From: Joshua Branson <jbranso@dismail.de>
To: help-guix@gnu.org
Subject: auto encrypt user passwords for opensmtpd-service
Date: Fri, 04 Nov 2022 13:27:24 -0400 [thread overview]
Message-ID: <87iljuzl37.fsf@dismail.de> (raw)
I am currently trying to extend guix's opensmtpd-service, so that users may
configure the service via records. As a part of this journey, I thought it would
be cool, if users could specify password records like the following, which would
auto encrypt the passwords in the resulting configuration 1:
#+BEGIN_SRC scheme
(opensmtpd-table
(name "cred-table")
(data '(("joshua" . "password"))))
#+END_SRC
would turn into:
#+BEGIN_SRC text
table "creds-table" { "joshua" = "$6$yvZhvM.kFiUu0rGV$hbHcUimLf96eKlUFdGh1tIeKrmlL.cRgaftdefmf57R3iZ/L0iY7xVY/ytbqQuZS9b7yZj3Ju5l.INxjvZLuq0" }
#+END_SRC
Currently, users of opensmtpd, must generate user passwords manually, via the
following:
#+BEGIN_SRC shell
guix install opensmtpd
#+END_SRC
#+BEGIN_SRC shell
$(find /gnu/store -name '*encrypt*' | grep -m 1 opensmtpd) "password"
#+END_SRC
#+RESULTS:
: $6$3prHAJvjxNhDGz7G$74ENoGsV4AnxXiNvPnhS0d9.0Cj5ywgxBCwndgxfvSRHAUWeuOSpkmsTyHEFk4O4z.9dVkx3bMUiaX18HvTbA.
:TheActualFilePathOfTheEncryptBinary:
#+BEGIN_SRC shell
ls -lha $(find /gnu/store -name '*encrypt*' | grep -m 1 opensmtpd)
#+END_SRC
#+RESULTS:
: lrwxrwxrwx 1 root root 87 Dec 31 1969 /gnu/store/i1bh9a0q9wshpmhl4dnkdkqygfq532dw-profile/libexec/opensmtpd/encrypt -> /gnu/store/qf84lf6nddsf1saan0qiv60qwz8hsic9-opensmtpd-6.8.0p2/libexec/opensmtpd/encrypt
:END:
I am trying to take a stab at auto-generating these user passwords, and as it
turns out... I really do NOT understand gexps.
In a guile repl, I am not getting, well anything to work.
#+BEGIN_SRC scheme
,use (gnu packages mail)
,use (guix gexps)
,use (guix monad-repl)
,m (gnu services mail)
#~(string-append #$(file-append opensmtpd "/sbin/smtpctl"))
$23 = #<gexp (string-append #<gexp-input #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl">:out>) 7050f4a17750>
scheme@(gnu services mail) [11]> ,build $23
While executing meta-command:
ERROR:
1. &gexp-input-error: #<gexp (string-append #<gexp-input #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl">:out>) 7050f4a17750>
scheme@(gnu services mail) [11]> #~(begin (string-append #$opensmtpd "/sbin/smtpctl"))
$24 = #<gexp (begin (string-append #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out> "/sbin/smtpctl")) 7050f4532d50>
scheme@(gnu services mail) [11]> ,build $24
While executing meta-command:
ERROR:
1. &gexp-input-error: #<gexp (begin (string-append #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out> "/sbin/smtpctl")) 7050f4532d50>
scheme@(gnu services mail) [11]>
$25 = #<gexp (begin (system* (string-append opensmtpd "/sbin/smtpctl") " password\n")) 7050f4a6cd20>
scheme@(gnu services mail) [11]> ,build $25
While executing meta-command:
ERROR:
1. &gexp-input-error: #<gexp (begin (system* (string-append opensmtpd "/sbin/smtpctl") " password\n")) 7050f4a6cd20>
scheme@(gnu services mail) [11]> (system* "ls")
ABOUT-NLS build-aux config.status etc guix INSTALL Makefile po scripts
aclocal.m4 ChangeLog configure gnu guix-daemon libformat.a Makefile.am pre-inst-env test-env
AUTHORS CODE-OF-CONDUCT configure.ac gnu.go guix.go libstore.a Makefile.in README tests
autom4te.cache config-daemon.ac COPYING gnu.scm guix.scm libutil.a NEWS ROADMAP THANKS
bootstrap config.log doc guile HACKING m4 nix run-opensmtpd-record-sanitation-test.log TODO
$26 = 0
scheme@(gnu services mail) [11]> #~(begin (system* (string-append opensmtpd #$ "/sbin/smtpctl") " password\n"))
$27 = #<gexp (begin (system* (string-append opensmtpd #<gexp-input "/sbin/smtpctl":out>) " password\n")) 7050f4364480>
scheme@(gnu services mail) [11]> ,build $27
While executing meta-command:
ERROR:
1. &gexp-input-error: #<gexp (begin (system* (string-append opensmtpd #<gexp-input "/sbin/smtpctl":out>) " password\n")) 7050f4364480>
scheme@(gnu services mail) [11]> #~(begin $#opensmtpd)
$28 = #<gexp (begin #{$#opensmtpd}#) 705106769e70>
scheme@(gnu services mail) [11]> ,build $28
While executing meta-command:
ERROR:
1. &gexp-input-error: #<gexp (begin #{$#opensmtpd}#) 705106769e70>
scheme@(gnu services mail) [11]> #~(begin (mkdir #$output)
(chdir #$output)
#$opensmtpd)
$29 = #<gexp (begin (mkdir #<gexp-output out>) (chdir #<gexp-output out>) #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out>) 7050f5cd3f60>
scheme@(gnu services mail) [11]> ,build $29
While executing meta-command:
ERROR:
1. &gexp-input-error: #<gexp (begin (mkdir #<gexp-output out>) (chdir #<gexp-output out>) #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out>) 7050f5cd3f60>
scheme@(gnu services mail) [11]> ,bt
1 (string-append #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl"> "/sbin/smtpctl")
In ice-9/boot-9.scm:
1685:16 0 (raise-exception _ #:continuable? _)
scheme@(gnu services mail) [11]> #~(begin (mkdir $#output)
(mkdir (string-append #$output) "/libexec")
(string-append opensmtpd "/opensmtpd"))
$30 = #<gexp (begin (mkdir #{$#output}#) (mkdir (string-append #<gexp-output out>) "/libexec") (string-append opensmtpd "/opensmtpd")) 7050f5b271b0>
scheme@(gnu services mail) [11]> ,build $30
While executing meta-command:
ERROR:
1. &gexp-input-error: #<gexp (begin (mkdir #{$#output}#) (mkdir (string-append #<gexp-output out>) "/libexec") (string-append opensmtpd "/opensmtpd")) 7050f5b271b0>
scheme@(gnu services mail) [11]>
#+END_SRC
Any tips, suggestions, or example code that I should look at would be very
helpful. Thanks!
Joshua
1. It is entirely possible, that it would be better for users to manually
generate their own passwords. And NOT allow the service to generate those
passwords for them. If that is your opinion, don't hesitate to let me know.
:)
reply other threads:[~2022-11-04 17:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87iljuzl37.fsf@dismail.de \
--to=jbranso@dismail.de \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).