GNU bug report logs - #35399
Guix System installer does not set up passwords

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Tue, 23 Apr 2019 16:06:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#35399: closed (Guix System installer does not set up passwords)
Date: Thu, 25 Apr 2019 10:26:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Thu, 25 Apr 2019 12:25:34 +0200
with message-id <875zr2qt41.fsf <at> gnu.org>
and subject line Re: bug#35399: Guix System installer does not set up passwords
has caused the debbugs.gnu.org bug report #35399,
regarding Guix System installer does not set up passwords
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
35399: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=35399
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: Bug Guix <bug-guix <at> gnu.org>
Subject: Guix System installer does not set up passwords
Date: Tue, 23 Apr 2019 18:05:12 +0200

Forwarding discussion from <https://issues.guix.info/issue/35341>.

I wrote:

> "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:
> 
> > I installed Guix System from a USB flash drive from the current git
> > master.  The manual describes I should set up a password with passwd.
> > I think the installer should automate this, so users do not need to
> > know the passwd command.
> 
> I think it’d be nice if the installer would initialize the user
> password, and also root’s password (which is empty by default).
> 
> The obvious approach would be to add a dialog box in the installer and
> then set the ‘password’ field of each <user-account>, and also add a
> <user-account> for root itself with the ‘password’ field set.
> 
> The problem with this approach is that password hashes would end
> world-readable in the store, so we would need to add warnings asking
> users to change passwords after logging in.  Not great.
> 
> Another option would be to have an activation snippet that runs when
> booting the newly installed system: if would check for a flag or
> something (it could check for uninitialized passwords), and if it
> determines it’s a first boot, open a dialog box asking for passwords.
> We’d need to add a “post-install” service in the OS config that would do
> just that.
> 
> That would be the most robust approach, but it’s also a bit more work I
> guess.  It’s also not so nice that users will see this extra service in
> their config.
> 
> Thoughts?

To which Florian replied:

> Why can’t the installer just chroot into the new system and call
> passwd?

That makes a lot of sense, I feel silly for not thinking about it.  :-)

(In fact, we don’t even have to chroot since we can directly use (gnu
build accounts) to write the shadow file in the right place.)

I’ll try to give it a spin if nobody beats me…

Ludo’.



[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: swedebugia <swedebugia <at> riseup.net>
Cc: 35399-done <at> debbugs.gnu.org
Subject: Re: bug#35399: Guix System installer does not set up passwords
Date: Thu, 25 Apr 2019 12:25:34 +0200

swedebugia <swedebugia <at> riseup.net> skribis:

> On 2019-04-25 00:51, Ludovic Courtès wrote:
>> Ludovic Courtès <ludo <at> gnu.org> skribis:
>>
>>>> Another option would be to have an activation snippet that runs when
>>>> booting the newly installed system: if would check for a flag or
>>>> something (it could check for uninitialized passwords), and if it
>>>> determines it’s a first boot, open a dialog box asking for passwords.
>>>> We’d need to add a “post-install” service in the OS config that would do
>>>> just that.
>>>>
>>>> That would be the most robust approach, but it’s also a bit more work I
>>>> guess.  It’s also not so nice that users will see this extra service in
>>>> their config.
>>>>
>>>> Thoughts?
>>>
>>> To which Florian replied:
>>>
>>>> Why can’t the installer just chroot into the new system and call
>>>> passwd?
>>>
>>> That makes a lot of sense, I feel silly for not thinking about it.  :-)
>>>
>>> (In fact, we don’t even have to chroot since we can directly use (gnu
>>> build accounts) to write the shadow file in the right place.)
>>
>> This is implemented by these commits:
>>
>>    91a7c4998f installer: Ask for the root account password.
>>    898677ed17 installer: Ask for user password and initialize /etc/shadow.
>>
>> I ran a full install and confirmed that it works as expected.  You’re of
>> course welcome to try it out!
>>
>> I realized later that I forgot to add a password confirmation box.  I
>> guess we should add one, right?
>
> Yes, that sounds like a good idea.

Done!

  187122b902 installer: Ask for confirmation of the user passwords.
  8f2b7e3cb4 installer: Ask for confirmation of the root password.

Ludo’.
This bug report was last modified 6 years and 26 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.