Received: (at 37162) by debbugs.gnu.org; 31 Aug 2019 06:03:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Aug 31 02:03:59 2019
Received: from localhost ([127.0.0.1]:54952 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i3wUR-00026s-7O
for submit <at> debbugs.gnu.org; Sat, 31 Aug 2019 02:03:59 -0400
Received: from mail-pl1-f177.google.com ([209.85.214.177]:45510)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i3wUP-00026g-3z
for 37162 <at> debbugs.gnu.org; Sat, 31 Aug 2019 02:03:57 -0400
Received: by mail-pl1-f177.google.com with SMTP id y8so4302462plr.12
for <37162 <at> debbugs.gnu.org>; Fri, 30 Aug 2019 23:03:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:in-reply-to:references:user-agent:date
:message-id:mime-version:content-transfer-encoding;
bh=F2SNzDm7FWaHcpRCXJf9aA4GOLtFF2bF5sDKX2Ihyno=;
b=q73Hq3LHSR1CcAYer56L16f+zOgGUdmZfD9NV4FLScBphIeBP+d2boFrGFMj6mdGTO
h7eC7JYMuGdrrpmCq/oRw5lAh3lWN9S75J2JqGKQtKC9SMvXCEMiSFpxeosNthxQJOdD
/v+L8ALJtCM7eSaVCcCq+jMHWkSWeQK8w1JJahLNjEk1pILuFqb7UNNDIQ4Ywk/nhmiV
8iuO1gpfd46SUaabPf8d+PSKAPkv8XzGW/DHipTeIyAe2NgZl3v6+1TBR4HvoGYPaCWv
23Wo5gNyFqSI4jwkrQBNVGIhkn6N4gzYghrP9FDq88dy93CoZI+GndC7qrd0DKdkqLc0
hQgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:in-reply-to:references
:user-agent:date:message-id:mime-version:content-transfer-encoding;
bh=F2SNzDm7FWaHcpRCXJf9aA4GOLtFF2bF5sDKX2Ihyno=;
b=tma2iLE928UmxJDhBJdAo9j7NAM1OwTTaPJ9tdNQXmzTiIxapqGxEMRQ+qXhsAyK90
DGTVuWnxN5ioNAS+YYO4hffK/d8qD18nejaQwMATYarmpF7aELuI/sTJOqHGfSZwyeQb
qoBvV2fP4rp5mi0AQHWucuMvtUflzAPk2xfKdFC4dO6vtfEDM6eL4Ota39xwg0qXCAkz
znrvaqUFYPs7CY8VJNXGoA1MzHx/Ypu18FM36YN15lZxZHkDQMFzlOXYcf3IAL+AegIG
DGO1w0ddIyw7Cc0+KOeIUHsJOsKD5IS0F1NGdq9V+L9D6etNu3gJ5GxcChtxn2UrI8tE
ABnw==
X-Gm-Message-State: APjAAAUiZMwr/jpczclDcRTWPSMnpXZxkGYb64UgsWJaUToT/JScxFAO
JNzunPEr01p01d1umHlHRkKV9aOf
X-Google-Smtp-Source: APXvYqzGGJxYygZ3tB29GXZ1N394npFbBKIul5GtluF8avpfoyhPsny4xKphlcp6oysq8uKhNfPwIw==
X-Received: by 2002:a17:902:20ec:: with SMTP id
v41mr19211180plg.117.1567231431263;
Fri, 30 Aug 2019 23:03:51 -0700 (PDT)
Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6])
by smtp.gmail.com with ESMTPSA id p5sm8313140pfg.184.2019.08.30.23.03.46
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 30 Aug 2019 23:03:47 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Subject: Re: bug#37162: =?utf-8?Q?=E2=80=98guix?= pack -f =?utf-8?Q?docker?=
=?utf-8?Q?=E2=80=99?= creates an image without /etc/passwd
In-Reply-To: <87y2zg2x7z.fsf@HIDDEN> ("Ludovic
\=\?utf-8\?Q\?Court\=C3\=A8s\=22\?\=
\=\?utf-8\?Q\?'s\?\= message of "Mon, 26 Aug 2019 09:37:52 +0200")
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
<871rx9jjl2.fsf@HIDDEN> <87y2zge11z.fsf@HIDDEN>
<87y2zg2x7z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
Date: Sun, 01 Sep 2019 00:02:32 +0900
Message-ID: <87k1at5qev.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 37162
Cc: Ricardo Wurmus <rekado@HIDDEN>, 37162 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hello! Sorry for the late reply.
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
>
>> Ricardo Wurmus <rekado@HIDDEN> writes:
>>
>>> Hi Maxim,
>>>
>>>> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>>>>
>>>>> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image with=
out
>>>>> /etc/{passwd,group,shadow}.
>>>>>
>>>>> It=E2=80=99s OK most of the time, but again it looks like a gratuitou=
s annoyance
>>>>> for those cases where having them around matters (that=E2=80=99s also=
the reason
>>>>> why guix-daemon creates them.)
>>>>
>>>> Would that include the files required for PAM authentication to work
>>>> correctly? I remember struggling with this use case: using the Docker
>>>> image with CQFD wrapper, which must be able to create a user and
>>>> sudo'ing (or 'su') to it in the docker container.
>>>
>>> I wonder if at this point it wouldn=E2=80=99t be better to build a whol=
e system
>>> container. Isn=E2=80=99t that outside the scope of =E2=80=9Cguix pack=
=E2=80=9D and rather a
>>> task for =E2=80=9Cguix system=E2=80=9D?
>
> I think so.
>
>> Probably! But then one has to wonder if adding some base files to `guix
>> pack' is not one of those slippery slopes where users come back
>> expecting more stuff to be there?
>>
>> What use case(s) exactly depend on the presence of the
>> /etc/{passwd,group,shadow} files?
>
> Generally, absent these files, getpw(3) and co. won=E2=80=99t give useful
> results, and some applications will behave poorly (e.g., the PS1 prompt
> in Bash can=E2=80=99t show the user name; =E2=80=98id=E2=80=99 fails).
I see! I understand better the source of the annoyance now, thanks!
> Most of the time it=E2=80=99s just a minor inconvenience.
It seems OK to me to add those small files since make the experience
better.
Maxim
bug-guix@HIDDEN:bug#37162; Package guix.
Full text available.
Received: (at 37162) by debbugs.gnu.org; 26 Aug 2019 11:39:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Aug 26 07:39:53 2019
Received: from localhost ([127.0.0.1]:45702 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i2DLk-000544-LQ
for submit <at> debbugs.gnu.org; Mon, 26 Aug 2019 07:39:52 -0400
Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21385)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rekado@HIDDEN>) id 1i2DLi-00053v-Ev
for 37162 <at> debbugs.gnu.org; Mon, 26 Aug 2019 07:39:51 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1566819585; cv=none; d=zoho.com; s=zohoarc;
b=oRV2wQIv6RvHZVojNHm19kEgdmxvne0XuHNferm8hdgwp7TnnTDvSMKroWXgd+c4ZkLHrFdY5BHSFLzZr3vy/rx0Q8UKP216o90yiBq9jlDGOKvsF9LpJoyw7kHZJ3845rPsckajh3M/9ZxP1oGvI6vfXSkf/zsdnIPBZ27yRww=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
s=zohoarc; t=1566819585;
h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results;
bh=/+yGczSPp0gc2xxxP5hFJXyTp+MELAUIeVymXIiPkho=;
b=Scpgawz4CSls4k3eifF1/1CTtX3Y+85/ES/dhaLtyoPF/UaAAq9si12GpQaFl2b9eLPU/46QCaboQbp6uc7x5UbuA4BrbSHfT3UzIp4V0XR/FIEHeVCWH72NVtRdwER1Uef5SYRNOBpI+Rn+L/Vmv4p7YiXawooB7WMVANnw5dI=
ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net;
spf=pass smtp.mailfrom=rekado@HIDDEN;
dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1566819585;
s=zoho; d=elephly.net; i=rekado@HIDDEN;
h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
l=1086; bh=/+yGczSPp0gc2xxxP5hFJXyTp+MELAUIeVymXIiPkho=;
b=DXL8p3+RhOtiLjcj2y0S4FZCcCHQiE/74C5EgG3v400OBE76O/X9yAtQ9DdXlXZf
Lb5zSKLfl934NUOBTlESz/XZrOUlw3oVDKCamp1ySLDZUKoUckq1WMtToPmV8YItV2l
IZpIx2X0VyH1Ec+vVR/U7EsTebxO17JjPszHs/OI=
Received: from localhost (141.80.247.250 [141.80.247.250]) by mx.zohomail.com
with SMTPS id 1566819583552303.08425782340237;
Mon, 26 Aug 2019 04:39:43 -0700 (PDT)
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
<871rx9jjl2.fsf@HIDDEN> <87y2zge11z.fsf@HIDDEN>
<87y2zg2x7z.fsf@HIDDEN>
User-agent: mu4e 1.2.0; emacs 26.2
From: Ricardo Wurmus <rekado@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Subject: Re: bug#37162: =?utf-8?Q?=E2=80=98guix?= pack -f =?utf-8?Q?docker?=
=?utf-8?Q?=E2=80=99?= creates an image without /etc/passwd
In-reply-to: <87y2zg2x7z.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
Date: Mon, 26 Aug 2019 13:39:40 +0200
Message-ID: <87sgpoi29v.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 37162
Cc: 37162 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>> What use case(s) exactly depend on the presence of the
>> /etc/{passwd,group,shadow} files?
>
> Generally, absent these files, getpw(3) and co. won=E2=80=99t give useful
> results, and some applications will behave poorly (e.g., the PS1 prompt
> in Bash can=E2=80=99t show the user name; =E2=80=98id=E2=80=99 fails).
>
> Most of the time it=E2=80=99s just a minor inconvenience.
I think it=E2=80=99s fine to add these files to avoid this source of
inconvenience.
Perhaps it would be good to recommend in the manual the use of =E2=80=9Cguix
system=E2=80=9D for those who need more control over the contents of these
files.
And maybe we can make some really simple template system configuration
available to =E2=80=9Cguix system=E2=80=9D without requiring users to fully=
specify the
operating system configuration. I=E2=80=99m thinking of something like this
where %simple-os is made available by default:
(operating-system
(inherit %simple-os)
(packages (list "a" "b" "c")))
--
Ricardo
bug-guix@HIDDEN:bug#37162; Package guix.
Full text available.
Received: (at 37162) by debbugs.gnu.org; 26 Aug 2019 07:38:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Aug 26 03:38:02 2019
Received: from localhost ([127.0.0.1]:45514 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i29Zh-0002xR-Qa
for submit <at> debbugs.gnu.org; Mon, 26 Aug 2019 03:38:02 -0400
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:34251)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1i29Zf-0002wp-Jw
for 37162 <at> debbugs.gnu.org; Mon, 26 Aug 2019 03:38:00 -0400
X-IronPort-AV: E=Sophos;i="5.64,431,1559512800"; d="scan'208";a="317171960"
Received: from unknown (HELO ribbon) ([193.50.110.215])
by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384;
26 Aug 2019 09:37:52 +0200
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#37162: =?utf-8?Q?=E2=80=98guix?= pack -f =?utf-8?Q?docker?=
=?utf-8?Q?=E2=80=99?= creates an image without /etc/passwd
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
<871rx9jjl2.fsf@HIDDEN> <87y2zge11z.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 9 Fructidor an 227 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 26 Aug 2019 09:37:52 +0200
In-Reply-To: <87y2zge11z.fsf@HIDDEN> (Maxim Cournoyer's message of "Mon, 26
Aug 2019 18:19:36 +0900")
Message-ID: <87y2zg2x7z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 37162
Cc: Ricardo Wurmus <rekado@HIDDEN>, 37162 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -6.0 (------)
Hi Maxim,
Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:
> Ricardo Wurmus <rekado@HIDDEN> writes:
>
>> Hi Maxim,
>>
>>> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>>>
>>>> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image witho=
ut
>>>> /etc/{passwd,group,shadow}.
>>>>
>>>> It=E2=80=99s OK most of the time, but again it looks like a gratuitous=
annoyance
>>>> for those cases where having them around matters (that=E2=80=99s also =
the reason
>>>> why guix-daemon creates them.)
>>>
>>> Would that include the files required for PAM authentication to work
>>> correctly? I remember struggling with this use case: using the Docker
>>> image with CQFD wrapper, which must be able to create a user and
>>> sudo'ing (or 'su') to it in the docker container.
>>
>> I wonder if at this point it wouldn=E2=80=99t be better to build a whole=
system
>> container. Isn=E2=80=99t that outside the scope of =E2=80=9Cguix pack=
=E2=80=9D and rather a
>> task for =E2=80=9Cguix system=E2=80=9D?
I think so.
> Probably! But then one has to wonder if adding some base files to `guix
> pack' is not one of those slippery slopes where users come back
> expecting more stuff to be there?
>
> What use case(s) exactly depend on the presence of the
> /etc/{passwd,group,shadow} files?
Generally, absent these files, getpw(3) and co. won=E2=80=99t give useful
results, and some applications will behave poorly (e.g., the PS1 prompt
in Bash can=E2=80=99t show the user name; =E2=80=98id=E2=80=99 fails).
Most of the time it=E2=80=99s just a minor inconvenience.
Ludo=E2=80=99.
bug-guix@HIDDEN:bug#37162; Package guix.
Full text available.
Received: (at 37162) by debbugs.gnu.org; 26 Aug 2019 00:20:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 25 20:20:53 2019
Received: from localhost ([127.0.0.1]:45256 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i22kd-0000Qv-TH
for submit <at> debbugs.gnu.org; Sun, 25 Aug 2019 20:20:53 -0400
Received: from mail-pg1-f175.google.com ([209.85.215.175]:44443)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i22kb-0000Qi-PN
for 37162 <at> debbugs.gnu.org; Sun, 25 Aug 2019 20:20:50 -0400
Received: by mail-pg1-f175.google.com with SMTP id i18so9414535pgl.11
for <37162 <at> debbugs.gnu.org>; Sun, 25 Aug 2019 17:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version:content-transfer-encoding;
bh=MEECShhJHbkW/xCGXMJwo3bvP/s2dnVjbDsOIV7zPGs=;
b=mlQXXWzfRYyHzq7Xhh1dFM4gewGqtHt4MMY/xUioAK5dcd4VrWI8JwkDrVLtfKQOj/
TStRASw/ayAOPePZdNIGcWVT955SA+7igNRjfclzumyATRfRHPfJdGUJM81Wr2Ek4Igt
qZQqUy1q/AsjsP9haWSToZyKVWvJiVlg5Hx20AiB61rrrji9ROy6aYIu/7cguE7Ztm7n
4pfHnnz1847fO8BbThyFRJ/Z1FV84S7mY7oObsf5OT/7Zck82CcKgZFmOZF16lj5EEeM
uAFgJsd02p2IVPSjaa8rm8jEqrtbMHe3BEk/hDJJsrECELRjibbHu5K5e+ysCAXYj5F/
pB8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version:content-transfer-encoding;
bh=MEECShhJHbkW/xCGXMJwo3bvP/s2dnVjbDsOIV7zPGs=;
b=PvO62pCpb5z+FuJPJfoKapWLiJpcv5d7BzQUhHlHxO2gy9ZdmZe/ojzYOu3YJ2VUYw
P3e5txt2BiE+k3AVKccHNdA6i7iyKcQ7KOKTpLlAjx47Sdcl0Z0tZiwq5o/H0MLXnDPk
Pg0tGnAkOl8uVsOwS9aXfZZY7FRmFruSVYDbUdbygdokpr4MSMa5zkU/glGp1ZlzVPBp
7q3ZhLZSEhaUoTKhgEy+UCC6NRj+6Ud2SGjrNGu88ro//sGt7z7EvlE6cW5M5UlNj8dq
uqgRKlfb9LSBEWcLC41IejZnKWJZAIrE0wgVEN7fh4V6WmHKrLe7g5MsEmNeIw+TDNWq
qzew==
X-Gm-Message-State: APjAAAXRJ/PxfduoKpzpm3W1fY5g3L9eJK7xvipfU3xm/szrxF927nb0
8hgvYVbonSmZi9/sU8RMuS32EZqn
X-Google-Smtp-Source: APXvYqy9GGmB8BGh7lSipO0qQO5STcLKgQSFDMKHXEWgJK1Uu5/YQiEBT99Sc+Qff5xw4JEsH0hpOQ==
X-Received: by 2002:a17:90a:256f:: with SMTP id
j102mr17664416pje.14.1566778843684;
Sun, 25 Aug 2019 17:20:43 -0700 (PDT)
Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6])
by smtp.gmail.com with ESMTPSA id s16sm11046682pfs.6.2019.08.25.17.20.41
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 25 Aug 2019 17:20:42 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Ricardo Wurmus <rekado@HIDDEN>
Subject: Re: bug#37162: =?utf-8?Q?=E2=80=98guix?= pack -f =?utf-8?Q?docker?=
=?utf-8?Q?=E2=80=99?= creates an image without /etc/passwd
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
<871rx9jjl2.fsf@HIDDEN>
Date: Mon, 26 Aug 2019 18:19:36 +0900
In-Reply-To: <871rx9jjl2.fsf@HIDDEN> (Ricardo Wurmus's message of "Sun,
25 Aug 2019 18:28:09 +0200")
Message-ID: <87y2zge11z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 37162
Cc: 37162 <at> debbugs.gnu.org,
Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hello Ricardo,
Ricardo Wurmus <rekado@HIDDEN> writes:
> Hi Maxim,
>
>> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>>
>>> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
>>> /etc/{passwd,group,shadow}.
>>>
>>> It=E2=80=99s OK most of the time, but again it looks like a gratuitous =
annoyance
>>> for those cases where having them around matters (that=E2=80=99s also t=
he reason
>>> why guix-daemon creates them.)
>>
>> Would that include the files required for PAM authentication to work
>> correctly? I remember struggling with this use case: using the Docker
>> image with CQFD wrapper, which must be able to create a user and
>> sudo'ing (or 'su') to it in the docker container.
>
> I wonder if at this point it wouldn=E2=80=99t be better to build a whole =
system
> container. Isn=E2=80=99t that outside the scope of =E2=80=9Cguix pack=E2=
=80=9D and rather a
> task for =E2=80=9Cguix system=E2=80=9D?
Probably! But then one has to wonder if adding some base files to `guix
pack' is not one of those slippery slopes where users come back
expecting more stuff to be there?
What use case(s) exactly depend on the presence of the
/etc/{passwd,group,shadow} files?
Maxim
bug-guix@HIDDEN:bug#37162; Package guix.
Full text available.
Received: (at 37162) by debbugs.gnu.org; 25 Aug 2019 16:28:24 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 25 12:28:24 2019
Received: from localhost ([127.0.0.1]:45021 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i1vNP-0003Nx-QM
for submit <at> debbugs.gnu.org; Sun, 25 Aug 2019 12:28:24 -0400
Received: from sender-of-o51.zoho.com ([135.84.80.216]:21261)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rekado@HIDDEN>) id 1i1vNN-0003Np-Jm
for 37162 <at> debbugs.gnu.org; Sun, 25 Aug 2019 12:28:22 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1566750495; cv=none; d=zoho.com; s=zohoarc;
b=Ri/m0FhdQYtLCQ8QkQWWLc5Q9jiItPdc4EpEeN0SUowAbR92II2k6bASn0LV3XMko+JTiHqvE4V4uVnn5hCrwWygeREI/KesB6dIwuQ/lWl61xPWuOHqPSd+MlwV+Wy/1hCajt5IXYuzCnHX/2ZzWLFkQAKGdBQRyUb1ow+QFL8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
s=zohoarc; t=1566750495;
h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results;
bh=pLKE6hH/tKy//40X2EFNhwfTqns8s/TXagvHlKv7LaI=;
b=ZkaTgkYF31XR1EP/mfY9Wiy+MeALaW2Jpes1cjUuEz2V+uD0uz8TpDXGwkMO5PCxKr45s2lrJucqEw5/XgKMiJTVpCnEMTAVP6HZ3OY4/QVM6i5lo9z7Q/ZqRtOHGNZNGn71oAv+PBM0nMVgn2bBDGSDZYzkyzRI8VxcRzMD3DU=
ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net;
spf=pass smtp.mailfrom=rekado@HIDDEN;
dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1566750495;
s=zoho; d=elephly.net; i=rekado@HIDDEN;
h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
l=911; bh=pLKE6hH/tKy//40X2EFNhwfTqns8s/TXagvHlKv7LaI=;
b=VRR+WRiGvOegQeyH/04ptVIiFr+fGBh8wC48U0NFltlII2sgOsdLJ0rkxbKZ7ILY
qebTD0LqxJ1jGmR8lNcvCLhEz3cxvGe5JBoMp3Q+yvg0IXcPTopWK65kxtPfLN4IpFj
7FMx6/FTDNeAr2494cBA7g2/ELX3X9bJMcGeKjB4=
Received: from localhost (p4FD5AFCB.dip0.t-ipconnect.de [79.213.175.203]) by
mx.zohomail.com with SMTPS id 1566750493538471.2959243648992;
Sun, 25 Aug 2019 09:28:13 -0700 (PDT)
References: <87r25c3p0e.fsf@HIDDEN> <87a7bxexs6.fsf@HIDDEN>
User-agent: mu4e 1.2.0; emacs 26.2
From: Ricardo Wurmus <rekado@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#37162: =?utf-8?Q?=E2=80=98guix?= pack -f =?utf-8?Q?docker?=
=?utf-8?Q?=E2=80=99?= creates an image without /etc/passwd
In-reply-to: <87a7bxexs6.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
Date: Sun, 25 Aug 2019 18:28:09 +0200
Message-ID: <871rx9jjl2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 37162
Cc: 37162 <at> debbugs.gnu.org,
Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Maxim,
> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>
>> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
>> /etc/{passwd,group,shadow}.
>>
>> It=E2=80=99s OK most of the time, but again it looks like a gratuitous a=
nnoyance
>> for those cases where having them around matters (that=E2=80=99s also th=
e reason
>> why guix-daemon creates them.)
>
> Would that include the files required for PAM authentication to work
> correctly? I remember struggling with this use case: using the Docker
> image with CQFD wrapper, which must be able to create a user and
> sudo'ing (or 'su') to it in the docker container.
I wonder if at this point it wouldn=E2=80=99t be better to build a whole sy=
stem
container. Isn=E2=80=99t that outside the scope of =E2=80=9Cguix pack=E2=
=80=9D and rather a
task for =E2=80=9Cguix system=E2=80=9D?
--=20
Ricardo
bug-guix@HIDDEN:bug#37162; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 25 Aug 2019 12:33:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 25 08:33:54 2019
Received: from localhost ([127.0.0.1]:43722 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i1riT-0005j6-WE
for submit <at> debbugs.gnu.org; Sun, 25 Aug 2019 08:33:54 -0400
Received: from lists.gnu.org ([209.51.188.17]:51113)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i1riT-0005j0-16
for submit <at> debbugs.gnu.org; Sun, 25 Aug 2019 08:33:53 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34265)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i1riR-0002zy-Nm
for bug-Guix@HIDDEN; Sun, 25 Aug 2019 08:33:52 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: **
X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_50, DATE_IN_FUTURE_06_12,
FREEMAIL_FROM,URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1i1riQ-00073Z-IT
for bug-Guix@HIDDEN; Sun, 25 Aug 2019 08:33:51 -0400
Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]:37290)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1i1riQ-00072l-Ak
for bug-Guix@HIDDEN; Sun, 25 Aug 2019 08:33:50 -0400
Received: by mail-pl1-x635.google.com with SMTP id bj8so8432031plb.4
for <bug-Guix@HIDDEN>; Sun, 25 Aug 2019 05:33:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version:content-transfer-encoding;
bh=6SuONB6vT7WsmxF/XBfM9u2cdj0m+13fNXMZXCu8Rdc=;
b=tt8fAVA8BITCVtns6pjoTJ7I77L5WK0AEIMMi2JhZAcYzGxNpL1WBhhh9VGy2S05K5
qcqGEyEF1HnwlPjv0BNIn6EknijSf7zba30azSTdTTtkIFdSr3X0cuFmZ0yIIUg6ayPr
NtjVNEiqHFIyHF/fxLSA/6sdhc2OKbPyvoeVFqbB5oB5mYf8qnr4IPuf87+A78VLUuWI
DpWWzu3cnbIjw3wCT6IHVLBL1zMNvNAdivprKIQFjRZ4RinOjqAU+jk0EWvB2BHbqyk6
I0ZUuqkdMUP4eYJ+QvQBTPjRqgma50Wid1B0uaSSkEhsAjJ0AEcgnbgzCG09WhTYZ9Az
QT7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version:content-transfer-encoding;
bh=6SuONB6vT7WsmxF/XBfM9u2cdj0m+13fNXMZXCu8Rdc=;
b=Iyas2WkJYBJ1ElRfES4nKWKnv1BVVGOQAEKGbEBP0tpL+blaZJM8s1N91jCUo1yyyC
L8dXq++NgqSsYtbhaRtYzO2A8pZflovYhrbYjmBpepK6ANVS69+pTcIbkFFOm9tLuDtR
tXT5AQvz0LXFRsMCD7kqajNWzmITft3LXpKDRFw7IuPcC21vCikXaOT2StbmW99BEG36
SHHB+5F50chg7n8byMyy/g97+FiMXigkAV3nC02VOStjypV5bavxPj8uMIBpFf5F8ZZW
Zqb+aGOQ3SIdM69ZsUkPYSZkWtmfWcUbUmPJRfMwbE1Vcwc5NaGw4aYf2NOElrXLSDT7
HMDw==
X-Gm-Message-State: APjAAAVyLsT0jspri6YZx9m50mTa/d5N0l/a4HFT9aLAiRpSNkjlElZx
kzvbkTZhXysF8Jy7EeZWpo6JMXhk
X-Google-Smtp-Source: APXvYqzd9+KCDGvH4FPGYOIBX9O99ceLv59iVqgn7qLEByycw5VhLTMdPjJV1wcz9aKXBXyl0j6GGg==
X-Received: by 2002:a17:902:96a:: with SMTP id
97mr7125567plm.264.1566736428842;
Sun, 25 Aug 2019 05:33:48 -0700 (PDT)
Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6])
by smtp.gmail.com with ESMTPSA id 10sm9337590pfv.63.2019.08.25.05.33.47
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 25 Aug 2019 05:33:48 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Subject: Re: bug#37162: =?utf-8?Q?=E2=80=98guix?= pack -f =?utf-8?Q?docker?=
=?utf-8?Q?=E2=80=99?= creates an image without /etc/passwd
References: <87r25c3p0e.fsf@HIDDEN>
Date: Mon, 26 Aug 2019 06:32:41 +0900
In-Reply-To: <87r25c3p0e.fsf@HIDDEN> ("Ludovic
\=\?utf-8\?Q\?Court\=C3\=A8s\=22\?\=
\=\?utf-8\?Q\?'s\?\= message of "Fri, 23 Aug 2019 17:00:49 +0200")
Message-ID: <87a7bxexs6.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 2607:f8b0:4864:20::635
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
Cc: bug-Guix@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Hi Ludovic,
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
> /etc/{passwd,group,shadow}.
>
> It=E2=80=99s OK most of the time, but again it looks like a gratuitous an=
noyance
> for those cases where having them around matters (that=E2=80=99s also the=
reason
> why guix-daemon creates them.)
Would that include the files required for PAM authentication to work
correctly? I remember struggling with this use case: using the Docker
image with CQFD wrapper, which must be able to create a user and
sudo'ing (or 'su') to it in the docker container. I had started
populating base files such as shadow, passwd, etc. but when confronted
with the PAM configuration (which sudo was complaining about), it
appeared intimidating. I then decided to modify my operating system
declaration so that it'd contain the required Shepherd services that
populate /etc, and devise a hack to call
'/var/guix/profiles/system/boot' when the container would start.
The minimal system configuration (+ python stuff, which was the
requirement) I came up with was:
--8<---------------cut here---------------end--------------->8---
;; This is an operating system configuration template for a bare-bone,
;; containerization-friendly setup, with no X11 display server and
;; no Guix daemon / client.
(use-modules (gnu)
(gnu packages bash)
(gnu packages python)
(gnu packages python-xyz)
(gnu packages xml)
(guix packages))
(operating-system
(host-name "robot-framework")
(timezone "America/Montreal")
;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
;; target hard disk, and "my-root" is the label of the target
;; root file system.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sda")))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "builder")
(group "users")
(supplementary-groups '("wheel"))
(home-directory "/home/builder"))
%base-user-accounts))
;; Globally-installed packages.
(packages (cons* python-wrapper
(list python "tk")
python-robotframework
python-robotframework-sshlibrary
python-robotframework-lint
python-xmltodict
%base-packages))
(services (list
;; Enable #!/bin/sh and #!/bin/bash shebangs.
(service special-files-service-type
`(("/bin/bash" ,(file-append (canonical-package bash)
"/bin/bash"))))
(service special-files-service-type
`(("/bin/sh" ,(file-append (canonical-package bash)
"/bin/sh"))))
;; The following is a very small subset extracted of
;; %base-services.
(service login-service-type)
(service udev-service-type (udev-configuration))
(syslog-service)))
;; When using sudo, by default some environment variables such as
;; PYTHONPATH are dropped. Make it so that any environment
;; variables are honored. This is important so that the Guix system
;; profile can work correctly for any user.
(sudoers-file (plain-file "sudoers" "\
root ALL=3D(ALL) ALL
%wheel ALL=3D(ALL) ALL
Defaults !env_reset,!env_delete\n")))
--8<---------------cut here---------------end--------------->8---
Maxim
bug-guix@HIDDEN:bug#37162; Package guix.
Full text available.
Received: (at 37162) by debbugs.gnu.org; 23 Aug 2019 20:16:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Aug 23 16:16:21 2019
Received: from localhost ([127.0.0.1]:41262 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i1Fyv-0008LK-08
for submit <at> debbugs.gnu.org; Fri, 23 Aug 2019 16:16:21 -0400
Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21337)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rekado@HIDDEN>) id 1i1Fys-0008LB-Iw
for 37162 <at> debbugs.gnu.org; Fri, 23 Aug 2019 16:16:19 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1566591373; cv=none; d=zoho.com; s=zohoarc;
b=ChWk5BSHGzeGalTCOL2q8vOsJcTlZgt5mDm1KS2a2/5HTqoEAPLgiCEqvjHZhjuN8lK+1CtJ5kQuXqljzNzqVvh9gIrhbwi58ADMh9dF0CaWY5bRBe8z2Wlh4JUtP0l/4ZRBFgY8MZ8bzl5vKwA3vU/wrFMon3q1jMZdiRulqks=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
s=zohoarc; t=1566591373;
h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results;
bh=6tpZW6p5cmhSRa0x4LV5qN3q8b9zVF3Z2vb7E6j8f6o=;
b=G6khFtornZDCELhPAUrp+UpTrWIlFgg3rA6h1KqPLZxJzitAuybpDjX7r2d19mg4BcWvXRDvXUibDnmtzbyJQlKuXJC2g0NH0UQh5T58nvm2/a987Mj5vWnNYifyKDqe7hMqgxTtCDprv6UVqAbPi1l3Wgo5GYMp65bXXqXSHG0=
ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net;
spf=pass smtp.mailfrom=rekado@HIDDEN;
dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1566591373;
s=zoho; d=elephly.net; i=rekado@HIDDEN;
h=References:From:To:Subject:cc:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
l=917; bh=6tpZW6p5cmhSRa0x4LV5qN3q8b9zVF3Z2vb7E6j8f6o=;
b=Xw7qEYP5uQaYFe2BbFOgjodvMOi4PkIrAzCjD1sA0J+cy8roypP/G4K4uL2h0WEM
/KouSlePjs83z+paJ62bKRxnlC81i49jS0jAQCAcy5ylo7yeRlJG2yg7maIuShOSju/
9WYxsXDFYEtC7P5K9u4Cgmdl0VWHuVqWLEJmBD3U=
Received: from localhost (p54AD4942.dip0.t-ipconnect.de [84.173.73.66]) by
mx.zohomail.com with SMTPS id 1566591371366545.7290245964847;
Fri, 23 Aug 2019 13:16:11 -0700 (PDT)
References: <87r25c3p0e.fsf@HIDDEN>
User-agent: mu4e 1.2.0; emacs 26.2
From: Ricardo Wurmus <rekado@HIDDEN>
To: 37162 <at> debbugs.gnu.org
Subject: Re: bug#37162: =?utf-8?Q?=E2=80=98guix?= pack -f =?utf-8?Q?docker?=
=?utf-8?Q?=E2=80=99?= creates an image without /etc/passwd
In-reply-to: <87r25c3p0e.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
Date: Fri, 23 Aug 2019 22:16:08 +0200
Message-ID: <874l27k587.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 37162
Cc: ludovic.courtes@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
> =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
> /etc/{passwd,group,shadow}.
[=E2=80=A6]
> Unless there are objections, I=E2=80=99d like to create these with just t=
he
> =E2=80=9Croot=E2=80=9D and =E2=80=9Cnobody=E2=80=9D accounts. Or should =
we have a regular unprivileged
> account? But then what should its UID be?
Is there perhaps a configuration that we could add to the Docker image
meta-data to have Docker do the right thing? The right thing might be
to map these files from the host into the container automatically, or to
instruct Docker to create them when starting the container.
I would prefer to accomplish this via configuration =E2=80=9Chints=E2=80=9D=
if possible
instead of creating dummy files with specific contents.
(I don=E2=80=99t know if this is at all possible.)
--
Ricardo
bug-guix@HIDDEN:bug#37162; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 23 Aug 2019 15:00:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Aug 23 11:00:58 2019
Received: from localhost ([127.0.0.1]:40989 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1i1B3h-0003TI-SS
for submit <at> debbugs.gnu.org; Fri, 23 Aug 2019 11:00:58 -0400
Received: from lists.gnu.org ([209.51.188.17]:36402)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1i1B3g-0003TB-HC
for submit <at> debbugs.gnu.org; Fri, 23 Aug 2019 11:00:56 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55756)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludovic.courtes@HIDDEN>) id 1i1B3e-0004aJ-9b
for bug-Guix@HIDDEN; Fri, 23 Aug 2019 11:00:56 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_40,RCVD_IN_DNSWL_HI
autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <ludovic.courtes@HIDDEN>) id 1i1B3c-0003uk-Oy
for bug-Guix@HIDDEN; Fri, 23 Aug 2019 11:00:54 -0400
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:60350)
by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <ludovic.courtes@HIDDEN>)
id 1i1B3c-0003ta-8m
for bug-Guix@HIDDEN; Fri, 23 Aug 2019 11:00:52 -0400
X-IronPort-AV: E=Sophos;i="5.64,421,1559512800"; d="scan'208";a="317043643"
Received: from unknown (HELO ribbon) ([193.50.110.215])
by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384;
23 Aug 2019 17:00:49 +0200
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: bug-Guix@HIDDEN
Subject: =?utf-8?Q?=E2=80=98guix?= pack -f =?utf-8?Q?docker=E2=80=99?=
creates an image without /etc/passwd
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 6 Fructidor an 227 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 23 Aug 2019 17:00:49 +0200
Message-ID: <87r25c3p0e.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 192.134.164.104
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
=E2=80=98guix pack -f docker=E2=80=99 currently creates an image without
/etc/{passwd,group,shadow}.
It=E2=80=99s OK most of the time, but again it looks like a gratuitous anno=
yance
for those cases where having them around matters (that=E2=80=99s also the r=
eason
why guix-daemon creates them.)
Unless there are objections, I=E2=80=99d like to create these with just the
=E2=80=9Croot=E2=80=9D and =E2=80=9Cnobody=E2=80=9D accounts. Or should we=
have a regular unprivileged
account? But then what should its UID be?
Ludo=E2=80=99.
Ludovic Courtès <ludovic.courtes@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#37162; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.