From 3a8bfebed94ba295432da8304b7ffb4a611ef761 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 28 Jun 2019 16:33:01 +0200 Subject: [PATCH] etc: Remove hydra.gnu.org.pub key. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * etc/substitutes/hydra.gnu.org.pub: Delete file. * guix/self.scm (miscellaneous-files): Don't install it. * Makefile.am (dist_pkgdata_DATA): Remove it. * gnu/services/base.scm (%default-authorized-guix-keys): Likewise. (hydra-key-authorization): Rename to… (substitute-key-authorization): …this. Adjust only call site. --- Makefile.am | 3 +-- etc/substitutes/hydra.gnu.org.pub | 6 ------ gnu/services/base.scm | 7 +++---- gnu/system/install.scm | 4 ++-- guix/self.scm | 3 --- 5 files changed, 6 insertions(+), 17 deletions(-) delete mode 100644 etc/substitutes/hydra.gnu.org.pub diff --git a/Makefile.am b/Makefile.am index 80be73e4bf..8adf23c699 100644 --- a/Makefile.am +++ b/Makefile.am @@ -489,9 +489,8 @@ check-system: $(GOBJECTS) -e '(@@ (run-system-tests) run-system-tests)' \ $(top_srcdir)/build-aux/run-system-tests.scm -# Public key used to sign substitutes from hydra.gnu.org & co. +# Public keys used to sign substitutes. dist_pkgdata_DATA = \ - etc/substitutes/hydra.gnu.org.pub \ etc/substitutes/berlin.guixsd.org.pub \ etc/substitutes/ci.guix.gnu.org.pub \ etc/substitutes/ci.guix.info.pub diff --git a/etc/substitutes/hydra.gnu.org.pub b/etc/substitutes/hydra.gnu.org.pub deleted file mode 100644 index 6db597ed4d..0000000000 --- a/etc/substitutes/hydra.gnu.org.pub +++ /dev/null @@ -1,6 +0,0 @@ - (public-key - (rsa - (n #00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268E82D4BBE0E35298C481C9DA1551642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B538A0E990A8825DEB73081D317001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D400658974D7DAD1F6B7B63C192B9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F330908CFDA9C3C8C32B64F7DD088457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F667080BA941D80D015CE87B0FB6A91A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15FC7B8785A3E86BA6592B2916CA22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D88B6A618F84DD73AEBED8270BCB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70A9C27CB5B7B050C9090590D3A9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF19963A191967054E9FD97DC14D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE97B89043E95BD1B70DE61DA666893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE551A3C447C12E104E65#) - (e #010001#) - ) - ) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 3c1827fb70..537d30add5 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1533,7 +1533,7 @@ (define not-config? (('gnu rest ...) #t) (rest #f))) -(define (hydra-key-authorization keys guix) +(define (substitute-key-authorization keys guix) "Return a gexp with code to register KEYS, a list of files containing 'guix archive' public keys, with GUIX." (define default-acl @@ -1570,8 +1570,7 @@ (define keys (define %default-authorized-guix-keys ;; List of authorized substitute keys. - (list (file-append guix "/share/guix/hydra.gnu.org.pub") - (file-append guix "/share/guix/berlin.guixsd.org.pub"))) + (list (file-append guix "/share/guix/berlin.guixsd.org.pub"))) (define-record-type* guix-configuration make-guix-configuration @@ -1688,7 +1687,7 @@ (define (guix-activation config) ;; Optionally authorize substitute server keys. (if authorize-key? - (hydra-key-authorization keys guix) + (substitute-key-authorization keys guix) #~#f)))) (define* (references-file item #:optional (name "references")) diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 453b0bdd6d..912096027f 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -330,8 +330,8 @@ (define bare-bones-os ;; The usual services. (syslog-service) - ;; The build daemon. Register the hydra.gnu.org key as trusted. - ;; This allows the installation process to use substitutes by + ;; The build daemon. Register the default substitute server key(s) + ;; as trusted to allow the installation process to use substitutes by ;; default. (service guix-service-type (guix-configuration (authorize-key? #t))) diff --git a/guix/self.scm b/guix/self.scm index 69e2381a8c..be90b60863 100644 --- a/guix/self.scm +++ b/guix/self.scm @@ -577,9 +577,6 @@ (define (miscellaneous-files source) ,(file-append* source "/etc/completion/zsh/_guix")) ("share/fish/vendor_completions.d/guix.fish" ,(file-append* source "/etc/completion/fish/guix.fish")) - ("share/guix/hydra.gnu.org.pub" - ,(file-append* source - "/etc/substitutes/hydra.gnu.org.pub")) ("share/guix/berlin.guixsd.org.pub" ,(file-append* source "/etc/substitutes/berlin.guixsd.org.pub"))