GNU bug report logs - #35399
Guix System installer does not set up passwords

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Subject: bug#35399: closed (Re: bug#35399: Guix System installer does not
 set up passwords)
Date: Thu, 25 Apr 2019 10:26:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#35399: Guix System installer does not set up passwords

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 35399 <at> debbugs.gnu.org.

-- 
35399: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=35399
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: swedebugia <swedebugia <at> riseup.net>
Cc: 35399-done <at> debbugs.gnu.org
Subject: Re: bug#35399: Guix System installer does not set up passwords
Date: Thu, 25 Apr 2019 12:25:34 +0200

swedebugia <swedebugia <at> riseup.net> skribis:

> On 2019-04-25 00:51, Ludovic Courtès wrote:
>> Ludovic Courtès <ludo <at> gnu.org> skribis:
>>
>>>> Another option would be to have an activation snippet that runs when
>>>> booting the newly installed system: if would check for a flag or
>>>> something (it could check for uninitialized passwords), and if it
>>>> determines it’s a first boot, open a dialog box asking for passwords.
>>>> We’d need to add a “post-install” service in the OS config that would do
>>>> just that.
>>>>
>>>> That would be the most robust approach, but it’s also a bit more work I
>>>> guess.  It’s also not so nice that users will see this extra service in
>>>> their config.
>>>>
>>>> Thoughts?
>>>
>>> To which Florian replied:
>>>
>>>> Why can’t the installer just chroot into the new system and call
>>>> passwd?
>>>
>>> That makes a lot of sense, I feel silly for not thinking about it.  :-)
>>>
>>> (In fact, we don’t even have to chroot since we can directly use (gnu
>>> build accounts) to write the shadow file in the right place.)
>>
>> This is implemented by these commits:
>>
>>    91a7c4998f installer: Ask for the root account password.
>>    898677ed17 installer: Ask for user password and initialize /etc/shadow.
>>
>> I ran a full install and confirmed that it works as expected.  You’re of
>> course welcome to try it out!
>>
>> I realized later that I forgot to add a password confirmation box.  I
>> guess we should add one, right?
>
> Yes, that sounds like a good idea.

Done!

  187122b902 installer: Ask for confirmation of the user passwords.
  8f2b7e3cb4 installer: Ask for confirmation of the root password.

Ludo’.

[Message part 3 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Bug Guix <bug-guix <at> gnu.org>
Subject: Guix System installer does not set up passwords
Date: Tue, 23 Apr 2019 18:05:12 +0200

Forwarding discussion from <https://issues.guix.info/issue/35341>.

I wrote:

> "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:
> 
> > I installed Guix System from a USB flash drive from the current git
> > master.  The manual describes I should set up a password with passwd.
> > I think the installer should automate this, so users do not need to
> > know the passwd command.
> 
> I think it’d be nice if the installer would initialize the user
> password, and also root’s password (which is empty by default).
> 
> The obvious approach would be to add a dialog box in the installer and
> then set the ‘password’ field of each <user-account>, and also add a
> <user-account> for root itself with the ‘password’ field set.
> 
> The problem with this approach is that password hashes would end
> world-readable in the store, so we would need to add warnings asking
> users to change passwords after logging in.  Not great.
> 
> Another option would be to have an activation snippet that runs when
> booting the newly installed system: if would check for a flag or
> something (it could check for uninitialized passwords), and if it
> determines it’s a first boot, open a dialog box asking for passwords.
> We’d need to add a “post-install” service in the OS config that would do
> just that.
> 
> That would be the most robust approach, but it’s also a bit more work I
> guess.  It’s also not so nice that users will see this extra service in
> their config.
> 
> Thoughts?

To which Florian replied:

> Why can’t the installer just chroot into the new system and call
> passwd?

That makes a lot of sense, I feel silly for not thinking about it.  :-)

(In fact, we don’t even have to chroot since we can directly use (gnu
build accounts) to write the shadow file in the right place.)

I’ll try to give it a spin if nobody beats me…

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.