diff --git a/guix/pki.scm b/guix/pki.scm index 6326e065e9..c5b2fb9634 100644 --- a/guix/pki.scm +++ b/guix/pki.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2016 Ludovic Courtès +;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +21,7 @@ #:use-module (gcrypt pk-crypto) #:use-module ((guix utils) #:select (with-atomic-file-output)) #:use-module ((guix build utils) #:select (mkdir-p)) + #:autoload (srfi srfi-1) (delete-duplicates) #:use-module (ice-9 match) #:use-module (ice-9 rdelim) #:use-module (ice-9 binary-ports) @@ -61,9 +62,10 @@ element in KEYS must be a canonical sexp with type 'public-key'." ;; want to have name certificates and to use subject names instead of ;; complete keys. `(acl ,@(map (lambda (key) - `(entry ,(canonical-sexp->sexp key) + `(entry ,key (tag (guix import)))) - keys))) + (delete-duplicates + (map canonical-sexp->sexp keys))))) (define %acl-file (string-append %config-directory "/acl")) diff --git a/tests/pki.scm b/tests/pki.scm index d6a6b476c7..86daff8ddf 100644 --- a/tests/pki.scm +++ b/tests/pki.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014 Ludovic Courtès +;;; Copyright © 2013, 2014, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -66,6 +66,10 @@ (test-assert "authorized-key? public-key singleton" (authorized-key? %public-key (public-keys->acl (list %public-key)))) +(test-equal "public-keys->acl deduplication" + (public-keys->acl (list %public-key)) + (public-keys->acl (make-list 10 %public-key))) + (test-assert "signature-case valid-signature" (let* ((hash (sha256 #vu8(1 2 3))) (data (bytevector->hash-data hash #:key-type (key-type %public-key)))