From unknown Sun Jun 22 00:35:39 2025 X-Loop: help-debbugs@gnu.org Subject: bug#35399: Guix System installer does not set up passwords Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 23 Apr 2019 16:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 35399 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 35399@debbugs.gnu.org X-Debbugs-Original-To: Bug Guix Received: via spool by submit@debbugs.gnu.org id=B.155603553011559 (code B ref -1); Tue, 23 Apr 2019 16:06:02 +0000 Received: (at submit) by debbugs.gnu.org; 23 Apr 2019 16:05:30 +0000 Received: from localhost ([127.0.0.1]:54175 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hIxvG-00030L-Er for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:30 -0400 Received: from eggs.gnu.org ([209.51.188.92]:56189) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hIxvE-00030A-VW for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:29 -0400 Received: from lists.gnu.org ([209.51.188.17]:56437) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hIxv9-00071G-2w for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42336) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hIxv7-0007c8-U3 for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_40, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36685) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hIxv7-000705-19 for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:21 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=51972 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hIxv0-0005zx-FH for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:19 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Tue, 23 Apr 2019 18:05:12 +0200 Message-ID: <87a7ggg11j.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Forwarding discussion from . I wrote: > "pelzflorian (Florian Pelz)" skribis: >=20 > > I installed Guix System from a USB flash drive from the current git > > master. The manual describes I should set up a password with passwd. > > I think the installer should automate this, so users do not need to > > know the passwd command. >=20 > I think it=E2=80=99d be nice if the installer would initialize the user > password, and also root=E2=80=99s password (which is empty by default). >=20 > The obvious approach would be to add a dialog box in the installer and > then set the =E2=80=98password=E2=80=99 field of each , and= also add a > for root itself with the =E2=80=98password=E2=80=99 field = set. >=20 > The problem with this approach is that password hashes would end > world-readable in the store, so we would need to add warnings asking > users to change passwords after logging in. Not great. >=20 > Another option would be to have an activation snippet that runs when > booting the newly installed system: if would check for a flag or > something (it could check for uninitialized passwords), and if it > determines it=E2=80=99s a first boot, open a dialog box asking for passwo= rds. > We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in the = OS config that would do > just that. >=20 > That would be the most robust approach, but it=E2=80=99s also a bit more = work I > guess. It=E2=80=99s also not so nice that users will see this extra serv= ice in > their config. >=20 > Thoughts? To which Florian replied: > Why can=E2=80=99t the installer just chroot into the new system and call > passwd? That makes a lot of sense, I feel silly for not thinking about it. :-) (In fact, we don=E2=80=99t even have to chroot since we can directly use (g= nu build accounts) to write the shadow file in the right place.) I=E2=80=99ll try to give it a spin if nobody beats me=E2=80=A6 Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 24 18:46:41 2019 Received: (at control) by debbugs.gnu.org; 24 Apr 2019 22:46:42 +0000 Received: from localhost ([127.0.0.1]:56723 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJQf3-00033S-Lj for submit@debbugs.gnu.org; Wed, 24 Apr 2019 18:46:41 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50545) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJQf1-00033C-3t for control@debbugs.gnu.org; Wed, 24 Apr 2019 18:46:40 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:39027) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJQev-0008GY-Uh for control@debbugs.gnu.org; Wed, 24 Apr 2019 18:46:33 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=47406 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hJQev-00040s-3B for control@debbugs.gnu.org; Wed, 24 Apr 2019 18:46:33 -0400 Date: Thu, 25 Apr 2019 00:46:30 +0200 Message-Id: <87v9z3c989.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #35399 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) severity 35399 important From unknown Sun Jun 22 00:35:39 2025 X-Loop: help-debbugs@gnu.org Subject: bug#35399: Guix System installer does not set up passwords Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 24 Apr 2019 22:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 35399 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 35399@debbugs.gnu.org Received: via spool by 35399-submit@debbugs.gnu.org id=B35399.155614629612219 (code B ref 35399); Wed, 24 Apr 2019 22:52:02 +0000 Received: (at 35399) by debbugs.gnu.org; 24 Apr 2019 22:51:36 +0000 Received: from localhost ([127.0.0.1]:56732 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJQjn-0003B1-KR for submit@debbugs.gnu.org; Wed, 24 Apr 2019 18:51:35 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51796) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJQjk-0003Al-FI for 35399@debbugs.gnu.org; Wed, 24 Apr 2019 18:51:32 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:39113) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJQjf-0003fw-9U for 35399@debbugs.gnu.org; Wed, 24 Apr 2019 18:51:27 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=47416 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hJQje-0004RI-SQ for 35399@debbugs.gnu.org; Wed, 24 Apr 2019 18:51:27 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87a7ggg11j.fsf@gnu.org> Date: Thu, 25 Apr 2019 00:51:25 +0200 In-Reply-To: <87a7ggg11j.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Tue, 23 Apr 2019 18:05:12 +0200") Message-ID: <87ef5rc902.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: >> Another option would be to have an activation snippet that runs when >> booting the newly installed system: if would check for a flag or >> something (it could check for uninitialized passwords), and if it >> determines it=E2=80=99s a first boot, open a dialog box asking for passw= ords. >> We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in the= OS config that would do >> just that. >>=20 >> That would be the most robust approach, but it=E2=80=99s also a bit more= work I >> guess. It=E2=80=99s also not so nice that users will see this extra ser= vice in >> their config. >>=20 >> Thoughts? > > To which Florian replied: > >> Why can=E2=80=99t the installer just chroot into the new system and call >> passwd? > > That makes a lot of sense, I feel silly for not thinking about it. :-) > > (In fact, we don=E2=80=99t even have to chroot since we can directly use = (gnu > build accounts) to write the shadow file in the right place.) This is implemented by these commits: 91a7c4998f installer: Ask for the root account password. 898677ed17 installer: Ask for user password and initialize /etc/shadow. I ran a full install and confirmed that it works as expected. You=E2=80=99= re of course welcome to try it out! I realized later that I forgot to add a password confirmation box. I guess we should add one, right? Thanks, Ludo=E2=80=99. From unknown Sun Jun 22 00:35:39 2025 X-Loop: help-debbugs@gnu.org Subject: bug#35399: Guix System installer does not set up passwords Resent-From: swedebugia Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 25 Apr 2019 07:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 35399 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 35399@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15561782964606 (code B ref -1); Thu, 25 Apr 2019 07:45:02 +0000 Received: (at submit) by debbugs.gnu.org; 25 Apr 2019 07:44:56 +0000 Received: from localhost ([127.0.0.1]:57343 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJZ3w-0001CE-Jv for submit@debbugs.gnu.org; Thu, 25 Apr 2019 03:44:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58311) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJZ3v-0001Bz-8a for submit@debbugs.gnu.org; Thu, 25 Apr 2019 03:44:55 -0400 Received: from lists.gnu.org ([209.51.188.17]:55435) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJZ3p-0007sa-JY for submit@debbugs.gnu.org; Thu, 25 Apr 2019 03:44:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44450) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJZ3o-0003sv-FJ for bug-guix@gnu.org; Thu, 25 Apr 2019 03:44:49 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJZ3m-0007pY-Vt for bug-guix@gnu.org; Thu, 25 Apr 2019 03:44:48 -0400 Received: from mx1.riseup.net ([198.252.153.129]:43644) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJZ3m-0007nk-OE for bug-guix@gnu.org; Thu, 25 Apr 2019 03:44:46 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id 1EE921A2DFF for ; Thu, 25 Apr 2019 00:44:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1556178285; bh=RxMbvLE15mKhl1qQtv8KOfyCobA4GjlxhuWTv6qLMMU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=hH81wDgzs+Q65z5TliEB6pcoIrH+tRaeeetvunLi++DSQhP3SfJ1H0/DxIX4p75N5 7tzH8mNRLHtkLQc7CSaDGmLFbSQDE+17dnjvEc8wFWz5JwEkzDoUpRBB1aMCO5MfsK ZmQAYst901bINISqDV64DqeQ94hWbI+V7Rbo3b5c= X-Riseup-User-ID: 98305E14C4331785B41064C21078B4A4FB76C85B2A71CA43BA6629CC585D2F5E Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id A2493223382 for ; Thu, 25 Apr 2019 00:44:44 -0700 (PDT) References: <87a7ggg11j.fsf@gnu.org> <87ef5rc902.fsf@gnu.org> From: swedebugia Message-ID: <0440c921-e2d0-99de-01b4-132a8bc35944@riseup.net> Date: Thu, 25 Apr 2019 09:44:42 +0200 MIME-Version: 1.0 In-Reply-To: <87ef5rc902.fsf@gnu.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 198.252.153.129 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -1.4 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) On 2019-04-25 00:51, Ludovic Court=C3=A8s wrote: > Ludovic Court=C3=A8s skribis: >=20 >>> Another option would be to have an activation snippet that runs when >>> booting the newly installed system: if would check for a flag or >>> something (it could check for uninitialized passwords), and if it >>> determines it=E2=80=99s a first boot, open a dialog box asking for pa= sswords. >>> We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in = the OS config that would do >>> just that. >>> >>> That would be the most robust approach, but it=E2=80=99s also a bit m= ore work I >>> guess. It=E2=80=99s also not so nice that users will see this extra = service in >>> their config. >>> >>> Thoughts? >> >> To which Florian replied: >> >>> Why can=E2=80=99t the installer just chroot into the new system and c= all >>> passwd? >> >> That makes a lot of sense, I feel silly for not thinking about it. :-= ) >> >> (In fact, we don=E2=80=99t even have to chroot since we can directly u= se (gnu >> build accounts) to write the shadow file in the right place.) >=20 > This is implemented by these commits: >=20 > 91a7c4998f installer: Ask for the root account password. > 898677ed17 installer: Ask for user password and initialize /etc/shad= ow. >=20 > I ran a full install and confirmed that it works as expected. You=E2=80= =99re of > course welcome to try it out! >=20 > I realized later that I forgot to add a password confirmation box. I > guess we should add one, right? Yes, that sounds like a good idea. --=20 Cheers Swedebugia From unknown Sun Jun 22 00:35:39 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#35399: closed (Re: bug#35399: Guix System installer does not set up passwords) Message-ID: References: <875zr2qt41.fsf@gnu.org> <87a7ggg11j.fsf@gnu.org> X-Gnu-PR-Message: they-closed 35399 X-Gnu-PR-Package: guix Reply-To: 35399@debbugs.gnu.org Date: Thu, 25 Apr 2019 10:26:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1556187962-19358-1" This is a multi-part message in MIME format... ------------=_1556187962-19358-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #35399: Guix System installer does not set up passwords which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 35399@debbugs.gnu.org. --=20 35399: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D35399 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1556187962-19358-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 35399-done) by debbugs.gnu.org; 25 Apr 2019 10:25:59 +0000 Received: from localhost ([127.0.0.1]:57560 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJbZn-00051z-8P for submit@debbugs.gnu.org; Thu, 25 Apr 2019 06:25:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35527) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJbZk-00051l-Sn for 35399-done@debbugs.gnu.org; Thu, 25 Apr 2019 06:25:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:48339) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJbZf-0006gN-19; Thu, 25 Apr 2019 06:25:51 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=48236 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hJbZR-0003XZ-8s; Thu, 25 Apr 2019 06:25:48 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: swedebugia Subject: Re: bug#35399: Guix System installer does not set up passwords References: <87a7ggg11j.fsf@gnu.org> <87ef5rc902.fsf@gnu.org> <0440c921-e2d0-99de-01b4-132a8bc35944@riseup.net> Date: Thu, 25 Apr 2019 12:25:34 +0200 In-Reply-To: <0440c921-e2d0-99de-01b4-132a8bc35944@riseup.net> (swedebugia@riseup.net's message of "Thu, 25 Apr 2019 09:44:42 +0200") Message-ID: <875zr2qt41.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 35399-done Cc: 35399-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) swedebugia skribis: > On 2019-04-25 00:51, Ludovic Court=C3=A8s wrote: >> Ludovic Court=C3=A8s skribis: >> >>>> Another option would be to have an activation snippet that runs when >>>> booting the newly installed system: if would check for a flag or >>>> something (it could check for uninitialized passwords), and if it >>>> determines it=E2=80=99s a first boot, open a dialog box asking for pas= swords. >>>> We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in t= he OS config that would do >>>> just that. >>>> >>>> That would be the most robust approach, but it=E2=80=99s also a bit mo= re work I >>>> guess. It=E2=80=99s also not so nice that users will see this extra s= ervice in >>>> their config. >>>> >>>> Thoughts? >>> >>> To which Florian replied: >>> >>>> Why can=E2=80=99t the installer just chroot into the new system and ca= ll >>>> passwd? >>> >>> That makes a lot of sense, I feel silly for not thinking about it. :-) >>> >>> (In fact, we don=E2=80=99t even have to chroot since we can directly us= e (gnu >>> build accounts) to write the shadow file in the right place.) >> >> This is implemented by these commits: >> >> 91a7c4998f installer: Ask for the root account password. >> 898677ed17 installer: Ask for user password and initialize /etc/shado= w. >> >> I ran a full install and confirmed that it works as expected. You=E2=80= =99re of >> course welcome to try it out! >> >> I realized later that I forgot to add a password confirmation box. I >> guess we should add one, right? > > Yes, that sounds like a good idea. Done! 187122b902 installer: Ask for confirmation of the user passwords. 8f2b7e3cb4 installer: Ask for confirmation of the root password. Ludo=E2=80=99. ------------=_1556187962-19358-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 23 Apr 2019 16:05:30 +0000 Received: from localhost ([127.0.0.1]:54175 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hIxvG-00030L-Er for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:30 -0400 Received: from eggs.gnu.org ([209.51.188.92]:56189) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hIxvE-00030A-VW for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:29 -0400 Received: from lists.gnu.org ([209.51.188.17]:56437) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hIxv9-00071G-2w for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42336) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hIxv7-0007c8-U3 for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_40, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36685) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hIxv7-000705-19 for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:21 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=51972 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hIxv0-0005zx-FH for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:19 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Bug Guix Subject: Guix System installer does not set up passwords Date: Tue, 23 Apr 2019 18:05:12 +0200 Message-ID: <87a7ggg11j.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Forwarding discussion from . I wrote: > "pelzflorian (Florian Pelz)" skribis: >=20 > > I installed Guix System from a USB flash drive from the current git > > master. The manual describes I should set up a password with passwd. > > I think the installer should automate this, so users do not need to > > know the passwd command. >=20 > I think it=E2=80=99d be nice if the installer would initialize the user > password, and also root=E2=80=99s password (which is empty by default). >=20 > The obvious approach would be to add a dialog box in the installer and > then set the =E2=80=98password=E2=80=99 field of each , and= also add a > for root itself with the =E2=80=98password=E2=80=99 field = set. >=20 > The problem with this approach is that password hashes would end > world-readable in the store, so we would need to add warnings asking > users to change passwords after logging in. Not great. >=20 > Another option would be to have an activation snippet that runs when > booting the newly installed system: if would check for a flag or > something (it could check for uninitialized passwords), and if it > determines it=E2=80=99s a first boot, open a dialog box asking for passwo= rds. > We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in the = OS config that would do > just that. >=20 > That would be the most robust approach, but it=E2=80=99s also a bit more = work I > guess. It=E2=80=99s also not so nice that users will see this extra serv= ice in > their config. >=20 > Thoughts? To which Florian replied: > Why can=E2=80=99t the installer just chroot into the new system and call > passwd? That makes a lot of sense, I feel silly for not thinking about it. :-) (In fact, we don=E2=80=99t even have to chroot since we can directly use (g= nu build accounts) to write the shadow file in the right place.) I=E2=80=99ll try to give it a spin if nobody beats me=E2=80=A6 Ludo=E2=80=99. ------------=_1556187962-19358-1--