unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Declarative /etc/guix/acl?
@ 2020-10-11 10:39 Ludovic Courtès
  2020-10-11 11:07 ` Jan Nieuwenhuizen
  2020-10-21 15:08 ` [PATCH 1/2] services: guix: Make /etc/guix/acl really declarative by default Ludovic Courtès
  0 siblings, 2 replies; 7+ messages in thread
From: Ludovic Courtès @ 2020-10-11 10:39 UTC (permalink / raw)
  To: guix-devel; +Cc: 39819

Hi!

For some reason, /etc/guix/acl is not declarative on Guix System: we let
users modify it and assume it’s stateful, which can surprise users as in
<https://issues.guix.gnu.org/39819>.

Should we make it declarative, just like most of /etc?  I think so.  For
a build farm like berlin, it would force admins to explicitly list all
the authorized keys in their config—annoying change, but not a bad
thing.

WDYT?

The problem is the transition.  We would need to at least create a
backup of /etc/guix/acl on the next activation, or better yet, warn
users or error out at reconfigure time.

Thoughts?

Ludo’.


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2020-10-24 23:11 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-11 10:39 Declarative /etc/guix/acl? Ludovic Courtès
2020-10-11 11:07 ` Jan Nieuwenhuizen
     [not found]   ` <87v9ffppvf.fsf@gnu.org>
2020-10-12 20:26     ` Jan Nieuwenhuizen
2020-10-21 15:08 ` [PATCH 1/2] services: guix: Make /etc/guix/acl really declarative by default Ludovic Courtès
2020-10-21 16:06   ` Vagrant Cascadian
2020-10-24 23:08   ` bug#39819: " Ludovic Courtès
2020-10-24 23:11   ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).