From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id GPXdMogcqWZgQAAAqHPOHw:P1 (envelope-from ) for ; Tue, 30 Jul 2024 17:02:01 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id GPXdMogcqWZgQAAAqHPOHw (envelope-from ) for ; Tue, 30 Jul 2024 19:02:00 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b="mpb/V16/"; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=oKwFPDXB; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1722358920; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=8NpcicW7XYXSWpj3YrQXCEZfspVjk6drg/YxzqQA38M=; b=h3AXf5paoNQ6lJ5Lz4c8mobVIOQoodEGriwHWojNsJ1mHVk1AoOGXGd4NmbaHJ2W06EkXl 2MrVYQp6pUBMMAZJiEiGK4fH8dkkX2DeLZZWR6VN5g8e3cxkijUOFi7e+9KHh1juJo7ZL4 xExURqOUT4F2aaHHyQvIuh4sjwdjQ/m5iVgWCXVBmyJB7PUpKb+JPWZJOFmrK2Q2/59Tk+ R2wpm+RFvg3i11SC7V1kIkQ2GQuOcKVdOyLxDlvIkZQ06FYT64WyFs/KoMYJlgkGwgdnlr /rQAyPweWoyrXfMaapRdKy77jDkw9uU9dM7IhNUAWUk9g6mfhA0gaIQbIilhoQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b="mpb/V16/"; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=oKwFPDXB; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1722358920; a=rsa-sha256; cv=none; b=iOALyMSPV4s0xWB+DyZpkrZJTGyY5ZT+NXsPdJJy7AUTHfVkdQnJyviLRgPfMmuP9ktJYl WZNjOXYIYIv4PoBQVbMELmmfUbcke2Ku6widAk5A+kDb1mLx1knWrjn7A2d7+S3ZIj/SoW k0nJ1OdvjEB6ASHxdcXksV7nmTvPlX22lkRN56fIu7aSZETL80Zh5ILLPUSyOxIs486nBO 1/wYxVh2uI9GVt59EszYX38tUdCdeAvgKKSMhAPzXbB8RrwAt+t439ekODvBplWCdkcWt+ h5lxh29IgsA2KLAD2MJTSMEtnvRZhrPPoOYBdV4JZlY6/vgTlH+difyUyo4NRg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 02BB96E732 for ; Tue, 30 Jul 2024 19:02:00 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYqEQ-0007JO-Fd; Tue, 30 Jul 2024 13:01:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYqEO-0007JD-Mx for guix-patches@gnu.org; Tue, 30 Jul 2024 13:01:48 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYqEN-0001wF-Nu for guix-patches@gnu.org; Tue, 30 Jul 2024 13:01:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=8NpcicW7XYXSWpj3YrQXCEZfspVjk6drg/YxzqQA38M=; b=mpb/V16/tdCRuzEOrn339vmVRgR9GiMnBGqh1UNhs7v8Ut2PuaIBTehgkN3HO6cyDfAdrmXnSrp6PFMinb49hmcK6qm/gDv6ESCYRDnorLbgOEVltUqAImGzWvdMnZaWesttskXXzZ2/0x5cNpB4urcluM22JLesSrpsOG9C5PPFMngAKCkAlna1j34YioAjHV2/ymxz4jGlpV1kGT7vukLna3vQ5v/sJQGmkTvC0AuBXQ4Dn627EQtQfWyIl0eeoyFPQ+PzXevN427RoTUF5qMzxaroHo9YIFlV274BbLZbFYkMqP05VF8LN8Ebd/vI0r00dAAxWyJnv8rlHU6JqA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sYqEc-0002E4-3M for guix-patches@gnu.org; Tue, 30 Jul 2024 13:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#72316] [PATCH 3/3] Add a guile-pam-module service. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 30 Jul 2024 17:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72316 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: "pelzflorian (Florian Pelz)" Cc: 72316@debbugs.gnu.org, Ludovic =?UTF-8?Q?Court=C3=A8s?= , Maxim Cournoyer , Matthew Trzcinski Received: via spool by 72316-submit@debbugs.gnu.org id=B72316.17223588638477 (code B ref 72316); Tue, 30 Jul 2024 17:02:02 +0000 Received: (at 72316) by debbugs.gnu.org; 30 Jul 2024 17:01:03 +0000 Received: from localhost ([127.0.0.1]:48340 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sYqDe-0002Cd-SV for submit@debbugs.gnu.org; Tue, 30 Jul 2024 13:01:03 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]:48366) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sYqDc-0002C5-0r for 72316@debbugs.gnu.org; Tue, 30 Jul 2024 13:01:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=Kpllv5LUCdMi6Ys n6LvgKukU5lvtdEkaGw3kNKRrmFo=; h=date:references:in-reply-to:subject: cc:to:from; d=lease-up.com; b=oKwFPDXBUKD1tVPEaQep72OD+xIDbNMfPP2WQz6P ycTDFO27Eov04CndFVH7KohGpgtnrqbLYt/6txgneCk9CbvLCU9Hf8+AaZC77GKfOkudw0 feKoRh74MmGnb4cbV76vwZzLBP9kco0yMJ57ru72xvWts2X40YhJzS4SnUhls= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 2507a0c3 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Tue, 30 Jul 2024 17:00:43 +0000 (UTC) In-Reply-To: <8734nsv6os.fsf@pelzflorian.de> References: <8734nsv6os.fsf@pelzflorian.de> Date: Tue, 30 Jul 2024 10:00:43 -0700 Message-ID: <87wml27r2c.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches From: Felix Lechner via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -5.42 X-Migadu-Queue-Id: 02BB96E732 X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -5.42 X-TUID: /fGuskHAxXbD Hi Florian, On Mon, Jul 29 2024, pelzflorian (Florian Pelz) wrote: > guile-pam docs reference guile-wtut, which presumably should be > guile-tut without w. Thank you for your review! A baby has been typing extra letters. The typo was fixed. You were credited in the commit message. [1] > About this doc/guix.texi addition [...] it would be better giving one > or two functional examples rather than only calling the (format) > procedure. This would showcase to the uninitiated what PAM can do and > how it looks in Guile. I personally think that it would turn off new readers. Guix System configures PAM already. Only people hoping to accomplish something non-standard will look into Guile-PAM. Unfortunately, those readers have little in common. That's why I illustrated the way Guile-PAM works with a simple example. You are now saying we should instead solve a specialist case, but I believe that's likely to distract the diverse group of readers by drawing too much attention to what the module does, as opposed to how Guile-PAM works. The example was supposed to draw readers to Guile-PAM's Texinfo manual, which I mentioned nearby. Should we strike the example instead? > It is repetitive that foreign-library-path must be set now everywhere > for non-guile pam modules. The foreign-library-path only looks repetitive. It is the absolute path to each module. The modules just happen to be in the same place. Guix traditionally relied on a special feature in Linux-PAM: One can use absolute paths but, as many long-timer Guixers know, that is likely to cause stability issues. Guile-PAM solves that issue for Guix by separating the load path so a running process won't reload a newer version of the same shared object. Since the change has a logic to it, I have trouble relating to your observation that the load paths look repetitive. Please note that the foreign-library-path isn't actually needed for modules that ship with Linux-PAM. The Linux-PAM load path is added by default near the comment regarding "courtesy for historical usage" in the patch. It is being offered only for user customizations of the operating-system record, however, and may go away. The right thing is always list the load path for a module. That is what the patch does. > Even though a foreign-library-path is not always needed, would it be > better to always set it as default even when unneeded As I hoped to explain above, the load path is always needed. In my estimation, is not better to offer a default even though I did so for the time being in the interest of a smooth transition. Ultimately, the matter rests with the Guix maintainers. They will (or will not) decide if, when, and how to offer Guile-PAM to their users. Because Guile-PAM is a new and lightly tested package that strives to become an integral part of every Guix system, the decision will likely involve a lot more questions than the ones you and I are discussing in this thread here. At the same time, Guile-PAM is only 541 lines of code (in Scheme, not counting the examples) so maybe someone will get around to taking a look. > then patch 2/3 =E2=80=9CSwitch to Guile-PAM.=E2=80=9D could be dropped? No, the patch does other things. It switches all PAM configurations from Linux-PAM to Guile-PAM. The configured system will use Guile-PAM's stack implementation. Guile-PAM should be attractive to Guix for several reasons. One is that it may simplify Guix's existing PAM machinery, which is complex, because the same things can be accomplished better with quoted S-expressions (or G-expressions, depending on the context). There are also philosophical considerations which I hope will encourage Guix to adopt Guile-PAM. The code is short, written in Scheme, and licensed under the GPL. > Disclaimer; I do not know PAM. I may well be wrong. No worries, please, and thanks again for your review. Linux-PAM is arcane and complicated. I wrote Guile-PAM for you! Kind regards Felix [1] https://codeberg.org/lechner/guile-pam/commit/2f0f20a0a44f7672bfd93470c= 0562d19eb8ec511