From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id CPO8M/VRhF+NMAAA0tVLHw (envelope-from ) for ; Mon, 12 Oct 2020 12:54:13 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id kJ6SL/VRhF9mOQAA1q6Kng (envelope-from ) for ; Mon, 12 Oct 2020 12:54:13 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6F8489400D3 for ; Mon, 12 Oct 2020 12:54:13 +0000 (UTC) Received: from localhost ([::1]:48136 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kRxL9-0008FB-Vo for larch@yhetil.org; Mon, 12 Oct 2020 08:54:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35894) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kRxL0-0008Ch-L5 for bug-guix@gnu.org; Mon, 12 Oct 2020 08:54:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:58574) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kRxL0-0001IN-8w for bug-guix@gnu.org; Mon, 12 Oct 2020 08:54:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kRxL0-0007bZ-6f for bug-guix@gnu.org; Mon, 12 Oct 2020 08:54:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#39819: Declarative /etc/guix/acl? Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 12 Oct 2020 12:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39819 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Jan Nieuwenhuizen Received: via spool by 39819-submit@debbugs.gnu.org id=B39819.160250721729194 (code B ref 39819); Mon, 12 Oct 2020 12:54:02 +0000 Received: (at 39819) by debbugs.gnu.org; 12 Oct 2020 12:53:37 +0000 Received: from localhost ([127.0.0.1]:41887 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kRxKb-0007an-FY for submit@debbugs.gnu.org; Mon, 12 Oct 2020 08:53:37 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kRxKW-0007aX-A6 for 39819@debbugs.gnu.org; Mon, 12 Oct 2020 08:53:35 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42284) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kRxKQ-0001E3-VB; Mon, 12 Oct 2020 08:53:26 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=54388 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kRxKP-0008IY-PR; Mon, 12 Oct 2020 08:53:26 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87v9fhf3my.fsf@inria.fr> <87k0vxaumm.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 21 =?UTF-8?Q?Vend=C3=A9miaire?= an 229 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 12 Oct 2020 14:53:24 +0200 In-Reply-To: <87k0vxaumm.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Sun, 11 Oct 2020 13:07:29 +0200") Message-ID: <87v9ffppvf.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org, 39819@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: -0.51 X-TUID: mCUnz81MOhVb Hi, Jan Nieuwenhuizen skribis: > Ludovic Court=C3=A8s writes: > > Hello! > >> For some reason, /etc/guix/acl is not declarative on Guix System: we let >> users modify it and assume it=E2=80=99s stateful, which can surprise use= rs as in >> . >> >> Should we make it declarative, just like most of /etc? I think so. > > Yes, I think so too. OK. > However, if you have your own substitute server, you now can run guix > archive --authorize < ..., e.g. at bootstrap/install time. For such > cases, IWBN to have a --authorized-key argument to guix build / guix > system. There=E2=80=99s already an =E2=80=98authorized-keys=E2=80=99 field in =E2= =80=98guix-configuration=E2=80=99: https://guix.gnu.org/manual/devel/en/html_node/Base-Services.html#index-g= uix_002dconfiguration So you would just list keys there. Is that what you have in mind? The option is already there, it=E2=80=99s just non-authoritative. Ludo=E2=80=99.