From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id 0DToIXGMIWbaQQEAqHPOHw:P1 (envelope-from ) for ; Thu, 18 Apr 2024 23:11:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id 0DToIXGMIWbaQQEAqHPOHw (envelope-from ) for ; Thu, 18 Apr 2024 23:11:13 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=k4enUs48; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=UCgojKm0; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1713474673; a=rsa-sha256; cv=none; b=QngbToYVB85w20ACqDZoHicNyfVxOx4wvaxKF8q1RVzRexFD3wnmfC0npaEyIXOcewkfFi FU1n/ybMsldv9zMQl0VWQl/U9URcaBYau68ZunAcm9e7yvLiyrG4sdODfxZPeIYaj4UKke ix369jUeJMajUbbxJ1YcU2WLQldwDWwelGlsn/JFOwpj8Vvfufs6SmirfkypcT8gZbbAYP 3NlZgzPNuDlTLoxURtkZEXiOQB3vC8SJUiumg6DI7qGE5f+PMEBtlzTcdOQQ1E5cfwUzXD h3NOU51Wh49tfJApIWlaEgvNoJlt8dNCUsUHsrQBV1WjzzCwzjboNMBx3Rxs/Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=k4enUs48; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=UCgojKm0; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1713474673; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=C59CTb2AvvLYjNxPM8lTxEW8GzR3BtKjNqP25B0eJi4=; b=JUkGnJizMj3/Ss7ijYTUhIk72d11odJRgs2iyW/hez8cMlc4cz6pqbZrvXst2bTU3DuYkQ wqWLZcX3Yj6gdVAhMsjD2CtkolJiLS7jxDoe0pgDKL1xbvHsLumG0MbBstz4q9qLGo66z/ ncsbkpp2p7nAEuZRz6kUHiAWcAL6miHjqCkvs+ZUbKiqZ9UbWynBhQg1yOiTRhrVEK4u4c ojt6M1XTjxV8M0lSbwKx8PS4OCzKz1h+GFnG+0CnvE5Xc8V6bvfq+3U7dCQpw0RSO/i0Pe gZkeISAQKTI21MzdnE3FW64WDnRlgjCdPS/r0J1P/Kk8tpuGSIg7MtjqtFL70Q== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 263647EFB7 for ; Thu, 18 Apr 2024 23:11:13 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxZ1w-0004z5-4P; Thu, 18 Apr 2024 17:10:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxZ1s-0004yt-HY for guix-patches@gnu.org; Thu, 18 Apr 2024 17:10:48 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxZ1s-00007d-4R for guix-patches@gnu.org; Thu, 18 Apr 2024 17:10:48 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rxZ25-0003bv-Q0 for guix-patches@gnu.org; Thu, 18 Apr 2024 17:11:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#68289] [PATCH] services: xorg: Add xorg-start-command-xinit procedure. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 18 Apr 2024 21:11:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68289 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Fabio Natali Cc: 68289@debbugs.gnu.org Received: via spool by 68289-submit@debbugs.gnu.org id=B68289.171347461713576 (code B ref 68289); Thu, 18 Apr 2024 21:11:01 +0000 Received: (at 68289) by debbugs.gnu.org; 18 Apr 2024 21:10:17 +0000 Received: from localhost ([127.0.0.1]:54710 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxZ1M-0003Wq-6j for submit@debbugs.gnu.org; Thu, 18 Apr 2024 17:10:16 -0400 Received: from wolfsden.cz ([37.205.8.62]:36328) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rxZ1J-0003WM-JB for 68289@debbugs.gnu.org; Thu, 18 Apr 2024 17:10:15 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 2F2D424E0EC; Thu, 18 Apr 2024 21:09:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1713474598; bh=WDxp22sVC+Ovicqc8qn2ZBdni6VfB73V3ASJqwOtCpM=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=k4enUs48WHs+FMcofUYO+YSxh6L3j5ZoOU6JVP72/RYvYrG7bqQsqOxucwt19cF2k mmBLXaCmOzpu2MneioPcGzwPWo8bD9C3S8+mVllZb84EJ+p9nnyWJ8lOUP4T6XiYXw 6NbzXTLHgt7jp158ntQScOjxniGOGBYoEcVOYVBzy7nCcRzXIiKUQAnpxCCHgo5fIP t5LeqMYfOQkpjJKG0e6KcDjfjmWvogKC//cd9Kgbez5/7/cb6ifmHuJr4N+fimG1z4 SP/+/bV+F5t9p/SFW8/AqnnG7MUXrFypMfQcIntHYaglYs/tHpangfCI/kiSZ/efob d7MiHhyRJBeyleUJmb25jZOmdBSm0n1ipYoQg0aIWfPwb0UPYRAj/5T42YDhHNN937 Hk2YFz+36On2mX3VZ0vgweeoreIfa/Fpme4koucAB+eJn+5r6koCPxXeLoBH83fm4u eRwgMF7hEe/4sO8iOlCW6dmw1Cak0UqqRZxEC1iRHysT1jMQzeQcCWPECIhbjP5pNk LZkNfhqMgQYqF6yTI5ZuUDpoSg3JrDd60kW3RTOD+u6eButD50MrEGHEGG2ySl20Xl qxnFu1DDu3TfzwVHTbdrr+eiqjvJ1jq+lwgWvRE+BI4IUNIZnZCo6jWFvo5HADQL8X qr5MwCsQyHx8CKvhFBt6gDUk= Received: from localhost (unknown [146.70.134.143]) by wolfsden.cz (Postfix) with ESMTPSA id 4B37124ECF5; Thu, 18 Apr 2024 21:09:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1713474597; bh=WDxp22sVC+Ovicqc8qn2ZBdni6VfB73V3ASJqwOtCpM=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=UCgojKm0Kxuf1W8xpD83BlZC9wLPu+BQ5UP20f76CgAsz6atnnG0ZDpPFZTp85yhI NTRVkFTNNhp4ZMQs7IdnBhhzWLMgqIkUZa0kTy0xNg41NLrB644ODVauLnE/YX8a4j lBSyjjo0KKYzdWQMDliKWyHQjZAiyU8gHsTybWhrZLpyB7D4NwVspST6vofHHAjozA S4IxH2K/IOjn6c+3ycEdWxmgFrQUev7HraedcnukvtBCavb6+qwKHHEA+e96kG+lo/ xE+vCLpRPVZhWg8sg3iduFSwqzPoNeA6+56AM/gYr3XKQeQfp9DvmB2BlW66Np3zzR mxQ0NRGmXOXoneiMhLbPYpfi6ob19ZV+P0Ptydev2y95tJKMtZ7rgSy0KSvv+vnP1w ZDQiDhkDIbvkuUxM+JqdItk/lErrGp1GDg7C9R+2Ix3aYfanUZUfN8sv/AXpWAobLs JNpUtAMc5IYqJjM5VZm5/G7C6czvHoexnPMDFEhkYhUwAp9KWwMF15O6eexDZbtXZG ACElSPgUm2qXFnyLy4eAee/jBcdar1qQ6Zmri4Aq7N6esOfgDOJBEB2xWI5rRhEbOk Y/mqccz1ZZTxG33NJEahah+8XOCB/MsaitQRTbOfTQBs0ZRn8WlS28Th6T6rQPeA00 kY8q1+Ldv18fEzFUppXMDZvM= Date: Thu, 18 Apr 2024 23:09:56 +0200 From: Tomas Volf <~@wolfsden.cz> Message-ID: References: <87o7a9upoq.fsf@fabionatali.com> <87r0f4l4kb.fsf@fabionatali.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="wplv4idoBjXUMUT4" Content-Disposition: inline In-Reply-To: <87r0f4l4kb.fsf@fabionatali.com> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Spam-Score: -5.38 X-Migadu-Queue-Id: 263647EFB7 X-Migadu-Spam-Score: -5.38 X-Migadu-Scanner: mx10.migadu.com X-TUID: oLOfBs4mMOlg --wplv4idoBjXUMUT4 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Fabio, first, let me thank you for the review, and apologize for somewhat late response, sadly I have been busy. On 2024-04-17 10:30:12 +0100, Fabio Natali wrote: > Hi, a quick follow-up on a couple of points. > > On 2024-04-16, 19:29 +0100, Fabio Natali wrote: > > - I haven't tested the patch on my system yet, but I plan to do it > > soon. > > I've tested the patch and it works as expected on my system. Great! :) > > > `(determine-vty)' is similar to the block below, but `startx' relies > > on the `tty' command from Coreutils. Do you think there might be any > > advantage in using it in `(determine-vty)'? A slight simplification > > perhaps? > > Looking into this more closely, the `tty' command wouldn't be a > simplification. It might be a bit more consistent with other parts of > the patch and it'd abstract away the hardcoded `/proc/self/fd/0', but > probably not worth the change? I think the current way is fine, since this is Guix specific code, so it do= es not have to be extremely portable. But that is just my opinion. Would be = nice to know if it works on Hurd. > > > The patch saves the server's auth file in `/tmp' whereas `startx' uses > > the home directory. I wonder if this might make any difference in > > terms of security. Related, how can we be sure that `(mkstemp > > "/tmp/serverauth.XXXXXX")' will be setting the right file permissions? While POSIX does not seem to specify the permissions of the created file, t= he Guile's manual is pretty clear regarding it: POSIX doesn=E2=80=99t specify the permissions mode of the file. On GN= U and most systems it=E2=80=99s =E2=80=98#o600=E2=80=99; an application can = use =E2=80=98chmod=E2=80=99 to relax that if desired. In my understanding that makes this usage safe. > > I see the reason why we want to use `/tmp', as otherwise the number of > stale `serverauth.XXXXXX' files would grow indefinitely. Using `/tmp', > at least we know they'll be garbage collected at every reboot. Any way > to emulate `startx' and use some sort of `trap' to remove the file on > exit? Yes, the clean up was the main motivator. The script could *try* to clean = up, but even then it would leave garbage in the $HOME in situations like power failure and kernel crashes. So using /tmp seems like simple yet reliable solution. > > > Finally, on a purely cosmetic side, any reason to have `(define X > > (xorg-wrapper config))' outside the G-expression, while the other > > definitions are inside? > > Oh yes, the `(define X ...)' has to be outside the G-expression, of > course. > > The security aspect (in relation to the server auth file, its > permissions and location) is the only remaining point where I'd like an > extra pair of eyes. The rest of the patch LGTM. > > There's a couple of microscopic formatting issues (e.g. an occurrence of > tty where I'd write TTY instead), I'll list them all in a follow-up. > > Thanks, best wishes, Fabio. Have a nice day, Tomas -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --wplv4idoBjXUMUT4 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmYhjCQACgkQL7/ufbZ/ wancOBAAhw1uq2DKbubetW4Pamy1U/lc+2JgOsUZtNaKMgor7/LTTZEJWAj7Foik N8I3FvXpyUX0o0uGKxlAMLHSGRSI1CAERzbAFfdWox8anh+/LgxXd4R+L2nOf84v MJf/h0FqoDc16Bl7U7yfKVob6JS8WiR+p6NM38YwaVMAbdtsKMZwmyIAAQ2UDdti sEHgBlReq591XFX8sRmvA6Sbl+UNMoc2i6QH1FAn7jc4hyyjxfcIiGETt9PLsCMz K4yhGXwCmhbpPcVozW6qZW272vmY1q7aiqpCpHymQeZMAhO9I0XVnAFcmksPlf7j JcKLuSgHg+GJeXMF9iucs3V53K9WcTydMBAKqaYqTAvRhcudTNAl3BdGl4/L2DyM Mok6Dms4JTalVBk88Dd2yvGBae+INeBj3ErXPRnlZccStLCScvCOtkC7BZ/dQTRL zGUfUgTMRxXLGPrWVVaO/yAU9IkHRLti9ww6HhOfm5MQRK1DzE+kWt4cAUDgDGVY hW2Sggg9UkK9oCb3w1+Xf387mvrF3WcJqtqSrSmEDhyCklIMOQ+GpRzZuHDsLE33 pVatUu+tS2ae2oGnayDxi/+54LGVSN/i5AF8R7m6ZTFFqTpD5NjhQRVb20R1pZ17 jUwrjzDtaE3JKJHH6djbZnGRUKjlQVBAd5rPvb99d2xRkaevmIU= =XkJ6 -----END PGP SIGNATURE----- --wplv4idoBjXUMUT4--