GNU bug report logs - #35341
First run of 'guix pull' fails to create user profile

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 35341 in the body.
You can then email your comments to 35341 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: bug-guix <at> gnu.org
Subject: Guix System installer does not set up passwords and profile
 directories
Date: Sat, 20 Apr 2019 14:56:11 +0200

I installed Guix System from a USB flash drive from the current git
master.  The manual describes I should set up a password with passwd.
I think the installer should automate this, so users do not need to
know the passwd command.

After setting a password with `passwd florian` and logging in
as florian, I run `guix pull`.  This yields the following error:

pull: error: while creating directory `/var/guix/profiles/per-user/florian': Permission denied
hint: Please create the `/var/guix/profiles/per-user/florian' directory, with you
as the owner.

This persists after a reboot.

sudo mkdir /var/guix/profiles/per-user/florian
sudo chown florian:users /var/guix/profiles/per-user/florian

fixes the issue, but the installer should do this automatically.

Regards,
Florian

Message #10 received at 35341-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: "pelzflorian \(Florian Pelz\)" <pelzflorian <at> pelzflorian.de>
Cc: 35341-done <at> debbugs.gnu.org
Subject: Re: bug#35341: Guix System installer does not set up passwords and
 profile directories
Date: Mon, 22 Apr 2019 12:02:03 +0200

Hello Florian,

"pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:

> I installed Guix System from a USB flash drive from the current git
> master.  The manual describes I should set up a password with passwd.
> I think the installer should automate this, so users do not need to
> know the passwd command.

I’ll open a separate bug for that.

> After setting a password with `passwd florian` and logging in
> as florian, I run `guix pull`.  This yields the following error:
>
> pull: error: while creating directory `/var/guix/profiles/per-user/florian': Permission denied
> hint: Please create the `/var/guix/profiles/per-user/florian' directory, with you
> as the owner.

Oh, got it.

On a fresh system (one can check with ‘guix system vm bare-bones.tmpl’
for instance), /var/guix/profiles/per-user is 555 and root-owned, so not
writable.

Then, the first time a client such as ‘guix package’ connects to the
daemon, the daemon chmods /var/guix/profiles/per-user to 777
(world-writable), see local-store.cc:89.

Next, ‘guix package’ calls ‘ensure-default-profile’, which creates
/var/guix/profiles/per-user/$USER.

The problem with ‘guix pull’ is that it would call
‘ensure-default-profile’ before it has connected to the daemon.

Fixed in a06a95baffc2005ad1a64c4c3f82fc328e0d0009.

Thanks,
Ludo’.

Message #15 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: "pelzflorian \(Florian Pelz\)" <pelzflorian <at> pelzflorian.de>
Cc: Mathieu Othacehe <m.othacehe <at> gmail.com>, bug-guix <at> gnu.org
Subject: Re: bug#35341: Guix System installer does not set up passwords and
 profile directories
Date: Mon, 22 Apr 2019 12:13:35 +0200

Hi,

"pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:

> I installed Guix System from a USB flash drive from the current git
> master.  The manual describes I should set up a password with passwd.
> I think the installer should automate this, so users do not need to
> know the passwd command.

I think it’d be nice if the installer would initialize the user
password, and also root’s password (which is empty by default).

The obvious approach would be to add a dialog box in the installer and
then set the ‘password’ field of each <user-account>, and also add a
<user-account> for root itself with the ‘password’ field set.

The problem with this approach is that password hashes would end
world-readable in the store, so we would need to add warnings asking
users to change passwords after logging in.  Not great.

Another option would be to have an activation snippet that runs when
booting the newly installed system: if would check for a flag or
something (it could check for uninitialized passwords), and if it
determines it’s a first boot, open a dialog box asking for passwords.
We’d need to add a “post-install” service in the OS config that would do
just that.

That would be the most robust approach, but it’s also a bit more work I
guess.  It’s also not so nice that users will see this extra service in
their config.

Thoughts?

Ludo’.

Message #18 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Mathieu Othacehe <m.othacehe <at> gmail.com>, bug-guix <at> gnu.org
Subject: Re: bug#35341: Guix System installer does not set up passwords and
 profile directories
Date: Mon, 22 Apr 2019 12:21:18 +0200

Why can’t the installer just chroot into the new system and call
passwd?

Regards,
Florian

Message #21 received at 35341 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: "pelzflorian \(Florian Pelz\)" <pelzflorian <at> pelzflorian.de>
Cc: m.othacehe <at> gmail.com, 35341 <at> debbugs.gnu.org
Subject: Re: bug#35341: Guix System installer does not set up passwords and
 profile directories
Date: Thu, 25 Apr 2019 00:47:45 +0200

Password issue moved to <https://issues.guix.info/issue/35399>.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.