|
From: | Maxime Devos |
Subject: | bug#56669: enhancement: Link guix system and guix home |
Date: | Thu, 21 Jul 2022 19:25:11 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 |
On 21-07-2022 19:13, Andrew Tropin wrote:
The source code is here: https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9
What's the 'guix-home-gc-roots' for? I would expect the reference #$(file-append he "/activate") to be sufficient to keep things from being gc'ed.
I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done already internally by /activate, you could consider doing it in a container to reduce potential irreproducibility, or insecurity on multi-user systems (I'd assume the #:user + #:group to be sufficient for security, especially if it appears sufficient for other system services, but I'm not some expert on what things need to be set).+ (start #~(make-forkexec-constructor + '(#$(file-append he "/activate")) + #:user #$user + #:environment-variables + (list (string-append "HOME=" (passwd:dir (getpw #$user)))) + #:group (group:name (getgrgid (passwd:gid (getpw #$user))))))
Wouldn't it then be possible for the user to login via the login manager before initialisation has completed, as gdm etc don't wait for guix-home-... currently?+ (provision (list (symbol-append 'guix-home- (string->symbol user)))) + (one-shot? #t) + (auto-start? #f)
Greetings,
Maxime.
OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
[Prev in Thread] | Current Thread | [Next in Thread] |