From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id KMxtOZKQ8F+PdwAA0tVLHw
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 02 Jan 2021 15:26:10 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id ILM9NZKQ8F/PbwAA1q6Kng
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 02 Jan 2021 15:26:10 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id E6E839402A9
	for <larch@yhetil.org>; Sat,  2 Jan 2021 15:26:09 +0000 (UTC)
Received: from localhost ([::1]:35668 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1kvinA-00088l-H3
	for larch@yhetil.org; Sat, 02 Jan 2021 10:26:08 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:45786)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kvin4-00088R-5b
 for bug-guix@gnu.org; Sat, 02 Jan 2021 10:26:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:48902)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kvin3-0002EJ-UF
 for bug-guix@gnu.org; Sat, 02 Jan 2021 10:26:01 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1kvin3-0001lh-Rt
 for bug-guix@gnu.org; Sat, 02 Jan 2021 10:26:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: bug#45571: Support stable uids and gids for all accounts
Resent-From: Leo Prikler <leo.prikler@student.tugraz.at>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Sat, 02 Jan 2021 15:26:01 +0000
Resent-Message-ID: <handler.45571.B45571.16096011096728@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 45571
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Danny Milosavljevic <dannym@scratchpost.org>, 45571@debbugs.gnu.org
Received: via spool by 45571-submit@debbugs.gnu.org id=B45571.16096011096728
 (code B ref 45571); Sat, 02 Jan 2021 15:26:01 +0000
Received: (at 45571) by debbugs.gnu.org; 2 Jan 2021 15:25:09 +0000
Received: from localhost ([127.0.0.1]:60448 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1kvimC-0001kS-JY
 for submit@debbugs.gnu.org; Sat, 02 Jan 2021 10:25:08 -0500
Received: from mailrelay.tugraz.at ([129.27.2.202]:39067)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo.prikler@student.tugraz.at>) id 1kvimA-0001kJ-PM
 for 45571@debbugs.gnu.org; Sat, 02 Jan 2021 10:25:07 -0500
Received: from nijino.local (217-149-174-13.nat.highway.telekom.at
 [217.149.174.13])
 by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4D7QgP0KSgz1LLyX;
 Sat,  2 Jan 2021 16:25:04 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4D7QgP0KSgz1LLyX
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at;
 s=mailrelay; t=1609601105;
 bh=nYRUMIPg8JAWC4vDU46samMIU9VTEuhjsYM+LGtMPc8=;
 h=Subject:From:To:Date:In-Reply-To:References:From;
 b=DZKy8FfN3wv2MGuQNvlXwNFn3nwgBn11HM2/9Bs0BJ1DvKNcUz1w1OEdj5n5njB4B
 /TeR9HPMR3M7qMjdgYPTszh7ut82og3BrtvBamUBaoYmy7WxrxNatjd+HMmvMjplys
 uKWOoY7/ok/jSZDJP8L1M7IQlxpZ0ABh60IwuvQM=
Message-ID: <95f76be4dfebc473e8f4436464978a26296d2f57.camel@student.tugraz.at>
From: Leo Prikler <leo.prikler@student.tugraz.at>
Date: Sat, 02 Jan 2021 16:25:04 +0100
In-Reply-To: <20210102160415.30fcb7e8@scratchpost.org>
References: <dfa026bb208f02d2e6e99c13b109bce911ffe368.camel@student.tugraz.at>
 <20210101184838.21869359@scratchpost.org>
 <2f2fd3d66066b23f31f7db465aea65478ef81e87.camel@student.tugraz.at>
 <20210101212242.00252cac@scratchpost.org>
 <58174c197a7b42b29927c492d25e28c684d199ea.camel@student.tugraz.at>
 <20210102160415.30fcb7e8@scratchpost.org>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TUG-Backscatter-control: bt4lQm5Tva3SBgCuw0EnZw
X-Spam-Scanner: SpamAssassin 3.003001 
X-Spam-Score-relay: -1.9
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.116
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: -1.23
Authentication-Results: aspmx1.migadu.com;
	dkim=fail (headers rsa verify failed) header.d=tugraz.at header.s=mailrelay header.b=DZKy8FfN;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=student.tugraz.at (policy=none);
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Queue-Id: E6E839402A9
X-Spam-Score: -1.23
X-Migadu-Scanner: scn0.migadu.com
X-TUID: 8k0o+MHlS+cj

Hi Danny,
Am Samstag, den 02.01.2021, 16:04 +0100 schrieb Danny Milosavljevic:
> Hi Leo,
> 
> > > Considering the goal of Guix, it's weird that with Guix, one
> > > needs to
> > > store&restore /etc/passwd at all.  It's state, but not very
> > > useful
> > > one.
> > > I mean that's how it is right now--but it's still weird.
> > > With /etc/shadow maybe there's a slightly better case, but note
> > > that
> > > the key
> > > to find stuff in /etc/shadow can't be the uid--the uid isn't even
> > > in
> > > there!  
> > AFAIU yes, it's state, but not one that Guix can simply do away
> > with. 
> 
> It's easily possible to recreate /etc/passwd from scratch if the uids
> are
> always specified in <user-account>s and thus /etc/passwd would not
> need to
> be persistent state anymore.  Right now everything from /etc/passwd
> except
> the uid and the comment is already specified in <user-account>.
> 
> So Guix can indeed simply do away with the persistent state of
> /etc/passwd--that's why I suggested specifying the uids in the first
> place.
> 
> (By now I don't think that's the best way to make UIDs stable, but
> it's
> factually incorrect to assert that Guix can't simply do away with
> that
> persistent state specifically.  It can.)
> 
> > There is not yet a syntax for keeping secrets, which would be
> > needed to
> > fully populate /etc from config.scm.  Perhaps we'll get there some
> > day.
> 
> /etc/passwd does not contain secrets.  Neither does /etc/group.
> 
> And /etc/shadow doesn't contain uids.
> 
> So there is no conflict.
Point taken, it is indeed possibly to do away with one of those files,
but looking at them as a trio (as one ought to imo), I don't think
removing one while keeping the other(s) is the way to go.

Also if you do go that route, you would need a way to specify that your
passwd has hitherto been different to all other Guix installations;
hence forcing you to make system account [GU]IDs configurable once
again.

Regards,
Leo