Re: Declarative /etc/guix/acl?

2020-10-12 Thread Jan Nieuwenhuizen 
Ludovic Courtès writes:

Hello,

> Jan Nieuwenhuizen  skribis:
>
>> Ludovic Courtès writes:
>
>> However, if you have your own substitute server, you now can run guix
>> archive --authorize < ..., e.g. at bootstrap/install time.  For such
>> cases, IWBN to have a --authorized-key argument to guix build / guix
>> system.
>
> There’s already an ‘authorized-keys’ field in ‘guix-configuration’:
>
>   
> https://guix.gnu.org/manual/devel/en/html_node/Base-Services.html#index-guix_002dconfiguration
>
> So you would just list keys there.  Is that what you have in mind?
>
> The option is already there, it’s just non-authoritative.

I was thinking about the initial installer scenario; when guix-daemon is
already running and you didn't build the guix system yourself.  But
yeah, I guess this is an exceptional or corner case and you can always
build your own installer and add the key there.

Janneke

-- 
Jan Nieuwenhuizen  | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

Re: Declarative /etc/guix/acl?

2020-10-12 Thread Ludovic Courtès 
Hi,

Jan Nieuwenhuizen  skribis:

> Ludovic Courtès writes:
>
> Hello!
>
>> For some reason, /etc/guix/acl is not declarative on Guix System: we let
>> users modify it and assume it’s stateful, which can surprise users as in
>> .
>>
>> Should we make it declarative, just like most of /etc?  I think so.
>
> Yes, I think so too.

OK.

> However, if you have your own substitute server, you now can run guix
> archive --authorize < ..., e.g. at bootstrap/install time.  For such
> cases, IWBN to have a --authorized-key argument to guix build / guix
> system.

There’s already an ‘authorized-keys’ field in ‘guix-configuration’:

  
https://guix.gnu.org/manual/devel/en/html_node/Base-Services.html#index-guix_002dconfiguration

So you would just list keys there.  Is that what you have in mind?

The option is already there, it’s just non-authoritative.

Ludo’.

Re: Declarative /etc/guix/acl?

2020-10-11 Thread Jan Nieuwenhuizen 
Ludovic Courtès writes:

Hello!

> For some reason, /etc/guix/acl is not declarative on Guix System: we let
> users modify it and assume it’s stateful, which can surprise users as in
> .
>
> Should we make it declarative, just like most of /etc?  I think so.

Yes, I think so too.  However, if you have your own substitute server,
you now can run guix archive --authorize < ..., e.g. at
bootstrap/install time.  For such cases, IWBN to have a --authorized-key
argument to guix build / guix system.

Greetings,
Janneke

-- 
Jan Nieuwenhuizen  | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

Re: bug#39819: Declarative /etc/guix/acl?

2020-10-11 Thread Efraim Flashner 
On Sun, Oct 11, 2020 at 12:39:17PM +0200, Ludovic Courtès wrote:
> Hi!
> 
> For some reason, /etc/guix/acl is not declarative on Guix System: we let
> users modify it and assume it’s stateful, which can surprise users as in
> .
> 
> Should we make it declarative, just like most of /etc?  I think so.  For
> a build farm like berlin, it would force admins to explicitly list all
> the authorized keys in their config—annoying change, but not a bad
> thing.
> 
> WDYT?

I've been surprised by it at least once. (That it was more than once is
on me...)

> The problem is the transition.  We would need to at least create a
> backup of /etc/guix/acl on the next activation, or better yet, warn
> users or error out at reconfigure time.
> 
> Thoughts?
> 
> Ludo’.
> 

activation script: (when (file-exists? "/etc/guix/acl")
 (rename-file "/etc/guix/acl"
  "/etc/guix/acl-old"))

-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


signature.asc
Description: PGP signature

Declarative /etc/guix/acl?

2020-10-11 Thread Ludovic Courtès 
Hi!

For some reason, /etc/guix/acl is not declarative on Guix System: we let
users modify it and assume it’s stateful, which can surprise users as in
.

Should we make it declarative, just like most of /etc?  I think so.  For
a build farm like berlin, it would force admins to explicitly list all
the authorized keys in their config—annoying change, but not a bad
thing.

WDYT?

The problem is the transition.  We would need to at least create a
backup of /etc/guix/acl on the next activation, or better yet, warn
users or error out at reconfigure time.

Thoughts?

Ludo’.