From: ludo@gnu.org (Ludovic Courtès)
To: nee <nee@cock.li>
Cc: guix-devel@gnu.org
Subject: Re: WIP gnu social package
Date: Tue, 28 Nov 2017 17:08:26 +0100 [thread overview]
Message-ID: <87fu8yxu6d.fsf@gnu.org> (raw)
In-Reply-To: <c9ea1f64-fc35-5c8e-dd41-8cd2b6fc327d@cock.li> (nee@cock.li's message of "Sun, 26 Nov 2017 21:18:47 +0100")
Hello,
nee <nee@cock.li> skribis:
> Am 05.10.2017 um 17:00 schrieb Ludovic Courtès:
>> For this particular case, I would do nothing: the first time, the
>> service wouldn’t start (I guess). Users would have to explicitly set
>> the passwords on the command line, and then run “herd start gnu-social”.
>>
> The advantage of using a service is the easy setup with mysql and the
> gnu-social-cli-installer, otherwise people could just run nginx and
> clone gnu social to /srv/gnu-social/ and manually create the database
> like you would on Debian.
>
> I saw that NixOS has something called passwordFile.
> https://github.com/NixOS/nixpkgs/issues/24288
> I haven't found any details about it, but it seems like a text file from
> which passwords can be read during `system reconfigure`.
>
> As a start I could add a password-file field to the configuration of
> gnu-social and read an alist of passwords from it during initialization.
> That could later be extended by generating it with randomized passwords
> if it doesn't exist to maximize the ease of installation.
>
>>> - The password of the database-user ends up in the config.php which is
>>> generated by mixed-text-file. This file can be read by everyone. Can I
>>> somehow set the owner on it and remove the reading rights from other
>>> users?
>>
>> No, the store is world-readable. If there are secrets, they should be
>> stored elsewhere, but there’s currently no standard way to do that in
>> Guix.
>>
> Could a function in guix/gexp.scm be modified to generate a file outside
> of the store?
We could use Guile’s standard I/O primitives to create files wherever we
like:
https://www.gnu.org/software/guile/manual/html_node/Input-and-Output.html
and/or simply refer to a non-store file; if that file exists,
everything’s fine, and if it does not, the service might fail to start
or print an error.
Ludo’.
next prev parent reply other threads:[~2017-11-28 16:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-25 21:14 WIP gnu social package nee
2017-10-05 15:00 ` Ludovic Courtès
2017-11-26 20:18 ` nee
2017-11-28 16:08 ` Ludovic Courtès [this message]
2018-01-12 15:54 ` nee
2018-01-12 17:57 ` ng0
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fu8yxu6d.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=nee@cock.li \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).