From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id iGVzMPrR4mGHxgAAgWs5BA (envelope-from ) for ; Sat, 15 Jan 2022 14:54:02 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 6MNhKfrR4mGUCwEAG6o9tA (envelope-from ) for ; Sat, 15 Jan 2022 14:54:02 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 504E43D1FC for ; Sat, 15 Jan 2022 14:54:02 +0100 (CET) Received: from localhost ([::1]:43640 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n8jVI-0000Vu-Ul for larch@yhetil.org; Sat, 15 Jan 2022 08:54:00 -0500 Received: from eggs.gnu.org ([209.51.188.92]:37740) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n8jSR-0005DS-4r for guix-patches@gnu.org; Sat, 15 Jan 2022 08:51:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:46617) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n8jSQ-0004EE-OC for guix-patches@gnu.org; Sat, 15 Jan 2022 08:51:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1n8jSQ-0001qU-FL for guix-patches@gnu.org; Sat, 15 Jan 2022 08:51:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#53063] [PATCH v2 wip-harden-installer 00/18] General improvements to the installer Resent-From: Josselin Poiret Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 15 Jan 2022 13:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 53063 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Mathieu Othacehe Cc: 53063@debbugs.gnu.org, ludo@gnu.org, Josselin Poiret Received: via spool by 53063-submit@debbugs.gnu.org id=B53063.16422546306891 (code B ref 53063); Sat, 15 Jan 2022 13:51:02 +0000 Received: (at 53063) by debbugs.gnu.org; 15 Jan 2022 13:50:30 +0000 Received: from localhost ([127.0.0.1]:39472 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n8jRt-0001mp-Kv for submit@debbugs.gnu.org; Sat, 15 Jan 2022 08:50:30 -0500 Received: from jpoiret.xyz ([206.189.101.64]:48130) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n8jRo-0001mH-LQ for 53063@debbugs.gnu.org; Sat, 15 Jan 2022 08:50:28 -0500 Received: from authenticated-user (jpoiret.xyz [206.189.101.64]) by jpoiret.xyz (Postfix) with ESMTPA id 49A86184C99; Sat, 15 Jan 2022 13:50:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim; t=1642254622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9UYggPvCU4ArqdLCCkosWTpKpRczDulM0rlXZCijdQY=; b=h5juTFF5b7bWOAizX59iku5J1tZbVTueKhYVLXihXLGLxTvrtO6Ww0z9xiAAbc2NYQDHPH Z8b8Rdpf9crBUDsO05xGZYZMyzAlmRI8Ey/16Um6PfsmllrL5ionjKPLcwa1GRCtqY1lIf 2U7n02cs/Sttk6obfidThvxmbVwuRbSwzzV3KMase/iSo7AJuxZ2efm6OoOJjZGb/+90Kb /ElbyasQ0OG3njHaJU2thAiJmbGkprXWpGlViSwv9bEmZSjf17OZC628SRfETtYN8fltwK dPc6jDoJcNl4QtjFWTeP/irdkpnU0AgdH4i2XFlRp4GYVxK8sWgaVGgHMxQlNQ== Date: Sat, 15 Jan 2022 14:49:53 +0100 Message-Id: <20220115135011.5817-1-dev@jpoiret.xyz> In-Reply-To: <8735lz4xsv.fsf@gnu.org> References: <8735lz4xsv.fsf@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spamd-Bar: ++++ X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Josselin Poiret X-ACL-Warn: , Josselin Poiret via Guix-patches From: Josselin Poiret via Guix-patches via X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1642254842; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=9UYggPvCU4ArqdLCCkosWTpKpRczDulM0rlXZCijdQY=; b=asww4o7+mY17M26pHHCqjCYEnxp+61SUnal4yFf5PJztzs7OfI/Zh9wBGMt29q6HCi/zsa LF2AmjbptiYENu/F743kHSWopHjMQj22x7DVOKu2R+xO7nYz3HkiDFSTUolBqfwxG92JC3 LQgXaDOsGmiAHhGlOmQa33GJxNzUXSb9/lERYn0geLls38ckcJgm6MSrsq+rerqsnvAoBN VtDwB2Gqk3RzK8hN5m3t5SjAjQRhp3/oSNCUoChUbzAszvQ2JBGK00Weh70YV0xOpxGMRZ mGPVFNwK619r5TAMqTbQsPARiQgsh5nPCb91htJkfF3L9CzrRwBlaaq6N7ZGNg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1642254842; a=rsa-sha256; cv=none; b=uzXccOS3xE1NzgPHdYswkHzdML9jhgIDGO/p3rklO2u/H6ygpkjQd6p60z+ufI2vISyjXV dnXz11F0/L8MYWPSk9217irgv8188xhMTWpibJ2DaCLHUcERcWrcUJYhVStm3AMjTFqyKT rPOV/hDdTy1dVB40shV9q4+ZeTwlVZOyWzgXvqaRqr6K4QCH3JWLTZsXQPm7QTUuj/5Ufp vbobeN+dmJjGV1XF71pK/vV45Hqb3pReD+UqoFso6AAZWZ/+E8BD2K5DJj+P67XOVvnqz2 CtUM/xHtw+euGyoGzb7rU533/P0BsazRGR/NuKNtkTez47b4oOiZEevllTAmTQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=jpoiret.xyz header.s=dkim header.b=h5juTFF5; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.93 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=jpoiret.xyz header.s=dkim header.b=h5juTFF5; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 504E43D1FC X-Spam-Score: -3.93 X-Migadu-Scanner: scn0.migadu.com X-TUID: 4/+jEJOT5DER Hello again Mathieu and Ludo, Here is a v2 that should follow the suggestions: the installer now only shows command output and status when the command fails, so that shouldn't break the installer tests. The internal mechanism to capture a command's output and error was reworked along Ludo's advice, and now uses open-pipe* instead (with a small workaround to avoid https://debbugs.gnu.org/cgi/bugreport.cgi?bug=52835). The second to last commit makes password objects opaque, so that installer dumps don't accidentally contain them in cleartext. Finally, the last commit (a big one) lets users choose whether to dump or not from the error page, and from there they can choose and edit the files (using nano) they would like to include in the dump archive. It expands upon the initial work of Mathieu in 84d0d8ad3d. For now, you can choose to include the installer backtrace, the installer result alist, and the syslog and dmesg. We could also include a more stripped down installer-log that the new logging facility produces, but I think that it should be enough for now. Things work smoothly on my end, but the installer test "gui-installed-os" seems to fail while running `guix system init`, when building linux-libre, but it seems unrelated to this patchset. Best, Josselin Josselin Poiret (18): installer: Use define instead of let at top-level. installer: Generalize logging facility. installer: Use new installer-log-line everywhere. installer: Un-export syslog syntax. installer: Keep PATH inside the install container. installer: Remove specific logging code. installer: Capture external commands output. installer: Add installer-specific run command process. installer: Use run-command-in-installer in (gnu installer parted). installer: Raise condition when mklabel fails. installer: Fix run-file-textbox-page when edit-button is #f. installer: Replace run-command by invoke in newt/page.scm. installer: Add nano to PATH. installer: Use named prompt to abort or break installer steps. installer: Add error page when running external commands. installer: Use dynamic-wind to setup installer. installer: Turn passwords into opaque records. installer: Make dump archive creation optional and selective. gnu/installer.scm | 95 ++++++++++-------- gnu/installer/dump.scm | 67 ++++++++----- gnu/installer/final.scm | 28 +++--- gnu/installer/newt.scm | 126 +++++++++++++++++++----- gnu/installer/newt/dump.scm | 36 ------- gnu/installer/newt/ethernet.scm | 8 +- gnu/installer/newt/final.scm | 12 +-- gnu/installer/newt/keymap.scm | 8 +- gnu/installer/newt/locale.scm | 25 ++--- gnu/installer/newt/network.scm | 16 +-- gnu/installer/newt/page.scm | 163 +++++++++++++++++++++++++++++-- gnu/installer/newt/partition.scm | 10 +- gnu/installer/newt/services.scm | 16 +-- gnu/installer/newt/timezone.scm | 4 +- gnu/installer/newt/user.scm | 11 +-- gnu/installer/newt/welcome.scm | 2 +- gnu/installer/newt/wifi.scm | 4 +- gnu/installer/parted.scm | 104 +++++++++----------- gnu/installer/record.scm | 12 ++- gnu/installer/steps.scm | 127 +++++++++++------------- gnu/installer/user.scm | 18 +++- gnu/installer/utils.scm | 158 +++++++++++++++++++++++++----- gnu/local.mk | 1 - 23 files changed, 656 insertions(+), 395 deletions(-) delete mode 100644 gnu/installer/newt/dump.scm -- 2.34.0