~ruther/guix-local

2c5c696c39b2d80b1e1b1f477822a6711d779b71 — Ludovic Courtès 12 years ago 202adef 
install: Register the hydra.gnu.org key on the installation image.

* gnu/services/base.scm (hydra-key-authorization): New procedure.
  (guix-service): Add #:authorize-hydra-key? parameter; honor it using
  'hydra-key-authorization'.
* gnu/system/install.scm (installation-services): Pass
  #:authorize-hydra-key? #t.
patch browse .tar.gz 
2 files changed, 38 insertions(+), 4 deletions(-)

M gnu/services/base.scm
M gnu/system/install.scm

M gnu/services/base.scm => gnu/services/base.scm +32 -3
@@ 330,10 330,37 @@ starting at FIRST-UID, and under GID."
                    1+
                    1))))

(define (hydra-key-authorization guix)
  "Return a gexp with code to register the hydra.gnu.org public key with
GUIX."
  #~(unless (file-exists? "/etc/guix/acl")
      (let ((pid (primitive-fork)))
        (case pid
          ((0)
           (let* ((key  (string-append #$guix
                                       "/share/guix/hydra.gnu.org.pub"))
                  (port (open-file key "r0b")))
             (format #t "registering public key '~a'...~%" key)
             (close-port (current-input-port))
             ;; (close-fdes 0)
             (dup port 0)
             (execl (string-append #$guix "/bin/guix")
                    "guix" "archive" "--authorize")
             (exit 1)))
          (else
           (let ((status (cdr (waitpid pid))))
             (unless (zero? status)
               (format (current-error-port) "warning: \
failed to register hydra.gnu.org public key: ~a~%" status))))))))

(define* (guix-service #:key (guix guix) (builder-group "guixbuild")
                       (build-accounts 10))
                       (build-accounts 10) authorize-hydra-key?)
  "Return a service that runs the build daemon from GUIX, and has
BUILD-ACCOUNTS user accounts available under BUILD-USER-GID."
BUILD-ACCOUNTS user accounts available under BUILD-USER-GID.

When AUTHORIZE-HYDRA-KEY? is true, the hydra.gnu.org public key provided by
GUIX is authorized upon activation, meaning that substitutes from
hydra.gnu.org are used by default."
  (mlet %store-monad ((accounts (guix-build-accounts build-accounts
                                                     #:group builder-group)))
    (return (service


@@ 349,7 376,9 @@ BUILD-ACCOUNTS user accounts available under BUILD-USER-GID."
             (user-groups (list (user-group
                                 (name builder-group)
                                 (members (map user-account-name
                                               user-accounts)))))))))
                                               user-accounts)))))
             (activate (and authorize-hydra-key?
                            (hydra-key-authorization guix)))))))

(define %base-services
  ;; Convenience variable holding the basic services.


M gnu/system/install.scm => gnu/system/install.scm +6 -1
@@ 77,7 77,12 @@ You have been warned.  Thanks for being so brave.

          ;; The usual services.
          (syslog-service)
          (guix-service)

          ;; The build daemon.  Register the hydra.gnu.org key as trusted.
          ;; This allows the installation process to use substitutes by
          ;; default.
          (guix-service #:authorize-hydra-key? #t)

          (nscd-service))))

(define %issue