From: Efraim Flashner <efraim@flashner.co.il>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org, 39819@debbugs.gnu.org
Subject: bug#39819: Declarative /etc/guix/acl?
Date: Sun, 11 Oct 2020 14:00:12 +0300 [thread overview]
Message-ID: <20201011110012.GD1301@E5400> (raw)
In-Reply-To: <87v9fhf3my.fsf@inria.fr>
[-- Attachment #1: Type: text/plain, Size: 1210 bytes --]
On Sun, Oct 11, 2020 at 12:39:17PM +0200, Ludovic Courtès wrote:
> Hi!
>
> For some reason, /etc/guix/acl is not declarative on Guix System: we let
> users modify it and assume it’s stateful, which can surprise users as in
> <https://issues.guix.gnu.org/39819>.
>
> Should we make it declarative, just like most of /etc? I think so. For
> a build farm like berlin, it would force admins to explicitly list all
> the authorized keys in their config—annoying change, but not a bad
> thing.
>
> WDYT?
I've been surprised by it at least once. (That it was more than once is
on me...)
> The problem is the transition. We would need to at least create a
> backup of /etc/guix/acl on the next activation, or better yet, warn
> users or error out at reconfigure time.
>
> Thoughts?
>
> Ludo’.
>
activation script: (when (file-exists? "/etc/guix/acl")
(rename-file "/etc/guix/acl"
"/etc/guix/acl-old"))
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-10-11 11:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-28 4:30 bug#39819: guix-service-type authorized keys are not honored when /etc/guix/acl exists Maxim Cournoyer
2020-02-28 4:32 ` Maxim Cournoyer
2020-10-11 10:39 ` Declarative /etc/guix/acl? Ludovic Courtès
2020-10-11 11:00 ` Efraim Flashner [this message]
2020-10-11 11:07 ` Jan Nieuwenhuizen
2020-10-12 12:53 ` bug#39819: " Ludovic Courtès
2020-10-12 20:26 ` Jan Nieuwenhuizen
2020-10-21 15:08 ` [PATCH 1/2] services: guix: Make /etc/guix/acl really declarative by default Ludovic Courtès
2020-10-21 15:08 ` bug#39819: [PATCH 2/2] doc: Add "Getting Substitutes from Other Servers" section Ludovic Courtès
2020-10-21 16:06 ` [PATCH 1/2] services: guix: Make /etc/guix/acl really declarative by default Vagrant Cascadian
2020-10-24 23:08 ` bug#39819: " Ludovic Courtès
2020-10-25 5:59 ` Jan Nieuwenhuizen
2020-10-24 23:11 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201011110012.GD1301@E5400 \
--to=efraim@flashner.co.il \
--cc=39819@debbugs.gnu.org \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.