Hello,
Hugo Buddelmeijer via "Development of GNU Guix and the GNU System
distribution." <[email protected]> skribis:
> That works! I now have this in my config.scm:
>
> (define (authorized-key-from-base16 file-name public-key)
> (plain-file file-name
> (canonical-sexp->string
> (sexp->canonical-sexp
> `(public-key
> (ecc (curve Ed25519)
> (q ,(base16-string->bytevector
> (string-downcase public-key)))))))))
>
> (simple-service
> 'guix-authorized-keys guix-service-type
> (guix-extension
> (authorized-keys
> (list
> (authorized-key-from-base16
> "ci.guix.gnu.org.pub.pub"
> "8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394")
> )))) ; <- these lonelies fit on the previous line, just not in email
>
> Much better. Especially because I now only need 3 lines per added
> authorized key. (I'd like to `guix copy` between al my machines.)
> base16 is used so the string is the same as in the .pub file.
Yes, except that you’re losing information here:
‘authorized-key-from-base16’ assumes we’re dealing with an Ed25519 key,
which doesn’t have to be the case (it could be an different elliptic
curve, an RSA key, or who knows what).
> Anyone a suggestion for how to do this better? (This is already
> iteration four.)
I’d replace ‘authorized-key-from-base16’ with a more generic thing:
(define (substitute-key name sexp)
(plain-file (string-append name ".pub")
(canonical-sexp->string
(sexp->canonical-sexp sexp))))
The problem is that sites such as
<https://hpc.guix.info/channel/guix-science> or the /signing-key.pub
endpoint of ‘guix publish’ advertize the canonical sexp syntax, not the
Schemeified sexp syntax.
Thanks,
Ludo’.
