From 5463fe512a02eb186ad95a1cae9d2682dbe2ccd0 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 12 May 2015 11:41:55 +0200 Subject: publish: Add '--user' option. * guix/scripts/publish.scm (show-help): Add --user. (%options): Likewise. (run-publish-server): Change 'port' parameter to 'socket'. Pass #:socket instead of #:addr and #:port to 'run-server'. Update caller accordingly. (open-server-socket, gather-user-privileges): New procedures. (guix-publish): Use them. Force %PRIVATE-KEY and %PUBLIC-KEY early on. Warn when running as root. * doc/guix.texi (Invoking guix publish): Document --user. --- doc/guix.texi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 3a9f91e7dc..8654e08b4f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3657,7 +3657,8 @@ the @code{hydra.gnu.org} build farm. For security, each substitute is signed, allowing recipients to check their authenticity and integrity (@pxref{Substitutes}). Because @command{guix publish} uses the system's signing key, which is only -readable by the system administrator, it must run as root. +readable by the system administrator, it must be started as root; the +@code{--user} option makes it drop root privileges early on. The general syntax is: @@ -3686,6 +3687,11 @@ The following options are available: @itemx -p @var{port} Listen for HTTP requests on @var{port}. +@item --user=@var{user} +@itemx -u @var{user} +Change privileges to @var{user} as soon as possible---i.e., once the +server socket is open and the signing key has been read. + @item --repl[=@var{port}] @itemx -r [@var{port}] Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile -- cgit v1.2.3