First run of 'guix pull' fails to create user profile

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • pelzflorian (Florian Pelz)
Owner
unassigned
Submitted by
pelzflorian (Florian Pelz)
Severity
normal

Debbugs page

pelzflorian (Florian Pelz) wrote 6 years ago
Guix System installer does not set up passwords and profile directories
(address . bug-guix@gnu.org)
20190420125611.m6hb2ftt7ztds275@pelzflorian.localdomain
I installed Guix System from a USB flash drive from the current git
master. The manual describes I should set up a password with passwd.
I think the installer should automate this, so users do not need to
know the passwd command.

After setting a password with `passwd florian` and logging in
as florian, I run `guix pull`. This yields the following error:

pull: error: while creating directory `/var/guix/profiles/per-user/florian': Permission denied
hint: Please create the `/var/guix/profiles/per-user/florian' directory, with you
as the owner.

This persists after a reboot.

sudo mkdir /var/guix/profiles/per-user/florian
sudo chown florian:users /var/guix/profiles/per-user/florian

fixes the issue, but the installer should do this automatically.

Regards,
Florian
Ludovic Courtès wrote 6 years ago
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)(address . 35341-done@debbugs.gnu.org)
87zhoi1hpg.fsf@gnu.org
Hello Florian,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:

Toggle quote (5 lines)
> I installed Guix System from a USB flash drive from the current git
> master. The manual describes I should set up a password with passwd.
> I think the installer should automate this, so users do not need to
> know the passwd command.

I’ll open a separate bug for that.

Toggle quote (7 lines)
> After setting a password with `passwd florian` and logging in
> as florian, I run `guix pull`. This yields the following error:
>
> pull: error: while creating directory `/var/guix/profiles/per-user/florian': Permission denied
> hint: Please create the `/var/guix/profiles/per-user/florian' directory, with you
> as the owner.

Oh, got it.

On a fresh system (one can check with ‘guix system vm bare-bones.tmpl’
for instance), /var/guix/profiles/per-user is 555 and root-owned, so not
writable.

Then, the first time a client such as ‘guix package’ connects to the
daemon, the daemon chmods /var/guix/profiles/per-user to 777
(world-writable), see local-store.cc:89.

Next, ‘guix package’ calls ‘ensure-default-profile’, which creates
/var/guix/profiles/per-user/$USER.

The problem with ‘guix pull’ is that it would call
‘ensure-default-profile’ before it has connected to the daemon.

Fixed in a06a95baffc2005ad1a64c4c3f82fc328e0d0009.

Thanks,
Ludo’.
Closed
Ludovic Courtès wrote 6 years ago
control message for bug #35341
(address . control@debbugs.gnu.org)
87y3421hlh.fsf@gnu.org
retitle 35341 First run of 'guix pull' fails to create user profile
Ludovic Courtès wrote 6 years ago
Re: bug#35341: Guix System installer does not set up passwords and profile directories
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
87imv61h68.fsf@gnu.org
Hi,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:

Toggle quote (5 lines)
> I installed Guix System from a USB flash drive from the current git
> master. The manual describes I should set up a password with passwd.
> I think the installer should automate this, so users do not need to
> know the passwd command.

I think it’d be nice if the installer would initialize the user
password, and also root’s password (which is empty by default).

The obvious approach would be to add a dialog box in the installer and
then set the ‘password’ field of each <user-account>, and also add a
<user-account> for root itself with the ‘password’ field set.

The problem with this approach is that password hashes would end
world-readable in the store, so we would need to add warnings asking
users to change passwords after logging in. Not great.

Another option would be to have an activation snippet that runs when
booting the newly installed system: if would check for a flag or
something (it could check for uninitialized passwords), and if it
determines it’s a first boot, open a dialog box asking for passwords.
We’d need to add a “post-install” service in the OS config that would do
just that.

That would be the most robust approach, but it’s also a bit more work I
guess. It’s also not so nice that users will see this extra service in
their config.

Thoughts?

Ludo’.
pelzflorian (Florian Pelz) wrote 6 years ago
(name . Ludovic Courtès)(address . ludo@gnu.org)
20190422102118.ly55whr2mjtem6pv@pelzflorian.localdomain
Why can’t the installer just chroot into the new system and call
passwd?

Regards,
Florian
?
Your comment

This issue is archived.

To comment on this conversation send an email to 35341@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 35341
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help