From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 02 10:04:20 2021 Received: (at 45571) by debbugs.gnu.org; 2 Jan 2021 15:04:20 +0000 Received: from localhost ([127.0.0.1]:60387 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kviS4-0001BO-CL for submit@debbugs.gnu.org; Sat, 02 Jan 2021 10:04:20 -0500 Received: from dd26836.kasserver.com ([85.13.145.193]:52548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kviS3-0001BG-6z for 45571@debbugs.gnu.org; Sat, 02 Jan 2021 10:04:19 -0500 Received: from localhost (80-110-127-104.cgn.dynamic.surfer.at [80.110.127.104]) by dd26836.kasserver.com (Postfix) with ESMTPSA id DB048336389B; Sat, 2 Jan 2021 16:04:17 +0100 (CET) Date: Sat, 2 Jan 2021 16:04:15 +0100 From: Danny Milosavljevic To: Leo Prikler , 45571@debbugs.gnu.org Subject: Re: bug#45571: Support stable uids and gids for all accounts Message-ID: <20210102160415.30fcb7e8@scratchpost.org> In-Reply-To: <58174c197a7b42b29927c492d25e28c684d199ea.camel@student.tugraz.at> References: <20210101184838.21869359@scratchpost.org> <2f2fd3d66066b23f31f7db465aea65478ef81e87.camel@student.tugraz.at> <20210101212242.00252cac@scratchpost.org> <58174c197a7b42b29927c492d25e28c684d199ea.camel@student.tugraz.at> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/NZW2313x+dvhmIrRptc8mQU"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 45571 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/NZW2313x+dvhmIrRptc8mQU Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi Leo, > > Considering the goal of Guix, it's weird that with Guix, one needs to > > store&restore /etc/passwd at all. It's state, but not very useful > > one. > > I mean that's how it is right now--but it's still weird. > > With /etc/shadow maybe there's a slightly better case, but note that > > the key > > to find stuff in /etc/shadow can't be the uid--the uid isn't even in > > there! =20 > AFAIU yes, it's state, but not one that Guix can simply do away with.=20 It's easily possible to recreate /etc/passwd from scratch if the uids are always specified in s and thus /etc/passwd would not need to be persistent state anymore. Right now everything from /etc/passwd except the uid and the comment is already specified in . So Guix can indeed simply do away with the persistent state of /etc/passwd--that's why I suggested specifying the uids in the first place. (By now I don't think that's the best way to make UIDs stable, but it's factually incorrect to assert that Guix can't simply do away with that persistent state specifically. It can.) > There is not yet a syntax for keeping secrets, which would be needed to > fully populate /etc from config.scm. Perhaps we'll get there some day. /etc/passwd does not contain secrets. Neither does /etc/group. And /etc/shadow doesn't contain uids. So there is no conflict. --Sig_/NZW2313x+dvhmIrRptc8mQU Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl/wi28ACgkQ5xo1VCww uqW8Uwf+OF0uHzOoKtVm4ZVuoAzXUetEX4xil+pfwjtQc/k0oAmCNzgXFYasASVs cM7reZLqix/lWXk6FmIgMYdvgF6M9SS78aTjCWVcHTJtVuc55XrPIRVtn/P2fPwK sVd3+DkpGN7LXsIJm9DsISU9W4vNMlwgiXLpG4rUqldwwSPmrjfvfpTwMpfuBnRO Uc227svfgQS77AYk06SjyMo1JMQisrSE2x5CzkFs2a+0ceV+jy3Js8xSMXSo67RM 1L7KxGsWgeJKM87/EPP0gzuHFxJIylGysqpChLqEXtX1vIKez6I56OhuRuziodG2 9ewAyJU4vdcNCUbRTHdTGNz1b3G6qA== =IHzF -----END PGP SIGNATURE----- --Sig_/NZW2313x+dvhmIrRptc8mQU--