From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id eI17KRxdbGTxTwAASxT56A (envelope-from ) for ; Tue, 23 May 2023 08:28:44 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id UGORKRxdbGRXPgAA9RJhRA (envelope-from ) for ; Tue, 23 May 2023 08:28:44 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 32943E3EA for ; Tue, 23 May 2023 08:28:44 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q1LVG-00087D-51; Tue, 23 May 2023 02:28:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q1LV8-00086w-N2 for guix-devel@gnu.org; Tue, 23 May 2023 02:28:08 -0400 Received: from nomad-cl1.muradm.net ([139.162.159.157]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q1LV6-0007xh-SW for guix-devel@gnu.org; Tue, 23 May 2023 02:28:06 -0400 Received: from localhost ([127.0.0.1]:57290) by nomad-cl1.muradm.net with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1q1LV0-0003lx-0i for guix-devel@gnu.org; Tue, 23 May 2023 06:27:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; s=mail; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=CR3YvS/ferlGWpnYIemmjDMfk5uMk4eMIvhcxo+mzaQ=; b=toIDlk/E3SRQxTbNHR10vxdgdu xd6S6YwpHp5JYTKHSmYORYDJUlrXzK5Uksk+YeYxmW2gnaCoOO96bBtzDHjU0ikx1k5B2U3W4Yhfa N7SMlDm+y23Yp8hWt7SCw/6xOyDYDaiCMKXiBtS1WBDidrApo2BFSH+iCxivASwVpD9LxJFqBchBP PivZz30Zp+2FqPg6MEU+831CowxaFkJB/orUa6Y8e70KyqQkJD5M+fSKrR+d9gGv8LhY3OBlRTgw0 POoQ+whz0xDcM2GdCH6D3guNY2byCYCxqkz+izZicu/PFBYjcpvl1nWevNFuaV6caq1r2aToSoYe7 BMjr5UiJFRnP6uVBhWFgc8dd2zTEh4/7blk8loWLn7i+X+ES8nYuuWaxbUjxM5AqQhBg8mUG5TyQ8 cBTfrOLtDljiHSBZID/UwLvZS1f4TORdD80I+JkQYcJPEI3GIKExv466rOfHG994ik3cDbt4q1fcN BwyYedltzjCdUburTSkCaiog; Received: from muradm by localhost with local (Exim 4.96) (envelope-from ) id 1q1LV4-0002AI-12 for guix-devel@gnu.org; Tue, 23 May 2023 09:28:02 +0300 User-agent: mu4e 1.10.2; emacs 30.0.50 From: muradm To: guix-devel@gnu.org Subject: Enabling PAM support or not only.. Date: Tue, 23 May 2023 08:24:50 +0300 Message-ID: <87r0r78sul.fsf@muradm.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=139.162.159.157; envelope-from=mail@muradm.net; helo=nomad-cl1.muradm.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1684823324; a=rsa-sha256; cv=none; b=lUkPo8pxB3lph5a3mlngsCsqOh7MuSpZoak+iPg15F70R6CrQI0rHGIpUodK/4T0Q3yF7B jxPQpBboYOKTI0O5PEYyZBvgeeRs1iQjzsMwaiFG9illaDfQ9KX7JUojftHNCXSifo9PYk EtOSpAJylPKmABUmjBVBos2RWJu7mvP2TuqRR5PTK6GYadDEhJ+T7F5hs/W1HmOijfZ2/O sGHDpGvFLDdlrt1Cy+lRxsieKdH/hTwdzA8tOvGUY394a/hmDOewt9O7DpUo+kcBfazl4L 6ipBtwNG3AMQGatHQXFKt+rgIeE9oV2nHwLFAiZxT+0fSKuBccr1hKpN2WRgCQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=muradm.net header.s=mail header.b="toIDlk/E"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=muradm.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1684823324; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=CR3YvS/ferlGWpnYIemmjDMfk5uMk4eMIvhcxo+mzaQ=; b=lFqcisXhPkAjhEtjeHS8yykVj1hsjOEYI8BnFy4KSiefidDJIuqxpy8xZhYzzboc3ZNBL1 D9LJOqqhX33Pv2tK+zaJXt7xsUGfRHqk+a+k+QWrz0lhSwuats3i62NWmSkvgaNIADdA8G 3gsBnpEmc7v6+p4iXikvRMpeJHLyTJglzuWd5yuGoP4XhVg/PzyYu8hNzuCXPfw+azYbN4 UrwdAYEfZtNmauS1Af76CssRdNg++HfzKHe2gKikZ7qTu37S3twtHGMMHiyouW5dSwUKCc 1Q1IOdSrqEM7GEsL88thFihXnxKswpixfn3hfDEtkDJ/K8vWIoDZEhKbRyFOSg== X-Migadu-Spam-Score: -3.21 X-Spam-Score: -3.21 X-Migadu-Queue-Id: 32943E3EA X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=muradm.net header.s=mail header.b="toIDlk/E"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=muradm.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-TUID: 0lmQA1VhUcvo --=-=-= Content-Type: text/plain; format=flowed Hi, Last week was quite challenging and frustraiting, culminated by sleepless nights in the weekend. Among other things at least two serivces was broken, which are cups-service-type and swaylock with screen-locker-service-type. Both issues are not easy troubleshootable due to nature of PAM. cups-service-type: core-updates merging commit 3bacd3c76a added linux-pam to cups package. Resulting in https://issues.guix.gnu.org/issue/63198. While switching cups-service-type's default package from cups to cups-minimal solves authentication issue, it however broke ipptool printer finder tool. When PAM support is compiled in, it does not work without proper PAM entry. While workaround could be as simple as: --8<---------------cut here---------------start------------->8--- +(simple-service + 'cups-pam-service + pam-root-service-type + (list (unix-pam-service "cups" #:allow-empty-passwords? #f))) --8<---------------cut here---------------end--------------->8--- Total solution could be: https://issues.guix.gnu.org/issue/63198#4 swaylock with screen-locker-service-type: commit 146bae3979 added linux-pam to swaylock package. Resulting in https://issues.guix.gnu.org/issue/63357#2. While workaround could be as simple as: --8<---------------cut here---------------start------------->8--- -(service screen-locker-service-type - (screen-locker-configuration - "swaylock" (file-append swaylock "/bin/swaylock") #f))))) +(simple-service + 'cups-pam-service + pam-root-service-type + (list (unix-pam-service "cups" #:allow-empty-passwords? #f))) --8<---------------cut here---------------end--------------->8--- Detailed explanation with total solution is provided in https://issues.guix.gnu.org/issue/63652. The following coming afterwards to my mind: GUIX at first is package manager, so there are a lot of them, but of two types: - BOUND - ones referenced from (gnu system) (gnu services) - FREE-STANDING - ones not referenced Then for BOUND packages, changing their behavior requires more careful handling and probably such change is always news worthy. And for FREE-STANDING packages, changing their behavior is totaly up to maintainers of packages and their users, not much could be done here. Having said that, we could go further with something like: guix package --list-available-bound[=...] This would be different from things likes "installed" or illustrated on the graph of running system. The point here is to know the packages that are referenced/used by GUIX it self, not only as package manager. When that available, careful handling and news worthines could be automated probably. muradm --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmRsXPIACgkQ6M7O0mLO BeIxBhAA1R6dbe43Eo/TsmusnGKsCooqc5dqTl+hO3ng6xRvujobmCq6cgKXCopn 04jaCFuE5KmN2sPy5OJ2zKVKWDm7XIy017F8Zr1QLu4zSAfPxKrPyT2S1MIlpxqe Xq/ERB8Ke9xwM5aRXfPd1BPXPWm3yGTpAmDHvd2PaoGURP9TKLkwqwW0WQWgP+HG sjnIdJvlp6giK9tKTJ3uO3F2rndUx0x+TN2lmJW+td8dPeakHkLKEUz+CC12FMes H7OH/+i9uo8qYrk0Ncq0lcBnGXml9afzPkiDK/Buz7fC9QBLBIK0oxo3SfVjtLyi 6SaC0HOYiZHVwiqS9m2+aMC6og4AszwH+TSygGc+/YVSHmQvxQt/vnj1LMtEY9Jp upsMR3aWC21NhDXY9Qzq7840QngzSlhh1SRYONzK3TtXHIKG3WM00SvC+2skwxYm djTE9jGAFv+ZOk1QTyJ5IxLdDY4AJmvzjPuO5zb8YVIoohiP8eHZfqrJ/jcpj85E us0goNAgBV/97znwjxXRccBDK0bZvQCRFsYiIfKyfwAvVr1WZqSh4IMlH6F8fyF4 4RVdSqDCqRXakm2W6LlipU8ri07aE4RFrfr0GXbLCITmDf6daFCjsDnidE5Cawrb aWb5J9N91urfzpvZfkna6yyH0c6C8i3Cc8Hzy5/Oujm1e3+BLlw= =hOgf -----END PGP SIGNATURE----- --=-=-=--