On 21-07-2022 19:13, Andrew Tropin wrote:

The source code is here:

What's the 'guix-home-gc-roots' for? I would expect the reference #$(file-append he "/activate") to be sufficient to keep things from being gc'ed.

        (start #~(make-forkexec-constructor
                  '(#$(file-append he "/activate"))
                  #:user #$user
                  (list (string-append "HOME=" (passwd:dir (getpw #$user))))
                  #:group (group:name (getgrgid (passwd:gid (getpw #$user))))))
I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done already internally by /activate, you could consider doing it in a container to reduce potential irreproducibility, or insecurity on multi-user systems (I'd assume the #:user + #:group to be sufficient for security, especially if it appears sufficient for other system services, but I'm not some expert on what things need to be set).

        (provision (list (symbol-append 'guix-home- (string->symbol user))))
        (one-shot? #t)
        (auto-start? #f)
Wouldn't it then be possible for the user to login via the login manager before initialisation has completed, as gdm etc don't wait for guix-home-... currently?