mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 05:48:07 -05:00
services: guix: Add 'generate-substitute-key?' field.
* gnu/services/base.scm (<guix-configuration>)[generate-substitute-key?]: New field. (guix-activation): Honor it. * doc/guix.texi (Base Services): Document it.
This commit is contained in:
parent
199da75a8a
commit
5e34e873af
2 changed files with 18 additions and 2 deletions
|
@ -17030,6 +17030,18 @@ This example assumes that the file @file{./guix.example.org-key.pub}
|
||||||
contains the public key that @code{guix.example.org} uses to sign
|
contains the public key that @code{guix.example.org} uses to sign
|
||||||
substitutes.
|
substitutes.
|
||||||
|
|
||||||
|
@item @code{generate-substitute-key?} (default: @code{#t})
|
||||||
|
Whether to generate a @dfn{substitute key pair} under
|
||||||
|
@file{/etc/guix/signing-key.pub} and @file{/etc/guix/signing-key.sec} if
|
||||||
|
there is not already one.
|
||||||
|
|
||||||
|
This key pair is used when exporting store items, for instance with
|
||||||
|
@command{guix publish} (@pxref{Invoking guix publish}) or @command{guix
|
||||||
|
archive} (@pxref{Invoking guix archive}). Generating a key pair takes a
|
||||||
|
few seconds when enough entropy is available and is only done once; you
|
||||||
|
might want to turn it off for instance in a virtual machine that does
|
||||||
|
not need it and where the extra boot time is a problem.
|
||||||
|
|
||||||
@item @code{max-silent-time} (default: @code{0})
|
@item @code{max-silent-time} (default: @code{0})
|
||||||
@itemx @code{timeout} (default: @code{0})
|
@itemx @code{timeout} (default: @code{0})
|
||||||
The number of seconds of silence and the number of seconds of activity,
|
The number of seconds of silence and the number of seconds of activity,
|
||||||
|
|
|
@ -183,6 +183,7 @@ (define-module (gnu services base)
|
||||||
guix-configuration-authorized-keys
|
guix-configuration-authorized-keys
|
||||||
guix-configuration-use-substitutes?
|
guix-configuration-use-substitutes?
|
||||||
guix-configuration-substitute-urls
|
guix-configuration-substitute-urls
|
||||||
|
guix-configuration-generate-substitute-key?
|
||||||
guix-configuration-extra-options
|
guix-configuration-extra-options
|
||||||
guix-configuration-log-file
|
guix-configuration-log-file
|
||||||
|
|
||||||
|
@ -1565,6 +1566,8 @@ (define-record-type* <guix-configuration>
|
||||||
(default #t))
|
(default #t))
|
||||||
(substitute-urls guix-configuration-substitute-urls ;list of strings
|
(substitute-urls guix-configuration-substitute-urls ;list of strings
|
||||||
(default %default-substitute-urls))
|
(default %default-substitute-urls))
|
||||||
|
(generate-substitute-key? guix-configuration-generate-substitute-key?
|
||||||
|
(default #t)) ;Boolean
|
||||||
(chroot-directories guix-configuration-chroot-directories ;list of file-like/strings
|
(chroot-directories guix-configuration-chroot-directories ;list of file-like/strings
|
||||||
(default '()))
|
(default '()))
|
||||||
(max-silent-time guix-configuration-max-silent-time ;integer
|
(max-silent-time guix-configuration-max-silent-time ;integer
|
||||||
|
@ -1749,14 +1752,15 @@ (define (guix-accounts config)
|
||||||
(define (guix-activation config)
|
(define (guix-activation config)
|
||||||
"Return the activation gexp for CONFIG."
|
"Return the activation gexp for CONFIG."
|
||||||
(match-record config <guix-configuration>
|
(match-record config <guix-configuration>
|
||||||
(guix authorize-key? authorized-keys)
|
(guix generate-substitute-key? authorize-key? authorized-keys)
|
||||||
#~(begin
|
#~(begin
|
||||||
;; Assume that the store has BUILD-GROUP as its group. We could
|
;; Assume that the store has BUILD-GROUP as its group. We could
|
||||||
;; otherwise call 'chown' here, but the problem is that on a COW overlayfs,
|
;; otherwise call 'chown' here, but the problem is that on a COW overlayfs,
|
||||||
;; chown leads to an entire copy of the tree, which is a bad idea.
|
;; chown leads to an entire copy of the tree, which is a bad idea.
|
||||||
|
|
||||||
;; Generate a key pair and optionally authorize substitute server keys.
|
;; Generate a key pair and optionally authorize substitute server keys.
|
||||||
(unless (file-exists? "/etc/guix/signing-key.pub")
|
(unless (or #$(not generate-substitute-key?)
|
||||||
|
(file-exists? "/etc/guix/signing-key.pub"))
|
||||||
(system* #$(file-append guix "/bin/guix") "archive"
|
(system* #$(file-append guix "/bin/guix") "archive"
|
||||||
"--generate-key"))
|
"--generate-key"))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue