Hi, Tobias Geerinckx-Rice <m...@tobias.gr> skribis:
> (Ugh, this patch is so ugly, all to work around that triplication in > ~/.config/guix/current/share/guix/*.pub… Would it be OK for ‘guix > archive --authorize’ to silently ignore duplicate keys?) Oh, good point. I guess we could change ‘public-keys->acl’ to deduplicate entries. Maybe something along these lines:
diff --git a/guix/pki.scm b/guix/pki.scm index 6326e065e9..c5b2fb9634 100644 --- a/guix/pki.scm +++ b/guix/pki.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2016 Ludovic Courtès <l...@gnu.org> +;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès <l...@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +21,7 @@ (define-module (guix pki) #:use-module (gcrypt pk-crypto) #:use-module ((guix utils) #:select (with-atomic-file-output)) #:use-module ((guix build utils) #:select (mkdir-p)) + #:autoload (srfi srfi-1) (delete-duplicates) #:use-module (ice-9 match) #:use-module (ice-9 rdelim) #:use-module (ice-9 binary-ports) @@ -61,9 +62,10 @@ (define (public-keys->acl keys) ;; want to have name certificates and to use subject names instead of ;; complete keys. `(acl ,@(map (lambda (key) - `(entry ,(canonical-sexp->sexp key) + `(entry ,key (tag (guix import)))) - keys))) + (delete-duplicates + (map canonical-sexp->sexp keys))))) (define %acl-file (string-append %config-directory "/acl"))
WDYT? Ludo’.