summaryrefslogtreecommitdiff
path: root/guix
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2020-11-13 21:17:53 +0100
committerTobias Geerinckx-Rice <me@tobias.gr>2020-11-15 23:05:34 +0100
commit5d15733c426d232e98098d99a5bfe145586609a4 (patch)
tree2fa6ad0de047eab6cc3529acc7ebc7d41f276929 /guix
parent7140c55d1712cca1a44fb4c968a0bef42c2324a4 (diff)
archive: Warn about replacing an ACL symlink.
* guix/scripts/archive.scm (authorize-key): Warn when %ACL-FILE is a symbolic link and print an additional hint for Guix System users. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'guix')
-rw-r--r--guix/scripts/archive.scm11
1 files changed, 11 insertions, 0 deletions
diff --git a/guix/scripts/archive.scm b/guix/scripts/archive.scm
index 02557ce454..c04baf9784 100644
--- a/guix/scripts/archive.scm
+++ b/guix/scripts/archive.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -310,6 +311,16 @@ the input port."
(leave (G_ "failed to read public key: ~a: ~a~%")
(error-source err) (error-string err)))))
+ ;; Warn about potentially volatile ACLs, but continue: system reconfiguration
+ ;; might not be possible without (newly-authorized) substitutes.
+ (let ((stat (false-if-exception (lstat %acl-file))))
+ (when (and stat (eq? 'symlink (stat:type (lstat %acl-file))))
+ (warning (G_ "replacing symbolic link ~a with a regular file~%")
+ %acl-file)
+ (when (string-prefix? (%store-prefix) (readlink %acl-file))
+ (display-hint (G_ "On Guix System, add public keys to the
+@code{authorized-keys} field of your @code{operating-system} instead.")))))
+
(let ((key (read-key))
(acl (current-acl)))
(unless (eq? 'public-key (canonical-sexp-nth-data key 0))