summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-05-12 11:41:55 +0200
committerLudovic Courtès <ludo@gnu.org>2015-05-12 21:22:52 +0200
commit5463fe512a02eb186ad95a1cae9d2682dbe2ccd0 (patch)
treedb0566b79c8f85c742f2b34a3da3459da7044d57 /doc
parent6ad2e17e8e44064c22c79b530a02fcc78ae85b5b (diff)
downloadguix-5463fe512a02eb186ad95a1cae9d2682dbe2ccd0.tar.gz
publish: Add '--user' option.
* guix/scripts/publish.scm (show-help): Add --user.
  (%options): Likewise.
  (run-publish-server): Change 'port' parameter to 'socket'.  Pass
  #:socket instead of #:addr and #:port to 'run-server'.  Update caller
  accordingly.
  (open-server-socket, gather-user-privileges): New procedures.
  (guix-publish): Use them.  Force %PRIVATE-KEY and %PUBLIC-KEY early
  on.  Warn when running as root.
* doc/guix.texi (Invoking guix publish): Document --user.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi8
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 3a9f91e7dc..8654e08b4f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3657,7 +3657,8 @@ the @code{hydra.gnu.org} build farm.
 For security, each substitute is signed, allowing recipients to check
 their authenticity and integrity (@pxref{Substitutes}).  Because
 @command{guix publish} uses the system's signing key, which is only
-readable by the system administrator, it must run as root.
+readable by the system administrator, it must be started as root; the
+@code{--user} option makes it drop root privileges early on.
 
 The general syntax is:
 
@@ -3686,6 +3687,11 @@ The following options are available:
 @itemx -p @var{port}
 Listen for HTTP requests on @var{port}.
 
+@item --user=@var{user}
+@itemx -u @var{user}
+Change privileges to @var{user} as soon as possible---i.e., once the
+server socket is open and the signing key has been read.
+
 @item --repl[=@var{port}]
 @itemx -r [@var{port}]
 Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile