From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id cKw2IE6M2WIsUwEAbAwnHQ (envelope-from ) for ; Thu, 21 Jul 2022 19:26:38 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id oIgRIE6M2WJc4gAAauVa8A (envelope-from ) for ; Thu, 21 Jul 2022 19:26:38 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1BFDBF719 for ; Thu, 21 Jul 2022 19:26:37 +0200 (CEST) Received: from localhost ([::1]:39514 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oEZwa-0006X7-LJ for larch@yhetil.org; Thu, 21 Jul 2022 13:26:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34296) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oEZw2-0006Wv-S3 for bug-guix@gnu.org; Thu, 21 Jul 2022 13:26:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:49268) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oEZw2-0008F0-JZ for bug-guix@gnu.org; Thu, 21 Jul 2022 13:26:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oEZw2-0003Ym-Fz for bug-guix@gnu.org; Thu, 21 Jul 2022 13:26:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#56669: enhancement: Link guix system and guix home Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 21 Jul 2022 17:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56669 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Andrew Tropin , guix-bug-va9nk6@rdmp.org, 56669@debbugs.gnu.org Cc: Tissevert Received: via spool by 56669-submit@debbugs.gnu.org id=B56669.165842431913626 (code B ref 56669); Thu, 21 Jul 2022 17:26:02 +0000 Received: (at 56669) by debbugs.gnu.org; 21 Jul 2022 17:25:19 +0000 Received: from localhost ([127.0.0.1]:39017 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oEZvL-0003Xi-AU for submit@debbugs.gnu.org; Thu, 21 Jul 2022 13:25:19 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:40318) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oEZvF-0003XR-K7 for 56669@debbugs.gnu.org; Thu, 21 Jul 2022 13:25:17 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by baptiste.telenet-ops.be with bizsmtp id xtRB2700A20ykKC01tRB9z; Thu, 21 Jul 2022 19:25:11 +0200 Message-ID: Date: Thu, 21 Jul 2022 19:25:11 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org> <87o7xjbrb1.fsf@trop.in> <87k086crtr.fsf@trop.in> From: Maxime Devos In-Reply-To: <87k086crtr.fsf@trop.in> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------9wif7DLuRxRzxR8VFIuzPf0u" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1658424312; bh=hEkm8/rZ1m2NBsVkmEzeD1buP+NhuZZxem0NUBy3XQE=; h=Date:To:Cc:References:From:Subject:In-Reply-To; b=KJIcLy+4b3R5S0cdJ5sMKqEMxVgBRMwtt337bceLIOwIFAwiRbbFy6ic2BcSio/qh t1aAmPvH/3AJxmbeEYFOU4eQ4hmWcDrQ64RGdUOaa9oMRI/gXCnMtxvCsl9Wj0pa6P m5Z4rnwqTK5msy12FCmI+AaZiAz2L1R7MWGA69GIWEdpDP5W7wIEow6sR3657pV1Gm Sr8jiZEJ+0rlbXqQr5KckV+camWKrqIrC3u7oax099dRDiJNfaxGRn3Iyfff7MrdkQ RDqlUJ20jiNxvY75ja2LZ3a+SL1J94swF8vv7IKwiPreFyJzKV1EzGp7dEWk2FWzur THgp7aCnmXtLg== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1658424398; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=06Gs5wBwjxcfiVayKD6WQntF+ZTa7wUsG02o/U4wrFU=; b=M6GWFSmVT6rQ6uYISTt5+UqQ/2yk3EFXHoJwhTRmum0bxQeUyn1ArXxGq+hN+CGDF/isfB U4y+vjanp54WUa6Z3J+gwPlQA+EBMHmYYPMNNCH6XzKraOjL5kQ/ze0RCooeazVWyFUpxp SoPBbLIUL61YnFCwPUrt0ujuFBgbCPsFw8G4rIPDGNGOlxYrGnnykCbCteRahzJrxoJTd/ lZNTe1Vu+HVm8NejbCdSPawNGh2fZhkQjGjqH/ieng5nq22q5lXn9PI4V4jdKWvSF3mEnc SIMkaSzhUIYaTi3Z72qbMzJ4YSFbcyeMxDFM7G4PQmzCGmI+s7dI/kwXxX4UNQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658424398; a=rsa-sha256; cv=none; b=bWKu/z0gTJmu1MfK87q1xuZVXnR8YM50LVD48XgbC/gFBe4ttLvsjogVSh/Q4PGyPfkL3c 2fSDuOZBg3P4rpTZ3esJB38SvLA62SfemlKSOEzxszhyTYYmH6ENjVLeq4E2bPXP3UE2X/ FDTps7t4p4NZYJ32h1vvouDupbgKA76XW/vhm71r1rMngZghip8XuXX4mxytUT1gJWE1Bv ReUFcm+YOOrEMbTsjEU1E8zsW4lspZDjDmQvdKVAqi0B5edQWgS9FlyYvw86mwkBh/vu+1 TUQHIieOf3AqFmj+ICMPw/P6MioOoBxG8KeVG+F3n2vP0nn9u32wnnHBbVOAJg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=KJIcLy+4; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 6.16 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=KJIcLy+4; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 1BFDBF719 X-Spam-Score: 6.16 X-Migadu-Scanner: scn0.migadu.com X-TUID: RXbHIslzN9NQ This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------9wif7DLuRxRzxR8VFIuzPf0u Content-Type: multipart/mixed; boundary="------------bs4rcmDUOSWVWGGgLoAY2Fy6"; protected-headers="v1" From: Maxime Devos To: Andrew Tropin , guix-bug-va9nk6@rdmp.org, 56669@debbugs.gnu.org Cc: Tissevert Message-ID: Subject: Re: bug#56669: enhancement: Link guix system and guix home References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org> <87o7xjbrb1.fsf@trop.in> <87k086crtr.fsf@trop.in> In-Reply-To: <87k086crtr.fsf@trop.in> --------------bs4rcmDUOSWVWGGgLoAY2Fy6 Content-Type: multipart/mixed; boundary="------------53Mz6SLQdt2lOdeh8DtiJcia" --------------53Mz6SLQdt2lOdeh8DtiJcia Content-Type: multipart/alternative; boundary="------------33DtCjGXVmHEyPvhyJX9iI3n" --------------33DtCjGXVmHEyPvhyJX9iI3n Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjEtMDctMjAyMiAxOToxMywgQW5kcmV3IFRyb3BpbiB3cm90ZToNCg0KPiBUaGUgc291 cmNlIGNvZGUgaXMgaGVyZToNCj4gaHR0cHM6Ly9naXQuc3IuaHQvfmFiY2R3L3JkZS9jb21t aXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5NTdlOWZhMWY5MzhmOTdlOQ0KDQpXaGF0J3Mg dGhlICdndWl4LWhvbWUtZ2Mtcm9vdHMnIGZvcj8gSSB3b3VsZCBleHBlY3QgdGhlIHJlZmVy ZW5jZSANCiMkKGZpbGUtYXBwZW5kIGhlICIvYWN0aXZhdGUiKSB0byBiZSBzdWZmaWNpZW50 IHRvIGtlZXAgdGhpbmdzIGZyb20gDQpiZWluZyBnYydlZC4NCg0KPiArIA0KPiA8aHR0cHM6 Ly9naXQuc3IuaHQvfmFiY2R3L3JkZS9jb21taXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5 NTdlOWZhMWY5MzhmOTdlOSNnbnUvc2VydmljZXMvaG9tZS5zY20tMS0yMz4gDQo+IChzdGFy dCAjfihtYWtlLWZvcmtleGVjLWNvbnN0cnVjdG9yICsgDQo+IDxodHRwczovL2dpdC5zci5o dC9+YWJjZHcvcmRlL2NvbW1pdC9jNWI0MDk3YWI5OTMwOWFjZTIzZTQwZDk1N2U5ZmExZjkz OGY5N2U5I2dudS9zZXJ2aWNlcy9ob21lLnNjbS0xLTI0PiANCj4gJygjJChmaWxlLWFwcGVu ZCBoZSAiL2FjdGl2YXRlIikpICsgDQo+IDxodHRwczovL2dpdC5zci5odC9+YWJjZHcvcmRl L2NvbW1pdC9jNWI0MDk3YWI5OTMwOWFjZTIzZTQwZDk1N2U5ZmExZjkzOGY5N2U5I2dudS9z ZXJ2aWNlcy9ob21lLnNjbS0xLTI1PiANCj4gIzp1c2VyICMkdXNlciArIA0KPiA8aHR0cHM6 Ly9naXQuc3IuaHQvfmFiY2R3L3JkZS9jb21taXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5 NTdlOWZhMWY5MzhmOTdlOSNnbnUvc2VydmljZXMvaG9tZS5zY20tMS0yNj4gDQo+ICM6ZW52 aXJvbm1lbnQtdmFyaWFibGVzICsgDQo+IDxodHRwczovL2dpdC5zci5odC9+YWJjZHcvcmRl L2NvbW1pdC9jNWI0MDk3YWI5OTMwOWFjZTIzZTQwZDk1N2U5ZmExZjkzOGY5N2U5I2dudS9z ZXJ2aWNlcy9ob21lLnNjbS0xLTI3PiANCj4gKGxpc3QgKHN0cmluZy1hcHBlbmQgIkhPTUU9 IiAocGFzc3dkOmRpciAoZ2V0cHcgIyR1c2VyKSkpKSArIA0KPiA8aHR0cHM6Ly9naXQuc3Iu aHQvfmFiY2R3L3JkZS9jb21taXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5NTdlOWZhMWY5 MzhmOTdlOSNnbnUvc2VydmljZXMvaG9tZS5zY20tMS0yOD4gDQo+ICM6Z3JvdXAgKGdyb3Vw Om5hbWUgKGdldGdyZ2lkIChwYXNzd2Q6Z2lkIChnZXRwdyAjJHVzZXIpKSkpKSkNCkknbSB3 b25kZXJpbmcgaWYgR1VJWF9MT0NQQVRIIGlzIG5lZWRlZCBhcyB3ZWxsLiBBbnl3YXksIGlm IG5vdCBkb25lIA0KYWxyZWFkeSBpbnRlcm5hbGx5IGJ5IC9hY3RpdmF0ZSwgeW91IGNvdWxk IGNvbnNpZGVyIGRvaW5nIGl0IGluIGEgDQpjb250YWluZXIgdG8gcmVkdWNlIHBvdGVudGlh bCBpcnJlcHJvZHVjaWJpbGl0eSwgb3IgaW5zZWN1cml0eSBvbiANCm11bHRpLXVzZXIgc3lz dGVtcyAoSSdkIGFzc3VtZSB0aGUgIzp1c2VyICsgIzpncm91cCB0byBiZSBzdWZmaWNpZW50 IGZvciANCnNlY3VyaXR5LCBlc3BlY2lhbGx5IGlmIGl0IGFwcGVhcnMgc3VmZmljaWVudCBm b3Igb3RoZXIgc3lzdGVtIHNlcnZpY2VzLCANCmJ1dCBJJ20gbm90IHNvbWUgZXhwZXJ0IG9u IHdoYXQgdGhpbmdzIG5lZWQgdG8gYmUgc2V0KS4NCg0KPiArIA0KPiA8aHR0cHM6Ly9naXQu c3IuaHQvfmFiY2R3L3JkZS9jb21taXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5NTdlOWZh MWY5MzhmOTdlOSNnbnUvc2VydmljZXMvaG9tZS5zY20tMS0yMD4gDQo+IChwcm92aXNpb24g KGxpc3QgKHN5bWJvbC1hcHBlbmQgJ2d1aXgtaG9tZS0gKHN0cmluZy0+c3ltYm9sIHVzZXIp KSkpICsgDQo+IDxodHRwczovL2dpdC5zci5odC9+YWJjZHcvcmRlL2NvbW1pdC9jNWI0MDk3 YWI5OTMwOWFjZTIzZTQwZDk1N2U5ZmExZjkzOGY5N2U5I2dudS9zZXJ2aWNlcy9ob21lLnNj bS0xLTIxPiANCj4gKG9uZS1zaG90PyAjdCkgKyANCj4gPGh0dHBzOi8vZ2l0LnNyLmh0L35h YmNkdy9yZGUvY29tbWl0L2M1YjQwOTdhYjk5MzA5YWNlMjNlNDBkOTU3ZTlmYTFmOTM4Zjk3 ZTkjZ251L3NlcnZpY2VzL2hvbWUuc2NtLTEtMjI+IA0KPiAoYXV0by1zdGFydD8gI2YpDQpX b3VsZG4ndCBpdCB0aGVuIGJlIHBvc3NpYmxlIGZvciB0aGUgdXNlciB0byBsb2dpbiB2aWEg dGhlIGxvZ2luIG1hbmFnZXIgDQpiZWZvcmUgaW5pdGlhbGlzYXRpb24gaGFzIGNvbXBsZXRl ZCwgYXMgZ2RtIGV0YyBkb24ndCB3YWl0IGZvciANCmd1aXgtaG9tZS0uLi4gY3VycmVudGx5 Pw0KDQpHcmVldGluZ3MsDQpNYXhpbWUuDQoNCg== --------------33DtCjGXVmHEyPvhyJX9iI3n Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On 21-07-2022 19:13, Andrew Tropin wrote:

The source code is here:
=
https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f9=
7e9

What's the 'guix-home-gc-roots' for? I would expect the reference #$(file-append he "/activate") to be sufficient to keep things from being gc'ed.

+=
        (start #~(make-forkexec-constructor
+                  '(#$(file-append he =
"/activate"))
+                  #:user #$user
+                  #:environment-variab=
les
+                  (list (string-append=
 "HOME=3D" (passwd:dir (getpw #$user))))
+                  #:group (group:name =
(getgrgid (passwd:gid (getpw #$user))))))
I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done already internally by /activate, you could consider doing it in a container to reduce potential irreproducibility, or insecurity on multi-user systems (I'd assume the #:user + #:group to be sufficient for security, especially if it appears sufficient for other system services, but I'm not some expert on what things need to be set).

+=
        (provision (list (symbol-append 'guix-home- (string->symbo=
l user))))
+        (one-shot? #t)
+        (auto-start? #f)
Wouldn't it then be possible for the user to login via the login manager before initialisation has completed, as gdm etc don't wait for guix-home-... currently?

Greetings,
Maxime.

--------------33DtCjGXVmHEyPvhyJX9iI3n-- --------------53Mz6SLQdt2lOdeh8DtiJcia Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------53Mz6SLQdt2lOdeh8DtiJcia-- --------------bs4rcmDUOSWVWGGgLoAY2Fy6-- --------------9wif7DLuRxRzxR8VFIuzPf0u Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYtmL9wUDAAAAAAAKCRBJ4+4iGRcl7mKW AQDdz6W+MAq2TLcFCImnpQL3LeBr9j2Lk91iFbuciphP5QD+NfygG8qw5a2gixcGlbOZUtvl4rHq o2OZS2gdTcpxxQA= =WATg -----END PGP SIGNATURE----- --------------9wif7DLuRxRzxR8VFIuzPf0u--