X-Loop: help-debbugs@HIDDEN
Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 23 Aug 2019 15:01:01 +0000
Resent-Message-ID: <handler.37162.B.156657245813354 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 37162
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: bug-Guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.156657245813354
(code B ref -1); Fri, 23 Aug 2019 15:01:01 +0000
Received: (at submit) by debbugs.gnu.org; 23 Aug 2019 15:00:58 +0000
Received: from localhost ([127.0.0.1]:40989 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i1B3h-0003TI-SS
for submit <at> debbugs.gnu.org; Fri, 23 Aug 2019 11:00:58 -0400
Received: from lists.gnu.org ([209.51.188.17]:36402)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1i1B3g-0003TB-HC
for submit <at> debbugs.gnu.org; Fri, 23 Aug 2019 11:00:56 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55756)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludovic.courtes@HIDDEN>) id 1i1B3e-0004aJ-9b
for bug-Guix@HIDDEN; Fri, 23 Aug 2019 11:00:56 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_40,RCVD_IN_DNSWL_HI
autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <ludovic.courtes@HIDDEN>) id 1i1B3c-0003uk-Oy
for bug-Guix@HIDDEN; Fri, 23 Aug 2019 11:00:54 -0400
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:60350)
by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <ludovic.courtes@HIDDEN>)
id 1i1B3c-0003ta-8m
for bug-Guix@HIDDEN; Fri, 23 Aug 2019 11:00:52 -0400
X-IronPort-AV: E=Sophos;i="5.64,421,1559512800"; d="scan'208";a="317043643"
Received: from unknown (HELO ribbon) ([193.50.110.215])
by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384;
23 Aug 2019 17:00:49 +0200
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 6 Fructidor an 227 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 23 Aug 2019 17:00:49 +0200
Message-ID: <87r25c3p0e.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 192.134.164.104
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
=E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
/etc/{passwd,group,shadow}.
It=E2=80=99s OK most of the time, but again it looks like a gratuitous anno=
yance
for those cases where having them around matters (that=E2=80=99s also the r=
eason
why guix-daemon creates them.)
Unless there are objections, I=E2=80=99d like to create these with just the
=E2=80=9Croot=E2=80=9D and =E2=80=9Cnobody=E2=80=9D accounts. Or should we=
have a regular unprivileged
account? But then what should its UID be?
Ludo=E2=80=99.
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN> Subject: bug#37162: Acknowledgement (=?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd) Message-ID: <handler.37162.B.156657245813354.ack <at> debbugs.gnu.org> References: <87r25c3p0e.fsf@HIDDEN> X-Gnu-PR-Message: ack 37162 X-Gnu-PR-Package: guix Reply-To: 37162 <at> debbugs.gnu.org Date: Fri, 23 Aug 2019 15:01:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 37162 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 37162: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D37162 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd
Resent-From: Ricardo Wurmus <rekado@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 23 Aug 2019 20:17:02 +0000
Resent-Message-ID: <handler.37162.B37162.156659138132078 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 37162
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 37162 <at> debbugs.gnu.org
Cc: ludovic.courtes@HIDDEN
Received: via spool by 37162-submit <at> debbugs.gnu.org id=B37162.156659138132078
(code B ref 37162); Fri, 23 Aug 2019 20:17:02 +0000
Received: (at 37162) by debbugs.gnu.org; 23 Aug 2019 20:16:21 +0000
Received: from localhost ([127.0.0.1]:41262 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i1Fyv-0008LK-08
for submit <at> debbugs.gnu.org; Fri, 23 Aug 2019 16:16:21 -0400
Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21337)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rekado@HIDDEN>) id 1i1Fys-0008LB-Iw
for 37162 <at> debbugs.gnu.org; Fri, 23 Aug 2019 16:16:19 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1566591373; cv=none; d=zoho.com; s=zohoarc;
b=ChWk5BSHGzeGalTCOL2q8vOsJcTlZgt5mDm1KS2a2/5HTqoEAPLgiCEqvjHZhjuN8lK+1CtJ5kQuXqljzNzqVvh9gIrhbwi58ADMh9dF0CaWY5bRBe8z2Wlh4JUtP0l/4ZRBFgY8MZ8bzl5vKwA3vU/wrFMon3q1jMZdiRulqks=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
s=zohoarc; t=1566591373;
h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results;
bh=6tpZW6p5cmhSRa0x4LV5qN3q8b9zVF3Z2vb7E6j8f6o=;
b=G6khFtornZDCELhPAUrp+UpTrWIlFgg3rA6h1KqPLZxJzitAuybpDjX7r2d19mg4BcWvXRDvXUibDnmtzbyJQlKuXJC2g0NH0UQh5T58nvm2/a987Mj5vWnNYifyKDqe7hMqgxTtCDprv6UVqAbPi1l3Wgo5GYMp65bXXqXSHG0=
ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net;
spf=pass smtp.mailfrom=rekado@HIDDEN;
dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1566591373;
s=zoho; d=elephly.net; i=rekado@HIDDEN;
h=References:From:To:Subject:cc:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
l=917; bh=6tpZW6p5cmhSRa0x4LV5qN3q8b9zVF3Z2vb7E6j8f6o=;
b=Xw7qEYP5uQaYFe2BbFOgjodvMOi4PkIrAzCjD1sA0J+cy8roypP/G4K4uL2h0WEM
/KouSlePjs83z+paJ62bKRxnlC81i49jS0jAQCAcy5ylo7yeRlJG2yg7maIuShOSju/
9WYxsXDFYEtC7P5K9u4Cgmdl0VWHuVqWLEJmBD3U=
Received: from localhost (p54AD4942.dip0.t-ipconnect.de [84.173.73.66]) by
mx.zohomail.com with SMTPS id 1566591371366545.7290245964847;
Fri, 23 Aug 2019 13:16:11 -0700 (PDT)
References: <87r25c3p0e.fsf@HIDDEN>
User-agent: mu4e 1.2.0; emacs 26.2
From: Ricardo Wurmus <rekado@HIDDEN>
In-reply-to: <87r25c3p0e.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
Date: Fri, 23 Aug 2019 22:16:08 +0200
Message-ID: <874l27k587.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
> /etc/{passwd,group,shadow}.
[=E2=80=A6]
> Unless there are objections, I=E2=80=99d like to create these with just t=
he
> =E2=80=9Croot=E2=80=9D and =E2=80=9Cnobody=E2=80=9D accounts. Or should =
we have a regular unprivileged
> account? But then what should its UID be?
Is there perhaps a configuration that we could add to the Docker image
meta-data to have Docker do the right thing? The right thing might be
to map these files from the host into the container automatically, or to
instruct Docker to create them when starting the container.
I would prefer to accomplish this via configuration =E2=80=9Chints=E2=80=9D=
if possible
instead of creating dummy files with specific contents.
(I don=E2=80=99t know if this is at all possible.)
--
Ricardo
X-Loop: help-debbugs@HIDDEN
Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd
Resent-From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sun, 25 Aug 2019 12:34:02 +0000
Resent-Message-ID: <handler.37162.B.156673643422021 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 37162
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Cc: bug-Guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.156673643422021
(code B ref -1); Sun, 25 Aug 2019 12:34:02 +0000
Received: (at submit) by debbugs.gnu.org; 25 Aug 2019 12:33:54 +0000
Received: from localhost ([127.0.0.1]:43722 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i1riT-0005j6-WE
for submit <at> debbugs.gnu.org; Sun, 25 Aug 2019 08:33:54 -0400
Received: from lists.gnu.org ([209.51.188.17]:51113)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i1riT-0005j0-16
for submit <at> debbugs.gnu.org; Sun, 25 Aug 2019 08:33:53 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34265)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i1riR-0002zy-Nm
for bug-Guix@HIDDEN; Sun, 25 Aug 2019 08:33:52 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: **
X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_50, DATE_IN_FUTURE_06_12,
FREEMAIL_FROM,URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i1riQ-00073Z-IT
for bug-Guix@HIDDEN; Sun, 25 Aug 2019 08:33:51 -0400
Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]:37290)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1i1riQ-00072l-Ak
for bug-Guix@HIDDEN; Sun, 25 Aug 2019 08:33:50 -0400
Received: by mail-pl1-x635.google.com with SMTP id bj8so8432031plb.4
for <bug-Guix@HIDDEN>; Sun, 25 Aug 2019 05:33:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version:content-transfer-encoding;
bh=6SuONB6vT7WsmxF/XBfM9u2cdj0m+13fNXMZXCu8Rdc=;
b=tt8fAVA8BITCVtns6pjoTJ7I77L5WK0AEIMMi2JhZAcYzGxNpL1WBhhh9VGy2S05K5
qcqGEyEF1HnwlPjv0BNIn6EknijSf7zba30azSTdTTtkIFdSr3X0cuFmZ0yIIUg6ayPr
NtjVNEiqHFIyHF/fxLSA/6sdhc2OKbPyvoeVFqbB5oB5mYf8qnr4IPuf87+A78VLUuWI
DpWWzu3cnbIjw3wCT6IHVLBL1zMNvNAdivprKIQFjRZ4RinOjqAU+jk0EWvB2BHbqyk6
I0ZUuqkdMUP4eYJ+QvQBTPjRqgma50Wid1B0uaSSkEhsAjJ0AEcgnbgzCG09WhTYZ9Az
QT7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version:content-transfer-encoding;
bh=6SuONB6vT7WsmxF/XBfM9u2cdj0m+13fNXMZXCu8Rdc=;
b=Iyas2WkJYBJ1ElRfES4nKWKnv1BVVGOQAEKGbEBP0tpL+blaZJM8s1N91jCUo1yyyC
L8dXq++NgqSsYtbhaRtYzO2A8pZflovYhrbYjmBpepK6ANVS69+pTcIbkFFOm9tLuDtR
tXT5AQvz0LXFRsMCD7kqajNWzmITft3LXpKDRFw7IuPcC21vCikXaOT2StbmW99BEG36
SHHB+5F50chg7n8byMyy/g97+FiMXigkAV3nC02VOStjypV5bavxPj8uMIBpFf5F8ZZW
Zqb+aGOQ3SIdM69ZsUkPYSZkWtmfWcUbUmPJRfMwbE1Vcwc5NaGw4aYf2NOElrXLSDT7
HMDw==
X-Gm-Message-State: APjAAAVyLsT0jspri6YZx9m50mTa/d5N0l/a4HFT9aLAiRpSNkjlElZx
kzvbkTZhXysF8Jy7EeZWpo6JMXhk
X-Google-Smtp-Source: APXvYqzd9+KCDGvH4FPGYOIBX9O99ceLv59iVqgn7qLEByycw5VhLTMdPjJV1wcz9aKXBXyl0j6GGg==
X-Received: by 2002:a17:902:96a:: with SMTP id
97mr7125567plm.264.1566736428842;
Sun, 25 Aug 2019 05:33:48 -0700 (PDT)
Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6])
by smtp.gmail.com with ESMTPSA id 10sm9337590pfv.63.2019.08.25.05.33.47
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 25 Aug 2019 05:33:48 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
References: <87r25c3p0e.fsf@HIDDEN>
Date: Mon, 26 Aug 2019 06:32:41 +0900
In-Reply-To: <87r25c3p0e.fsf@HIDDEN> ("Ludovic
\=\?utf-8\?Q\?Court\=C3\=A8s\=22\?\=
\=\?utf-8\?Q\?'s\?\= message of "Fri, 23 Aug 2019 17:00:49 +0200")
Message-ID: <87a7bxexs6.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 2607:f8b0:4864:20::635
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Hi Ludovic,
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
> /etc/{passwd,group,shadow}.
>
> It=E2=80=99s OK most of the time, but again it looks like a gratuitous an=
noyance
> for those cases where having them around matters (that=E2=80=99s also the=
reason
> why guix-daemon creates them.)
Would that include the files required for PAM authentication to work
correctly? I remember struggling with this use case: using the Docker
image with CQFD wrapper, which must be able to create a user and
sudo'ing (or 'su') to it in the docker container. I had started
populating base files such as shadow, passwd, etc. but when confronted
with the PAM configuration (which sudo was complaining about), it
appeared intimidating. I then decided to modify my operating system
declaration so that it'd contain the required Shepherd services that
populate /etc, and devise a hack to call
'/var/guix/profiles/system/boot' when the container would start.
The minimal system configuration (+ python stuff, which was the
requirement) I came up with was:
--8<---------------cut here---------------end--------------->8---
;; This is an operating system configuration template for a bare-bone,
;; containerization-friendly setup, with no X11 display server and
;; no Guix daemon / client.
(use-modules (gnu)
(gnu packages bash)
(gnu packages python)
(gnu packages python-xyz)
(gnu packages xml)
(guix packages))
(operating-system
(host-name "robot-framework")
(timezone "America/Montreal")
;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
;; target hard disk, and "my-root" is the label of the target
;; root file system.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sda")))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "builder")
(group "users")
(supplementary-groups '("wheel"))
(home-directory "/home/builder"))
%base-user-accounts))
;; Globally-installed packages.
(packages (cons* python-wrapper
(list python "tk")
python-robotframework
python-robotframework-sshlibrary
python-robotframework-lint
python-xmltodict
%base-packages))
(services (list
;; Enable #!/bin/sh and #!/bin/bash shebangs.
(service special-files-service-type
`(("/bin/bash" ,(file-append (canonical-package bash)
"/bin/bash"))))
(service special-files-service-type
`(("/bin/sh" ,(file-append (canonical-package bash)
"/bin/sh"))))
;; The following is a very small subset extracted of
;; %base-services.
(service login-service-type)
(service udev-service-type (udev-configuration))
(syslog-service)))
;; When using sudo, by default some environment variables such as
;; PYTHONPATH are dropped. Make it so that any environment
;; variables are honored. This is important so that the Guix system
;; profile can work correctly for any user.
(sudoers-file (plain-file "sudoers" "\
root ALL=3D(ALL) ALL
%wheel ALL=3D(ALL) ALL
Defaults !env_reset,!env_delete\n")))
--8<---------------cut here---------------end--------------->8---
Maxim
X-Loop: help-debbugs@HIDDEN
Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd
Resent-From: Ricardo Wurmus <rekado@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sun, 25 Aug 2019 16:29:01 +0000
Resent-Message-ID: <handler.37162.B37162.156675050413022 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 37162
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Cc: 37162 <at> debbugs.gnu.org, Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Received: via spool by 37162-submit <at> debbugs.gnu.org id=B37162.156675050413022
(code B ref 37162); Sun, 25 Aug 2019 16:29:01 +0000
Received: (at 37162) by debbugs.gnu.org; 25 Aug 2019 16:28:24 +0000
Received: from localhost ([127.0.0.1]:45021 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i1vNP-0003Nx-QM
for submit <at> debbugs.gnu.org; Sun, 25 Aug 2019 12:28:24 -0400
Received: from sender-of-o51.zoho.com ([135.84.80.216]:21261)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rekado@HIDDEN>) id 1i1vNN-0003Np-Jm
for 37162 <at> debbugs.gnu.org; Sun, 25 Aug 2019 12:28:22 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1566750495; cv=none; d=zoho.com; s=zohoarc;
b=Ri/m0FhdQYtLCQ8QkQWWLc5Q9jiItPdc4EpEeN0SUowAbR92II2k6bASn0LV3XMko+JTiHqvE4V4uVnn5hCrwWygeREI/KesB6dIwuQ/lWl61xPWuOHqPSd+MlwV+Wy/1hCajt5IXYuzCnHX/2ZzWLFkQAKGdBQRyUb1ow+QFL8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
s=zohoarc; t=1566750495;
h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results;
bh=pLKE6hH/tKy//40X2EFNhwfTqns8s/TXagvHlKv7LaI=;
b=ZkaTgkYF31XR1EP/mfY9Wiy+MeALaW2Jpes1cjUuEz2V+uD0uz8TpDXGwkMO5PCxKr45s2lrJucqEw5/XgKMiJTVpCnEMTAVP6HZ3OY4/QVM6i5lo9z7Q/ZqRtOHGNZNGn71oAv+PBM0nMVgn2bBDGSDZYzkyzRI8VxcRzMD3DU=
ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net;
spf=pass smtp.mailfrom=rekado@HIDDEN;
dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1566750495;
s=zoho; d=elephly.net; i=rekado@HIDDEN;
h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
l=911; bh=pLKE6hH/tKy//40X2EFNhwfTqns8s/TXagvHlKv7LaI=;
b=VRR+WRiGvOegQeyH/04ptVIiFr+fGBh8wC48U0NFltlII2sgOsdLJ0rkxbKZ7ILY
qebTD0LqxJ1jGmR8lNcvCLhEz3cxvGe5JBoMp3Q+yvg0IXcPTopWK65kxtPfLN4IpFj
7FMx6/FTDNeAr2494cBA7g2/ELX3X9bJMcGeKjB4=
Received: from localhost (p4FD5AFCB.dip0.t-ipconnect.de [79.213.175.203]) by
mx.zohomail.com with SMTPS id 1566750493538471.2959243648992;
Sun, 25 Aug 2019 09:28:13 -0700 (PDT)
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
User-agent: mu4e 1.2.0; emacs 26.2
From: Ricardo Wurmus <rekado@HIDDEN>
In-reply-to: <87a7bxexs6.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
Date: Sun, 25 Aug 2019 18:28:09 +0200
Message-ID: <871rx9jjl2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Maxim,
> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>
>> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
>> /etc/{passwd,group,shadow}.
>>
>> It=E2=80=99s OK most of the time, but again it looks like a gratuitous a=
nnoyance
>> for those cases where having them around matters (that=E2=80=99s also th=
e reason
>> why guix-daemon creates them.)
>
> Would that include the files required for PAM authentication to work
> correctly? I remember struggling with this use case: using the Docker
> image with CQFD wrapper, which must be able to create a user and
> sudo'ing (or 'su') to it in the docker container.
I wonder if at this point it wouldn=E2=80=99t be better to build a whole sy=
stem
container. Isn=E2=80=99t that outside the scope of =E2=80=9Cguix pack=E2=
=80=9D and rather a
task for =E2=80=9Cguix system=E2=80=9D?
--=20
Ricardo
X-Loop: help-debbugs@HIDDEN
Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd
Resent-From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 26 Aug 2019 00:21:01 +0000
Resent-Message-ID: <handler.37162.B37162.15667788531674 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 37162
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ricardo Wurmus <rekado@HIDDEN>
Cc: 37162 <at> debbugs.gnu.org, Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Received: via spool by 37162-submit <at> debbugs.gnu.org id=B37162.15667788531674
(code B ref 37162); Mon, 26 Aug 2019 00:21:01 +0000
Received: (at 37162) by debbugs.gnu.org; 26 Aug 2019 00:20:53 +0000
Received: from localhost ([127.0.0.1]:45256 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i22kd-0000Qv-TH
for submit <at> debbugs.gnu.org; Sun, 25 Aug 2019 20:20:53 -0400
Received: from mail-pg1-f175.google.com ([209.85.215.175]:44443)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i22kb-0000Qi-PN
for 37162 <at> debbugs.gnu.org; Sun, 25 Aug 2019 20:20:50 -0400
Received: by mail-pg1-f175.google.com with SMTP id i18so9414535pgl.11
for <37162 <at> debbugs.gnu.org>; Sun, 25 Aug 2019 17:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version:content-transfer-encoding;
bh=MEECShhJHbkW/xCGXMJwo3bvP/s2dnVjbDsOIV7zPGs=;
b=mlQXXWzfRYyHzq7Xhh1dFM4gewGqtHt4MMY/xUioAK5dcd4VrWI8JwkDrVLtfKQOj/
TStRASw/ayAOPePZdNIGcWVT955SA+7igNRjfclzumyATRfRHPfJdGUJM81Wr2Ek4Igt
qZQqUy1q/AsjsP9haWSToZyKVWvJiVlg5Hx20AiB61rrrji9ROy6aYIu/7cguE7Ztm7n
4pfHnnz1847fO8BbThyFRJ/Z1FV84S7mY7oObsf5OT/7Zck82CcKgZFmOZF16lj5EEeM
uAFgJsd02p2IVPSjaa8rm8jEqrtbMHe3BEk/hDJJsrECELRjibbHu5K5e+ysCAXYj5F/
pB8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version:content-transfer-encoding;
bh=MEECShhJHbkW/xCGXMJwo3bvP/s2dnVjbDsOIV7zPGs=;
b=PvO62pCpb5z+FuJPJfoKapWLiJpcv5d7BzQUhHlHxO2gy9ZdmZe/ojzYOu3YJ2VUYw
P3e5txt2BiE+k3AVKccHNdA6i7iyKcQ7KOKTpLlAjx47Sdcl0Z0tZiwq5o/H0MLXnDPk
Pg0tGnAkOl8uVsOwS9aXfZZY7FRmFruSVYDbUdbygdokpr4MSMa5zkU/glGp1ZlzVPBp
7q3ZhLZSEhaUoTKhgEy+UCC6NRj+6Ud2SGjrNGu88ro//sGt7z7EvlE6cW5M5UlNj8dq
uqgRKlfb9LSBEWcLC41IejZnKWJZAIrE0wgVEN7fh4V6WmHKrLe7g5MsEmNeIw+TDNWq
qzew==
X-Gm-Message-State: APjAAAXRJ/PxfduoKpzpm3W1fY5g3L9eJK7xvipfU3xm/szrxF927nb0
8hgvYVbonSmZi9/sU8RMuS32EZqn
X-Google-Smtp-Source: APXvYqy9GGmB8BGh7lSipO0qQO5STcLKgQSFDMKHXEWgJK1Uu5/YQiEBT99Sc+Qff5xw4JEsH0hpOQ==
X-Received: by 2002:a17:90a:256f:: with SMTP id
j102mr17664416pje.14.1566778843684;
Sun, 25 Aug 2019 17:20:43 -0700 (PDT)
Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6])
by smtp.gmail.com with ESMTPSA id s16sm11046682pfs.6.2019.08.25.17.20.41
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 25 Aug 2019 17:20:42 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
<871rx9jjl2.fsf@HIDDEN>
Date: Mon, 26 Aug 2019 18:19:36 +0900
In-Reply-To: <871rx9jjl2.fsf@HIDDEN> (Ricardo Wurmus's message of "Sun,
25 Aug 2019 18:28:09 +0200")
Message-ID: <87y2zge11z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hello Ricardo,
Ricardo Wurmus <rekado@HIDDEN> writes:
> Hi Maxim,
>
>> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>>
>>> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
>>> /etc/{passwd,group,shadow}.
>>>
>>> It=E2=80=99s OK most of the time, but again it looks like a gratuitous =
annoyance
>>> for those cases where having them around matters (that=E2=80=99s also t=
he reason
>>> why guix-daemon creates them.)
>>
>> Would that include the files required for PAM authentication to work
>> correctly? I remember struggling with this use case: using the Docker
>> image with CQFD wrapper, which must be able to create a user and
>> sudo'ing (or 'su') to it in the docker container.
>
> I wonder if at this point it wouldn=E2=80=99t be better to build a whole =
system
> container. Isn=E2=80=99t that outside the scope of =E2=80=9Cguix pack=E2=
=80=9D and rather a
> task for =E2=80=9Cguix system=E2=80=9D?
Probably! But then one has to wonder if adding some base files to `guix
pack' is not one of those slippery slopes where users come back
expecting more stuff to be there?
What use case(s) exactly depend on the presence of the
/etc/{passwd,group,shadow} files?
Maxim
X-Loop: help-debbugs@HIDDEN
Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 26 Aug 2019 07:39:01 +0000
Resent-Message-ID: <handler.37162.B37162.156680508211377 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 37162
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Cc: Ricardo Wurmus <rekado@HIDDEN>, 37162 <at> debbugs.gnu.org
Received: via spool by 37162-submit <at> debbugs.gnu.org id=B37162.156680508211377
(code B ref 37162); Mon, 26 Aug 2019 07:39:01 +0000
Received: (at 37162) by debbugs.gnu.org; 26 Aug 2019 07:38:02 +0000
Received: from localhost ([127.0.0.1]:45514 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i29Zh-0002xR-Qa
for submit <at> debbugs.gnu.org; Mon, 26 Aug 2019 03:38:02 -0400
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:34251)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1i29Zf-0002wp-Jw
for 37162 <at> debbugs.gnu.org; Mon, 26 Aug 2019 03:38:00 -0400
X-IronPort-AV: E=Sophos;i="5.64,431,1559512800"; d="scan'208";a="317171960"
Received: from unknown (HELO ribbon) ([193.50.110.215])
by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384;
26 Aug 2019 09:37:52 +0200
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
<871rx9jjl2.fsf@HIDDEN> <87y2zge11z.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 9 Fructidor an 227 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 26 Aug 2019 09:37:52 +0200
In-Reply-To: <87y2zge11z.fsf@HIDDEN> (Maxim Cournoyer's message of "Mon, 26
Aug 2019 18:19:36 +0900")
Message-ID: <87y2zg2x7z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -5.0 (-----)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -6.0 (------)
Hi Maxim,
Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
> Ricardo Wurmus <rekado@HIDDEN> writes:
>
>> Hi Maxim,
>>
>>> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>>>
>>>> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image witho=
ut
>>>> /etc/{passwd,group,shadow}.
>>>>
>>>> It=E2=80=99s OK most of the time, but again it looks like a gratuitous=
annoyance
>>>> for those cases where having them around matters (that=E2=80=99s also =
the reason
>>>> why guix-daemon creates them.)
>>>
>>> Would that include the files required for PAM authentication to work
>>> correctly? I remember struggling with this use case: using the Docker
>>> image with CQFD wrapper, which must be able to create a user and
>>> sudo'ing (or 'su') to it in the docker container.
>>
>> I wonder if at this point it wouldn=E2=80=99t be better to build a whole=
system
>> container. Isn=E2=80=99t that outside the scope of =E2=80=9Cguix pack=
=E2=80=9D and rather a
>> task for =E2=80=9Cguix system=E2=80=9D?
I think so.
> Probably! But then one has to wonder if adding some base files to `guix
> pack' is not one of those slippery slopes where users come back
> expecting more stuff to be there?
>
> What use case(s) exactly depend on the presence of the
> /etc/{passwd,group,shadow} files?
Generally, absent these files, getpw(3) and co. won=E2=80=99t give useful
results, and some applications will behave poorly (e.g., the PS1 prompt
in Bash can=E2=80=99t show the user name; =E2=80=98id=E2=80=99 fails).
Most of the time it=E2=80=99s just a minor inconvenience.
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd
Resent-From: Ricardo Wurmus <rekado@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 26 Aug 2019 11:40:02 +0000
Resent-Message-ID: <handler.37162.B37162.156681959319477 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 37162
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Cc: 37162 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Received: via spool by 37162-submit <at> debbugs.gnu.org id=B37162.156681959319477
(code B ref 37162); Mon, 26 Aug 2019 11:40:02 +0000
Received: (at 37162) by debbugs.gnu.org; 26 Aug 2019 11:39:53 +0000
Received: from localhost ([127.0.0.1]:45702 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i2DLk-000544-LQ
for submit <at> debbugs.gnu.org; Mon, 26 Aug 2019 07:39:52 -0400
Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21385)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rekado@HIDDEN>) id 1i2DLi-00053v-Ev
for 37162 <at> debbugs.gnu.org; Mon, 26 Aug 2019 07:39:51 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1566819585; cv=none; d=zoho.com; s=zohoarc;
b=oRV2wQIv6RvHZVojNHm19kEgdmxvne0XuHNferm8hdgwp7TnnTDvSMKroWXgd+c4ZkLHrFdY5BHSFLzZr3vy/rx0Q8UKP216o90yiBq9jlDGOKvsF9LpJoyw7kHZJ3845rPsckajh3M/9ZxP1oGvI6vfXSkf/zsdnIPBZ27yRww=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
s=zohoarc; t=1566819585;
h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results;
bh=/+yGczSPp0gc2xxxP5hFJXyTp+MELAUIeVymXIiPkho=;
b=Scpgawz4CSls4k3eifF1/1CTtX3Y+85/ES/dhaLtyoPF/UaAAq9si12GpQaFl2b9eLPU/46QCaboQbp6uc7x5UbuA4BrbSHfT3UzIp4V0XR/FIEHeVCWH72NVtRdwER1Uef5SYRNOBpI+Rn+L/Vmv4p7YiXawooB7WMVANnw5dI=
ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net;
spf=pass smtp.mailfrom=rekado@HIDDEN;
dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1566819585;
s=zoho; d=elephly.net; i=rekado@HIDDEN;
h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
l=1086; bh=/+yGczSPp0gc2xxxP5hFJXyTp+MELAUIeVymXIiPkho=;
b=DXL8p3+RhOtiLjcj2y0S4FZCcCHQiE/74C5EgG3v400OBE76O/X9yAtQ9DdXlXZf
Lb5zSKLfl934NUOBTlESz/XZrOUlw3oVDKCamp1ySLDZUKoUckq1WMtToPmV8YItV2l
IZpIx2X0VyH1Ec+vVR/U7EsTebxO17JjPszHs/OI=
Received: from localhost (141.80.247.250 [141.80.247.250]) by mx.zohomail.com
with SMTPS id 1566819583552303.08425782340237;
Mon, 26 Aug 2019 04:39:43 -0700 (PDT)
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
<871rx9jjl2.fsf@HIDDEN> <87y2zge11z.fsf@HIDDEN>
<87y2zg2x7z.fsf@HIDDEN>
User-agent: mu4e 1.2.0; emacs 26.2
From: Ricardo Wurmus <rekado@HIDDEN>
In-reply-to: <87y2zg2x7z.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
Date: Mon, 26 Aug 2019 13:39:40 +0200
Message-ID: <87sgpoi29v.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>> What use case(s) exactly depend on the presence of the
>> /etc/{passwd,group,shadow} files?
>
> Generally, absent these files, getpw(3) and co. won=E2=80=99t give useful
> results, and some applications will behave poorly (e.g., the PS1 prompt
> in Bash can=E2=80=99t show the user name; =E2=80=98id=E2=80=99 fails).
>
> Most of the time it=E2=80=99s just a minor inconvenience.
I think it=E2=80=99s fine to add these files to avoid this source of
inconvenience.
Perhaps it would be good to recommend in the manual the use of =E2=80=9Cguix
system=E2=80=9D for those who need more control over the contents of these
files.
And maybe we can make some really simple template system configuration
available to =E2=80=9Cguix system=E2=80=9D without requiring users to fully=
specify the
operating system configuration. I=E2=80=99m thinking of something like this
where %simple-os is made available by default:
(operating-system
(inherit %simple-os)
(packages (list "a" "b" "c")))
--
Ricardo
X-Loop: help-debbugs@HIDDEN
Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd
Resent-From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sat, 31 Aug 2019 06:04:02 +0000
Resent-Message-ID: <handler.37162.B37162.15672314398119 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 37162
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Cc: Ricardo Wurmus <rekado@HIDDEN>, 37162 <at> debbugs.gnu.org
Received: via spool by 37162-submit <at> debbugs.gnu.org id=B37162.15672314398119
(code B ref 37162); Sat, 31 Aug 2019 06:04:02 +0000
Received: (at 37162) by debbugs.gnu.org; 31 Aug 2019 06:03:59 +0000
Received: from localhost ([127.0.0.1]:54952 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i3wUR-00026s-7O
for submit <at> debbugs.gnu.org; Sat, 31 Aug 2019 02:03:59 -0400
Received: from mail-pl1-f177.google.com ([209.85.214.177]:45510)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i3wUP-00026g-3z
for 37162 <at> debbugs.gnu.org; Sat, 31 Aug 2019 02:03:57 -0400
Received: by mail-pl1-f177.google.com with SMTP id y8so4302462plr.12
for <37162 <at> debbugs.gnu.org>; Fri, 30 Aug 2019 23:03:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:in-reply-to:references:user-agent:date
:message-id:mime-version:content-transfer-encoding;
bh=F2SNzDm7FWaHcpRCXJf9aA4GOLtFF2bF5sDKX2Ihyno=;
b=q73Hq3LHSR1CcAYer56L16f+zOgGUdmZfD9NV4FLScBphIeBP+d2boFrGFMj6mdGTO
h7eC7JYMuGdrrpmCq/oRw5lAh3lWN9S75J2JqGKQtKC9SMvXCEMiSFpxeosNthxQJOdD
/v+L8ALJtCM7eSaVCcCq+jMHWkSWeQK8w1JJahLNjEk1pILuFqb7UNNDIQ4Ywk/nhmiV
8iuO1gpfd46SUaabPf8d+PSKAPkv8XzGW/DHipTeIyAe2NgZl3v6+1TBR4HvoGYPaCWv
23Wo5gNyFqSI4jwkrQBNVGIhkn6N4gzYghrP9FDq88dy93CoZI+GndC7qrd0DKdkqLc0
hQgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:in-reply-to:references
:user-agent:date:message-id:mime-version:content-transfer-encoding;
bh=F2SNzDm7FWaHcpRCXJf9aA4GOLtFF2bF5sDKX2Ihyno=;
b=tma2iLE928UmxJDhBJdAo9j7NAM1OwTTaPJ9tdNQXmzTiIxapqGxEMRQ+qXhsAyK90
DGTVuWnxN5ioNAS+YYO4hffK/d8qD18nejaQwMATYarmpF7aELuI/sTJOqHGfSZwyeQb
qoBvV2fP4rp5mi0AQHWucuMvtUflzAPk2xfKdFC4dO6vtfEDM6eL4Ota39xwg0qXCAkz
znrvaqUFYPs7CY8VJNXGoA1MzHx/Ypu18FM36YN15lZxZHkDQMFzlOXYcf3IAL+AegIG
DGO1w0ddIyw7Cc0+KOeIUHsJOsKD5IS0F1NGdq9V+L9D6etNu3gJ5GxcChtxn2UrI8tE
ABnw==
X-Gm-Message-State: APjAAAUiZMwr/jpczclDcRTWPSMnpXZxkGYb64UgsWJaUToT/JScxFAO
JNzunPEr01p01d1umHlHRkKV9aOf
X-Google-Smtp-Source: APXvYqzGGJxYygZ3tB29GXZ1N394npFbBKIul5GtluF8avpfoyhPsny4xKphlcp6oysq8uKhNfPwIw==
X-Received: by 2002:a17:902:20ec:: with SMTP id
v41mr19211180plg.117.1567231431263;
Fri, 30 Aug 2019 23:03:51 -0700 (PDT)
Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6])
by smtp.gmail.com with ESMTPSA id p5sm8313140pfg.184.2019.08.30.23.03.46
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 30 Aug 2019 23:03:47 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
In-Reply-To: <87y2zg2x7z.fsf@HIDDEN> ("Ludovic
\=\?utf-8\?Q\?Court\=C3\=A8s\=22\?\=
\=\?utf-8\?Q\?'s\?\= message of "Mon, 26 Aug 2019 09:37:52 +0200")
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
<871rx9jjl2.fsf@HIDDEN> <87y2zge11z.fsf@HIDDEN>
<87y2zg2x7z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
Date: Sun, 01 Sep 2019 00:02:32 +0900
Message-ID: <87k1at5qev.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hello! Sorry for the late reply.
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
>
>> Ricardo Wurmus <rekado@HIDDEN> writes:
>>
>>> Hi Maxim,
>>>
>>>> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>>>>
>>>>> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image with=
out
>>>>> /etc/{passwd,group,shadow}.
>>>>>
>>>>> It=E2=80=99s OK most of the time, but again it looks like a gratuitou=
s annoyance
>>>>> for those cases where having them around matters (that=E2=80=99s also=
the reason
>>>>> why guix-daemon creates them.)
>>>>
>>>> Would that include the files required for PAM authentication to work
>>>> correctly? I remember struggling with this use case: using the Docker
>>>> image with CQFD wrapper, which must be able to create a user and
>>>> sudo'ing (or 'su') to it in the docker container.
>>>
>>> I wonder if at this point it wouldn=E2=80=99t be better to build a whol=
e system
>>> container. Isn=E2=80=99t that outside the scope of =E2=80=9Cguix pack=
=E2=80=9D and rather a
>>> task for =E2=80=9Cguix system=E2=80=9D?
>
> I think so.
>
>> Probably! But then one has to wonder if adding some base files to `guix
>> pack' is not one of those slippery slopes where users come back
>> expecting more stuff to be there?
>>
>> What use case(s) exactly depend on the presence of the
>> /etc/{passwd,group,shadow} files?
>
> Generally, absent these files, getpw(3) and co. won=E2=80=99t give useful
> results, and some applications will behave poorly (e.g., the PS1 prompt
> in Bash can=E2=80=99t show the user name; =E2=80=98id=E2=80=99 fails).
I see! I understand better the source of the annoyance now, thanks!
> Most of the time it=E2=80=99s just a minor inconvenience.
It seems OK to me to add those small files since make the experience
better.
Maxim
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.