archive: Warn about replacing an ACL symlink.

* guix/scripts/archive.scm (authorize-key): Warn when %ACL-FILE is a symbolic link and print an additional hint for Guix System users. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2020-11-13 21:17:53 +01:00 · 2020-11-13 21:17:53 +01:00 · 5d15733c42
parent 7140c55d17
commit 5d15733c42
1 changed files with 11 additions and 0 deletions
--- a/guix/scripts/archive.scm
+++ b/guix/scripts/archive.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -310,6 +311,16 @@ the input port."
        (leave (G_ "failed to read public key: ~a: ~a~%")
               (error-source err) (error-string err)))))

+  ;; Warn about potentially volatile ACLs, but continue: system reconfiguration
+  ;; might not be possible without (newly-authorized) substitutes.
+  (let ((stat (false-if-exception (lstat %acl-file))))
+    (when (and stat (eq? 'symlink (stat:type (lstat %acl-file))))
+      (warning (G_ "replacing symbolic link ~a with a regular file~%")
+               %acl-file)
+      (when (string-prefix? (%store-prefix) (readlink %acl-file))
+        (display-hint (G_ "On Guix System, add public keys to the
+@code{authorized-keys} field of your @code{operating-system} instead.")))))
+
  (let ((key (read-key))
        (acl (current-acl)))
    (unless (eq? 'public-key (canonical-sexp-nth-data key 0))