guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#36956] [PATCH] machine: Automatically authorize the coordinator's s

From: Ricardo Wurmus
Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key.
Date: Wed, 07 Aug 2019 21:39:51 +0200
User-agent: mu4e 1.2.0; emacs 26.2 
Jakob L. Kreuze <address@hidden> writes:

> +(define (remote-authorize-signing-key key session)
> +  "Send KEY, a canonical sexp containing a public key, over SESSION and add 
> it
> +to the system ACL file if it has not yet been authorized."
> +  (inferior-remote-eval
> +   `(begin
> +      (use-modules (guix build utils)
> +                   (guix pki)
> +                   (guix utils)
> +                   (gcrypt pk-crypto)
> +                   (srfi srfi-26))
> +
> +      (define acl (current-acl))
> +      (define key (string->canonical-sexp ,(canonical-sexp->string key)))
> +
> +      (unless (authorized-key? key)
> +        (let ((acl (public-keys->acl (cons key (acl->public-keys acl)))))
> +          (mkdir-p (dirname %acl-file))
> +          (with-atomic-file-output %acl-file
> +            (cut write-acl acl <>)))))
> +   session))
> +

This will overwrite an existing acl file on the remote with a copy that
differs only in the newly added key.

Is there a chance for corruption, e.g. if acl->public-keys returns
something unexpected?

--
Ricardo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]