From debbugs-submit-bounces@debbugs.gnu.org Wed Jul 20 11:36:28 2022
Received: (at submit) by debbugs.gnu.org; 20 Jul 2022 15:36:28 +0000
Received: from localhost ([127.0.0.1]:58671 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oEBkS-0005CA-6k
	for submit@debbugs.gnu.org; Wed, 20 Jul 2022 11:36:28 -0400
Received: from lists.gnu.org ([209.51.188.17]:38036)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <no-reply@rdmp.org>) id 1oE7cj-0001Ld-UT
 for submit@debbugs.gnu.org; Wed, 20 Jul 2022 07:12:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:57236)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <no-reply@rdmp.org>) id 1oE7cj-0001Tn-QE
 for bug-guix@gnu.org; Wed, 20 Jul 2022 07:12:13 -0400
Received: from rdmp.org ([52.19.174.175]:38674)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <no-reply@rdmp.org>) id 1oE7ci-0007Wz-Hj
 for bug-guix@gnu.org; Wed, 20 Jul 2022 07:12:13 -0400
Received: from [127.0.0.1] (helo=[IPv6:::1]) by rdmp.org with esmtp (Exim 4.94)
 (envelope-from <no-reply@rdmp.org>) id 1oE7Gc-00054c-Tw
 for bug-guix@gnu.org; Wed, 20 Jul 2022 10:49:23 +0000
Message-ID: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org>
Subject: enhancement: Link guix system and guix home
From: Dale Mellor <no-reply@rdmp.org>
To: bug-guix@gnu.org
Organization: DM Bespoke Computer Solutions Ltd
Content-Type: text/plain; charset="UTF-8"
Date: Wed, 20 Jul 2022 11:47:40 +0100
MIME-Version: 1.0
User-Agent: Evolution 3.42.1 
Content-Transfer-Encoding: 7bit
Received-SPF: softfail client-ip=52.19.174.175; envelope-from=no-reply@rdmp.org;
 helo=rdmp.org
X-Spam_score_int: -4
X-Spam_score: -0.5
X-Spam_bar: /
X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_SOFTFAIL=0.732,
 SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Wed, 20 Jul 2022 11:36:27 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: guix-bug-va9nk6@rdmp.org
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

I would like to be able to create a rescue disk for my system in which
the admin user's home directory contains a copy of an encrypted key,
for manually unlocking encrypted disk drives.

Following a short discussion in IRC, it appears the best route to
achieve this would be to link *guix system* and *guix home* together,
so that the system configuration file can specify

(user-account
   ...
   (configuration (local-file "my-home-config.scm")))

for example (it should be possible to use either (home-configuration)
or a file-like object here).

Hopefully this is an easy thing to accomplish, but I don't know...

Thanks,
Dale





From debbugs-submit-bounces@debbugs.gnu.org Wed Jul 20 13:57:36 2022
Received: (at 56669) by debbugs.gnu.org; 20 Jul 2022 17:57:36 +0000
Received: from localhost ([127.0.0.1]:58805 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oEDx2-0002gz-2T
	for submit@debbugs.gnu.org; Wed, 20 Jul 2022 13:57:36 -0400
Received: from relay1-d.mail.gandi.net ([217.70.183.193]:45299)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1oEDwz-0002gk-Lz
 for 56669@debbugs.gnu.org; Wed, 20 Jul 2022 13:57:34 -0400
Received: (Authenticated sender: andrew@trop.in)
 by mail.gandi.net (Postfix) with ESMTPSA id 8F8BD240003;
 Wed, 20 Jul 2022 17:57:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1;
 t=1658339847;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=f2AZKuGdrldh9ZwLMzfaIPaPTCr7AIm0dmsPzGUP1KY=;
 b=PO7UFmQe2FwStkNDH24e6kAXtsrf9nIZXNq29A/lZXEh+k/Ee1QfRL4m+tUPd7qAYVyDMp
 2DqgwSitT70muzABcs1BLSuNS7POtYFgIixiWd/mliuiSoqr5lpIE6T5GZ1iuqOP1ETpMZ
 fMvouIzKvY8bzcHrF3yNdLqnANE0id/ag6aKQxv10ENFLyXa8dYIuPnUwOBZDeFMJS5vH3
 Np331z+6/iR9Ij+hOesPvVebT3j1YlhhfSQHwaqHY0fwFHZUu9tPwip+dck6iHAgc2i2Sk
 HS6W2Do8juTw4Gnua7sSAEgAdBlAEQtG8HcOfhfHW1UNY8Q/GGrePfwAUNfn4g==
From: Andrew Tropin <andrew@trop.in>
To: guix-bug-va9nk6@rdmp.org, 56669@debbugs.gnu.org
Subject: Re: bug#56669: enhancement: Link guix system and guix home
In-Reply-To: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org>
References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org>
Date: Wed, 20 Jul 2022 20:57:22 +0300
Message-ID: <87o7xjbrb1.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 56669
Cc: Tissevert <tissevert+guix@marvid.fr>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On 2022-07-20 11:47, Dale Mellor wrote:

> I would like to be able to create a rescue disk for my system in which
> the admin user's home directory contains a copy of an encrypted key,
> for manually unlocking encrypted disk drives.
>
> Following a short discussion in IRC, it appears the best route to
> achieve this would be to link *guix system* and *guix home* together,
> so that the system configuration file can specify
>
> (user-account
>    ...
>    (configuration (local-file "my-home-config.scm")))
>
> for example (it should be possible to use either (home-configuration)
> or a file-like object here).
>
> Hopefully this is an easy thing to accomplish, but I don't know...
>

Hi Dale,

it's not easy, but doable.

This topic popups from time to time, but this feature is not implemented
yet.

https://yhetil.org/guix-devel/20220706112011.77c71a94@marvid.fr/

I have spare time tomorrow and can try to implement it, however Idk how
much time will it take and if I don't finish tomorrow, there is no
guarantee that I'll finish it anytime soon.

=2D-=20
Best regards,
Andrew Tropin

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmLYQgIACgkQIgjSCVjB
3rDGBA/+OMJehwrn8ZYF226p0QJN0xufYvKYyf/+E36fNhyS3DQikSiUStEoulLu
UDxRmuJz0Hop3Echh5mghodPVg0OYTCUtz7xKTpyqfG4HcyGFYPUg6BYxosGOd5j
LehbhCt6SH72IjIT/Tic79z4h1prAqaMYs+b7gvKSRBarRpy407aj7oeaGC85UYT
1fWdSXYhupKg5Sz0CRX6n/eong9oCWZCLNbfflQrykUYOchcZk1XQwDargdncgHM
8tRycck4+F3j5kPMZsVNArToP3GiQ7zB4aaGMnH5QW6QxT420VMTPdJDxRFvTqRd
HkQj+1cVkYDeirgka2MDy7ogccOMOfHtFf6RHiIcscA0A+7q6L2TvCEGvsCI7NFV
+UncYeS40yx+byPK00fR57UHLfvoyE82aG35hcP/lCSBrPSXR8WLgWgZlxakbhRb
xitg/mvhd3RsHkFN3kbUvwkCrSix/GyQscL0la5Pq0kfgaPZbyt1CGSqKx+ETTPd
cRb8rdPuvPvSyht99coExZy7ygCyANx6W3G5idsVnYUMuRbYTV2SA2QLxuyN7M20
Ouj5NFD8lrzQNQKvOzQTol5YOZ3UQYgVznRs8tuMuh5MDjUXyAH9Oc05XzwzRmKt
vh4NKcdk3tu+N7kLRrKS2Opn2NUdViZqBevRt+Wqub4Ti8tN+u0=
=qmvK
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 21 13:13:18 2022
Received: (at 56669) by debbugs.gnu.org; 21 Jul 2022 17:13:18 +0000
Received: from localhost ([127.0.0.1]:39002 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oEZji-00037r-6W
	for submit@debbugs.gnu.org; Thu, 21 Jul 2022 13:13:18 -0400
Received: from relay4-d.mail.gandi.net ([217.70.183.196]:60969)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1oEZjg-00037c-0P
 for 56669@debbugs.gnu.org; Thu, 21 Jul 2022 13:13:17 -0400
Received: (Authenticated sender: andrew@trop.in)
 by mail.gandi.net (Postfix) with ESMTPSA id A4D42E0009;
 Thu, 21 Jul 2022 17:13:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1;
 t=1658423589;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=d6i2ymRBweJQykKAIFjJ36pc32kZ4xa1RSTGzjBIZFc=;
 b=BY/SnhFDbDJ6kBfmp3AKuhAPVbKxB0g3r+LJ0lHLCOzGd4x0oJHMNBlits4RGfy4WyM5el
 NZY1gSyIN7W+HXR87qvu9hZ4JPWmtjirx3BxrH471oZqPVY+THLzlaQzGVTxCdraqzVSGv
 mThuSu7P0y+yUvGOne5QSECO5pb0pJOweZFzOYbcrw39dO6OeE2X0mXXjn4/b081OY04wB
 7RJ6bSZzt0AxCLUHRtUOXkh1k4Ewck2SQXVyN1YHUevK8UCRjSl0hg3bosFqZwjgSep5yG
 7563PFoaTsrwC98alLQl2wnykLtgbXoATBeD6CkfjNJAtg+2pLtECX6WE7M2/A==
From: Andrew Tropin <andrew@trop.in>
To: guix-bug-va9nk6@rdmp.org, 56669@debbugs.gnu.org
Subject: Re: bug#56669: enhancement: Link guix system and guix home
In-Reply-To: <87o7xjbrb1.fsf@trop.in>
References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org>
 <87o7xjbrb1.fsf@trop.in>
Date: Thu, 21 Jul 2022 20:13:04 +0300
Message-ID: <87k086crtr.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 56669
Cc: Tissevert <tissevert+guix@marvid.fr>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain

On 2022-07-20 20:57, Andrew Tropin wrote:

> On 2022-07-20 11:47, Dale Mellor wrote:
>
>> I would like to be able to create a rescue disk for my system in which
>> the admin user's home directory contains a copy of an encrypted key,
>> for manually unlocking encrypted disk drives.
>>
>> Following a short discussion in IRC, it appears the best route to
>> achieve this would be to link *guix system* and *guix home* together,
>> so that the system configuration file can specify
>>
>> (user-account
>>    ...
>>    (configuration (local-file "my-home-config.scm")))
>>
>> for example (it should be possible to use either (home-configuration)
>> or a file-like object here).
>>
>> Hopefully this is an easy thing to accomplish, but I don't know...
>>
>
> Hi Dale,
>
> it's not easy, but doable.
>
> This topic popups from time to time, but this feature is not implemented
> yet.
>
> https://yhetil.org/guix-devel/20220706112011.77c71a94@marvid.fr/
>
> I have spare time tomorrow and can try to implement it, however Idk how
> much time will it take and if I don't finish tomorrow, there is no
> guarantee that I'll finish it anytime soon.

I built home environment baked in operating system and sucessfully
deployed it with guix deploy.  I face some issues with the similiar
setup on livecd, but I think I will figure out it soon and will publish
results in a few days.

The source code is here:
https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9

It's drafty and will be rewritten, also there are a few local commits
that I haven't sent to guix yet, but it should work without them if
elogind is enabled.

The usage example:

--=-=-=
Content-Type: application/octet-stream
Content-Disposition: inline; filename=config.scm
Content-Transfer-Encoding: base64

OzsgVGhpcyBpcyBhbiBvcGVyYXRpbmcgc3lzdGVtIGNvbmZpZ3VyYXRpb24gZ2VuZXJhdGVkCjs7
IGJ5IHRoZSBncmFwaGljYWwgaW5zdGFsbGVyLgoKKHVzZS1tb2R1bGVzIChnbnUpCiAgICAgICAg
ICAgICAoZ251IHNlcnZpY2VzIGhvbWUpKQoKKHVzZS1zZXJ2aWNlLW1vZHVsZXMKICBjdXBzCiAg
ZGVza3RvcAogIG5ldHdvcmtpbmcKICBzc2gKICB4b3JnKQoKKHVzZS1tb2R1bGVzIChnbnUgaG9t
ZSkKICAgICAgICAgICAgIChnbnUgaG9tZSBzZXJ2aWNlcykKICAgICAgICAgICAgIChnbnUgaG9t
ZSBzZXJ2aWNlcyBzaGVsbHMpCiAgICAgICAgICAgICAoZ251IHBhY2thZ2VzIGFkbWluKSkKCihk
ZWZpbmUgaGUKICAoaG9tZS1lbnZpcm9ubWVudAogICAocGFja2FnZXMgKGxpc3QgaHRvcCkpCiAg
IChzZXJ2aWNlcwogICAgKGxpc3QKICAgICAoc2VydmljZQogICAgICBob21lLWJhc2gtc2Vydmlj
ZS10eXBlCiAgICAgIChob21lLWJhc2gtY29uZmlndXJhdGlvbikpKSkpKQoKKGRlZmluZSBvcwog
IChvcGVyYXRpbmctc3lzdGVtCiAgICAobG9jYWxlICJlbl9VUy51dGY4IikKICAgICh0aW1lem9u
ZSAiRXVyb3BlL01vc2NvdyIpCiAgICAoa2V5Ym9hcmQtbGF5b3V0CiAgICAgKGtleWJvYXJkLWxh
eW91dCAidXMiICJhbHRnci1pbnRsIikpCiAgICAoaG9zdC1uYW1lICJ0bXAiKQogICAgKHVzZXJz
IChjb25zKiAodXNlci1hY2NvdW50CiAgICAgICAgICAgICAgICAgICAobmFtZSAiYm9iIikKICAg
ICAgICAgICAgICAgICAgIChjb21tZW50ICJCb2IiKQogICAgICAgICAgICAgICAgICAgKGdyb3Vw
ICJ1c2VycyIpCiAgICAgICAgICAgICAgICAgICAoaG9tZS1kaXJlY3RvcnkgIi9ob21lL2JvYiIp
CiAgICAgICAgICAgICAgICAgICAoc3VwcGxlbWVudGFyeS1ncm91cHMKICAgICAgICAgICAgICAg
ICAgICAnKCJ3aGVlbCIgIm5ldGRldiIgImF1ZGlvIiAidmlkZW8iKSkpCiAgICAgICAgICAgICAg
ICAgICViYXNlLXVzZXItYWNjb3VudHMpKQogICAgKHN1ZG9lcnMtZmlsZQogICAgIChwbGFpbi1m
aWxlICJzdWRvZXJzIgogICAgICAgICAgICAgICAgIChzdHJpbmctYXBwZW5kIChwbGFpbi1maWxl
LWNvbnRlbnQgJXN1ZG9lcnMtc3BlY2lmaWNhdGlvbikKICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAiJXdoZWVsICBBTEw9KEFMTCkgTk9QQVNTV0Q6IEFMTCIpKSkKICAgIChwYWNrYWdl
cwogICAgIChhcHBlbmQKICAgICAgKGxpc3QgKHNwZWNpZmljYXRpb24tPnBhY2thZ2UgIm5zcy1j
ZXJ0cyIpKQogICAgICAlYmFzZS1wYWNrYWdlcykpCiAgICAoc2VydmljZXMKICAgICAoYXBwZW5k
CiAgICAgIChsaXN0IChzZXJ2aWNlIGRoY3AtY2xpZW50LXNlcnZpY2UtdHlwZSkKICAgICAgICAg
ICAgKHNlcnZpY2Ugb3BlbnNzaC1zZXJ2aWNlLXR5cGUKICAgICAgICAgICAgICAgICAgICAgKG9w
ZW5zc2gtY29uZmlndXJhdGlvbgogICAgICAgICAgICAgICAgICAgICAgKHBlcm1pdC1yb290LWxv
Z2luICN0KQogICAgICAgICAgICAgICAgICAgICAgKHBhc3N3b3JkLWF1dGhlbnRpY2F0aW9uPyAj
ZikKICAgICAgICAgICAgICAgICAgICAgIChhdXRob3JpemVkLWtleXMKICAgICAgICAgICAgICAg
ICAgICAgICBgKCgicm9vdCIgLChsb2NhbC1maWxlICJzc2gua2V5IikpKSkpKQogICAgICAgICAg
ICA7OyBGSVhNRTogU2VuZCB0d28gcGF0Y2hlcyB0byBtYWtlIGl0IHdvcmsgd2l0aG91dCBlbG9n
aW5kCiAgICAgICAgICAgIChzZXJ2aWNlIGVsb2dpbmQtc2VydmljZS10eXBlKQogICAgICAgICAg
ICAoc2VydmljZQogICAgICAgICAgICAgZ3VpeC1ob21lLXNlcnZpY2UtdHlwZQogICAgICAgICAg
ICAgYCgoImJvYiIgLiAsaGUpKSkKCiAgICAgICAgICAgIChzZXJ2aWNlIG50cC1zZXJ2aWNlLXR5
cGUpKQogICAgICAobW9kaWZ5LXNlcnZpY2VzICViYXNlLXNlcnZpY2VzCiAgICAgICAgKGd1aXgt
c2VydmljZS10eXBlCiAgICAgICAgIGNvbmZpZyA9PgogICAgICAgICAoZ3VpeC1jb25maWd1cmF0
aW9uCiAgICAgICAgICAoaW5oZXJpdCBjb25maWcpCiAgICAgICAgICAoc3Vic3RpdHV0ZS11cmxz
ICcoImh0dHA6Ly9jaS5ndWl4LnRyb3AuaW4iCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
Imh0dHBzOi8vYm9yZGVhdXguZ3VpeC5nbnUub3JnIikpCiAgICAgICAgICAoYXV0aG9yaXplZC1r
ZXlzCiAgICAgICAgICAgKGFwcGVuZCAobGlzdCAobG9jYWwtZmlsZSAiL2V0Yy9ndWl4L3NpZ25p
bmcta2V5LnB1YiIpKQogICAgICAgICAgICAgICAgICAgJWRlZmF1bHQtYXV0aG9yaXplZC1ndWl4
LWtleXMpKSkpKSkpCiAgICAoYm9vdGxvYWRlcgogICAgIChib290bG9hZGVyLWNvbmZpZ3VyYXRp
b24KICAgICAgKGJvb3Rsb2FkZXIgZ3J1Yi1ib290bG9hZGVyKQogICAgICAodGFyZ2V0cyAobGlz
dCAiL2Rldi9zZGEiKSkKICAgICAgKGtleWJvYXJkLWxheW91dCBrZXlib2FyZC1sYXlvdXQpKSkK
ICAgIChzd2FwLWRldmljZXMKICAgICAobGlzdCAoc3dhcC1zcGFjZQogICAgICAgICAgICAodGFy
Z2V0CiAgICAgICAgICAgICAodXVpZCAiOGIzMzJhNzctMzhlYy00YWJmLTljZjQtYzc1NWY4ZjI3
ODA1IikpKSkpCiAgICAoZmlsZS1zeXN0ZW1zCiAgICAgKGNvbnMqIChmaWxlLXN5c3RlbQogICAg
ICAgICAgICAgIChtb3VudC1wb2ludCAiLyIpCiAgICAgICAgICAgICAgKGRldmljZQogICAgICAg
ICAgICAgICAodXVpZCAiOTM4MmRjMDAtYzcwMi00YjcwLTk1NWYtNmM4MDRjNTliNmMwIgogICAg
ICAgICAgICAgICAgICAgICAnZXh0NCkpCiAgICAgICAgICAgICAgKHR5cGUgImV4dDQiKSkKICAg
ICAgICAgICAgJWJhc2UtZmlsZS1zeXN0ZW1zKSkpKQoKKGRlZmluZSBob3N0ICJxZW11IikKKGRl
ZmluZSB1c2VyICJib2IiKQoKKGxpc3QgKG1hY2hpbmUKICAgICAgIChvcGVyYXRpbmctc3lzdGVt
IG9zKQogICAgICAgKGVudmlyb25tZW50IG1hbmFnZWQtaG9zdC1lbnZpcm9ubWVudC10eXBlKQog
ICAgICAgKGNvbmZpZ3VyYXRpb24gKG1hY2hpbmUtc3NoLWNvbmZpZ3VyYXRpb24KICAgICAgICAg
ICAgICAgICAgICAgICAoaG9zdC1uYW1lIGhvc3QpCiAgICAgICAgICAgICAgICAgICAgICAgKGFs
bG93LWRvd25ncmFkZXM/ICN0KQogICAgICAgICAgICAgICAgICAgICAgIChzeXN0ZW0gIng4Nl82
NC1saW51eCIpCiAgICAgICAgICAgICAgICAgICAgICAgKGhvc3Qta2V5ICJzc2gtZWQyNTUxOSBB
QUFBQzNOemFDMWxaREkxTlRFNUFBQUFJUEtQajJYNmdteEx6ajk1NkFFMllCaWhUaWJtcGFYaitH
NTFyNHprYlErMiIpCiAgICAgICAgICAgICAgICAgICAgICAgKHVzZXIgInJvb3QiKSkpKSkK
--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


=2D-=20
Best regards,
Andrew Tropin

--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmLZiSAACgkQIgjSCVjB
3rDUSw/+ISbTIlRF7QVM00QHQte8HxnopjN2oTJCsILGaUZ3+esw5lLugGuIwzZv
CUn6zsEDTQqsz+WlnlJTdyjqwD2M67MZDRsGYhEG768xz8uDEOR3F06tcrekoOe1
kl2ZvQ1UsEGA7tDvAgux1FLLRFdQjyM/Wsch5HlykHc41sKkREWZqgV2Q+yF4+Wq
aJkNDVlK3v1+lxtOb0sLUnSSolgLnjXne3+8wTr13ALysMDQTmVjkFsmIPK610K5
qJA8U7FCL+cNGMZTE4d0EZyQjrv86Wa8vSPz7vTGORYkSwBwP1qhMpM6hbCq35CS
3KXyxGW4IpQkxApcmxsXT9lwIjcGy1jpp0CkoTEOaDV5hooOLMQ4PTVOqpxT/uNk
XWIqHYmhqCcDQ5FWzU9S+3Ls+6CYx8/vg3sS/Sbr8ayLlJoCo7o10v3jHet2b0zT
BsWzgCsmpdKCJEaeuyjLN91GehAg1HorH/uVTnyrRfubu/LjjRIwhdW5vvPHXdp8
gu0jQlpNJFufuIGsgQT3rKGBzqCyDdq2u3Y4AmvesMUHrI093Yj6CXL4Y1Uu5+Sj
u1ZllZUhpe5VJS0IpnDLGY/ZM37nY5qRYbGwOG1g7UsmX+K/b+y16BXq2oNEMx3I
ilASUQ71SElMB2DtcL/epwNQyxZgMv+CiVX0yAZvut+dmxxamms=
=oh01
-----END PGP SIGNATURE-----
--==-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 21 13:25:19 2022
Received: (at 56669) by debbugs.gnu.org; 21 Jul 2022 17:25:19 +0000
Received: from localhost ([127.0.0.1]:39017 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oEZvL-0003Xi-AU
	for submit@debbugs.gnu.org; Thu, 21 Jul 2022 13:25:19 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:40318)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@telenet.be>) id 1oEZvF-0003XR-K7
 for 56669@debbugs.gnu.org; Thu, 21 Jul 2022 13:25:17 -0400
Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
 ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
 by baptiste.telenet-ops.be with bizsmtp
 id xtRB2700A20ykKC01tRB9z; Thu, 21 Jul 2022 19:25:11 +0200
Message-ID: <e9772bd4-f913-a22b-edbd-459c098e82f9@telenet.be>
Date: Thu, 21 Jul 2022 19:25:11 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.11.0
Content-Language: en-US
To: Andrew Tropin <andrew@trop.in>, guix-bug-va9nk6@rdmp.org,
 56669@debbugs.gnu.org
References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org>
 <87o7xjbrb1.fsf@trop.in> <87k086crtr.fsf@trop.in>
From: Maxime Devos <maximedevos@telenet.be>
Subject: Re: bug#56669: enhancement: Link guix system and guix home
In-Reply-To: <87k086crtr.fsf@trop.in>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------9wif7DLuRxRzxR8VFIuzPf0u"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1658424312; bh=hEkm8/rZ1m2NBsVkmEzeD1buP+NhuZZxem0NUBy3XQE=;
 h=Date:To:Cc:References:From:Subject:In-Reply-To;
 b=KJIcLy+4b3R5S0cdJ5sMKqEMxVgBRMwtt337bceLIOwIFAwiRbbFy6ic2BcSio/qh
 t1aAmPvH/3AJxmbeEYFOU4eQ4hmWcDrQ64RGdUOaa9oMRI/gXCnMtxvCsl9Wj0pa6P
 m5Z4rnwqTK5msy12FCmI+AaZiAz2L1R7MWGA69GIWEdpDP5W7wIEow6sR3657pV1Gm
 Sr8jiZEJ+0rlbXqQr5KckV+camWKrqIrC3u7oax099dRDiJNfaxGRn3Iyfff7MrdkQ
 RDqlUJ20jiNxvY75ja2LZ3a+SL1J94swF8vv7IKwiPreFyJzKV1EzGp7dEWk2FWzur
 THgp7aCnmXtLg==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 56669
Cc: Tissevert <tissevert+guix@marvid.fr>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------9wif7DLuRxRzxR8VFIuzPf0u
Content-Type: multipart/mixed; boundary="------------bs4rcmDUOSWVWGGgLoAY2Fy6";
 protected-headers="v1"
From: Maxime Devos <maximedevos@telenet.be>
To: Andrew Tropin <andrew@trop.in>, guix-bug-va9nk6@rdmp.org,
 56669@debbugs.gnu.org
Cc: Tissevert <tissevert+guix@marvid.fr>
Message-ID: <e9772bd4-f913-a22b-edbd-459c098e82f9@telenet.be>
Subject: Re: bug#56669: enhancement: Link guix system and guix home
References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org>
 <87o7xjbrb1.fsf@trop.in> <87k086crtr.fsf@trop.in>
In-Reply-To: <87k086crtr.fsf@trop.in>

--------------bs4rcmDUOSWVWGGgLoAY2Fy6
Content-Type: multipart/mixed; boundary="------------53Mz6SLQdt2lOdeh8DtiJcia"

--------------53Mz6SLQdt2lOdeh8DtiJcia
Content-Type: multipart/alternative;
 boundary="------------33DtCjGXVmHEyPvhyJX9iI3n"

--------------33DtCjGXVmHEyPvhyJX9iI3n
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

T24gMjEtMDctMjAyMiAxOToxMywgQW5kcmV3IFRyb3BpbiB3cm90ZToNCg0KPiBUaGUgc291
cmNlIGNvZGUgaXMgaGVyZToNCj4gaHR0cHM6Ly9naXQuc3IuaHQvfmFiY2R3L3JkZS9jb21t
aXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5NTdlOWZhMWY5MzhmOTdlOQ0KDQpXaGF0J3Mg
dGhlICdndWl4LWhvbWUtZ2Mtcm9vdHMnIGZvcj8gSSB3b3VsZCBleHBlY3QgdGhlIHJlZmVy
ZW5jZSANCiMkKGZpbGUtYXBwZW5kIGhlICIvYWN0aXZhdGUiKSB0byBiZSBzdWZmaWNpZW50
IHRvIGtlZXAgdGhpbmdzIGZyb20gDQpiZWluZyBnYydlZC4NCg0KPiArIA0KPiA8aHR0cHM6
Ly9naXQuc3IuaHQvfmFiY2R3L3JkZS9jb21taXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5
NTdlOWZhMWY5MzhmOTdlOSNnbnUvc2VydmljZXMvaG9tZS5zY20tMS0yMz4gDQo+IChzdGFy
dCAjfihtYWtlLWZvcmtleGVjLWNvbnN0cnVjdG9yICsgDQo+IDxodHRwczovL2dpdC5zci5o
dC9+YWJjZHcvcmRlL2NvbW1pdC9jNWI0MDk3YWI5OTMwOWFjZTIzZTQwZDk1N2U5ZmExZjkz
OGY5N2U5I2dudS9zZXJ2aWNlcy9ob21lLnNjbS0xLTI0PiANCj4gJygjJChmaWxlLWFwcGVu
ZCBoZSAiL2FjdGl2YXRlIikpICsgDQo+IDxodHRwczovL2dpdC5zci5odC9+YWJjZHcvcmRl
L2NvbW1pdC9jNWI0MDk3YWI5OTMwOWFjZTIzZTQwZDk1N2U5ZmExZjkzOGY5N2U5I2dudS9z
ZXJ2aWNlcy9ob21lLnNjbS0xLTI1PiANCj4gIzp1c2VyICMkdXNlciArIA0KPiA8aHR0cHM6
Ly9naXQuc3IuaHQvfmFiY2R3L3JkZS9jb21taXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5
NTdlOWZhMWY5MzhmOTdlOSNnbnUvc2VydmljZXMvaG9tZS5zY20tMS0yNj4gDQo+ICM6ZW52
aXJvbm1lbnQtdmFyaWFibGVzICsgDQo+IDxodHRwczovL2dpdC5zci5odC9+YWJjZHcvcmRl
L2NvbW1pdC9jNWI0MDk3YWI5OTMwOWFjZTIzZTQwZDk1N2U5ZmExZjkzOGY5N2U5I2dudS9z
ZXJ2aWNlcy9ob21lLnNjbS0xLTI3PiANCj4gKGxpc3QgKHN0cmluZy1hcHBlbmQgIkhPTUU9
IiAocGFzc3dkOmRpciAoZ2V0cHcgIyR1c2VyKSkpKSArIA0KPiA8aHR0cHM6Ly9naXQuc3Iu
aHQvfmFiY2R3L3JkZS9jb21taXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5NTdlOWZhMWY5
MzhmOTdlOSNnbnUvc2VydmljZXMvaG9tZS5zY20tMS0yOD4gDQo+ICM6Z3JvdXAgKGdyb3Vw
Om5hbWUgKGdldGdyZ2lkIChwYXNzd2Q6Z2lkIChnZXRwdyAjJHVzZXIpKSkpKSkNCkknbSB3
b25kZXJpbmcgaWYgR1VJWF9MT0NQQVRIIGlzIG5lZWRlZCBhcyB3ZWxsLiBBbnl3YXksIGlm
IG5vdCBkb25lIA0KYWxyZWFkeSBpbnRlcm5hbGx5IGJ5IC9hY3RpdmF0ZSwgeW91IGNvdWxk
IGNvbnNpZGVyIGRvaW5nIGl0IGluIGEgDQpjb250YWluZXIgdG8gcmVkdWNlIHBvdGVudGlh
bCBpcnJlcHJvZHVjaWJpbGl0eSwgb3IgaW5zZWN1cml0eSBvbiANCm11bHRpLXVzZXIgc3lz
dGVtcyAoSSdkIGFzc3VtZSB0aGUgIzp1c2VyICsgIzpncm91cCB0byBiZSBzdWZmaWNpZW50
IGZvciANCnNlY3VyaXR5LCBlc3BlY2lhbGx5IGlmIGl0IGFwcGVhcnMgc3VmZmljaWVudCBm
b3Igb3RoZXIgc3lzdGVtIHNlcnZpY2VzLCANCmJ1dCBJJ20gbm90IHNvbWUgZXhwZXJ0IG9u
IHdoYXQgdGhpbmdzIG5lZWQgdG8gYmUgc2V0KS4NCg0KPiArIA0KPiA8aHR0cHM6Ly9naXQu
c3IuaHQvfmFiY2R3L3JkZS9jb21taXQvYzViNDA5N2FiOTkzMDlhY2UyM2U0MGQ5NTdlOWZh
MWY5MzhmOTdlOSNnbnUvc2VydmljZXMvaG9tZS5zY20tMS0yMD4gDQo+IChwcm92aXNpb24g
KGxpc3QgKHN5bWJvbC1hcHBlbmQgJ2d1aXgtaG9tZS0gKHN0cmluZy0+c3ltYm9sIHVzZXIp
KSkpICsgDQo+IDxodHRwczovL2dpdC5zci5odC9+YWJjZHcvcmRlL2NvbW1pdC9jNWI0MDk3
YWI5OTMwOWFjZTIzZTQwZDk1N2U5ZmExZjkzOGY5N2U5I2dudS9zZXJ2aWNlcy9ob21lLnNj
bS0xLTIxPiANCj4gKG9uZS1zaG90PyAjdCkgKyANCj4gPGh0dHBzOi8vZ2l0LnNyLmh0L35h
YmNkdy9yZGUvY29tbWl0L2M1YjQwOTdhYjk5MzA5YWNlMjNlNDBkOTU3ZTlmYTFmOTM4Zjk3
ZTkjZ251L3NlcnZpY2VzL2hvbWUuc2NtLTEtMjI+IA0KPiAoYXV0by1zdGFydD8gI2YpDQpX
b3VsZG4ndCBpdCB0aGVuIGJlIHBvc3NpYmxlIGZvciB0aGUgdXNlciB0byBsb2dpbiB2aWEg
dGhlIGxvZ2luIG1hbmFnZXIgDQpiZWZvcmUgaW5pdGlhbGlzYXRpb24gaGFzIGNvbXBsZXRl
ZCwgYXMgZ2RtIGV0YyBkb24ndCB3YWl0IGZvciANCmd1aXgtaG9tZS0uLi4gY3VycmVudGx5
Pw0KDQpHcmVldGluZ3MsDQpNYXhpbWUuDQoNCg==
--------------33DtCjGXVmHEyPvhyJX9iI3n
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
  </head>
  <body>
    <p>On 21-07-2022 19:13, Andrew Tropin wrote:<br>
    </p>
    <blockquote type=3D"cite" cite=3D"mid:87k086crtr.fsf@trop.in">
      <pre class=3D"moz-quote-pre" wrap=3D"">The source code is here:
<a class=3D"moz-txt-link-freetext" href=3D"https://git.sr.ht/~abcdw/rde/c=
ommit/c5b4097ab99309ace23e40d957e9fa1f938f97e9" moz-do-not-send=3D"true">=
https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f9=
7e9</a></pre>
    </blockquote>
    <p>What's the 'guix-home-gc-roots' for? I would expect the reference
      #$(file-append he "/activate") to be sufficient to keep things
      from being gc'ed.</p>
    <p>
      <blockquote type=3D"cite">
        <pre><span class=3D"text-success"></span><span class=3D"text-succ=
ess"><a aria-hidden=3D"true" class=3D"lineno" href=3D"https://git.sr.ht/~=
abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9#gnu/services/ho=
me.scm-1-23" id=3D"gnu/services/home.scm-1-23" style=3D"color: inherit">+=
</a>        (start #~(make-forkexec-constructor
</span><span class=3D"text-success"><a aria-hidden=3D"true" class=3D"line=
no" href=3D"https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d95=
7e9fa1f938f97e9#gnu/services/home.scm-1-24" id=3D"gnu/services/home.scm-1=
-24" style=3D"color: inherit">+</a>                  '(#$(file-append he =
"/activate"))
</span><span class=3D"text-success"><a aria-hidden=3D"true" class=3D"line=
no" href=3D"https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d95=
7e9fa1f938f97e9#gnu/services/home.scm-1-25" id=3D"gnu/services/home.scm-1=
-25" style=3D"color: inherit">+</a>                  #:user #$user
</span><span class=3D"text-success"><a aria-hidden=3D"true" class=3D"line=
no" href=3D"https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d95=
7e9fa1f938f97e9#gnu/services/home.scm-1-26" id=3D"gnu/services/home.scm-1=
-26" style=3D"color: inherit">+</a>                  #:environment-variab=
les
</span><span class=3D"text-success"><a aria-hidden=3D"true" class=3D"line=
no" href=3D"https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d95=
7e9fa1f938f97e9#gnu/services/home.scm-1-27" id=3D"gnu/services/home.scm-1=
-27" style=3D"color: inherit">+</a>                  (list (string-append=
 "HOME=3D" (passwd:dir (getpw #$user))))
</span><span class=3D"text-success"><a aria-hidden=3D"true" class=3D"line=
no" href=3D"https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d95=
7e9fa1f938f97e9#gnu/services/home.scm-1-28" id=3D"gnu/services/home.scm-1=
-28" style=3D"color: inherit">+</a>                  #:group (group:name =
(getgrgid (passwd:gid (getpw #$user))))))</span></pre>
      </blockquote>
      I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not
      done already internally by /activate, you could consider doing it
      in a container to reduce potential irreproducibility, or
      insecurity on multi-user systems (I'd assume the #:user + #:group
      to be sufficient for security, especially if it appears sufficient
      for other system services, but I'm not some expert on what things
      need to be set).</p>
    <p>
      <blockquote type=3D"cite">
        <pre><span class=3D"text-success"></span><span class=3D"text-succ=
ess"><a aria-hidden=3D"true" class=3D"lineno" href=3D"https://git.sr.ht/~=
abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9#gnu/services/ho=
me.scm-1-20" id=3D"gnu/services/home.scm-1-20" style=3D"color: inherit">+=
</a>        (provision (list (symbol-append 'guix-home- (string-&gt;symbo=
l user))))
</span><span class=3D"text-success"><a aria-hidden=3D"true" class=3D"line=
no" href=3D"https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d95=
7e9fa1f938f97e9#gnu/services/home.scm-1-21" id=3D"gnu/services/home.scm-1=
-21" style=3D"color: inherit">+</a>        (one-shot? #t)
</span><span class=3D"text-success"><a aria-hidden=3D"true" class=3D"line=
no" href=3D"https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d95=
7e9fa1f938f97e9#gnu/services/home.scm-1-22" id=3D"gnu/services/home.scm-1=
-22" style=3D"color: inherit">+</a>        (auto-start? #f)</span></pre>
      </blockquote>
      Wouldn't it then be possible for the user to login via the login
      manager before initialisation has completed, as gdm etc don't wait
      for guix-home-... currently?<br>
    </p>
    <p>Greetings,<br>
      Maxime.<br>
    </p>
  </body>
</html>

--------------33DtCjGXVmHEyPvhyJX9iI3n--

--------------53Mz6SLQdt2lOdeh8DtiJcia
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----

--------------53Mz6SLQdt2lOdeh8DtiJcia--

--------------bs4rcmDUOSWVWGGgLoAY2Fy6--

--------------9wif7DLuRxRzxR8VFIuzPf0u
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYtmL9wUDAAAAAAAKCRBJ4+4iGRcl7mKW
AQDdz6W+MAq2TLcFCImnpQL3LeBr9j2Lk91iFbuciphP5QD+NfygG8qw5a2gixcGlbOZUtvl4rHq
o2OZS2gdTcpxxQA=
=WATg
-----END PGP SIGNATURE-----

--------------9wif7DLuRxRzxR8VFIuzPf0u--




From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 26 05:23:17 2022
Received: (at 56669) by debbugs.gnu.org; 26 Jul 2022 09:23:17 +0000
Received: from localhost ([127.0.0.1]:52233 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oGGmb-0001gG-3D
	for submit@debbugs.gnu.org; Tue, 26 Jul 2022 05:23:17 -0400
Received: from relay7-d.mail.gandi.net ([217.70.183.200]:45117)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1oGGmX-0001fz-MQ
 for 56669@debbugs.gnu.org; Tue, 26 Jul 2022 05:23:15 -0400
Received: (Authenticated sender: andrew@trop.in)
 by mail.gandi.net (Postfix) with ESMTPSA id 2684D20019;
 Tue, 26 Jul 2022 09:23:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1;
 t=1658827387;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=qfUgEilfGlEB576k6BWLIZTsLjlbkoR0ouJHJPAepQA=;
 b=ZjVLFviLg9NR26RmY8rb0cqu18kjAR5YUArTh+LHOTJwlytdhiIvdjO6w/XN/43ojJJgD3
 N53Q1kFvETdEAaC8dBOSAc709KC37sncM86qdvXxuQREzhMpIvOcisCYc/3Bro1HM8d9wy
 6KV+47bCTr58xgvL3+R9GaO/6IKjyMFUuBnjHdIbDFhTypKP1+aNI8hMpEA5AiPRvMmPNS
 54PdznOeZtcIKK17dMxdk4+VihbKGK3MVeLdoZ4Yose7xKGe2tBYeEj2FFieyUdSSIBxpi
 4YMczEHg9/I4WiNh4PrCbO234ywi/Reluuo9cxYFjP++cjEWe/OiHYzs+vo1lQ==
From: Andrew Tropin <andrew@trop.in>
To: Maxime Devos <maximedevos@telenet.be>, guix-bug-va9nk6@rdmp.org,
 56669@debbugs.gnu.org
Subject: Re: bug#56669: enhancement: Link guix system and guix home
In-Reply-To: <e9772bd4-f913-a22b-edbd-459c098e82f9@telenet.be>
References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org>
 <87o7xjbrb1.fsf@trop.in> <87k086crtr.fsf@trop.in>
 <e9772bd4-f913-a22b-edbd-459c098e82f9@telenet.be>
Date: Tue, 26 Jul 2022 12:23:02 +0300
Message-ID: <87sfmo8byh.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 56669
Cc: Tissevert <tissevert+guix@marvid.fr>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On 2022-07-21 19:25, Maxime Devos wrote:

> On 21-07-2022 19:13, Andrew Tropin wrote:
>
>> The source code is here:
>> https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f=
97e9
>
> What's the 'guix-home-gc-roots' for? I would expect the reference=20
> #$(file-append he "/activate") to be sufficient to keep things from=20
> being gc'ed.

It was needed while I was testing manual activation without shepherd
service, not needed anymore, already removed it locally.

>
>> +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-23>=20
>> (start #~(make-forkexec-constructor +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-24>=20
>> '(#$(file-append he "/activate")) +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-25>=20
>> #:user #$user +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-26>=20
>> #:environment-variables +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-27>=20
>> (list (string-append "HOME=3D" (passwd:dir (getpw #$user)))) +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-28>=20
>> #:group (group:name (getgrgid (passwd:gid (getpw #$user))))))
> I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done=20
> already internally by /activate, you could consider doing it in a=20
> container to reduce potential irreproducibility, or insecurity on=20
> multi-user systems (I'd assume the #:user + #:group to be sufficient for=
=20
> security, especially if it appears sufficient for other system services,=
=20
> but I'm not some expert on what things need to be set).
>
It's not set by /activate.

>> +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-20>=20
>> (provision (list (symbol-append 'guix-home- (string->symbol user)))) +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-21>=20
>> (one-shot? #t) +=20
>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9#gnu/services/home.scm-1-22>=20
>> (auto-start? #f)
> Wouldn't it then be possible for the user to login via the login manager=
=20
> before initialisation has completed, as gdm etc don't wait for=20
> guix-home-... currently?

You are right, the same as the first one, needed for more manual
approach, changed to #t, thank you.

Three patches for this service to work is on the way on guix-patches.
In the meantime, will try to build livecd with the home environment
inside.

P.S. Probably this system service is far from final version of this
feature, I still think about making home-environment a part of
user-account.  Will evaluate pros and cons, after I get livecd built
successfully.

=2D-=20
Best regards,
Andrew Tropin

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmLfsnYACgkQIgjSCVjB
3rDxIA//RzUUKtKs5Cvo89KM3aUIMNfRzIxV8mWt65okAMmQ8yspNTdCDAFFd511
hpX17dcpmLRhmo1Hbvylt6nEWPaVIfCrCcNyUbTpPWPxz6g2u/XEm/MQzuC+csov
xh8K2SwGsQ33fEBNEGH1NSnIj89y50lmB4C+JQZ3JmkOpMKvRNVqIMl0i2kTKhSP
nOUhiNwRtva2IZlCmJwh9ga6jqJYNpAqun+lGwEgSdKapk7PPsoZhfYZCZoIJdvi
SDthmIaGuqeizsHQA/qWHB/iwTtK5tHyjSMptciQYizvVdgqXUAdXUxEm0Ztc/G5
aX/Hkin62zvwJVywvKshlM0M37SregIh63yAzhNRKGvPNO8cEdmjO6pBS91TmmgW
3L+rP2tSvVrcsXsjScJgf3jPosN9RECaZTdHmgr4F2FTGYgzoQ3dLqzQYk7e+Y6b
isEKJxreblp2yqd+E1CIBetvpl+JYI65qMA9GSXHUvXFr0JyCWI4hirSy4Cfabry
fbDQaLD4sKU+UbNpmVfBQ6FzJBNb+0w1yKYtfg/aS1idMzho677tbnTdkxuvNDHe
Ua+YLEiS6U6sWvwOnPS7FRnBms2frlYtgNLeI6JnT2YTcw5ez+6nIaHB1z+SpmbK
uX1zFdcI4dZD2Vx2TWoWuKGSxMoTN4J3RPDIVg3tJ68ZsZvZAf0=
=tPuX
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 08 08:43:06 2023
Received: (at 56669) by debbugs.gnu.org; 8 Feb 2023 13:43:06 +0000
Received: from localhost ([127.0.0.1]:55088 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pPkj4-0006Cc-78
	for submit@debbugs.gnu.org; Wed, 08 Feb 2023 08:43:06 -0500
Received: from relay2-d.mail.gandi.net ([217.70.183.194]:43515)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1pPkj1-0006Bw-M8
 for 56669@debbugs.gnu.org; Wed, 08 Feb 2023 08:43:04 -0500
Received: (Authenticated sender: andrew@trop.in)
 by mail.gandi.net (Postfix) with ESMTPSA id E1BFF40009;
 Wed,  8 Feb 2023 13:42:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1;
 t=1675863775;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=IM+JDiPk5/dFO4koRA1ONHs3i4bfDIOR1UDMR4yAM2w=;
 b=CGSxHSfREl0Z0Vpc41H6GaRTyhpKL+1OJgxZ9aQJEX7AODJFpnzDwVqTqjyEXLSE6vIKYO
 qq9ftZR6N/OS2ysbmZws6j+meu4odhiNW+e76zbxF0OyWxaNYnaIaBQRfhX9H/HXLgazG3
 pztA46/D7fsWKp6vDto1VmQoeLKiO2SyVmiSBNtmpAC05eOmtr1ylZjZ2oXM5V22YID+F9
 PztGjN3bmmhvAW1IDIWbzqlLRg/djs/x6Egn5DixUx9BJ/1v2spdtZOA4y+1e61ON9vmZt
 h6FjQSbvcQ3ju1rSUFs1aLm7vpGEWTAY2fLZjWp3zw7lUH/Su6A+K32mWkuRwQ==
From: Andrew Tropin <andrew@trop.in>
To: Maxime Devos <maximedevos@telenet.be>, guix-bug-va9nk6@rdmp.org,
 56669@debbugs.gnu.org
Subject: Re: bug#56669: enhancement: Link guix system and guix home
In-Reply-To: <87sfmo8byh.fsf@trop.in>
References: <63960cf762aec1ed2c4182f49cac66bc37fce2aa.camel@rdmp.org>
 <87o7xjbrb1.fsf@trop.in> <87k086crtr.fsf@trop.in>
 <e9772bd4-f913-a22b-edbd-459c098e82f9@telenet.be> <87sfmo8byh.fsf@trop.in>
Date: Wed, 08 Feb 2023 17:42:51 +0400
Message-ID: <87h6vw1des.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 56669
Cc: Tissevert <tissevert+guix@marvid.fr>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On 2022-07-26 12:23, Andrew Tropin wrote:

> On 2022-07-21 19:25, Maxime Devos wrote:
>
>> On 21-07-2022 19:13, Andrew Tropin wrote:
>>
>>> The source code is here:
>>> https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938=
f97e9
>>
>> What's the 'guix-home-gc-roots' for? I would expect the reference=20
>> #$(file-append he "/activate") to be sufficient to keep things from=20
>> being gc'ed.
>
> It was needed while I was testing manual activation without shepherd
> service, not needed anymore, already removed it locally.
>
>>
>>> +=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-23>=20
>>> (start #~(make-forkexec-constructor +=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-24>=20
>>> '(#$(file-append he "/activate")) +=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-25>=20
>>> #:user #$user +=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-26>=20
>>> #:environment-variables +=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-27>=20
>>> (list (string-append "HOME=3D" (passwd:dir (getpw #$user)))) +=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-28>=20
>>> #:group (group:name (getgrgid (passwd:gid (getpw #$user))))))
>> I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done=20
>> already internally by /activate, you could consider doing it in a=20
>> container to reduce potential irreproducibility, or insecurity on=20
>> multi-user systems (I'd assume the #:user + #:group to be sufficient for=
=20
>> security, especially if it appears sufficient for other system services,=
=20
>> but I'm not some expert on what things need to be set).
>>
> It's not set by /activate.
>
>>> +=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-20>=20
>>> (provision (list (symbol-append 'guix-home- (string->symbol user)))) +=
=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-21>=20
>>> (one-shot? #t) +=20
>>> <https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f93=
8f97e9#gnu/services/home.scm-1-22>=20
>>> (auto-start? #f)
>> Wouldn't it then be possible for the user to login via the login manager=
=20
>> before initialisation has completed, as gdm etc don't wait for=20
>> guix-home-... currently?
>
> You are right, the same as the first one, needed for more manual
> approach, changed to #t, thank you.
>
> Three patches for this service to work is on the way on guix-patches.
> In the meantime, will try to build livecd with the home environment
> inside.
>
> P.S. Probably this system service is far from final version of this
> feature, I still think about making home-environment a part of
> user-account.  Will evaluate pros and cons, after I get livecd built
> successfully.

Sorry for the long status update, some life moments are happened.

Polished all the things on Guix Home side and I can confirm that the
service works correctly and it's possible to make home-environments a
part of operating-system record.

Current very simple implementation works relatively good.  It accepts a
list of ("user" . home-env) pairs and creates a shepherd services, which
activate respective home environments.
https://git.sr.ht/~abcdw/rde/tree/9175c7b37b6861095bae4a696aa1faadf9dc572a/=
src/gnu/services/home.scm#L1

This is how sway graphical environment activation is implemented in rde-liv=
e image.
http://files.trop.in/rde/

I still find it not completely satisfying because activation happens
when one-shot shepherd service get started and not during system
activation, which leads to the problem mentioned by Maxim: you can login
into user's shell before home-environment activated.  I would like to
just extend system activation with calls to home activation scripts, but
it's not that straightforward because we depend on user-homes (which is
a shepherd service).

That said the guix-home system service works fine and you can already
use it, but before merging it to Guix I would like to move home
activations into system activation, which requires some work on
user-homes.  It doesn't seem to be a big task, but still require some
dedication and IDK when I get spare time for it.  Let me know if this
feature blocks you in some way, otherwise I'll keep working on it in my
own pace.

=2D-=20
Best regards,
Andrew Tropin

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmPjptsACgkQIgjSCVjB
3rA8VA//epO1s/+BsUsWO0NjoiXQWYdBJBWpReNMhFWLrF1phKJ7WP+TZba6xfpP
TsylTyofV55cYKSLcT/sZy0OwsgDvYPG4JH2JYt8EwWsDh0HQMgLIarwjgb/ChC4
AzkXux7ieigIC1tS1p7b/ULDi9mt5Cmpv0zAD2+rX1C1yMU8NrV++r/NL729YJ3c
1wRL0A6NzTDsgJ6B/8N+beQK9FiOCUEDcn+qExavnSbpw1iPWnhWgjiXAFWwsyVB
//FyUbPvNBxi8Jt38/vdx9O22EwS3vmEbhhgYFI0IvpNKBwOZBIzHP9mkWuIMe/E
LkapvlZoHOIdC/7Q34Pz6MI8TvtqOXnqWv0h2emr4QPzZOTkUIACvd9ZFk/HVaIU
CfAgK+WHEdIOI+IIC6yRJH6ROYGv72skaJ0v63HhmdyC5m6vLJanPJEbBFtNa1sL
vRQnyx+fWWE0c2n0/R7opNbGCPQVvjtyjn/ysdL/KbmoCVmcMpf3aGlJsCpMqZjq
Nkyl4qZ/k9QRCsojNyslvs4an8cDZ4UPREN72l37jstxX+/S/q472MjRqvIz3jl/
KxBIKO3ttiOCObbPbb386kb1c1/ceF3gIFmjnLThfiuv9Y3yxgRI8q5bvzBgoGRw
b5Crt1gb9jLS2LvdU13iIkNQpzu3sK7VYLD7oBEBcZE/rryisMM=
=kfyn
-----END PGP SIGNATURE-----
--=-=-=--