is a bad idea. - ;; Optionally authorize substitute server keys. - (if authorize-key? - (substitute-key-authorization keys guix) - #~#f)))) + ;; Generate a key pair and optionally authorize substitute server keys. + #~(begin + (unless (file-exists? "/etc/guix/signing-key.pub") + (system* #$(file-append guix "/bin/guix") "archive" + "--generate-key")) + + #$(if authorize-key? + (substitute-key-authorization keys guix) + #~#f))))) (define* (references-file item #:optional (name "references")) "Return a file that contains the list of references of ITEM." |