civodul pushed a commit to branch master
in repository guix.
commit b4b2bbf4fb74c9f3e93d64863ab9b38957494b49
Author: Vivien Kraus <[email protected]>
AuthorDate: Fri Oct 29 18:25:24 2021 +0200
services: openssh: Collect all keys for all users.
Fixes <https://issues.guix.gnu.org/51487>
* gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key
is forgotten.
Co-authored-by: Ludovic Courtès <[email protected]>
---
gnu/services/ssh.scm | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index a018052..e7bc610 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -39,6 +39,7 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
+ #:use-module (ice-9 vlist)
#:export (lsh-configuration
lsh-configuration?
lsh-service
@@ -535,7 +536,15 @@ of user-name/file-like tuples."
(openssh-configuration
(inherit config)
(authorized-keys
- (append (openssh-authorized-keys config) keys))))
+ (match (openssh-authorized-keys config)
+ (((users _ ...) ...)
+ ;; Build a user/key-list mapping.
+ (let ((user-keys (alist->vhash (openssh-authorized-keys config))))
+ ;; Coalesce the key lists associated with each user.
+ (map (lambda (user)
+ `(,user
+ ,@(concatenate (vhash-fold* cons '() user user-keys))))
+ users)))))))
(define openssh-service-type
(service-type (name 'openssh)
