bug#56669: enhancement: Link guix system and guix home

[Maxime Devos]

On 21-07-2022 19:13, Andrew Tropin wrote:

> The source code is here:
> https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9
>

What's the 'guix-home-gc-roots' for? I would expect the reference #$(file-append he "/activate") to be sufficient to keep things from being gc'ed.

> +        (start #~(make-forkexec-constructor
> +                  '(#$(file-append he "/activate"))
> +                  #:user #$user
> +                  #:environment-variables
> +                  (list (string-append "HOME=" (passwd:dir (getpw #$user))))
> +                  #:group (group:name (getgrgid (passwd:gid (getpw #$user))))))
>       
      I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not
      done already internally by /activate, you could consider doing it
      in a container to reduce potential irreproducibility, or
      insecurity on multi-user systems (I'd assume the #:user + #:group
      to be sufficient for security, especially if it appears sufficient
      for other system services, but I'm not some expert on what things
      need to be set).

> +        (provision (list (symbol-append 'guix-home- (string->symbol user))))
> +        (one-shot? #t)
> +        (auto-start? #f)
>       
      Wouldn't it then be possible for the user to login via the login
      manager before initialisation has completed, as gdm etc don't wait
      for guix-home-... currently?

Greetings,
Maxime.

OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key

OpenPGP_signature
Description: OpenPGP digital signature