services: guix-daemon: Fix authorization of multiple keys.

Previously, the 'unless (file-exists? "/etc/guix/acl")' guard would mean that only the first key in the list would get registered since were were generating one registration snippet per key. This fixes that. * gnu/services/base.scm (hydra-key-authorization): Change to be a 'for-each' loop iterating on #$KEYS.
2018-12-05 16:16:05 +01:00 · 2018-12-05 16:16:05 +01:00 · 970ebdae8c
parent eeedb094ec
commit 970ebdae8c
1 changed files with 21 additions and 21 deletions
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@ -1499,26 +1499,27 @@ starting at FIRST-UID, and under GID."
          1+
          1))

-(define (hydra-key-authorization key guix)
-  "Return a gexp with code to register KEY, a file containing a 'guix archive'
-public key, with GUIX."
+(define (hydra-key-authorization keys guix)
+  "Return a gexp with code to register KEYS, a list of files containing 'guix
+archive' public keys, with GUIX."
  #~(unless (file-exists? "/etc/guix/acl")
+      (for-each (lambda (key)
                  (let ((pid (primitive-fork)))
                    (case pid
                      ((0)
-           (let* ((key  #$key)
-                  (port (open-file key "r0b")))
+                       (let* ((port (open-file key "r0b")))
                         (format #t "registering public key '~a'...~%" key)
                         (close-port (current-input-port))
                         (dup port 0)
                         (execl #$(file-append guix "/bin/guix")
                                "guix" "archive" "--authorize")
-             (exit 1)))
+                         (primitive-exit 1)))
                      (else
                       (let ((status (cdr (waitpid pid))))
                         (unless (zero? status)
                           (format (current-error-port) "warning: \
-failed to register public key '~a': ~a~%" key status))))))))
+failed to register public key '~a': ~a~%" key status)))))))
+                '(#$@keys))))

 (define %default-authorized-guix-keys
  ;; List of authorized substitute keys.
@ -1632,8 +1633,7 @@ failed to register public key '~a': ~a~%" key status))))))))

     ;; Optionally authorize substitute server keys.
     (if authorize-key?
-         #~(begin
-             #$@(map (cut hydra-key-authorization <> guix) keys))
+         (hydra-key-authorization keys guix)
         #~#f))))

 (define* (references-file item #:optional (name "references"))