From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id uPfFJTWn42NdhAAAbAwnHQ (envelope-from ) for ; Wed, 08 Feb 2023 14:44:21 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id GNDJJTWn42N/awAA9RJhRA (envelope-from ) for ; Wed, 08 Feb 2023 14:44:21 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 131FB28556 for ; Wed, 8 Feb 2023 14:44:20 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pPkjz-0000tR-FP; Wed, 08 Feb 2023 08:44:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pPkjx-0000tB-Vu for bug-guix@gnu.org; Wed, 08 Feb 2023 08:44:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pPkjx-00027l-NX for bug-guix@gnu.org; Wed, 08 Feb 2023 08:44:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pPkjx-0006E5-Jx for bug-guix@gnu.org; Wed, 08 Feb 2023 08:44:01 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#56669: enhancement: Link guix system and guix home Resent-From: Andrew Tropin Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 08 Feb 2023 13:44:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56669 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Maxime Devos , guix-bug-va9nk6@rdmp.org, 56669@debbugs.gnu.org Cc: Tissevert Received: via spool by 56669-submit@debbugs.gnu.org id=B56669.167586378623850 (code B ref 56669); Wed, 08 Feb 2023 13:44:01 +0000 Received: (at 56669) by debbugs.gnu.org; 8 Feb 2023 13:43:06 +0000 Received: from localhost ([127.0.0.1]:55088 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pPkj4-0006Cc-78 for submit@debbugs.gnu.org; Wed, 08 Feb 2023 08:43:06 -0500 Received: from relay2-d.mail.gandi.net ([217.70.183.194]:43515) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pPkj1-0006Bw-M8 for 56669@debbugs.gnu.org; Wed, 08 Feb 2023 08:43:04 -0500 Received: (Authenticated sender: andrew@trop.in) by mail.gandi.net (Postfix) with ESMTPSA id E1BFF40009; Wed, 8 Feb 2023 13:42:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1; t=1675863775; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=IM+JDiPk5/dFO4koRA1ONHs3i4bfDIOR1UDMR4yAM2w=; b=CGSxHSfREl0Z0Vpc41H6GaRTyhpKL+1OJgxZ9aQJEX7AODJFpnzDwVqTqjyEXLSE6vIKYO qq9ftZR6N/OS2ysbmZws6j+meu4odhiNW+e76zbxF0OyWxaNYnaIaBQRfhX9H/HXLgazG3 pztA46/D7fsWKp6vDto1VmQoeLKiO2SyVmiSBNtmpAC05eOmtr1ylZjZ2oXM5V22YID+F9 PztGjN3bmmhvAW1IDIWbzqlLRg/djs/x6Egn5DixUx9BJ/1v2spdtZOA4y+1e61ON9vmZt h6FjQSbvcQ3ju1rSUFs1aLm7vpGEWTAY2fLZjWp3zw7lUH/Su6A+K32mWkuRwQ== From: Andrew Tropin In-Reply-To: <87sfmo8byh.fsf@trop.in> References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org> <87o7xjbrb1.fsf@trop.in> <87k086crtr.fsf@trop.in> <87sfmo8byh.fsf@trop.in> Date: Wed, 08 Feb 2023 17:42:51 +0400 Message-ID: <87h6vw1des.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=trop.in header.s=gm1 header.b=CGSxHSfR; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1675863861; a=rsa-sha256; cv=none; b=bEuVBZlWI43qMw5yL0KEG9fJwdfpGkWspcR56cQqWxjjybYjM2HOrg7tqNWrFUMXJK1uCz SAxibZi9Ajwm1OasBx+wagPLvtkw6fA8b08YLEYlJnQROjmuiMHF1aV2xGEhjmAR14Ag5O jsmtB57n2flBpSXNOcF199Q6ogFIGQvYpJvV5br3jap+bQB01PcjkP5mHlcrSUlxT306Dl 0PD57AToMHeI06EbBZYt12M2pD3veJlWzKThD0OzISDPaOtzHg7NLcLjUAlv4JA0rujBsU Qo3NYZolksATBfPMcLbsI3kB8pyIk7NWJBkJBgnPsmA2kmD5b6McRUVl5BgCNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1675863861; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=IM+JDiPk5/dFO4koRA1ONHs3i4bfDIOR1UDMR4yAM2w=; b=IRDVZN3iB21FNNw5hXLK5Nwop3Z8pweVMlecIyxV1yrmQ4Rhx3G6B9sho1ww3wJX23dvMM H0JhPahXzI2OXPfjykbughPe4HfpfJX+CaJESwvY/OhoK41zCIRL+0N7t1YLTYLJ/Y9WC9 sLE8RuQtfNU4cZSvldb4gvkdJWjLx3XK5c7mPX4UhAL2ixqVvY/Kc6WBFoJ/5E0UhrooDq Cn6xj4pAKfqNQJtBlPI/2x+dVpBE+XLXG/D2/Hz5hV+gYllFXYJy/l4mHIDmPyFpdn38Lv iU6MK6lFbM6+5NkuTPa+LOzmWn2EAaf6aHWVKj/UBI0qEAO/t/pTV5olGX8+Ww== X-Migadu-Queue-Id: 131FB28556 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=trop.in header.s=gm1 header.b=CGSxHSfR; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none X-Migadu-Spam-Score: -3.30 X-Spam-Score: -3.30 X-TUID: FoxvYqMHhrW6 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On 2022-07-26 12:23, Andrew Tropin wrote: > On 2022-07-21 19:25, Maxime Devos wrote: > >> On 21-07-2022 19:13, Andrew Tropin wrote: >> >>> The source code is here: >>> https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938= f97e9 >> >> What's the 'guix-home-gc-roots' for? I would expect the reference=20 >> #$(file-append he "/activate") to be sufficient to keep things from=20 >> being gc'ed. > > It was needed while I was testing manual activation without shepherd > service, not needed anymore, already removed it locally. > >> >>> +=20 >>> =20 >>> (start #~(make-forkexec-constructor +=20 >>> =20 >>> '(#$(file-append he "/activate")) +=20 >>> =20 >>> #:user #$user +=20 >>> =20 >>> #:environment-variables +=20 >>> =20 >>> (list (string-append "HOME=3D" (passwd:dir (getpw #$user)))) +=20 >>> =20 >>> #:group (group:name (getgrgid (passwd:gid (getpw #$user)))))) >> I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done=20 >> already internally by /activate, you could consider doing it in a=20 >> container to reduce potential irreproducibility, or insecurity on=20 >> multi-user systems (I'd assume the #:user + #:group to be sufficient for= =20 >> security, especially if it appears sufficient for other system services,= =20 >> but I'm not some expert on what things need to be set). >> > It's not set by /activate. > >>> +=20 >>> =20 >>> (provision (list (symbol-append 'guix-home- (string->symbol user)))) += =20 >>> =20 >>> (one-shot? #t) +=20 >>> =20 >>> (auto-start? #f) >> Wouldn't it then be possible for the user to login via the login manager= =20 >> before initialisation has completed, as gdm etc don't wait for=20 >> guix-home-... currently? > > You are right, the same as the first one, needed for more manual > approach, changed to #t, thank you. > > Three patches for this service to work is on the way on guix-patches. > In the meantime, will try to build livecd with the home environment > inside. > > P.S. Probably this system service is far from final version of this > feature, I still think about making home-environment a part of > user-account. Will evaluate pros and cons, after I get livecd built > successfully. Sorry for the long status update, some life moments are happened. Polished all the things on Guix Home side and I can confirm that the service works correctly and it's possible to make home-environments a part of operating-system record. Current very simple implementation works relatively good. It accepts a list of ("user" . home-env) pairs and creates a shepherd services, which activate respective home environments. https://git.sr.ht/~abcdw/rde/tree/9175c7b37b6861095bae4a696aa1faadf9dc572a/= src/gnu/services/home.scm#L1 This is how sway graphical environment activation is implemented in rde-liv= e image. http://files.trop.in/rde/ I still find it not completely satisfying because activation happens when one-shot shepherd service get started and not during system activation, which leads to the problem mentioned by Maxim: you can login into user's shell before home-environment activated. I would like to just extend system activation with calls to home activation scripts, but it's not that straightforward because we depend on user-homes (which is a shepherd service). That said the guix-home system service works fine and you can already use it, but before merging it to Guix I would like to move home activations into system activation, which requires some work on user-homes. It doesn't seem to be a big task, but still require some dedication and IDK when I get spare time for it. Let me know if this feature blocks you in some way, otherwise I'll keep working on it in my own pace. =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmPjptsACgkQIgjSCVjB 3rA8VA//epO1s/+BsUsWO0NjoiXQWYdBJBWpReNMhFWLrF1phKJ7WP+TZba6xfpP TsylTyofV55cYKSLcT/sZy0OwsgDvYPG4JH2JYt8EwWsDh0HQMgLIarwjgb/ChC4 AzkXux7ieigIC1tS1p7b/ULDi9mt5Cmpv0zAD2+rX1C1yMU8NrV++r/NL729YJ3c 1wRL0A6NzTDsgJ6B/8N+beQK9FiOCUEDcn+qExavnSbpw1iPWnhWgjiXAFWwsyVB //FyUbPvNBxi8Jt38/vdx9O22EwS3vmEbhhgYFI0IvpNKBwOZBIzHP9mkWuIMe/E LkapvlZoHOIdC/7Q34Pz6MI8TvtqOXnqWv0h2emr4QPzZOTkUIACvd9ZFk/HVaIU CfAgK+WHEdIOI+IIC6yRJH6ROYGv72skaJ0v63HhmdyC5m6vLJanPJEbBFtNa1sL vRQnyx+fWWE0c2n0/R7opNbGCPQVvjtyjn/ysdL/KbmoCVmcMpf3aGlJsCpMqZjq Nkyl4qZ/k9QRCsojNyslvs4an8cDZ4UPREN72l37jstxX+/S/q472MjRqvIz3jl/ KxBIKO3ttiOCObbPbb386kb1c1/ceF3gIFmjnLThfiuv9Y3yxgRI8q5bvzBgoGRw b5Crt1gb9jLS2LvdU13iIkNQpzu3sK7VYLD7oBEBcZE/rryisMM= =kfyn -----END PGP SIGNATURE----- --=-=-=--