guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#67072] [PATCH 4/4] weather: Report unauthorized substitute servers.

From: Simon Tournier
Subject: [bug#67072] [PATCH 4/4] weather: Report unauthorized substitute servers.
Date: Sat, 02 Dec 2023 14:31:40 +0100 
Hi Ludo,

On sam., 02 déc. 2023 at 11:20, Ludovic Courtès <ludo@gnu.org> wrote:

>> guix weather: warning: could not determine current substitute URLs; using 
>> defaults
>> computing 1 package derivations for x86_64-linux...
>> looking for 2 store items on https://ci.guix.gnu.org...
>> guix weather: error: open-file: Permission denied: "/etc/guix/acl"
>
> Uh, it should be able to deal with it gracefully.
>
>> Hum? Maybe I am doing something wrong…  The file /etc/guix/acl has the
>> permission:
>>
>>     -rw-------   1 root root   528  acl
>
> It’s normally world-readable.

On foreign distro, this %acl-file appears by default with ’rw’
permission for root only.  It is not word-readable.

When running guix-install.sh as root, if I read correctly, it runs:

            local key=~root/.config/guix/current/share/guix/$host.pub
            [ -f "$key" ] \
                && guix archive --authorize < "$key" \
                && _msg "${PAS}Authorized public key for $host"

Therefore, the file %acl-file is written as root by the procedure
’write-acl’.  Hence the permission ’rw’ for root only, no?

Somehow, ’write-acl’ should be tweaked or guix-install.sh, no?

Cheers,
simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]