diff options
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/base.scm | 44 | ||||
-rw-r--r-- | gnu/services/dns.scm | 3 |
2 files changed, 24 insertions, 23 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 228d3c5926..89e39f7690 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1499,26 +1499,27 @@ starting at FIRST-UID, and under GID." 1+ 1)) -(define (hydra-key-authorization key guix) - "Return a gexp with code to register KEY, a file containing a 'guix archive' -public key, with GUIX." +(define (hydra-key-authorization keys guix) + "Return a gexp with code to register KEYS, a list of files containing 'guix +archive' public keys, with GUIX." #~(unless (file-exists? "/etc/guix/acl") - (let ((pid (primitive-fork))) - (case pid - ((0) - (let* ((key #$key) - (port (open-file key "r0b"))) - (format #t "registering public key '~a'...~%" key) - (close-port (current-input-port)) - (dup port 0) - (execl #$(file-append guix "/bin/guix") - "guix" "archive" "--authorize") - (exit 1))) - (else - (let ((status (cdr (waitpid pid)))) - (unless (zero? status) - (format (current-error-port) "warning: \ -failed to register hydra.gnu.org public key: ~a~%" status)))))))) + (for-each (lambda (key) + (let ((pid (primitive-fork))) + (case pid + ((0) + (let* ((port (open-file key "r0b"))) + (format #t "registering public key '~a'...~%" key) + (close-port (current-input-port)) + (dup port 0) + (execl #$(file-append guix "/bin/guix") + "guix" "archive" "--authorize") + (primitive-exit 1))) + (else + (let ((status (cdr (waitpid pid)))) + (unless (zero? status) + (format (current-error-port) "warning: \ +failed to register public key '~a': ~a~%" key status))))))) + '(#$@keys)))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. @@ -1630,10 +1631,9 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) ;; otherwise call 'chown' here, but the problem is that on a COW overlayfs, ;; chown leads to an entire copy of the tree, which is a bad idea. - ;; Optionally authorize hydra.gnu.org's key. + ;; Optionally authorize substitute server keys. (if authorize-key? - #~(begin - #$@(map (cut hydra-key-authorization <> guix) keys)) + (hydra-key-authorization keys guix) #~#f)))) (define* (references-file item #:optional (name "references")) diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 24ef886682..1ef754b360 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -684,7 +684,8 @@ (string-delete #\? (symbol->string field-name))) (define (serialize-field field-name val) - (format #t "~a=~a\n" (uglify-field-name field-name) val)) + (when (not (member field-name '(group secret-file user))) + (format #t "~a=~a\n" (uglify-field-name field-name) val))) (define (serialize-boolean field-name val) (serialize-field field-name (if val "yes" "no"))) |