From 970ebdae8cef6488c196ed899a774cda54da3588 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 5 Dec 2018 16:16:05 +0100 Subject: services: guix-daemon: Fix authorization of multiple keys. Previously, the 'unless (file-exists? "/etc/guix/acl")' guard would mean that only the first key in the list would get registered since were were generating one registration snippet per key. This fixes that. * gnu/services/base.scm (hydra-key-authorization): Change to be a 'for-each' loop iterating on #$KEYS. --- gnu/services/base.scm | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index cee9898d79..89e39f7690 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1499,26 +1499,27 @@ starting at FIRST-UID, and under GID." 1+ 1)) -(define (hydra-key-authorization key guix) - "Return a gexp with code to register KEY, a file containing a 'guix archive' -public key, with GUIX." +(define (hydra-key-authorization keys guix) + "Return a gexp with code to register KEYS, a list of files containing 'guix +archive' public keys, with GUIX." #~(unless (file-exists? "/etc/guix/acl") - (let ((pid (primitive-fork))) - (case pid - ((0) - (let* ((key #$key) - (port (open-file key "r0b"))) - (format #t "registering public key '~a'...~%" key) - (close-port (current-input-port)) - (dup port 0) - (execl #$(file-append guix "/bin/guix") - "guix" "archive" "--authorize") - (exit 1))) - (else - (let ((status (cdr (waitpid pid)))) - (unless (zero? status) - (format (current-error-port) "warning: \ -failed to register public key '~a': ~a~%" key status)))))))) + (for-each (lambda (key) + (let ((pid (primitive-fork))) + (case pid + ((0) + (let* ((port (open-file key "r0b"))) + (format #t "registering public key '~a'...~%" key) + (close-port (current-input-port)) + (dup port 0) + (execl #$(file-append guix "/bin/guix") + "guix" "archive" "--authorize") + (primitive-exit 1))) + (else + (let ((status (cdr (waitpid pid)))) + (unless (zero? status) + (format (current-error-port) "warning: \ +failed to register public key '~a': ~a~%" key status))))))) + '(#$@keys)))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. @@ -1632,8 +1633,7 @@ failed to register public key '~a': ~a~%" key status)))))))) ;; Optionally authorize substitute server keys. (if authorize-key? - #~(begin - #$@(map (cut hydra-key-authorization <> guix) keys)) + (hydra-key-authorization keys guix) #~#f)))) (define* (references-file item #:optional (name "references")) -- cgit 1.4.1