archive: Make /etc/guix/signing-key.* readable by ‘guix-daemon’.
The manual suggests running ‘guix archive --generate-key’ as root, but that
would lead to root-owned /etc/guix/signing-key.{pub,sec}, with the secret key
unreadable by the unprivileged guix-daemon. This fixes it.
Reported in guix/guix#4844.
* guix/scripts/archive.scm (generate-key-pair)[ensure-daemon-ownership]: New
procedure.
Use it for ‘%public-key-file’, ‘%private-key-file’, and their parent
directory.
Reported-by: Rutherther <rutherther@ditigal.xyz>
Change-Id: I7ae980bfd40078fb7ef27a193217b15f366d5d50
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4958
1 files changed, 18 insertions(+), 1 deletions(-) M guix/scripts/archive.scm
M guix/scripts/archive.scm => guix/scripts/archive.scm +18 -1
@@ 279,16 279,33 @@ this may take time...~%")) (error-source err) (error-string err))))) (public (find-sexp-token pair 'public-key)) (secret (find-sexp-token pair 'private-key))) (secret (find-sexp-token pair 'private-key)) (store (stat (%store-prefix) #f))) (define (ensure-daemon-ownership file) ;; Ensure FILE is readable by the daemon, by changing ownership either ;; to root or to the owner of the store. (when store (chown file (stat:uid store) (match (stat:uid store) ;; When the store is root-owned, use 0 as the GID for the ;; keys (the store's GID is usually that of 'guixbuild'). (0 0) (_ (stat:gid store)))))) ;; Create the following files as #o400. (umask #o266) (mkdir-p (dirname %public-key-file)) (ensure-daemon-ownership (dirname %public-key-file)) (with-atomic-file-output %public-key-file (lambda (port) (ensure-daemon-ownership port) (display (canonical-sexp->string public) port))) (with-atomic-file-output %private-key-file (lambda (port) (ensure-daemon-ownership port) (display (canonical-sexp->string secret) port))) ;; Make the public key readable by everyone.