bug#54545: [Guix Home] ‘shepherd’ started twice?

[Ludovic Courtès]

Hi,

Andrew Tropin  skribis:

> Activation script tries to load latest shepherd configuration with `herd
> load root ./path/to/config.scm` and it starts a shepherd process.  Login
> shell starts the shepherd process as well.  Probably we need to do
> config reload using on-change service and also not trigger on-change
> stuff if user isn't logged in.

Makes sense.

> I can think on the proper solution and make a patch with a fix later
> this week or beginning of the next week.

Awesome, thanks for taking a look!

Ludo’.

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 20:43 [+0200]:
> 2. If I create my own channel from scratch,
> then I have to authorize it with my key.
> Thus I know the commit and the key fingerprint.

You don't have to do any authorization -- you can skip .guix-
authorization and channel introductions.  However, by skipping this,
you lose some nice security properties, so I cannot recommend this if
the channel is published over the Internet or something for other
people.  But if it's purely local, then skipping it is probably fine.

Greetings,
Maxime.


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 20:43 [+0200]:
> 3. For a local repository, use (url "file://") or (url "/path").

Yes, that should work.

Greetings,
Maxime.


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 20:43 [+0200]:
> 1. If I clone someone else's channel, do not bother with the
> introduction.

If with ‘clone’ you mean a ‘local git checkout+modifications’ here, and
its a local clone, then probably yes --- if some attacker can replace
the contents of your local repository, that's not something in Guix'
threat model ...

Now, if you choose to publish your modified version of someone's
channel to other people, then the other people might appreciate to have
introductions and .guix-authorization set-up.

Greetings,
Maxime.


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 20:43 [+0200]:
> Regarding point 4.: I meant both /etc/config.scm and
> ~/src/guix-config/home-configuration.scm .
> My understanding is that it should be possible to define private
> (user specific) channels.
> I could be wrong here.
> I do not like the ~/.config/guix/channels.scm file,
> because it lives outside of the home configuration.

FWIW, you can create a symlink from ~/.config/guix/channels.scm to
~/src/guix-config/channels.scm and modify ~/src/guix-
config/channels.scm.  That way, the configuration files live together,
which might be close enough for your purposes.

> I would rather have it generated from the home config file.

You can define user-specific channels, in ~/.config/guix/channels.scm.
I suppose it might be technically possible to write a home
configuration that puts a file in ~/.config/guix/channels.scm and/or
runs the equivalent of "guix pull".

However, that's too late.  What you want is the home or system to be
reconfigured with a certain guix+channels Y mentioned in the home or
system configuration.  But when you run "guix system reconfigure", that
reconfiguration is performed with guix X.  While after the
reconfiguration, the guix is updated, the reconfiguration uses the old
guix.

Greetings,
Maxime.


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Marek Paśnikowski]

Thank you for the quick reply.

Those are my conclusions:

1. If I clone someone else's channel, do not bother with the
introduction.

2. If I create my own channel from scratch,
then I have to authorize it with my key.
Thus I know the commit and the key fingerprint.

3. For a local repository, use (url "file://") or (url "/path").

Is any of these wrong?

Regarding point 4.: I meant both /etc/config.scm and
~/src/guix-config/home-configuration.scm .
My understanding is that it should be possible to define private
(user specific) channels.
I could be wrong here.
I do not like the ~/.config/guix/channels.scm file,
because it lives outside of the home configuration.
I would rather have it generated from the home config file.

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Maxime Devos schreef op ma 04-04-2022 om 19:53 [+0200]:
> Marek Paśnikowski schreef op ma 04-04-2022 om 18:21 [+0200]:
> > 3. How do I declare a local repository?
> 
> The same way as an external repository.  Just replace the
> "https://...;
> of the repo at savannah with
> "file://home/user/location/of/git/repository".  But yes, this could
> be
> documented ...

Or simpler: "/home/user/location/of/..." might work too ...


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 18:21 [+0200]:
> 2. What ==is== the channel introduction?

From (guix)Channel Authentication:

   As a user, you must provide a “channel introduction” in your
channels file so that Guix knows how to authenticate its first commit.
A channel specification, including its introduction, looks something
along these lines:

 (channel
   (name 'some-channel)
   (url "https://example.org/some-channel.git;)
   (introduction
(make-channel-introduction
 "6f0d8cc0d88abb59c324b2990bfee2876016bb86"
 (openpgp-fingerprint
  "CABB A931 C0FF EEC6 900D  0CFB 090B 1199 3D9A EBB5"

It's the (make-channel-introduction [...]) thing.  It's just a bunch of
information that Guix can use to authenticate the first commit of the
channel.  Also see ...

> Which commit am I supposed to use?

The first commit that adds (or in your case, modifies) the .guix-
authorization file.  From (guix)Specifying Channel Authorizations:

   This authentication rule creates a chicken-and-egg issue: how do we
authenticate the first commit?  Related to that: how do we deal with
channels whose repository history contains unsigned commits and lack
‘.guix-authorizations’?  And how do we fork existing channels?

   Channel introductions answer these questions by describing the first
commit of a channel that should be authenticated.  The first time a
channel is fetched with ‘guix pull’ or ‘guix time-machine’, the command
looks up the introductory commit and verifies that it is signed by the
specified OpenPGP key.  From then on, it authenticates commits
according to the rule above.  Authentication fails if the target commit
is neither a descendant nor an ancestor of the introductory commit.

Greetings,
Maxime.


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 18:21 [+0200]:

> How do I find the PGP fingerprint?

(guix)Channel Authentication
   The specification above shows the name and URL of the channel.  The
call to ‘make-channel-introduction’ above specifies that authentication
of this channel starts at commit ‘6f0d8cc...’, which is signed by the
OpenPGP key with fingerprint ‘CABB A931...’.

The PGP fingerprint is the PGP fingerprint that is used to sign the
commit.  You can find it in the PGP application you used to create your
PGP key.

Greetings,
Maxime.




signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 18:21 [+0200]:
> 1. (channel (introduction -)) is not mentioned at all.

It isn't in (guix)Specifying Aditional Channels, because its optional
(albeit nice to have for security).  It is documented in the next few
sections.


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 18:21 [+0200]:
> 4. How do I declare a channel within the config.scm file?

What do you mean with ‘the config.scm file’ here?  The operating system
configuration file, which is conventionally named configuration.scm or
config.scm but in principle can be named anything?  The
~/.config/guix/current/channels.scm file?  The Guix Home configuration
(if any)?  The manifest used for the user profile (if any, using "guix
install" and friends is also an option)?

Greetings,
Maxime.


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Maxime Devos]

Marek Paśnikowski schreef op ma 04-04-2022 om 18:21 [+0200]:
> 3. How do I declare a local repository?

The same way as an external repository.  Just replace the "https://...;
of the repo at savannah with
"file://home/user/location/of/git/repository".  But yes, this could be
documented ...

Greetings,
Maxime.


signature.asc
Description: This is a digitally signed message part

bug#54711: Bad Documentation Series: 6.1 Specifying Additional Channels

[Marek Paśnikowski]

Dear Guix Developers

I love the Guix's vision of system management.
Thank you for your hard work to implement it.

It pains me greatly to see the documentation be completely useless.
It gives descriptions of Guix programs,
but almost nothing usable for configuration files.

I am considering filing a bug report for each inadequate chapter.
Please reply whether this is welcome.
My aim is to rewrite the documentation in a way usable to someone,
who has never used Guix before.

I decided to prioritize channel documentation,
because this is my current blocker.
My goal is to keep a local mirror of the guix repository,
with my personal changes and additions.
Following is the list of the documentation problems.

1. (channel (introduction -)) is not mentioned at all.

2. What ==is== the channel introduction?
Which commit am I supposed to use?
How do I find the PGP fingerprint?

3. How do I declare a local repository?

4. How do I declare a channel within the config.scm file?

Respectfully,
Guix Noob
Marek Pasnikowski

bug#54708: I seemed to have found a bug in guix pull (networking issues may be involved)

[jbranso--- via Bug reports for GNU Guix]

Hello!
I tried running guix pull today, which resulted in an error. I am using a 
osbooted (libreboot) T400 Thinkpad on Guix System. I have been having some 
bizzare networking issues that I have not fixed yet. They may have played a 
role. Here is the output of the error message:
joshua@hidalgo ~ (master) [1]> guix pull
Updating channel 'guix' from Git repository at 
'https://git.savannah.gnu.org/git/guix.git'...
guix pull: error: Git error: failed to resolve address for 
git.savannah.gnu.org: Temporary failure in name resolution
joshua@hidalgo ~ (master) [1]> guix pull
Updating channel 'guix' from Git repository at 
'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 9bd4ed3 (132 new commits)...
Building from this channel:
 guix https://git.savannah.gnu.org/git/guix.git 9bd4ed3
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
 module-import 2KiB 18KiB/s 00:00 [##] 100.0%
 module-import-compiled 1.2MiB 14KiB/s 01:28 [##] 100.0%
 compute-guix-derivation 1004B 425KiB/s 00:00 [##] 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
 git-minimal-2.35.1 993KiB/s 00:04 | 3.6MiB transferre
 |Backtrace:
 14 (primitive-load 
"/gnu/store/2gdcck1lsrmv1n9c814bl4xxk69b4y49-compute-guix-derivation")
In ice-9/eval.scm:
 155:9 13 (_ _)
 159:9 12 (_ #(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#(# ?) ?) ?) ?) 
?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?))
In ice-9/boot-9.scm:
 152:2 11 (with-fluid* _ _ _)
 152:2 10 (with-fluid* _ _ _)
In ./guix/store.scm:
 2129:24 9 (run-with-store # # ?)
 1966:8 8 (_ #)
In ./guix/gexp.scm:
 299:22 7 (_ #)
 1180:2 6 (_ #)
 1046:2 5 (_ #)
 892:4 4 (_ #)
In ./guix/store.scm:
 2014:12 3 (_ #)
 1406:5 2 (map/accumulate-builds # 
# ?)
 1421:15 1 (_ # 
("/gnu/store/mlqacmkzh8ir2aqs42zc24jbk1vkgk2x-git-minimal-?") ?)
 1421:15 0 (loop #f)

./guix/store.scm:1421:15: In procedure loop:
ERROR:
 1. :
 message: "some substitutes for the outputs of derivation 
`/gnu/store/mlqacmkzh8ir2aqs42zc24jbk1vkgk2x-git-minimal-2.35.1.drv' failed 
(usually happens due to networking issues); try `--fallback' to build 
derivation from source "
 status: 1
guix pull: error: You found a bug: the program 
'/gnu/store/2gdcck1lsrmv1n9c814bl4xxk69b4y49-compute-guix-derivation'
failed to compute the derivation for Guix (version: 
"9bd4ed3dded7b770f1989f6084d565f7086fdcd3"; system: "x86_64-linux";
host version: "fff27ded10fec7efaec11a231324681fb8dd0857"; pull-version: 1).
Please report the COMPLETE output above by email to .

joshua@hidalgo ~ (master) [1]>
Thanks!

bug#54666: Installation without non-root user accounts

[Mathieu Othacehe]

Hey Ludo,

> To address that, maybe ‘run-user-add-page’ should explicitly reject
> “root”?

Here are two patches that should fix this issue :).

Thanks,

Mathieu
>From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe 
Date: Mon, 4 Apr 2022 16:36:07 +0200
Subject: [PATCH 1/2] installer: user: Forbid root user creation.

Forbid root user creation as it could lead to a system without any
non-priviledged user accouts.

Fixes: .

* gnu/installer/newt/user.scm (run-user-add-page): Forbid it.
---
 gnu/installer/newt/user.scm | 51 -
 1 file changed, 33 insertions(+), 18 deletions(-)

diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm
index 7c1cc2249d..98b1f5ae9a 100644
--- a/gnu/installer/newt/user.scm
+++ b/gnu/installer/newt/user.scm
@@ -40,6 +40,9 @@ (define* (run-user-add-page #:key (name "") (real-name "")
   (define (pad-label label)
 (string-pad-right label 25))
 
+  (define (root-account? name)
+(string=? name "root"))
+
   (let* ((label-name
   (make-label -1 -1 (pad-label (G_ "Name"
  (label-real-name
@@ -116,10 +119,14 @@ (define (pad-label label)
GRID-ELEMENT-SUBGRID button-grid)
   title)
 
-(let ((error-page
+(let ((error-empty-field-page
(lambda ()
  (run-error-page (G_ "Empty inputs are not allowed.")
- (G_ "Empty input")
+ (G_ "Empty input"
+  (error-root-page
+   (lambda ()
+ (run-error-page (G_ "Root account is automatically created.")
+ (G_ "Root account")
   (receive (exit-reason argument)
   (run-form form)
 (dynamic-wind
@@ -132,22 +139,30 @@ (define (pad-label label)
   (real-name  (entry-value entry-real-name))
   (home-directory (entry-value entry-home-directory))
   (password   (entry-value entry-password)))
-  (if (or (string=? name "")
-  (string=? home-directory ""))
-  (begin
-(error-page)
-(run-user-add-page))
-  (let ((password (confirm-password password)))
-(if password
-(user
- (name name)
- (real-name real-name)
- (home-directory home-directory)
- (password (make-secret password)))
-(run-user-add-page #:name name
-   #:real-name real-name
-   #:home-directory
-   home-directory)
+  (cond
+   ;; Empty field.
+   ((or (string=? name "")
+(string=? home-directory ""))
+(begin
+  (error-empty-field-page)
+  (run-user-add-page)))
+   ;; Reject root account.
+   ((root-account? name)
+(begin
+  (error-root-page)
+  (run-user-add-page)))
+   (else
+(let ((password (confirm-password password)))
+  (if password
+  (user
+   (name name)
+   (real-name real-name)
+   (home-directory home-directory)
+   (password (make-secret password)))
+  (run-user-add-page #:name name
+ #:real-name real-name
+ #:home-directory
+ home-directory))
   (lambda ()
 (destroy-form-and-pop form)))
 
-- 
2.34.0

>From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe 
Date: Mon, 4 Apr 2022 16:38:09 +0200
Subject: [PATCH 2/2] installer: user: Remove useless filtering.

* gnu/installer/user.scm (users->configuration): Remove root account filtering
that is now performed in the "run-user-add-page" procedure.
---
 gnu/installer/user.scm | 9 ++---
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/gnu/installer/user.scm b/gnu/installer/user.scm
index c894a91dc8..b042c9790d 100644
--- a/gnu/installer/user.scm
+++ b/gnu/installer/user.scm
@@ -69,10 +69,5 @@ (define (user->sexp user)
   (supplementary-groups '("wheel" "netdev"
   "audio" "video"
 
-  `((users (cons*
-,@(filter-map (lambda (user)
-;; Do not 

bug#54691: fortune-mod propagates various non-nice things

[Maxime Devos]

Liliana Marie Prikler schreef op zo 03-04-2022 om 19:26 [+0200]:
> I think this should be reported upstream.  From what I could gather in
> a short time, upstream appears both active (last commit 18 days ago)
> and willing to make adjustments for "political correctness" (some two
> years ago, they removed a lot of blonde jokes, though some simply got
> demoted to still sexist jokes about women instead, and off is still
> fair game for those, so...), so I think talking will get us further
> than one-sided deletion here.

Looks like upstream disagrees:
.

Greetings,
Maxime.


signature.asc
Description: This is a digitally signed message part

bug#54654: libx11 libxcursor handling - Problems with big cursors not working in Java and xterm

[Danny Milosavljevic]

For future reference: 

* See also bug# 54680 for a patch to xterm.
* See also bug# 54701 for a patch to openjdk.



pgpvm3Thv6cS3.pgp
Description: OpenPGP digital signature

bug#53580: /var/run/shepherd/socket is missing on an otherwise functional system

[Attila Lendvai]

FTR,

the issue is that when Shepherd is booting up, i.e. starting from its config 
file, it calls the start forms without guarding for any possible exceptions. 
any error propagates up beyond the loop and up until an unwind protect that 
deletes the socket.

the reason my system seemed fully functional is that my service was pretty much 
the last one to be started.

--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“I made up the term 'object-oriented', and I can tell you I didn't have C++ in 
mind.”
— Alan Kay, OOPSLA '97

bug#53047: (No Subject)

[Attila Lendvai]

closing it because i don't see this anymore, and i have no idea what triggered 
this error, and what has resolved it.

--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“Governments don’t want a population capable of critical thinking. They want 
obedient workers, people just smart enough to run the machines and just dumb 
enough to passively accept their situation.”
— George Carlin (1937–2008), paraphrased

bug#54545: [Guix Home] ‘shepherd’ started twice?

[Andrew Tropin]

On 2022-03-24 15:21, Ludovic Courtès wrote:

> Hi,
>
> From what can be seen in ‘guix home container’, it would seem that
> ‘shepherd’ is started twice, leading to this error while attempting to
> bind(2) the second time (thus it’s actually harmless, but suboptimal):
>
> --8<---cut here---start->8---
> $ ./pre-inst-env  guix home container /tmp/t.scm
> WARNING: (guile-user): imported module (guix build utils) overrides core 
> binding `delete'
> Symlinking /home/ludo/.bash_profile -> 
> /gnu/store/flqaxzvgfv2g3415mhmq6c0zbzdzv2k4-bash_profile... done
> Symlinking /home/ludo/.profile -> 
> /gnu/store/dann7r1095xll0kji5yl0ql07096rc8j-shell-profile... done
> Symlinking /home/ludo/.bashrc -> 
> /gnu/store/g78w0adqg25z3jl8jq71n0n0z32f7dbx-bashrc... done
> Symlinking /home/ludo/.config/fontconfig/fonts.conf -> 
> /gnu/store/4261pxafny0g2myhh9yj1771ry7k05lc-fonts.conf... done
>  done
> Finished updating symlinks.
>
> Comparing /gnu/store/non-existing-generation/profile/share/fonts and
>   
> /gnu/store/vvfrdbvmb0g41k00xxmd9qpgzavkvd32-home/profile/share/fonts... done 
> (same)
> Evaluating on-change gexps.
>
> On-change gexps evaluation finished.
>
> Service root has been started.
> WARNING: Use of `load' in declarative module (#{ g56}#).  Add #:declarative? 
> #f to your define-module invocation.
> Starting services...
> Service mcron has been started.
>
> Service root has been started.
> WARNING: Use of `load' in declarative module (#{ g56}#).  Add #:declarative? 
> #f to your define-module invocation.
> Starting services...
> Service mcron has been started.
>
> Backtrace:
>4 (primitive-load "/gnu/store/vza48khbaq0fdmcsrn27xj5y5yy?")
> In shepherd.scm:
> ~$316:10  3 (main "--logfile" "/home/ludo/.local/var/log/shepherd.?" ?)
> 56:14  2 (call-with-server-socket "/run/user/1000/shepherd/sock?" ?)
>  49:6  1 (open-server-socket "/run/user/1000/shepherd/socket")
> In unknown file:
>0 (bind # #(1 "/run/user/1000?") #)
>
> ERROR: In procedure bind:
> In procedure bind: Address already in use
> --8<---cut here---end--->8---
>
> I suspect the problem is in activation snippets, but I’m open to other
> hypotheses.  :-)
>
> Thoughts?
>
> Ludo’.
>
>

Can confirm.

Activation script tries to load latest shepherd configuration with `herd
load root ./path/to/config.scm` and it starts a shepherd process.  Login
shell starts the shepherd process as well.  Probably we need to do
config reload using on-change service and also not trigger on-change
stuff if user isn't logged in.  I can think on the proper solution and
make a patch with a fix later this week or beginning of the next week.

-- 
Best regards,
Andrew Tropin


signature.asc
Description: PGP signature