Re: WIP gnu social package - Ludovic Courtès

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: ludo@gnu.org (Ludovic Courtès)
To: nee <nee@cock.li>
Cc: guix-devel@gnu.org
Subject: Re: WIP gnu social package
Date: Thu, 05 Oct 2017 17:00:11 +0200	[thread overview]
Message-ID: <87h8vd4p38.fsf@gnu.org> (raw)
In-Reply-To: <17b7428d-0a46-6aca-f184-b63890c94cf5@cock.li> (nee@cock.li's message of "Mon, 25 Sep 2017 23:14:13 +0200")

Hello,

nee <nee@cock.li> skribis:

> I made a package that builds the translations and installs gnu social
> into the store.

[...]

> Here is an example config: http://paste.lisp.org/display/356859

Really cool that we can set up a complex service like this with just a
few lines!

> Here are a bunch of issues I have with guixSD in general:
>
> - Setting up the database requires the sql root password, the new
>   social_db_user password, and a password for the first admin user to
>   create in gnu social.
>   Having plaintext passwords in /etc/config.scm sounds pretty bad.
>   I'm not sure what the solution here is.
>   - Could we add a password store to guix? It could automatically
>     generate passwords and pass them to services.
>   - Should I generate a script that must be run manually and asks for
>     password input through stdin?
>   - Something else?

For this particular case, I would do nothing: the first time, the
service wouldn’t start (I guess).  Users would have to explicitly set
the passwords on the command line, and then run “herd start gnu-social”.

> - The password of the database-user ends up in the config.php which is
>   generated by mixed-text-file. This file can be read by everyone. Can I
>   somehow set the owner on it and remove the reading rights from other
>   users?

No, the store is world-readable.  If there are secrets, they should be
stored elsewhere, but there’s currently no standard way to do that in
Guix.

Thanks for sharing, and sorry for the late reply!

Ludo’.

next prev parent reply	other threads:[~2017-10-05 15:00 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-25 21:14 WIP gnu social package nee
2017-10-05 15:00 ` Ludovic Courtès [this message]
2017-11-26 20:18   ` nee
2017-11-28 16:08     ` Ludovic Courtès
2018-01-12 15:54 ` nee
2018-01-12 17:57   ` ng0

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87h8vd4p38.fsf@gnu.org \
    --to=ludo@gnu.org \
    --cc=guix-devel@gnu.org \
    --cc=nee@cock.li \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).