GNU bug report logs - #72316
[PATCH 0/3] Switch to Guile-PAM.

Previous Next

Package: guix-patches;

Reported by: Felix Lechner <felix.lechner <at> lease-up.com>

Date: Fri, 26 Jul 2024 22:03:02 UTC

Severity: normal

Tags: patch

Full log

View this message in rfc822 format

From: Z572 <zhengjunjie <at> iscas.ac.cn>
To: Felix Lechner <felix.lechner <at> lease-up.com>
Cc: maxim.cournoyer <at> gmail.com, ludo <at> gnu.org, gabriel <at> erlikon.ch, pelzflorian <at> pelzflorian.de, 72316 <at> debbugs.gnu.org, z572 <at> z572.online, matt <at> excalamus.com
Subject: [bug#72316] [PATCH v2 2/3] Add a guile-pam-module service.
Date: Tue, 13 May 2025 08:50:51 +0800

[Message part 1 (text/plain, inline)]
Felix Lechner <felix.lechner <at> lease-up.com> writes:

> Hi Z572,
>
> On Fri, May 02 2025, Z572 wrote:
>
>> i think should use (@ (srfi srfi-1) every), not map, otherwise this has
>> always been #t. And should use `file-like?', friendly to inferior packages.
>
> You are probably right.  Please feel free to adjust the validator.
>
> I personally do not use the configuration-record's type checking
> features anymore.  I will present my configuration system, which also
> disentangles the painful splicing of values into the command line, soon.
>
>> If I understand correctly, all guile-pam-modules share the same
>> pam_guile and dependencies, can we restrict this so that each different
>> pam-module is its own separate dependency
>
> I do not understand your sentence (and am not sure it's true).  The
> Guile prerequisites are for the modules your users write.

If my module a needs guile-json-1,
module b needs guile-json-4, they cannot be used by the same guile.
Also, if a pam module is broken, I don't want all pam modules to be broken.

>
>> (If possible in the future, I would even like to compile each of them to
>> wasm separately, limiting the capabilities even more.)
>
> I am a fan of WASM.  What does it have to do with Guile-PAM, please?

For example, I use hoot to compile the code to wasm, and load and
interpret the wasm in pam-guile. If I don't need to access the file, I
don't need the ability to read the file.

>
>> looks like this patch depends on https://issues.guix.gnu.org/72316#10 ?.
>
> Yeah, that happened because I wrote the service to integrate Guile-PAM
> into the existing Guix stack.  It quickly proved superior, however, to
> use Guile-PAM's stack, which is nearly identical. [1][2]

I think it is possible to use gexp's with-extensions,
with-imported-modules, etc., instead of adding a guile-inputs option.

>
> An easy solution would be to merge patches two and three into a single
> patch.
>
> Kind regards
> Felix
>
> [1]
> https://juix.org/guile-pam/#Skipping-of-actions-on-PAM_005fIGNORE_002e
> [2] https://juix.org/guile-pam/#Legacy-instruction-sets

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 89 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.