amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

pki: Always make /etc/guix/acl world-readable.

Browse source 
Fixes guix/guix#664.

This is necessary when running ‘guix-daemon’ as an unprivileged user and
also when running ‘guix weather’ as an unprivileged user.

* guix/pki.scm (ensure-acl): Make ‘%acl-file’ #o644.
* guix/scripts/archive.scm (authorize-key): Likewise.
* guix/ssh.scm (remote-authorize-signing-key): Likewise.

Change-Id: I3c979b2cdf52e7cb657d8fafa244c58854e7fb67
This commit is contained in:
Ludovic Courtès 2025-07-14 13:08:48 +02:00
parent bd963ec99d
commit 38e82ca727
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
3 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

5
guix/pki.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013-2014, 2016, 2022, 2025 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -87,7 +87,8 @@ element in KEYS must be a canonical sexp with type 'public-key'."
(with-atomic-file-output %acl-file
(lambda (port)
(write-acl (public-keys->acl (list public-key))
port)))))))
port)))
(chmod %acl-file #o644)))))
(define (write-acl acl port)
"Write ACL to PORT in canonical-sexp format."