bug#35399: Guix System installer does not set up passwords

bug#35399: Guix System installer does not set up passwords

[Ludovic Courtès]

Forwarding discussion from <https://issues.guix.info/issue/35341>.

I wrote:

> "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:
> 
> > I installed Guix System from a USB flash drive from the current git
> > master.  The manual describes I should set up a password with passwd.
> > I think the installer should automate this, so users do not need to
> > know the passwd command.
> 
> I think it’d be nice if the installer would initialize the user
> password, and also root’s password (which is empty by default).
> 
> The obvious approach would be to add a dialog box in the installer and
> then set the ‘password’ field of each <user-account>, and also add a
> <user-account> for root itself with the ‘password’ field set.
> 
> The problem with this approach is that password hashes would end
> world-readable in the store, so we would need to add warnings asking
> users to change passwords after logging in.  Not great.
> 
> Another option would be to have an activation snippet that runs when
> booting the newly installed system: if would check for a flag or
> something (it could check for uninitialized passwords), and if it
> determines it’s a first boot, open a dialog box asking for passwords.
> We’d need to add a “post-install” service in the OS config that would do
> just that.
> 
> That would be the most robust approach, but it’s also a bit more work I
> guess.  It’s also not so nice that users will see this extra service in
> their config.
> 
> Thoughts?

To which Florian replied:

> Why can’t the installer just chroot into the new system and call
> passwd?

That makes a lot of sense, I feel silly for not thinking about it.  :-)

(In fact, we don’t even have to chroot since we can directly use (gnu
build accounts) to write the shadow file in the right place.)

I’ll try to give it a spin if nobody beats me…

Ludo’.

bug#35399: Guix System installer does not set up passwords

[Ludovic Courtès]

Ludovic Courtès <ludo@gnu.org> skribis:

>> Another option would be to have an activation snippet that runs when
>> booting the newly installed system: if would check for a flag or
>> something (it could check for uninitialized passwords), and if it
>> determines it’s a first boot, open a dialog box asking for passwords.
>> We’d need to add a “post-install” service in the OS config that would do
>> just that.
>> 
>> That would be the most robust approach, but it’s also a bit more work I
>> guess.  It’s also not so nice that users will see this extra service in
>> their config.
>> 
>> Thoughts?
>
> To which Florian replied:
>
>> Why can’t the installer just chroot into the new system and call
>> passwd?
>
> That makes a lot of sense, I feel silly for not thinking about it.  :-)
>
> (In fact, we don’t even have to chroot since we can directly use (gnu
> build accounts) to write the shadow file in the right place.)

This is implemented by these commits:

  91a7c4998f installer: Ask for the root account password.
  898677ed17 installer: Ask for user password and initialize /etc/shadow.

I ran a full install and confirmed that it works as expected.  You’re of
course welcome to try it out!

I realized later that I forgot to add a password confirmation box.  I
guess we should add one, right?

Thanks,
Ludo’.

bug#35399: Guix System installer does not set up passwords

[swedebugia]

On 2019-04-25 00:51, Ludovic Courtès wrote:
> Ludovic Courtès <ludo@gnu.org> skribis:
> 
>>> Another option would be to have an activation snippet that runs when
>>> booting the newly installed system: if would check for a flag or
>>> something (it could check for uninitialized passwords), and if it
>>> determines it’s a first boot, open a dialog box asking for passwords.
>>> We’d need to add a “post-install” service in the OS config that would do
>>> just that.
>>>
>>> That would be the most robust approach, but it’s also a bit more work I
>>> guess.  It’s also not so nice that users will see this extra service in
>>> their config.
>>>
>>> Thoughts?
>>
>> To which Florian replied:
>>
>>> Why can’t the installer just chroot into the new system and call
>>> passwd?
>>
>> That makes a lot of sense, I feel silly for not thinking about it.  :-)
>>
>> (In fact, we don’t even have to chroot since we can directly use (gnu
>> build accounts) to write the shadow file in the right place.)
> 
> This is implemented by these commits:
> 
>    91a7c4998f installer: Ask for the root account password.
>    898677ed17 installer: Ask for user password and initialize /etc/shadow.
> 
> I ran a full install and confirmed that it works as expected.  You’re of
> course welcome to try it out!
> 
> I realized later that I forgot to add a password confirmation box.  I
> guess we should add one, right?

Yes, that sounds like a good idea.

-- 
Cheers
Swedebugia

bug#35399: Guix System installer does not set up passwords

[Ludovic Courtès]

swedebugia <swedebugia@riseup.net> skribis:

> On 2019-04-25 00:51, Ludovic Courtès wrote:
>> Ludovic Courtès <ludo@gnu.org> skribis:
>>
>>>> Another option would be to have an activation snippet that runs when
>>>> booting the newly installed system: if would check for a flag or
>>>> something (it could check for uninitialized passwords), and if it
>>>> determines it’s a first boot, open a dialog box asking for passwords.
>>>> We’d need to add a “post-install” service in the OS config that would do
>>>> just that.
>>>>
>>>> That would be the most robust approach, but it’s also a bit more work I
>>>> guess.  It’s also not so nice that users will see this extra service in
>>>> their config.
>>>>
>>>> Thoughts?
>>>
>>> To which Florian replied:
>>>
>>>> Why can’t the installer just chroot into the new system and call
>>>> passwd?
>>>
>>> That makes a lot of sense, I feel silly for not thinking about it.  :-)
>>>
>>> (In fact, we don’t even have to chroot since we can directly use (gnu
>>> build accounts) to write the shadow file in the right place.)
>>
>> This is implemented by these commits:
>>
>>    91a7c4998f installer: Ask for the root account password.
>>    898677ed17 installer: Ask for user password and initialize /etc/shadow.
>>
>> I ran a full install and confirmed that it works as expected.  You’re of
>> course welcome to try it out!
>>
>> I realized later that I forgot to add a password confirmation box.  I
>> guess we should add one, right?
>
> Yes, that sounds like a good idea.

Done!

  187122b902 installer: Ask for confirmation of the user passwords.
  8f2b7e3cb4 installer: Ask for confirmation of the root password.

Ludo’.