From unknown Tue Jun 17 20:40:23 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#35399 <35399@debbugs.gnu.org> To: bug#35399 <35399@debbugs.gnu.org> Subject: Status: Guix System installer does not set up passwords Reply-To: bug#35399 <35399@debbugs.gnu.org> Date: Wed, 18 Jun 2025 03:40:23 +0000 retitle 35399 Guix System installer does not set up passwords reassign 35399 guix submitter 35399 Ludovic Court=C3=A8s severity 35399 important thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 23 12:05:30 2019 Received: (at submit) by debbugs.gnu.org; 23 Apr 2019 16:05:30 +0000 Received: from localhost ([127.0.0.1]:54175 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hIxvG-00030L-Er for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:30 -0400 Received: from eggs.gnu.org ([209.51.188.92]:56189) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hIxvE-00030A-VW for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:29 -0400 Received: from lists.gnu.org ([209.51.188.17]:56437) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hIxv9-00071G-2w for submit@debbugs.gnu.org; Tue, 23 Apr 2019 12:05:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42336) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hIxv7-0007c8-U3 for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_40, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36685) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hIxv7-000705-19 for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:21 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=51972 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hIxv0-0005zx-FH for bug-guix@gnu.org; Tue, 23 Apr 2019 12:05:19 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Bug Guix Subject: Guix System installer does not set up passwords Date: Tue, 23 Apr 2019 18:05:12 +0200 Message-ID: <87a7ggg11j.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Forwarding discussion from . I wrote: > "pelzflorian (Florian Pelz)" skribis: >=20 > > I installed Guix System from a USB flash drive from the current git > > master. The manual describes I should set up a password with passwd. > > I think the installer should automate this, so users do not need to > > know the passwd command. >=20 > I think it=E2=80=99d be nice if the installer would initialize the user > password, and also root=E2=80=99s password (which is empty by default). >=20 > The obvious approach would be to add a dialog box in the installer and > then set the =E2=80=98password=E2=80=99 field of each , and= also add a > for root itself with the =E2=80=98password=E2=80=99 field = set. >=20 > The problem with this approach is that password hashes would end > world-readable in the store, so we would need to add warnings asking > users to change passwords after logging in. Not great. >=20 > Another option would be to have an activation snippet that runs when > booting the newly installed system: if would check for a flag or > something (it could check for uninitialized passwords), and if it > determines it=E2=80=99s a first boot, open a dialog box asking for passwo= rds. > We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in the = OS config that would do > just that. >=20 > That would be the most robust approach, but it=E2=80=99s also a bit more = work I > guess. It=E2=80=99s also not so nice that users will see this extra serv= ice in > their config. >=20 > Thoughts? To which Florian replied: > Why can=E2=80=99t the installer just chroot into the new system and call > passwd? That makes a lot of sense, I feel silly for not thinking about it. :-) (In fact, we don=E2=80=99t even have to chroot since we can directly use (g= nu build accounts) to write the shadow file in the right place.) I=E2=80=99ll try to give it a spin if nobody beats me=E2=80=A6 Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 24 18:46:41 2019 Received: (at control) by debbugs.gnu.org; 24 Apr 2019 22:46:42 +0000 Received: from localhost ([127.0.0.1]:56723 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJQf3-00033S-Lj for submit@debbugs.gnu.org; Wed, 24 Apr 2019 18:46:41 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50545) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJQf1-00033C-3t for control@debbugs.gnu.org; Wed, 24 Apr 2019 18:46:40 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:39027) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJQev-0008GY-Uh for control@debbugs.gnu.org; Wed, 24 Apr 2019 18:46:33 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=47406 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hJQev-00040s-3B for control@debbugs.gnu.org; Wed, 24 Apr 2019 18:46:33 -0400 Date: Thu, 25 Apr 2019 00:46:30 +0200 Message-Id: <87v9z3c989.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #35399 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) severity 35399 important From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 24 18:51:35 2019 Received: (at 35399) by debbugs.gnu.org; 24 Apr 2019 22:51:36 +0000 Received: from localhost ([127.0.0.1]:56732 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJQjn-0003B1-KR for submit@debbugs.gnu.org; Wed, 24 Apr 2019 18:51:35 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51796) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJQjk-0003Al-FI for 35399@debbugs.gnu.org; Wed, 24 Apr 2019 18:51:32 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:39113) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJQjf-0003fw-9U for 35399@debbugs.gnu.org; Wed, 24 Apr 2019 18:51:27 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=47416 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hJQje-0004RI-SQ for 35399@debbugs.gnu.org; Wed, 24 Apr 2019 18:51:27 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 35399@debbugs.gnu.org Subject: Re: bug#35399: Guix System installer does not set up passwords References: <87a7ggg11j.fsf@gnu.org> Date: Thu, 25 Apr 2019 00:51:25 +0200 In-Reply-To: <87a7ggg11j.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Tue, 23 Apr 2019 18:05:12 +0200") Message-ID: <87ef5rc902.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 35399 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: >> Another option would be to have an activation snippet that runs when >> booting the newly installed system: if would check for a flag or >> something (it could check for uninitialized passwords), and if it >> determines it=E2=80=99s a first boot, open a dialog box asking for passw= ords. >> We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in the= OS config that would do >> just that. >>=20 >> That would be the most robust approach, but it=E2=80=99s also a bit more= work I >> guess. It=E2=80=99s also not so nice that users will see this extra ser= vice in >> their config. >>=20 >> Thoughts? > > To which Florian replied: > >> Why can=E2=80=99t the installer just chroot into the new system and call >> passwd? > > That makes a lot of sense, I feel silly for not thinking about it. :-) > > (In fact, we don=E2=80=99t even have to chroot since we can directly use = (gnu > build accounts) to write the shadow file in the right place.) This is implemented by these commits: 91a7c4998f installer: Ask for the root account password. 898677ed17 installer: Ask for user password and initialize /etc/shadow. I ran a full install and confirmed that it works as expected. You=E2=80=99= re of course welcome to try it out! I realized later that I forgot to add a password confirmation box. I guess we should add one, right? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 25 03:44:56 2019 Received: (at submit) by debbugs.gnu.org; 25 Apr 2019 07:44:56 +0000 Received: from localhost ([127.0.0.1]:57343 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJZ3w-0001CE-Jv for submit@debbugs.gnu.org; Thu, 25 Apr 2019 03:44:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58311) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJZ3v-0001Bz-8a for submit@debbugs.gnu.org; Thu, 25 Apr 2019 03:44:55 -0400 Received: from lists.gnu.org ([209.51.188.17]:55435) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJZ3p-0007sa-JY for submit@debbugs.gnu.org; Thu, 25 Apr 2019 03:44:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44450) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJZ3o-0003sv-FJ for bug-guix@gnu.org; Thu, 25 Apr 2019 03:44:49 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hJZ3m-0007pY-Vt for bug-guix@gnu.org; Thu, 25 Apr 2019 03:44:48 -0400 Received: from mx1.riseup.net ([198.252.153.129]:43644) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hJZ3m-0007nk-OE for bug-guix@gnu.org; Thu, 25 Apr 2019 03:44:46 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id 1EE921A2DFF for ; Thu, 25 Apr 2019 00:44:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1556178285; bh=RxMbvLE15mKhl1qQtv8KOfyCobA4GjlxhuWTv6qLMMU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=hH81wDgzs+Q65z5TliEB6pcoIrH+tRaeeetvunLi++DSQhP3SfJ1H0/DxIX4p75N5 7tzH8mNRLHtkLQc7CSaDGmLFbSQDE+17dnjvEc8wFWz5JwEkzDoUpRBB1aMCO5MfsK ZmQAYst901bINISqDV64DqeQ94hWbI+V7Rbo3b5c= X-Riseup-User-ID: 98305E14C4331785B41064C21078B4A4FB76C85B2A71CA43BA6629CC585D2F5E Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id A2493223382 for ; Thu, 25 Apr 2019 00:44:44 -0700 (PDT) Subject: Re: bug#35399: Guix System installer does not set up passwords To: bug-guix@gnu.org References: <87a7ggg11j.fsf@gnu.org> <87ef5rc902.fsf@gnu.org> From: swedebugia Message-ID: <0440c921-e2d0-99de-01b4-132a8bc35944@riseup.net> Date: Thu, 25 Apr 2019 09:44:42 +0200 MIME-Version: 1.0 In-Reply-To: <87ef5rc902.fsf@gnu.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 198.252.153.129 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) On 2019-04-25 00:51, Ludovic Court=C3=A8s wrote: > Ludovic Court=C3=A8s skribis: >=20 >>> Another option would be to have an activation snippet that runs when >>> booting the newly installed system: if would check for a flag or >>> something (it could check for uninitialized passwords), and if it >>> determines it=E2=80=99s a first boot, open a dialog box asking for pa= sswords. >>> We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in = the OS config that would do >>> just that. >>> >>> That would be the most robust approach, but it=E2=80=99s also a bit m= ore work I >>> guess. It=E2=80=99s also not so nice that users will see this extra = service in >>> their config. >>> >>> Thoughts? >> >> To which Florian replied: >> >>> Why can=E2=80=99t the installer just chroot into the new system and c= all >>> passwd? >> >> That makes a lot of sense, I feel silly for not thinking about it. :-= ) >> >> (In fact, we don=E2=80=99t even have to chroot since we can directly u= se (gnu >> build accounts) to write the shadow file in the right place.) >=20 > This is implemented by these commits: >=20 > 91a7c4998f installer: Ask for the root account password. > 898677ed17 installer: Ask for user password and initialize /etc/shad= ow. >=20 > I ran a full install and confirmed that it works as expected. You=E2=80= =99re of > course welcome to try it out! >=20 > I realized later that I forgot to add a password confirmation box. I > guess we should add one, right? Yes, that sounds like a good idea. --=20 Cheers Swedebugia From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 25 06:25:59 2019 Received: (at 35399-done) by debbugs.gnu.org; 25 Apr 2019 10:25:59 +0000 Received: from localhost ([127.0.0.1]:57560 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJbZn-00051z-8P for submit@debbugs.gnu.org; Thu, 25 Apr 2019 06:25:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35527) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hJbZk-00051l-Sn for 35399-done@debbugs.gnu.org; Thu, 25 Apr 2019 06:25:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:48339) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hJbZf-0006gN-19; Thu, 25 Apr 2019 06:25:51 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=48236 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hJbZR-0003XZ-8s; Thu, 25 Apr 2019 06:25:48 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: swedebugia Subject: Re: bug#35399: Guix System installer does not set up passwords References: <87a7ggg11j.fsf@gnu.org> <87ef5rc902.fsf@gnu.org> <0440c921-e2d0-99de-01b4-132a8bc35944@riseup.net> Date: Thu, 25 Apr 2019 12:25:34 +0200 In-Reply-To: <0440c921-e2d0-99de-01b4-132a8bc35944@riseup.net> (swedebugia@riseup.net's message of "Thu, 25 Apr 2019 09:44:42 +0200") Message-ID: <875zr2qt41.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 35399-done Cc: 35399-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) swedebugia skribis: > On 2019-04-25 00:51, Ludovic Court=C3=A8s wrote: >> Ludovic Court=C3=A8s skribis: >> >>>> Another option would be to have an activation snippet that runs when >>>> booting the newly installed system: if would check for a flag or >>>> something (it could check for uninitialized passwords), and if it >>>> determines it=E2=80=99s a first boot, open a dialog box asking for pas= swords. >>>> We=E2=80=99d need to add a =E2=80=9Cpost-install=E2=80=9D service in t= he OS config that would do >>>> just that. >>>> >>>> That would be the most robust approach, but it=E2=80=99s also a bit mo= re work I >>>> guess. It=E2=80=99s also not so nice that users will see this extra s= ervice in >>>> their config. >>>> >>>> Thoughts? >>> >>> To which Florian replied: >>> >>>> Why can=E2=80=99t the installer just chroot into the new system and ca= ll >>>> passwd? >>> >>> That makes a lot of sense, I feel silly for not thinking about it. :-) >>> >>> (In fact, we don=E2=80=99t even have to chroot since we can directly us= e (gnu >>> build accounts) to write the shadow file in the right place.) >> >> This is implemented by these commits: >> >> 91a7c4998f installer: Ask for the root account password. >> 898677ed17 installer: Ask for user password and initialize /etc/shado= w. >> >> I ran a full install and confirmed that it works as expected. You=E2=80= =99re of >> course welcome to try it out! >> >> I realized later that I forgot to add a password confirmation box. I >> guess we should add one, right? > > Yes, that sounds like a good idea. Done! 187122b902 installer: Ask for confirmation of the user passwords. 8f2b7e3cb4 installer: Ask for confirmation of the root password. Ludo=E2=80=99. From unknown Tue Jun 17 20:40:23 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 23 May 2019 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator