From: Bengt Richter <bokr@bokr.com>
To: "Ludovic Courtès" <ludovic.courtes@inria.fr>
Cc: 43762@debbugs.gnu.org
Subject: bug#43762: ‘guix environment -C’ containers lack /etc/hosts
Date: Fri, 2 Oct 2020 16:38:13 +0200 [thread overview]
Message-ID: <20201002143813.GA4900@LionPure> (raw)
In-Reply-To: <87a6x4ka36.fsf@inria.fr>
Hi Ludo,
On +2020-10-02 15:53:49 +0200, Ludovic Courtès wrote:
> Hi!
>
> Look:
>
> --8<---------------cut here---------------start------------->8---
> $ guix environment -C --ad-hoc coreutils -- cat /etc/hosts
> cat: /etc/hosts: No such file or directory
> $ guix describe
> Generacio 162 Oct 01 2020 00:23:38 (nuna)
> guix 7607ace
> repository URL: https://git.savannah.gnu.org/git/guix.git
> branch: master
> commit: 7607ace5091aea0157ba5c8a508129cc5fc4f931
> --8<---------------cut here---------------end--------------->8---
>
> I think we should add /etc/hosts with an entry for “localhost”, just
> like libstore/build.cc does.
>
> Ludo’.
>
How sensitive is this data? E.g., compared to /etc/hostname and /etc/machine-id ?
man machine-id says in part
--8<---------------cut here---------------start------------->8---
This ID uniquely identifies the host. It should be considered "confidential", and must not be exposed in untrusted environments, in particular on
the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be
used directly. Instead the machine ID should be hashed with a cryptographic, keyed hash function, using a fixed, application-specific key. That way
the ID will be properly unique, and derived in a constant way from the machine ID but there will be no way to retrieve the original machine ID from
the application-specific one. The sd_id128_get_machine_app_specific(3) API provides an implementation of such an algorithm.
--8<---------------cut here---------------end--------------->8---
And how do you pick an appropriate hostname (which often appears in /etc/hosts)
for an image that could be booted in the clouds, or like a live USB, on any compatible laptop?
--
Regards,
Bengt Richter
next prev parent reply other threads:[~2020-10-02 14:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-02 13:53 bug#43762: ‘guix environment -C’ containers lack /etc/hosts Ludovic Courtès
2020-10-02 14:38 ` Bengt Richter [this message]
2020-10-02 21:29 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201002143813.GA4900@LionPure \
--to=bokr@bokr.com \
--cc=43762@debbugs.gnu.org \
--cc=ludovic.courtes@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).