[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#39819: Declarative /etc/guix/acl?
|
From: |
Efraim Flashner |
|
Subject: |
Re: bug#39819: Declarative /etc/guix/acl? |
|
Date: |
Sun, 11 Oct 2020 14:00:12 +0300 |
On Sun, Oct 11, 2020 at 12:39:17PM +0200, Ludovic Courtès wrote:
> Hi!
>
> For some reason, /etc/guix/acl is not declarative on Guix System: we let
> users modify it and assume it’s stateful, which can surprise users as in
> <https://issues.guix.gnu.org/39819>.
>
> Should we make it declarative, just like most of /etc? I think so. For
> a build farm like berlin, it would force admins to explicitly list all
> the authorized keys in their config—annoying change, but not a bad
> thing.
>
> WDYT?
I've been surprised by it at least once. (That it was more than once is
on me...)
> The problem is the transition. We would need to at least create a
> backup of /etc/guix/acl on the next activation, or better yet, warn
> users or error out at reconfigure time.
>
> Thoughts?
>
> Ludo’.
>
activation script: (when (file-exists? "/etc/guix/acl")
(rename-file "/etc/guix/acl"
"/etc/guix/acl-old"))
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature