pki: Always make /etc/guix/acl world-readable.

Fixes guix/guix#664. This is necessary when running ‘guix-daemon’ as an unprivileged user and also when running ‘guix weather’ as an unprivileged user. * guix/pki.scm (ensure-acl): Make ‘%acl-file’ #o644. * guix/scripts/archive.scm (authorize-key): Likewise. * guix/ssh.scm (remote-authorize-signing-key): Likewise. Change-Id: I3c979b2cdf52e7cb657d8fafa244c58854e7fb67
author: Ludovic Courtès <ludo@gnu.org> 2025-07-14 13:08:48 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2025-07-16 23:50:38 +0200
commit: 38e82ca727512754c4ac9b43353255c91cadab8c (patch)
tree: ef315203818e605e419cf101bc60a1f2db9cb1e6 /guix/ssh.scm
parent: bd963ec99d5232df789b20e19b47900b1e27d7e3 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/guix/ssh.scm b/guix/ssh.scm
index 9e504c054c..20a35b2712 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016-2021, 2023-2024 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016-2021, 2023-2025 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -458,7 +458,8 @@ to the system ACL file if it has not yet been authorized."
         (let ((acl (public-keys->acl (cons key (acl->public-keys acl)))))
           (mkdir-p (dirname %acl-file))
           (with-atomic-file-output %acl-file
-            (cut write-acl acl <>)))))
+            (cut write-acl acl <>))
+          (chmod %acl-file #o644))))
    session
    become-command))
author	Ludovic Courtès <ludo@gnu.org>	2025-07-14 13:08:48 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2025-07-16 23:50:38 +0200
commit	38e82ca727512754c4ac9b43353255c91cadab8c (patch)
tree	ef315203818e605e419cf101bc60a1f2db9cb1e6 /guix/ssh.scm
parent	bd963ec99d5232df789b20e19b47900b1e27d7e3 (diff)