On Sun, Oct 11, 2020 at 12:39:17PM +0200, Ludovic Courtès wrote: > Hi! > > For some reason, /etc/guix/acl is not declarative on Guix System: we let > users modify it and assume it’s stateful, which can surprise users as in > <https://issues.guix.gnu.org/39819>. > > Should we make it declarative, just like most of /etc? I think so. For > a build farm like berlin, it would force admins to explicitly list all > the authorized keys in their config—annoying change, but not a bad > thing. > > WDYT?
I've been surprised by it at least once. (That it was more than once is
on me...)
> The problem is the transition. We would need to at least create a
> backup of /etc/guix/acl on the next activation, or better yet, warn
> users or error out at reconfigure time.
>
> Thoughts?
>
> Ludo’.
>
activation script: (when (file-exists? "/etc/guix/acl")
(rename-file "/etc/guix/acl"
"/etc/guix/acl-old"))
--
Efraim Flashner <[email protected]> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
