Hello,
On 30/3/26 19:07, Ludovic Courtès wrote:
Hello,
Hugo Buddelmeijer via "Development of GNU Guix and the GNU System distribution."
<[email protected]> skribis:
That works! I now have this in my config.scm:
(define (authorized-key-from-base16 file-name public-key)
(plain-file file-name
(canonical-sexp->string
(sexp->canonical-sexp
`(public-key
(ecc (curve Ed25519)
(q ,(base16-string->bytevector
(string-downcase public-key)))))))))
Yes, except that you’re losing information here:
‘authorized-key-from-base16’ assumes we’re dealing with an Ed25519 key,
which doesn’t have to be the case (it could be an different elliptic
curve, an RSA key, or who knows what).
Yes.. I haven't seen a public key different from Ed25519 yet though, so
for my personal use this function suffices.
But anything in the manual or cookbook should be more generic. Thanks.
Anyone a suggestion for how to do this better? (This is already
iteration four.)
I’d replace ‘authorized-key-from-base16’ with a more generic thing:
(define (substitute-key name sexp)
(plain-file (string-append name ".pub")
(canonical-sexp->string
(sexp->canonical-sexp sexp))))
That was iteration 3 :-). It makes more sense though yes.
The problem is that sites such as
<https://hpc.guix.info/channel/guix-science> or the /signing-key.pub
endpoint of ‘guix publish’ advertize the canonical sexp syntax, not the
Schemeified sexp syntax.
Thanks,
Ludo’.
