auto encrypt user passwords for opensmtpd-service

unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed

From: Joshua Branson <jbranso@dismail.de>
To: help-guix@gnu.org
Subject: auto encrypt user passwords for opensmtpd-service
Date: Fri, 04 Nov 2022 13:27:24 -0400	[thread overview]
Message-ID: <87iljuzl37.fsf@dismail.de> (raw)



I am currently trying to extend guix's opensmtpd-service, so that users may
configure the service via records. As a part of this journey, I thought it would
be cool, if users could specify password records like the following, which would
auto encrypt the passwords in the resulting configuration 1:

#+BEGIN_SRC scheme
(opensmtpd-table
 (name "cred-table")
 (data '(("joshua" . "password"))))
#+END_SRC

would turn into:

#+BEGIN_SRC text
table "creds-table" { "joshua" = "$6$yvZhvM.kFiUu0rGV$hbHcUimLf96eKlUFdGh1tIeKrmlL.cRgaftdefmf57R3iZ/L0iY7xVY/ytbqQuZS9b7yZj3Ju5l.INxjvZLuq0" }
#+END_SRC

Currently, users of opensmtpd, must generate user passwords manually, via the
following:

#+BEGIN_SRC shell
guix install opensmtpd
#+END_SRC

#+BEGIN_SRC shell
$(find /gnu/store -name '*encrypt*' | grep -m 1 opensmtpd) "password"
#+END_SRC

#+RESULTS:
: $6$3prHAJvjxNhDGz7G$74ENoGsV4AnxXiNvPnhS0d9.0Cj5ywgxBCwndgxfvSRHAUWeuOSpkmsTyHEFk4O4z.9dVkx3bMUiaX18HvTbA.

:TheActualFilePathOfTheEncryptBinary:
#+BEGIN_SRC shell
ls -lha $(find /gnu/store -name '*encrypt*' | grep -m 1 opensmtpd)
#+END_SRC

#+RESULTS:
: lrwxrwxrwx 1 root root 87 Dec 31  1969 /gnu/store/i1bh9a0q9wshpmhl4dnkdkqygfq532dw-profile/libexec/opensmtpd/encrypt -> /gnu/store/qf84lf6nddsf1saan0qiv60qwz8hsic9-opensmtpd-6.8.0p2/libexec/opensmtpd/encrypt

:END:

I am trying to take a stab at auto-generating these user passwords, and as it
turns out... I really do NOT understand gexps.

In a guile repl, I am not getting, well anything to work.
#+BEGIN_SRC scheme
,use (gnu packages mail)
,use (guix gexps)
,use (guix monad-repl)
,m (gnu services mail)

#~(string-append #$(file-append opensmtpd "/sbin/smtpctl"))
$23 = #<gexp (string-append #<gexp-input #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl">:out>) 7050f4a17750>
scheme@(gnu services mail) [11]> ,build $23
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (string-append #<gexp-input #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl">:out>) 7050f4a17750>
scheme@(gnu services mail) [11]> #~(begin (string-append #$opensmtpd "/sbin/smtpctl"))
$24 = #<gexp (begin (string-append #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out> "/sbin/smtpctl")) 7050f4532d50>
scheme@(gnu services mail) [11]> ,build $24
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (string-append #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out> "/sbin/smtpctl")) 7050f4532d50>
scheme@(gnu services mail) [11]>
$25 = #<gexp (begin (system* (string-append opensmtpd "/sbin/smtpctl") " password\n")) 7050f4a6cd20>
scheme@(gnu services mail) [11]> ,build $25
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (system* (string-append opensmtpd "/sbin/smtpctl") " password\n")) 7050f4a6cd20>
scheme@(gnu services mail) [11]> (system* "ls")
ABOUT-NLS	build-aux	  config.status  etc	  guix	       INSTALL	    Makefile	 po					   scripts
aclocal.m4	ChangeLog	  configure	 gnu	  guix-daemon  libformat.a  Makefile.am  pre-inst-env				   test-env
AUTHORS		CODE-OF-CONDUCT   configure.ac	 gnu.go   guix.go      libstore.a   Makefile.in  README					   tests
autom4te.cache	config-daemon.ac  COPYING	 gnu.scm  guix.scm     libutil.a    NEWS	 ROADMAP				   THANKS
bootstrap	config.log	  doc		 guile	  HACKING      m4	    nix		 run-opensmtpd-record-sanitation-test.log  TODO
$26 = 0
scheme@(gnu services mail) [11]> #~(begin (system* (string-append opensmtpd #$ "/sbin/smtpctl") " password\n"))
$27 = #<gexp (begin (system* (string-append opensmtpd #<gexp-input "/sbin/smtpctl":out>) " password\n")) 7050f4364480>
scheme@(gnu services mail) [11]> ,build $27
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (system* (string-append opensmtpd #<gexp-input "/sbin/smtpctl":out>) " password\n")) 7050f4364480>
scheme@(gnu services mail) [11]> #~(begin $#opensmtpd)
$28 = #<gexp (begin #{$#opensmtpd}#) 705106769e70>
scheme@(gnu services mail) [11]> ,build $28
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin #{$#opensmtpd}#) 705106769e70>
scheme@(gnu services mail) [11]> #~(begin (mkdir #$output)
                                          (chdir #$output)
                                        #$opensmtpd)
$29 = #<gexp (begin (mkdir #<gexp-output out>) (chdir #<gexp-output out>) #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out>) 7050f5cd3f60>
scheme@(gnu services mail) [11]> ,build $29
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (mkdir #<gexp-output out>) (chdir #<gexp-output out>) #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out>) 7050f5cd3f60>
scheme@(gnu services mail) [11]> ,bt
           1 (string-append #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl"> "/sbin/smtpctl")
In ice-9/boot-9.scm:
  1685:16  0 (raise-exception _ #:continuable? _)
scheme@(gnu services mail) [11]> #~(begin (mkdir $#output)
                                          (mkdir (string-append #$output) "/libexec")
                                          (string-append opensmtpd "/opensmtpd"))
$30 = #<gexp (begin (mkdir #{$#output}#) (mkdir (string-append #<gexp-output out>) "/libexec") (string-append opensmtpd "/opensmtpd")) 7050f5b271b0>
scheme@(gnu services mail) [11]> ,build $30
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (mkdir #{$#output}#) (mkdir (string-append #<gexp-output out>) "/libexec") (string-append opensmtpd "/opensmtpd")) 7050f5b271b0>
scheme@(gnu services mail) [11]>
#+END_SRC

Any tips, suggestions, or example code that I should look at would be very
helpful.  Thanks!

Joshua

1.  It is entirely possible, that it would be better for users to manually
   generate their own passwords.  And NOT allow the service to generate those
   passwords for them.  If that is your opinion, don't hesitate to let me know.
   :)

                 reply	other threads:[~2022-11-04 17:28 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87iljuzl37.fsf@dismail.de \
    --to=jbranso@dismail.de \
    --cc=help-guix@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).