From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id oA9HCSO8hF8RdQAA0tVLHw (envelope-from ) for ; Mon, 12 Oct 2020 20:27:15 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id QG8oBSO8hF/VDQAA1q6Kng (envelope-from ) for ; Mon, 12 Oct 2020 20:27:15 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CD2379403CA for ; Mon, 12 Oct 2020 20:27:13 +0000 (UTC) Received: from localhost ([::1]:41096 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kS4PY-0000Rg-HL for larch@yhetil.org; Mon, 12 Oct 2020 16:27:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35688) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kS4PL-0000QY-Db for guix-devel@gnu.org; Mon, 12 Oct 2020 16:26:59 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50024) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kS4PI-0001fX-2q; Mon, 12 Oct 2020 16:26:56 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=41742 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kS4PF-0005Dw-WC; Mon, 12 Oct 2020 16:26:55 -0400 From: Jan Nieuwenhuizen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: Declarative /etc/guix/acl? Organization: AvatarAcademy.nl References: <87v9fhf3my.fsf@inria.fr> <87k0vxaumm.fsf@gnu.org> <87v9ffppvf.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Mon, 12 Oct 2020 22:26:51 +0200 In-Reply-To: <87v9ffppvf.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Mon, 12 Oct 2020 14:53:24 +0200") Message-ID: <871ri31984.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org, 39819@debbugs.gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: 0.99 X-TUID: 7JgmBzO9IPbd Ludovic Court=C3=A8s writes: Hello, > Jan Nieuwenhuizen skribis: > >> Ludovic Court=C3=A8s writes: > >> However, if you have your own substitute server, you now can run guix >> archive --authorize < ..., e.g. at bootstrap/install time. For such >> cases, IWBN to have a --authorized-key argument to guix build / guix >> system. > > There=E2=80=99s already an =E2=80=98authorized-keys=E2=80=99 field in =E2= =80=98guix-configuration=E2=80=99: > > https://guix.gnu.org/manual/devel/en/html_node/Base-Services.html#index= -guix_002dconfiguration > > So you would just list keys there. Is that what you have in mind? > > The option is already there, it=E2=80=99s just non-authoritative. I was thinking about the initial installer scenario; when guix-daemon is already running and you didn't build the guix system yourself. But yeah, I guess this is an exceptional or corner case and you can always build your own installer and add the key there. Janneke --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com