[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and
|
From: |
Maxime Devos |
|
Subject: |
[bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' |
|
Date: |
Tue, 12 Apr 2022 10:48:48 +0200 |
|
User-agent: |
Evolution 3.38.3-1 |
Ludovic Courtès schreef op ma 11-04-2022 om 22:33 [+0200]:
> > Ludovic Courtès schreef op ma 11-04-2022 om 11:48 [+0200]:
> > > > * bonus: except possibly for the secret key material, "guix
> > > > publish"
> > > > does not have to be started as root anymore even if uses
> > > > a
> > > > reserved port such as port 80 (assuming socket activation
> > > > is
> > > > used).
> > >
> > > But it does need to access the secret key…
> >
> > The ‘guix publish’ could be run as a separate, say, guix-publish
> > user,
> > and the secret key could be made readable to guix-publish.
>
> That doesn’t sound reasonable.
Why not? ‘guix publish’ needs read access to the secret key anyway.
Though then (if done with chown) ‘guix publish’ could modify the secret
key file, so maybe instead of making it ‘owned’ by the 'guix-publish'
user, maybe just set an ACL to allow read access from ‘guix-publish’
but not write access?
Though that seems to be more complex than just letting ‘guix publish’
open the file and change users by itself, so maybe not.
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', (continued)
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/09
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/09
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/09
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/10
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/10
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/11
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/11
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/11
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/12
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/12
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon',
Maxime Devos <=
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/11
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/11
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/11