From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id SI4OKhX8w2Nx1gAAbAwnHQ (envelope-from ) for ; Sun, 15 Jan 2023 14:13:57 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id ODwqKhX8w2NFFgEA9RJhRA (envelope-from ) for ; Sun, 15 Jan 2023 14:13:57 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AE2D9EEAA for ; Sun, 15 Jan 2023 14:13:56 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pH2og-0004Bp-Ig; Sun, 15 Jan 2023 08:12:54 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pH2oe-000463-RZ for help-guix@gnu.org; Sun, 15 Jan 2023 08:12:52 -0500 Received: from mx0.riseup.net ([198.252.153.6]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pH2oc-0005BZ-P2 for help-guix@gnu.org; Sun, 15 Jan 2023 08:12:52 -0500 Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx0.riseup.net (Postfix) with ESMTPS id 4NvwYr5Z8gz9swy; Sun, 15 Jan 2023 13:12:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1673788368; bh=h7WypXTPX8mWGjixL5lWwEBCEupJyV3yTTU4ht/3cJo=; h=References:From:To:Cc:Subject:Date:In-reply-to:From; b=N5dzqps8iSR8AjNHGC+4l0KrJcYfRWIOfqKZJ/osWn5ulIbxtjYDWTgRGVhzubI2W IEo9XRhmzsH9zXNTgHritkuCG7P5b8IdBWmLRc/Zqc4JPbn1ExElyjZ19edeOVlYpC JhEKd2jnA7qOyolelkW85ua0a1XjbBzg5c0Wq6k8= X-Riseup-User-ID: 14CA0F380495691A8292F992FAA1F809C57A7410A41F9B3BCFC8D5E6BD7BCB49 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4NvwYr01kVz5vRl; Sun, 15 Jan 2023 13:12:47 +0000 (UTC) References: <87pmbgyrlz.fsf@h-brs.de> From: Csepp To: Alexander Asteroth Cc: help-guix@gnu.org Subject: Re: guix shell set user groups to access security token Date: Sun, 15 Jan 2023 14:11:45 +0100 In-reply-to: <87pmbgyrlz.fsf@h-brs.de> Message-ID: <86lem43pro.fsf@riseup.net> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=198.252.153.6; envelope-from=raingloom@riseup.net; helo=mx0.riseup.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=N5dzqps8; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=riseup.net ARC-Seal: i=1; s=key1; d=yhetil.org; t=1673788437; a=rsa-sha256; cv=none; b=X6PoipF3Ky4AD9yOXvrQN9LGgwFMN+7SfWqHnrgmpasP/mYrTV35u4/TI7iDyB7QQcPoki tkTY6dn9Utz84i3fyzAmBqVOXRaz8G0j2OCopyfaiij64GMRMBdL6WT/s9fKOMVuF6rlI8 E3fx/EhyB6mTsTFwNti3tDXX1Bl7CAqU37Ih2b/kPIx+2jHZgaom1ccObnpVOfl7Ybp1Fr wM+t8vQbsXm4y6PmKiYHpiHMeYaGfWNBkvKJaxiZgladbMQdvpu3Bq6R8wMYqIuBNLAmBY Cdbb4GpyCIeoGxHRSyKdL4hsUFBTc7ac46UnmSMxcvTc+oOyUqRhW6KdDxGcBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1673788437; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=h7WypXTPX8mWGjixL5lWwEBCEupJyV3yTTU4ht/3cJo=; b=SD12a9df0VM4mbnnk0cyTnl55vP++ux9nWR/yfw9tpitB6c93HjcNJ9qgZ8PQD8nqHZOpY 2PVT714hxIJTCJ6bzojIm1IwFcqOITZgEbN7GIpjG4iRK9qlRSn/Qqdsp4zwWsshiKPILq kDQCaewAV/MCY7dsLVmwBo9ykVzy+i/sY9fxLBpaF1wPIDsPrywagOVorHK0Jf115S+S1N /xXRkqzq/j+bzz8aZhFeZf6SI9p3ngjmPGDxAF6k/sBtN3yUVIKqfC+9Yc8hfhkIawiArJ CcNRMVwGegV1vYydkWyyxBs2DzrI/X+44N31DCHD1COBMNLusTVmxYDj0BwXIQ== X-Migadu-Queue-Id: AE2D9EEAA X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=N5dzqps8; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=riseup.net X-Migadu-Spam-Score: -8.44 X-Spam-Score: -8.44 X-TUID: g7EkqFk+6cSV Alexander Asteroth writes: > Dear all, > > I'm trying to get my security token software (sealone) to work under > guix SD. The software is unfortunately not available in source and seems > to expect a FSH filesystem. I therefore tried to run it in guix shell. A > first trial was: > > guix shell -CFD ungoogled-chromium gcc:lib --expose=/dev > > in this environment I can execute the software and the tokes get's > connected but reports some error condition and is not usable. It might > have to do with the user not beeing in group cdrom which usually is > necessary to access /dev/sg0. > > Any idea how to set the groups the user is member of in guix shell? > Or any other idea how I could get such software to work under guix? > > Cheers, > Alex Bit of an ugly hack but what I usually do is chown devices I'm working with to myself. Haven't tried that in a guix container but in theory it should work.