diff options
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/services/base.scm | 16 | ||||
| -rw-r--r-- | gnu/services/virtualization.scm | 11 |
2 files changed, 22 insertions, 5 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 04bc991356..37b0a13ea7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1476,10 +1476,18 @@ archive' public keys, with GUIX." #~(begin (use-modules (guix build utils)) - (unless (file-exists? "/etc/guix/acl") - (mkdir-p "/etc/guix") - (copy-file #+default-acl "/etc/guix/acl") - (chmod "/etc/guix/acl" #o600))))) + ;; If the ACL already exists, move it out of the way. Create a backup + ;; if it's a regular file: it's likely that the user manually updated + ;; it with 'guix archive --authorize'. + (if (file-exists? "/etc/guix/acl") + (if (and (symbolic-link? "/etc/guix/acl") + (store-file-name? (readlink "/etc/guix/acl"))) + (delete-file "/etc/guix/acl") + (rename-file "/etc/guix/acl" "/etc/guix/acl.bak")) + (mkdir-p "/etc/guix")) + + ;; Installed the declared ACL. + (symlink #+default-acl "/etc/guix/acl")))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index edd0b644f5..eaf0bbde43 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -875,7 +875,16 @@ that will be listening to receive secret keys on port 1004, TCP." (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) - %base-services/hurd)))) + + ;; By default, the secret service introduces a pre-initialized + ;; /etc/guix/acl file in the childhurd. Thus, clear + ;; 'authorize-key?' so that it's not overridden at activation + ;; time. + (modify-services %base-services/hurd + (guix-service-type config => + (guix-configuration + (inherit config) + (authorize-key? #f)))))))) (define-record-type* <hurd-vm-configuration> hurd-vm-configuration make-hurd-vm-configuration |