From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id INjcFt2WH2bHxgAAqHPOHw:P1 (envelope-from ) for ; Wed, 17 Apr 2024 11:31:09 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id INjcFt2WH2bHxgAAqHPOHw (envelope-from ) for ; Wed, 17 Apr 2024 11:31:09 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=fabionatali.com header.s=gm1 header.b=dZ9ZIBLO; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1713346269; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=TLFXEjv+L7/PS9f2Og+mShoop5r8I488wBGH+tfjmZg=; b=pOlxWYDF4I/JSwoG9jLnbADTE/qLVLhy2vng0d+BLCMrj9/7buw18IhY4upjlnE+aev34X 1a7HWQzCoByxqGgk4H0zJIXg8WFptQyhgxPzP7KCqko4gPAlNmgXMCvD6DWEFHBV8KHlA+ 8Yq1+HOpdFAG9YL/+rcBlSrCYTvJnWkxS73uJjRmb89f/ydYTG8Zt1A1/YNExOR7vRQ6w2 YgHIXjRZ4/8ZRyOj7l1+QMYq61MLRrDsOShJQsHP62zZp6rdhbYfp3V2VBp8bep54elOET QqNVtgvYhsIQDA8+2OKSI8gg0+YEbnvc9FO3lS34+kg+32izd/LBtQib1PSRyQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1713346269; a=rsa-sha256; cv=none; b=afAXp1KD1bKY6Py/t9YJtYcpfGOco3l8NQAK5FNIAkj8vRag1M8mvXCpj671t/5a7ETjJn 8WZ3H4323ULLoCTtmPr7D3Q6mosnGq3P4aH6Jt6wlRI/tVssr9rNVQL9nH2BJdilVlZdaz R50zvXsWMoTendSMgIW7Jx+4xI6HYAXLn4D0x+fxlsvcN1d9zMo/p05W+aBDpnppTraTjv fALtb+r8PUgXUdY7659oKg9QoKPthUkRnocgWO7DS5CxABR9bBFEfPqK9koQOoKNlclWPD okMXCXylApm6MVUoJSum3ngIlsfpd2NzLVJefK49nH5yOt3Vwv1giMPMPZhilQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=fabionatali.com header.s=gm1 header.b=dZ9ZIBLO; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4B3B73FC6D for ; Wed, 17 Apr 2024 11:31:09 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rx1cz-0000B6-5B; Wed, 17 Apr 2024 05:30:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rx1cv-0000Av-Ic for guix-patches@gnu.org; Wed, 17 Apr 2024 05:30:50 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rx1cv-0002y2-AX for guix-patches@gnu.org; Wed, 17 Apr 2024 05:30:49 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rx1d7-0002OK-HE for guix-patches@gnu.org; Wed, 17 Apr 2024 05:31:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#68289] [PATCH] services: xorg: Add xorg-start-command-xinit procedure. Resent-From: Fabio Natali Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 17 Apr 2024 09:31:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68289 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68289@debbugs.gnu.org, ~@wolfsden.cz Received: via spool by 68289-submit@debbugs.gnu.org id=B68289.17133462388975 (code B ref 68289); Wed, 17 Apr 2024 09:31:01 +0000 Received: (at 68289) by debbugs.gnu.org; 17 Apr 2024 09:30:38 +0000 Received: from localhost ([127.0.0.1]:45767 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rx1ck-0002Kh-3j for submit@debbugs.gnu.org; Wed, 17 Apr 2024 05:30:38 -0400 Received: from relay4-d.mail.gandi.net ([2001:4b98:dc4:8::224]:49539) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rx1cg-0002Je-33 for 68289@debbugs.gnu.org; Wed, 17 Apr 2024 05:30:36 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id 1A77CE000C; Wed, 17 Apr 2024 09:30:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fabionatali.com; s=gm1; t=1713346213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=TLFXEjv+L7/PS9f2Og+mShoop5r8I488wBGH+tfjmZg=; b=dZ9ZIBLOcEPayF6ePqDNKDwB8mLg+acPtBLOP9CtH2NGxw5NdZ+IWlwScJTIw4kPIJ19HC TojJsFUQ/0PkZHYQy6VUIvsltle4zaWAUBLO/G3ZfOoK0yu5W0t7QKQaXF+4EXsNsnWZWP A0HmhsMLRI2TqDD+MEw8InctOXJizn8numkw7DmImC+jAVinrAfoppYQKCt6pINbpQVKsk T6IeK6ImnJa/VzRlXLxgR8KB78QHfldaQR8dokYrn6oUx04TsYkBPAnOShu1PwXOtJJ5sp ICtzUnFbq5J3XObwqQ5YU/OhfhJeKPfLx4R73k+HPqDUp/SL0I4clEskSV+FUA== In-Reply-To: <87o7a9upoq.fsf@fabionatali.com> References: <87o7a9upoq.fsf@fabionatali.com> Date: Wed, 17 Apr 2024 10:30:12 +0100 Message-ID: <87r0f4l4kb.fsf@fabionatali.com> MIME-Version: 1.0 Content-Type: text/plain X-GND-Sasl: me@fabionatali.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Fabio Natali X-ACL-Warn: , Fabio Natali via Guix-patches From: Fabio Natali via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -6.98 X-Spam-Score: -6.98 X-Migadu-Queue-Id: 4B3B73FC6D X-Migadu-Scanner: mx13.migadu.com X-TUID: N8nG/7c8rTkf Hi, a quick follow-up on a couple of points. On 2024-04-16, 19:29 +0100, Fabio Natali wrote: > - I haven't tested the patch on my system yet, but I plan to do it > soon. I've tested the patch and it works as expected on my system. > `(determine-vty)' is similar to the block below, but `startx' relies > on the `tty' command from Coreutils. Do you think there might be any > advantage in using it in `(determine-vty)'? A slight simplification > perhaps? Looking into this more closely, the `tty' command wouldn't be a simplification. It might be a bit more consistent with other parts of the patch and it'd abstract away the hardcoded `/proc/self/fd/0', but probably not worth the change? > The patch saves the server's auth file in `/tmp' whereas `startx' uses > the home directory. I wonder if this might make any difference in > terms of security. Related, how can we be sure that `(mkstemp > "/tmp/serverauth.XXXXXX")' will be setting the right file permissions? I see the reason why we want to use `/tmp', as otherwise the number of stale `serverauth.XXXXXX' files would grow indefinitely. Using `/tmp', at least we know they'll be garbage collected at every reboot. Any way to emulate `startx' and use some sort of `trap' to remove the file on exit? > Finally, on a purely cosmetic side, any reason to have `(define X > (xorg-wrapper config))' outside the G-expression, while the other > definitions are inside? Oh yes, the `(define X ...)' has to be outside the G-expression, of course. The security aspect (in relation to the server auth file, its permissions and location) is the only remaining point where I'd like an extra pair of eyes. The rest of the patch LGTM. There's a couple of microscopic formatting issues (e.g. an occurrence of tty where I'd write TTY instead), I'll list them all in a follow-up. Thanks, best wishes, Fabio.