Maxim Cournoyer <[email protected]> writes: > Hello, > > I spent the evening debugging why my authorized keys for the > guix-service-type wouldn't appear under /etc/guix/acl upon > reconfiguration (and 'guix offload test' would be unhelpfully reporting > "guix offload: error: program > `/gnu/store/n9633hls7097236l4j8i1aiv5bppyf0q-guix-1.0.1-13.50299ad/bin/guix' > failed with exit code 1", see issue <https://bugs.gnu.org/34786>). > > It turns out that the guix-activation script that is supposed to add the > authorized keys does this: > > (unless (file-exists? "/etc/guix/acl") > (mkdir-p "/etc/guix") > (copy-file #+default-acl "/etc/guix/acl") > (chmod "/etc/guix/acl" #o600))))) > > i.e., it doesn't do anything if a /etc/guix/acl file already exists. > This means that the only time it ought to do anything is the first time > the system was reconfigured (or perhaps, init?). > > I would have expected the keys declared in my operating system > configuration to be used along those with /etc/guix/acl, or added to it.
I forgot to mention, the above code is from (gnu services base), more specifically from the `substitute-key-authorization' procedure.
