Re: Putting a file into system image ~user/ but not on reconfigure

[wolf <wolf@wolfsden.cz>]

[-- Attachment #1: Type: text/plain, Size: 2847 bytes --]

On 2023-08-10 00:11:55 +0200, Hartmut Goebel wrote:
>    Hi,
> 
>    sorry for the hard to understand subject.
> 
>    I need to put a file into a system image (into ~user) which will not be
>    recreated or touched when running "system reconfigure" later, even if
>    not existent. So this is  some kind of "one-time service", removing
>    itself on first boot.
> 
>    Any ideas how to do this?
> 
>    (One could imagine some self-destructing script creating the file.
>    Anyhow AFAIK this script would be recreated on next "system
>    reconfigure". Als leaving some "script was run" marker is a bad option,
>    as removing the marker would recreate the file, which is to be
>    avoided.)

I guess you could have a script that would use the existence of the key itself
as a marker.  In that case you would likely want to recreate it if the marker
(key) got deleted, since the machine would be impossible to get into otherwise.
It would run on every boot, but after the very first one it would not do
anything.

> 
>    Background:
> 
>    I aim to create Vagrant boxes (machine templates) based on guix system
>    images. This works quite well so far, using image format qcow2, putting
>    the image and some simple files at the right place and the
>    vagrant-libvirt plugin for running the machine. Using a symlink I can
>    even avoid copying the boxes disk image out of the store — vagrant will
>    create a copy when creating a machine anyway.

I do not have much experience with Vagrant, but I assumed the general idea for
these kind of systems declarative systems is to just recreate the when updates
are required.  Is it expected to actually run guix reconfigure inside the VM?

> 
>    Now for vagrant being able to log into the machine when starting it
>    (and eventually "provision" the machine = execute some commands) boxes
>    are expected to include an "insecure ssh key" in
>    ~vagrant/.ssh/authorized_keys. Vagrant will replace this key by another
>    one when creating a machine. So this behavior is reasonable secure.
> 
>    One possible solution I found (not yet tested and tools not yet in
>    guix) is to use one of the guestfstools ([1]https://libguestfs.org/) to
>    copy the file into the image. Anyhow this would require copying the box
>    out of the store to get a writable file.
> --
> Regards
> Hartmut Goebel
> 
> | Hartmut Goebel          | [2]h.goebel@crazy-compilers.com               |
> | [3]www.crazy-compilers.com | compilers which you thought are impossible |
> 
> References
> 
>    1. https://libguestfs.org/
>    2. mailto:h.goebel@crazy-compilers.com
>    3. http://www.crazy-compilers.com/

W.

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]