From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:59519) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hvoy7-0006iY-Pd for guix-patches@gnu.org; Thu, 08 Aug 2019 16:25:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hvoy6-0008K1-Om for guix-patches@gnu.org; Thu, 08 Aug 2019 16:25:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:32947) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hvoy6-0008Js-LO for guix-patches@gnu.org; Thu, 08 Aug 2019 16:25:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hvoy6-000446-G5 for guix-patches@gnu.org; Thu, 08 Aug 2019 16:25:02 -0400 Subject: [bug#36957] [PATCH v2] machine: Allow non-root users to deploy. Resent-Message-ID: From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) References: <87a7cl3zyy.fsf@sdf.lonestar.org> <87sgqcobds.fsf@dustycloud.org> <87pnlgjymv.fsf_-_@sdf.lonestar.org> <87y304vyyo.fsf@elephly.net> Date: Thu, 08 Aug 2019 16:24:47 -0400 In-Reply-To: <87y304vyyo.fsf@elephly.net> (Ricardo Wurmus's message of "Thu, 08 Aug 2019 10:33:03 +0200") Message-ID: <87tvarjtgw.fsf@sdf.lonestar.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ricardo Wurmus Cc: 36957@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hey Ricardo, Ricardo Wurmus writes: > Perhaps also wrap =E2=80=9CNOPASSWD=E2=80=9D in @code{=E2=80=A6}. Got it, thanks! > This is a comment for future changes only: currently, we can assume that > the remote machine already runs Guix System. In the future =E2=80=9Cguix > deploy=E2=80=9D should probably also be able to initialize a system. In = that > case =E2=80=9Csudo=E2=80=9D may have to be searched on the target or othe= rwise be > provided. Ah, that's a good point. I'd imagine that would involve changing a few other things with how the REPL is spawned, too. > (What happens if /run/setuid-programs/sudo is not available on the > target machine?) I'm a bit short on time before boarding this flight, so I can't test it out at the moment, but I'm pretty sure the "failed to run..." message condition would be thrown. I'll check and get back to you. > I=E2=80=99m just stumbling upon =E2=80=9Csocket-name=E2=80=9D. =E2=80=9C= /var/guix=E2=80=9D is not guaranteed to > be the localstatedir. It would be better to use (guix config) to > determine the configured value. > > This doesn=E2=80=99t block this patch, of course, but it would be good to= change > this in the future. Right, yeah. I may submit a separate patch for it shortly since it should be a simple change. Regards, Jakob --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl1MhQ8ACgkQ9Qb9Fp2P 2Vq0YA//b+2cc52ULXo1zy5cKcEznL6x+PQazsvaBk+5QW8l7r+Ud1PuslKdrlWq 7eFlD1v6bgkqnD+mkDR3WpdLcKNchBFNKLfyo5qyx023nQauUrFkWY/BGlttqBPh 3yf1dvsNlqrDXaqDymRu1zQI35P6TZ4tQ289Bm5znEq+79oAA1iixfFDPAXwGyti 365vwMxWPtWi54T7ETBqGKMH+SGEMzNHENb3sXYfEyazmuTcb/CsuvVbjyBI09Eg BywCg51taopo6Xlbv8gCT4hXp43nSI9ELfqBHWM2Q63ghbntkvWtvnEVz+YVTfnJ +42jhXg+olE4eR/6ilV4FvB4uuDdsufoPb39DJo16WzWgiP6bPVNGfjiGhMhx4B5 wqer3WkwQLh7CSGNwq0do9qhUmtEHzlpaBMy2kTDC/GWklthaLv23smT1VfpmT9e XO+5AwlpjWx3E5ORJdbFfC1KWyTv2if6MJC3GK5P3Sjtx199ZhVvlvu+ZYCGNA/k vyYxBB+K2xWR8c3yt5R3CEEP5Deho07gBFMC4Exifi7UsBoYuzNGAM//Pn6uPurG 8CuSU5QdHqN5FpCl33Yfzod1WCBUz9wlhKT59a2Uq2kqznX9EmCyfj57EjXECMEC ue1vv6YHDRYNUYB/ah4RRuDZKgn9Rd0s4WLMLgoYaBPI86nWzwU= =6+vz -----END PGP SIGNATURE----- --=-=-=--