From: wolf <wolf@wolfsden.cz>
To: Hartmut Goebel <h.goebel@crazy-compilers.com>
Cc: help-guix <help-guix@gnu.org>
Subject: Re: Putting a file into system image ~user/ but not on reconfigure
Date: Thu, 10 Aug 2023 14:12:51 +0200 [thread overview]
Message-ID: <ZNTUQ1IWRb29KqrQ@ws> (raw)
In-Reply-To: <7310402d-a58e-e64e-97fb-48bdcef77b9b@crazy-compilers.com>
[-- Attachment #1: Type: text/plain, Size: 2847 bytes --]
On 2023-08-10 00:11:55 +0200, Hartmut Goebel wrote:
> Hi,
>
> sorry for the hard to understand subject.
>
> I need to put a file into a system image (into ~user) which will not be
> recreated or touched when running "system reconfigure" later, even if
> not existent. So this is some kind of "one-time service", removing
> itself on first boot.
>
> Any ideas how to do this?
>
> (One could imagine some self-destructing script creating the file.
> Anyhow AFAIK this script would be recreated on next "system
> reconfigure". Als leaving some "script was run" marker is a bad option,
> as removing the marker would recreate the file, which is to be
> avoided.)
I guess you could have a script that would use the existence of the key itself
as a marker. In that case you would likely want to recreate it if the marker
(key) got deleted, since the machine would be impossible to get into otherwise.
It would run on every boot, but after the very first one it would not do
anything.
>
> Background:
>
> I aim to create Vagrant boxes (machine templates) based on guix system
> images. This works quite well so far, using image format qcow2, putting
> the image and some simple files at the right place and the
> vagrant-libvirt plugin for running the machine. Using a symlink I can
> even avoid copying the boxes disk image out of the store — vagrant will
> create a copy when creating a machine anyway.
I do not have much experience with Vagrant, but I assumed the general idea for
these kind of systems declarative systems is to just recreate the when updates
are required. Is it expected to actually run guix reconfigure inside the VM?
>
> Now for vagrant being able to log into the machine when starting it
> (and eventually "provision" the machine = execute some commands) boxes
> are expected to include an "insecure ssh key" in
> ~vagrant/.ssh/authorized_keys. Vagrant will replace this key by another
> one when creating a machine. So this behavior is reasonable secure.
>
> One possible solution I found (not yet tested and tools not yet in
> guix) is to use one of the guestfstools ([1]https://libguestfs.org/) to
> copy the file into the image. Anyhow this would require copying the box
> out of the store to get a writable file.
> --
> Regards
> Hartmut Goebel
>
> | Hartmut Goebel | [2]h.goebel@crazy-compilers.com |
> | [3]www.crazy-compilers.com | compilers which you thought are impossible |
>
> References
>
> 1. https://libguestfs.org/
> 2. mailto:h.goebel@crazy-compilers.com
> 3. http://www.crazy-compilers.com/
W.
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2023-08-10 12:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-09 22:11 Putting a file into system image ~user/ but not on reconfigure Hartmut Goebel
2023-08-10 12:12 ` wolf [this message]
2023-08-10 12:38 ` Hartmut Goebel
2023-08-13 14:58 ` Efraim Flashner
2023-08-17 19:30 ` Hartmut Goebel
2023-08-18 12:53 ` Efraim Flashner
2023-08-24 18:57 ` Hartmut Goebel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZNTUQ1IWRb29KqrQ@ws \
--to=wolf@wolfsden.cz \
--cc=h.goebel@crazy-compilers.com \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.