From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id qI8iAM6Wj2LudgAAbAwnHQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 26 May 2022 17:03:42 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id eKMgAM6Wj2KfbwAAauVa8A
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 26 May 2022 17:03:42 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 7CEAC3CBCD
	for <larch@yhetil.org>; Thu, 26 May 2022 17:03:41 +0200 (CEST)
Received: from localhost ([::1]:56938 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1nuF1Y-0002iL-Fw
	for larch@yhetil.org; Thu, 26 May 2022 11:03:40 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46882)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nuF10-0002i7-Dd
 for bug-guix@gnu.org; Thu, 26 May 2022 11:03:06 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:37609)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nuF0w-0000c6-9W
 for bug-guix@gnu.org; Thu, 26 May 2022 11:03:06 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nuF0v-0007EX-Vx
 for bug-guix@gnu.org; Thu, 26 May 2022 11:03:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#55661: /etc/ssh/authorized_keys.d contains keys that have been
 removed
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 26 May 2022 15:03:01 +0000
Resent-Message-ID: <handler.55661.B.165357733327724@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 55661
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 55661@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.165357733327724
 (code B ref -1); Thu, 26 May 2022 15:03:01 +0000
Received: (at submit) by debbugs.gnu.org; 26 May 2022 15:02:13 +0000
Received: from localhost ([127.0.0.1]:59739 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1nuF08-0007D6-V5
 for submit@debbugs.gnu.org; Thu, 26 May 2022 11:02:13 -0400
Received: from lists.gnu.org ([209.51.188.17]:35322)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nuF06-0007Cw-Cv
 for submit@debbugs.gnu.org; Thu, 26 May 2022 11:02:12 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46540)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1nuF02-0001qi-QB
 for bug-guix@gnu.org; Thu, 26 May 2022 11:02:08 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36620)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1nuF02-0000W5-GG
 for bug-guix@gnu.org; Thu, 26 May 2022 11:02:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=VW/widbNm4ImkcZX8WKWW80PUreFImlDrnKBrYqKhos=; b=B2ixEdx7wZ8YnY
 ucZHtPAwMVwWocwRABJ2so9q//nRYcyOyp4+8K2qL776mI48CWwfWX+JEfyHJQ6oQYBk2hHkNrlt3
 f857DS5Jzvre+/XrE1sYPJVS0ox2jO9aADmTMmydV8WxopQ4JPdQBZNNU2GXsJmG2aVn/YxwAQcWk
 bALq4GecFu7YgWjWdbSiBKgLtHlPYTzUIXCc1+FbAB4kuCYbOw7bsdKA8CqowncTU9LtYFRaSrOJN
 Isi+pBNQVLMePn5Sr/PxK6G8tsNuiwYxwhiSEnEMUsEsQv5jNwuz7ZCDSUKyIvBHgXJEGRiiVmu1A
 eLBb857YcDlobbdUSCHQ==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:60198
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1nuEzy-0002EO-MA
 for bug-guix@gnu.org; Thu, 26 May 2022 11:02:04 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 7 Prairial an 230 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 26 May 2022 17:02:00 +0200
Message-ID: <875ylsfic7.fsf@inria.fr>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1653577421;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=VW/widbNm4ImkcZX8WKWW80PUreFImlDrnKBrYqKhos=;
	b=CANGVcSgfeyqU6DIQ5iyem2J6FdAFS4C/FUK70NNHU2QFxizo7P063EfPo7bCuEtgFkFb4
	yVpc5JKqZifBpoa6nvHF+aYmJKmPB8n8/KEsZLbOnpE5KfCCxokoCN7J2q3RRhVh/YiqU2
	1Zsh5lXvx5wsc5fcl0wT39pJiARtn+4WDJsTWuEILh5uv93EX2VznJAGaWdisI6Oqq+nAZ
	DDIvLXZSjU0A4BwMgFGsS7c7ncARqFQnSnH7YG4NqkTnXIn7qqbil17jvrA+dqaLpatNfg
	+i7L4AHVBbAubkqwecwZo3goxgQGdCZVkXBgTtV8qq2TUSkYDFjA4TEW+U65Tg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1653577421; a=rsa-sha256; cv=none;
	b=mfSV47Kk0rCgf8vCPKnt74fzdwSzPcT9ux+NAkHM/MASYgLFjjl303TSCxkTeahhJ9r/Ym
	WUfqEG8Bzm6N1W/r8OXdPar0TJaAfk05b41sKfjIQKaYubKWlJOc6Ik8o940krxeVhC1PY
	dzFMlm9wzE9Y3XK+QusFTBwnEhofnf7qObi4QyJVU0UhCPCYvC7OSEZyi2Uot6h861sqSq
	cHr6Sn+VZTL6TbLVI7Dt8bVTyMkKSu1tjQBS4vf8twI6jMoHB33rMfWTOcu8/oS+31Ikts
	u+j+ud9tQ3xcNlBSwozQP5D+ru4Dnl/2dv5oWmCwRtKSge/iMQiBGPp5EFd1Cg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=B2ixEdx7;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -3.54
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=B2ixEdx7;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 7CEAC3CBCD
X-Spam-Score: -3.54
X-Migadu-Scanner: scn0.migadu.com
X-TUID: 5n3meX1W/B5F

In the wake of <https://issues.guix.gnu.org/55359#3>, I realized that
/etc/ssh/authorized_keys.d is stateful: we copy files from the
authorized-key directory there, but files already present remain.
IOW, keys remain authorized.

Why are we copying that directory instead of making a symlink to the
directory computed by =E2=80=98authorized-key-directory=E2=80=99 that=E2=80=
=99s in /gnu/store?

This is explained in =E2=80=98openssh-activation=E2=80=99:

        ;; 'sshd' complains if the authorized-key directory and its parents
        ;; are group-writable, which rules out /gnu/store.  Thus we copy the
        ;; authorized-key directory to /etc.

Anyway, that code does intend remove the directory before copying it,
but there=E2=80=99s a typo:

  (delete-file-recursively "/etc/authorized_keys.d")

Can you spot it?

Ludo=E2=80=99.