From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <help-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp11.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id mIumK6xLZWNdEwAAbAwnHQ
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 04 Nov 2022 18:28:12 +0100
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp11.migadu.com with LMTPS
	id WKexK6xLZWNDbQAA9RJhRA
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 04 Nov 2022 18:28:12 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 4DE7238B99
	for <larch@yhetil.org>; Fri,  4 Nov 2022 18:28:12 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <help-guix-bounces@gnu.org>)
	id 1or0To-0005qa-Gl; Fri, 04 Nov 2022 13:27:44 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jbranso@dismail.de>)
 id 1or0Tn-0005qO-1h
 for help-guix@gnu.org; Fri, 04 Nov 2022 13:27:43 -0400
Received: from mx1.dismail.de ([78.46.223.134])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jbranso@dismail.de>)
 id 1or0Ti-0002fN-Lx
 for help-guix@gnu.org; Fri, 04 Nov 2022 13:27:42 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
 by mx1.dismail.de (OpenSMTPD) with ESMTP id 15d68e37
 for <help-guix@gnu.org>; Fri, 4 Nov 2022 18:27:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to
 :subject:date:message-id:mime-version:content-type; s=20190914;
 bh=lS2BvazNMzod9HnJFtdo8lc5OSFdbYkUQTqYUs5gXeY=; b=AIca6NnHS/E9
 AOeBu4Mz9Zl8BfJv/vZKThdmjPndx+FRM9jNvay1EHsl8jCefc0iNPXz6sa+iZwo
 wafHFFUkl6kJfrmNKKmbgVxAMpAKcbPexe0XPEkLx9sXxR/smqNZAWcUX/DL8y7m
 38zvu6SYeqDlaIVCxy4l/LN2O2/8PLBr45GTRlJbZiaYRspv4WUZuftFJdnIXKHO
 JKyJkUkgIE25UdDXgKibHaPWdzZZdFPzUCgpKrcMj2UkMyyZjGSqQoVTCb6+k8Nr
 8dI5+qC/ylhAFq1X6dRSxejrIKU2WioWpwtlfVDbM6JqydqEpc0fL9S4blcEKi2c
 9uZJKNwnKA==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
 by mx1.dismail.de (OpenSMTPD) with ESMTP id fd74c58a
 for <help-guix@gnu.org>; Fri, 4 Nov 2022 18:27:31 +0100 (CET)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
 by smtp1.dismail.de (OpenSMTPD) with ESMTP id 69ef3b6d
 for <help-guix@gnu.org>; Fri, 4 Nov 2022 18:27:31 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 45d0e152
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <help-guix@gnu.org>;
 Fri, 4 Nov 2022 18:27:28 +0100 (CET)
From: Joshua Branson <jbranso@dismail.de>
To: help-guix@gnu.org
Subject: auto encrypt user passwords for opensmtpd-service
Date: Fri, 04 Nov 2022 13:27:24 -0400
Message-ID: <87iljuzl37.fsf@dismail.de>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=78.46.223.134; envelope-from=jbranso@dismail.de;
 helo=mx1.dismail.de
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: help-guix@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Sender: "Help-Guix" <help-guix-bounces@gnu.org>
Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1667582892;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=efeEzvJFdp0s0hZ5rhF7KeLrF0UI64jy+g7D1piI8Xc=;
	b=r1VHYc44KWr529RCV0AcffUEZo2rkOzREXSj5C8tGununAYj1T/ycNYD5absJfZ3ZlzdTT
	JVCRl91dS0NM/nBtmlb5eFwluUWWCEMXERWeCc5sP8j+Hzrzs3PKvoSqu7asR4EUIFkgjb
	HuyXECsEI9aFRYfb0YPX9XzeUY6M79aLOvIGmzQqDfVstl6SuqMsDnoKVg/uJrwZ6hBgY2
	/osW8lUnYZptylRRxB5YzMLqgE+UN2OBI9CkYlioLmW7f7EDAn3TTlIwQNOibRcXU0R28M
	BRU6HvKgmCU4orCQIvwW596Eb4iQCyXLcThf0Ke8LUOqn9ONQ/Ii+owGmpWVpA==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1667582892; a=rsa-sha256; cv=none;
	b=X1wqhBK907ps7WUAvQ6kVRX7HJaSzaji8c7r4K8FqLqWVJo2Y58APirjhn72qyexRuCZCd
	bLKBvdd/Dvkwb/5vaQZ8fb5oUj4EltAR6CIqtDSwEOLcF3djjxbGicGLWbY7e9QCvSIonr
	5CZnkz9aoCsYDhrDGW1xQrzs4LLRJRW/WIrwOHbOsqeBv1BuMQLfMRTMTY1JlkBh0Op+i0
	iovPOwqbtKPj5uUi0cKCFF3PHGCIaavgm8GxsaLsbS6tC8OeS5m2QgNwDVf0dgXyWTOyDc
	zLXk/bztcA9G49TZfKhkiST67XioaKwUCYvzn4HbzGnfhPQ1uCG3ttL3DzLYVA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=dismail.de header.s=20190914 header.b=AIca6NnH;
	dmarc=pass (policy=reject) header.from=dismail.de;
	spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -7.60
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=dismail.de header.s=20190914 header.b=AIca6NnH;
	dmarc=pass (policy=reject) header.from=dismail.de;
	spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 4DE7238B99
X-Spam-Score: -7.60
X-Migadu-Scanner: scn0.migadu.com
X-TUID: OJ5L2bycTFDs



I am currently trying to extend guix's opensmtpd-service, so that users may
configure the service via records. As a part of this journey, I thought it would
be cool, if users could specify password records like the following, which would
auto encrypt the passwords in the resulting configuration 1:

#+BEGIN_SRC scheme
(opensmtpd-table
 (name "cred-table")
 (data '(("joshua" . "password"))))
#+END_SRC

would turn into:

#+BEGIN_SRC text
table "creds-table" { "joshua" = "$6$yvZhvM.kFiUu0rGV$hbHcUimLf96eKlUFdGh1tIeKrmlL.cRgaftdefmf57R3iZ/L0iY7xVY/ytbqQuZS9b7yZj3Ju5l.INxjvZLuq0" }
#+END_SRC

Currently, users of opensmtpd, must generate user passwords manually, via the
following:

#+BEGIN_SRC shell
guix install opensmtpd
#+END_SRC

#+BEGIN_SRC shell
$(find /gnu/store -name '*encrypt*' | grep -m 1 opensmtpd) "password"
#+END_SRC

#+RESULTS:
: $6$3prHAJvjxNhDGz7G$74ENoGsV4AnxXiNvPnhS0d9.0Cj5ywgxBCwndgxfvSRHAUWeuOSpkmsTyHEFk4O4z.9dVkx3bMUiaX18HvTbA.

:TheActualFilePathOfTheEncryptBinary:
#+BEGIN_SRC shell
ls -lha $(find /gnu/store -name '*encrypt*' | grep -m 1 opensmtpd)
#+END_SRC

#+RESULTS:
: lrwxrwxrwx 1 root root 87 Dec 31  1969 /gnu/store/i1bh9a0q9wshpmhl4dnkdkqygfq532dw-profile/libexec/opensmtpd/encrypt -> /gnu/store/qf84lf6nddsf1saan0qiv60qwz8hsic9-opensmtpd-6.8.0p2/libexec/opensmtpd/encrypt

:END:

I am trying to take a stab at auto-generating these user passwords, and as it
turns out... I really do NOT understand gexps.

In a guile repl, I am not getting, well anything to work.
#+BEGIN_SRC scheme
,use (gnu packages mail)
,use (guix gexps)
,use (guix monad-repl)
,m (gnu services mail)

#~(string-append #$(file-append opensmtpd "/sbin/smtpctl"))
$23 = #<gexp (string-append #<gexp-input #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl">:out>) 7050f4a17750>
scheme@(gnu services mail) [11]> ,build $23
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (string-append #<gexp-input #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl">:out>) 7050f4a17750>
scheme@(gnu services mail) [11]> #~(begin (string-append #$opensmtpd "/sbin/smtpctl"))
$24 = #<gexp (begin (string-append #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out> "/sbin/smtpctl")) 7050f4532d50>
scheme@(gnu services mail) [11]> ,build $24
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (string-append #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out> "/sbin/smtpctl")) 7050f4532d50>
scheme@(gnu services mail) [11]>
$25 = #<gexp (begin (system* (string-append opensmtpd "/sbin/smtpctl") " password\n")) 7050f4a6cd20>
scheme@(gnu services mail) [11]> ,build $25
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (system* (string-append opensmtpd "/sbin/smtpctl") " password\n")) 7050f4a6cd20>
scheme@(gnu services mail) [11]> (system* "ls")
ABOUT-NLS	build-aux	  config.status  etc	  guix	       INSTALL	    Makefile	 po					   scripts
aclocal.m4	ChangeLog	  configure	 gnu	  guix-daemon  libformat.a  Makefile.am  pre-inst-env				   test-env
AUTHORS		CODE-OF-CONDUCT   configure.ac	 gnu.go   guix.go      libstore.a   Makefile.in  README					   tests
autom4te.cache	config-daemon.ac  COPYING	 gnu.scm  guix.scm     libutil.a    NEWS	 ROADMAP				   THANKS
bootstrap	config.log	  doc		 guile	  HACKING      m4	    nix		 run-opensmtpd-record-sanitation-test.log  TODO
$26 = 0
scheme@(gnu services mail) [11]> #~(begin (system* (string-append opensmtpd #$ "/sbin/smtpctl") " password\n"))
$27 = #<gexp (begin (system* (string-append opensmtpd #<gexp-input "/sbin/smtpctl":out>) " password\n")) 7050f4364480>
scheme@(gnu services mail) [11]> ,build $27
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (system* (string-append opensmtpd #<gexp-input "/sbin/smtpctl":out>) " password\n")) 7050f4364480>
scheme@(gnu services mail) [11]> #~(begin $#opensmtpd)
$28 = #<gexp (begin #{$#opensmtpd}#) 705106769e70>
scheme@(gnu services mail) [11]> ,build $28
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin #{$#opensmtpd}#) 705106769e70>
scheme@(gnu services mail) [11]> #~(begin (mkdir #$output)
                                          (chdir #$output)
                                        #$opensmtpd)
$29 = #<gexp (begin (mkdir #<gexp-output out>) (chdir #<gexp-output out>) #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out>) 7050f5cd3f60>
scheme@(gnu services mail) [11]> ,build $29
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (mkdir #<gexp-output out>) (chdir #<gexp-output out>) #<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out>) 7050f5cd3f60>
scheme@(gnu services mail) [11]> ,bt
           1 (string-append #<file-append #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl"> "/sbin/smtpctl")
In ice-9/boot-9.scm:
  1685:16  0 (raise-exception _ #:continuable? _)
scheme@(gnu services mail) [11]> #~(begin (mkdir $#output)
                                          (mkdir (string-append #$output) "/libexec")
                                          (string-append opensmtpd "/opensmtpd"))
$30 = #<gexp (begin (mkdir #{$#output}#) (mkdir (string-append #<gexp-output out>) "/libexec") (string-append opensmtpd "/opensmtpd")) 7050f5b271b0>
scheme@(gnu services mail) [11]> ,build $30
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (mkdir #{$#output}#) (mkdir (string-append #<gexp-output out>) "/libexec") (string-append opensmtpd "/opensmtpd")) 7050f5b271b0>
scheme@(gnu services mail) [11]>
#+END_SRC

Any tips, suggestions, or example code that I should look at would be very
helpful.  Thanks!

Joshua

1.  It is entirely possible, that it would be better for users to manually
   generate their own passwords.  And NOT allow the service to generate those
   passwords for them.  If that is your opinion, don't hesitate to let me know.
   :)