From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id qAB2MQdObWeLrQAAe85BDQ:P1 (envelope-from ) for ; Thu, 26 Dec 2024 12:37:28 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id qAB2MQdObWeLrQAAe85BDQ (envelope-from ) for ; Thu, 26 Dec 2024 13:37:27 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=M3G+ZBPY; dkim=fail ("headers eddsa verify failed") header.d=josefsson.org header.s=ed2303 header.b=o0KrgrnH; dkim=fail ("headers rsa verify failed") header.d=josefsson.org header.s=rsa2303 header.b=MucQne9a; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1735216646; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature:openpgp:openpgp; bh=/qu8Xvpw8b5hODe51Oth7avasPD+YkRTKAAJLx5FN8E=; b=IN1mm6hopMu5WPyoTkHtUFADeXyq32pnd15TgclfaNwk8h7dujZYFNAyN5t50yf3kGeeEJ mBwAGqk/zCkQK10D2wcTySU5R+zbyH+cN+b2phCSxrVJVkben5rkfI+Uk7rIaEVupKOJ8X NVvefVLJkFUFnfbtHRRHepaz5+f/+9rgmx4RfROYTI1YMHiFWdbJf3hXxftHY8Qay4enTU 5LhKjIELSr+DwL6S/2b2QoS+8shLKzhE7K8Q85xUtr/vVbdyOQahkfoBY1DVK3mmVJY7Us J6auQoVz8d48+dLqru61WORgkFekaVSntrCd3OFiej5JIzlzJuBTYizL6NepkQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=M3G+ZBPY; dkim=fail ("headers eddsa verify failed") header.d=josefsson.org header.s=ed2303 header.b=o0KrgrnH; dkim=fail ("headers rsa verify failed") header.d=josefsson.org header.s=rsa2303 header.b=MucQne9a; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1735216646; a=rsa-sha256; cv=none; b=MxzC1RDBoXjJAHqv7sSwMQmFxuFqIDhrX6Xn3+RoXXSwWp+9PgK5xu4IoRcrJMXVu137wp OFvDgz1AJh37yZqBEbUWPiS6iQnr2MD/QDob7R6wE/VPyNUEhYqdUfysXH9bPAsFeeec/Y uWGtv4L8a4QlbN1jzr9vxvs3SrFR1XrR54mGyiSXhnmevbljDTx8yfgYj4i0XERDCCn8ku Z+PqVDnTpcrNGeLr4M+O/1PMRFDMCc88Hcu4JwF4vVSszsTwmkXkwKKS4O3U/RlRgNFeRm ZznubhZp0cMF5upidfQS8b7uvjsAx9C9pFYVRiigjYmH4XZTFQYw8A/N7EF1PQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 982111BDFB for ; Thu, 26 Dec 2024 13:37:26 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tQn6y-0001qL-2j; Thu, 26 Dec 2024 07:37:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tQn6u-0001ot-A5 for guix-patches@gnu.org; Thu, 26 Dec 2024 07:37:04 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tQn6s-0007VU-Ie for guix-patches@gnu.org; Thu, 26 Dec 2024 07:37:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:In-Reply-To:Date:References:From:To:Subject; bh=/qu8Xvpw8b5hODe51Oth7avasPD+YkRTKAAJLx5FN8E=; b=M3G+ZBPYCqXaKF9YuKOwStvgilmngPiMNjLcJCU+vQ3g2G+JaOMh13tYrxWoC3lmLrFn76a7QibqE5D2kc3AsTCqGXitvh56OEBSpFbvBC6CtgF/J+1N10qeANpuzrUsfEmKm5RCYhu8Amdh9GFkd9HcwiwQkGep8Vw/nD+kYwOcVEflFDoegNbABFEfZOMRSwszBWBFhRXCquE/2kKLWVzZrT8/mPFQTN+pTnQFaDmQgx8UNX34h/IyRrkvnDXETLvPNwR/y8LAdVYvPQfAaEWoaCO5bdX1HR/nI35v70AkiHiZ1SsWLW2YioSpifhfMrIsNc5I3JK9/yn+MtiqWw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tQn6s-0003tc-D0 for guix-patches@gnu.org; Thu, 26 Dec 2024 07:37:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74962] [PATCH v3 4/5] etc/guix-install.sh: Remove 'which' commands from requirements. Resent-From: Simon Josefsson Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 26 Dec 2024 12:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74962 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: Mathieu Othacehe , Josselin Poiret , 74962@debbugs.gnu.org, Maxim Cournoyer , Janneke Nieuwenhuizen Received: via spool by 74962-submit@debbugs.gnu.org id=B74962.173521658914935 (code B ref 74962); Thu, 26 Dec 2024 12:37:02 +0000 Received: (at 74962) by debbugs.gnu.org; 26 Dec 2024 12:36:29 +0000 Received: from localhost ([127.0.0.1]:40410 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tQn6L-0003so-8s for submit@debbugs.gnu.org; Thu, 26 Dec 2024 07:36:29 -0500 Received: from uggla.sjd.se ([178.174.241.107]:43242) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tQn6H-0003sd-QC for 74962@debbugs.gnu.org; Thu, 26 Dec 2024 07:36:27 -0500 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=/qu8Xvpw8b5hODe51Oth7avasPD+YkRTKAAJLx5FN8E=; t=1735216577; x=1736426177; b=o0KrgrnHcKHHrtFf91oOCrHtmLgxCfl9KXb6IBvMSYxsCSPgdSeyMXqOgUNc7R+Kzdr4oc2ldZe 5FjGDIjZbCQ==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=/qu8Xvpw8b5hODe51Oth7avasPD+YkRTKAAJLx5FN8E=; t=1735216577; x=1736426177; b=MucQne9acVAss1VgIj03hkJ81O2tcTnCFbDuwDH3FWteKfpjJKY2rpC9oiNWYBongtUWcPEN66d 2wbYihctRbIqUNOIF8QshaxwPUvQDwTmekql1IjhOvQ6x+tC/BaGdQjia3p+jkmP3dsix7cuFL/w0 huGHLrLKK9ZFbyYoZeRtK/wQFTVsM7UhkgwTbB4pZgESSjq39PsQyW/MvL9UUDldqkY96cFPBSmdH Z6PItnfMT8LpiBAXiH14uZi6NT0oXrnFNEkaTubIst8/L7EwjV7BLp4Fsk69JY8iY0YA5Mtuk3AF8 zDg5RbwSoadrJwRTn4lyvnfvqHVIY6rVQI/m1Vvv6DwUVxFyu6ZtCDJ8+PsSTZaS/IxIckLHThiVC 1SIBmvuOU8MAfJLdtklmCK74SY24dxADUK4EggI783SFqQm0MuhOrvweNH1PzWb252sl3NYJS; Received: from h-178-174-130-130.a498.priv.bahnhof.se ([178.174.130.130]:44698 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tQn3y-008wZp-NN; Thu, 26 Dec 2024 12:34:02 +0000 References: <3d0ccfc5f28f48b0a4e513e4ebfd3018c85b4407.1734594333.git.maxim.cournoyer@gmail.com> <6d1f4ffaa70f4cfb3ed9e18b46fe3cedb44025f2.1734594333.git.maxim.cournoyer@gmail.com> <878qs2zpaf.fsf@gnu.org> OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt X-Hashcash: 1:23:241226:janneke@gnu.org::8I0E3B0AR0G/VVzW:0RBD X-Hashcash: 1:23:241226:maxim.cournoyer@gmail.com::peCyNjUwCb4remMh:1RT4 X-Hashcash: 1:23:241226:othacehe@gnu.org::zYEzYsh+ZkDYugby:Wk6R X-Hashcash: 1:23:241226:74962@debbugs.gnu.org::KV2gWTkIDvItk1G/:Q4GJ X-Hashcash: 1:23:241226:ludo@gnu.org::6KSm0tCj+InqVTpl:0hMMI X-Hashcash: 1:23:241226:dev@jpoiret.xyz::Ot6OC9rrZCBhOjKa:0/hRe Date: Thu, 26 Dec 2024 13:34:21 +0100 In-Reply-To: <878qs2zpaf.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Thu, 26 Dec 2024 11:55:52 +0100") Message-ID: <87v7v6tygi.fsf@kaka.sjd.se> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Simon Josefsson X-ACL-Warn: , Simon Josefsson via Guix-patches From: Simon Josefsson via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -5.61 X-Spam-Score: -5.61 X-Migadu-Queue-Id: 982111BDFB X-Migadu-Scanner: mx10.migadu.com X-TUID: MymhuTiN9XOp --=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Ludovic Court=E8s writes: > Maxim Cournoyer skribis: > >> * etc/guix-install.sh (REQUIRE): Remove "which". Add "nologin". >> (sys_create_build_user): Use 'type' instead of 'which'. >> >> Fixes: >> Reported-by: Simon Josefsson >> Change-Id: I0675716bab3fc22d3289ee7af2cb0ab33a1cee71 > > LGTM. Using 'type -P' is not POSIX and neither /bin/dash nor /bin/gash supports it. It seems like a GNU bash extension. Is that okay? The snippet ends up in the manual as recommendations for users to run on different operating systems. We may want to assume GNU bash to favor it, but I'm not sure if that is really helping users. If 'type -P' is used, shouldn't that really be 'type -fP' to avoid shell function expansion? It isn't all that clear from the man page if -f is still needed for -P or not: https://manpages.debian.org/bookworm/bash/bash.1.en.html#type Even so 'type' uses hashed names, do they survive sub-shell $() execution? If type is to be used, maybe this should be: $(hash -r nologin && type -Pf nologin) My suggestion was to use 'command -v nologin' which behaviour is standard POSIX /bin/sh. I acknowledge that it has the trouble of expanding to an alias if the shell had 'nologin' aliases somehow (unlikely but not impossible). $(unalias nologin; command -v nologin) It seems all of the options (which, type -P, command -v) has another unwanted property: if 'nologin' is not available in the path, these commands expand to the empty string, and that empty string gets passed to 'useradd -s STR -c ...' and the user gets an ugly error message about '-c' not being a proper shell. I wonder what all this solves compared to hard-coding "/" as the login shell for the guixbuild user? Here is source code for nologin, which we seem to make some effort to use - is this better than 'false'? https://github.com/shadow-maint/shadow/blob/master/src/nologin.c At least I'm happy nobody wants to keep using 'which'. I am sorry for the rabbit hole :) /Simon --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZ21NTRQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFopggAQDsIUbv8X5pdDbB4mtA55zslyBdRM3v J2zjK+ZlqF/MNwEAltO/yhYI+lvUiapnzTFNrAcBP/7aOAfhpn/0aR86EAk= =ZRWV -----END PGP SIGNATURE----- --=-=-=--