On 21-07-2022 19:13, Andrew Tropin wrote:

The source code is here:
https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9

What's the 'guix-home-gc-roots' for? I would expect the reference #$(file-append he "/activate") to be sufficient to keep things from being gc'ed.

+        (start #~(make-forkexec-constructor
+                  '(#$(file-append he "/activate"))
+                  #:user #$user
+                  #:environment-variables
+                  (list (string-append "HOME=" (passwd:dir (getpw #$user))))
+                  #:group (group:name (getgrgid (passwd:gid (getpw #$user))))))

I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done already internally by /activate, you could consider doing it in a container to reduce potential irreproducibility, or insecurity on multi-user systems (I'd assume the #:user + #:group to be sufficient for security, especially if it appears sufficient for other system services, but I'm not some expert on what things need to be set).

+        (provision (list (symbol-append 'guix-home- (string->symbol user))))
+        (one-shot? #t)
+        (auto-start? #f)

Wouldn't it then be possible for the user to login via the login manager before initialisation has completed, as gdm etc don't wait for guix-home-... currently?

Greetings,
Maxime.