GNU bug report logs - #35399
Guix System installer does not set up passwords

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 35399 in the body.
You can then email your comments to 35399 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Bug Guix <bug-guix <at> gnu.org>
Subject: Guix System installer does not set up passwords
Date: Tue, 23 Apr 2019 18:05:12 +0200

Forwarding discussion from <https://issues.guix.info/issue/35341>.

I wrote:

> "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:
> 
> > I installed Guix System from a USB flash drive from the current git
> > master.  The manual describes I should set up a password with passwd.
> > I think the installer should automate this, so users do not need to
> > know the passwd command.
> 
> I think it’d be nice if the installer would initialize the user
> password, and also root’s password (which is empty by default).
> 
> The obvious approach would be to add a dialog box in the installer and
> then set the ‘password’ field of each <user-account>, and also add a
> <user-account> for root itself with the ‘password’ field set.
> 
> The problem with this approach is that password hashes would end
> world-readable in the store, so we would need to add warnings asking
> users to change passwords after logging in.  Not great.
> 
> Another option would be to have an activation snippet that runs when
> booting the newly installed system: if would check for a flag or
> something (it could check for uninitialized passwords), and if it
> determines it’s a first boot, open a dialog box asking for passwords.
> We’d need to add a “post-install” service in the OS config that would do
> just that.
> 
> That would be the most robust approach, but it’s also a bit more work I
> guess.  It’s also not so nice that users will see this extra service in
> their config.
> 
> Thoughts?

To which Florian replied:

> Why can’t the installer just chroot into the new system and call
> passwd?

That makes a lot of sense, I feel silly for not thinking about it.  :-)

(In fact, we don’t even have to chroot since we can directly use (gnu
build accounts) to write the shadow file in the right place.)

I’ll try to give it a spin if nobody beats me…

Ludo’.

Message #10 received at 35399 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 35399 <at> debbugs.gnu.org
Subject: Re: bug#35399: Guix System installer does not set up passwords
Date: Thu, 25 Apr 2019 00:51:25 +0200

Ludovic Courtès <ludo <at> gnu.org> skribis:

>> Another option would be to have an activation snippet that runs when
>> booting the newly installed system: if would check for a flag or
>> something (it could check for uninitialized passwords), and if it
>> determines it’s a first boot, open a dialog box asking for passwords.
>> We’d need to add a “post-install” service in the OS config that would do
>> just that.
>> 
>> That would be the most robust approach, but it’s also a bit more work I
>> guess.  It’s also not so nice that users will see this extra service in
>> their config.
>> 
>> Thoughts?
>
> To which Florian replied:
>
>> Why can’t the installer just chroot into the new system and call
>> passwd?
>
> That makes a lot of sense, I feel silly for not thinking about it.  :-)
>
> (In fact, we don’t even have to chroot since we can directly use (gnu
> build accounts) to write the shadow file in the right place.)

This is implemented by these commits:

  91a7c4998f installer: Ask for the root account password.
  898677ed17 installer: Ask for user password and initialize /etc/shadow.

I ran a full install and confirmed that it works as expected.  You’re of
course welcome to try it out!

I realized later that I forgot to add a password confirmation box.  I
guess we should add one, right?

Thanks,
Ludo’.

Message #13 received at submit <at> debbugs.gnu.org (full text, mbox):

From: swedebugia <swedebugia <at> riseup.net>
To: bug-guix <at> gnu.org
Subject: Re: bug#35399: Guix System installer does not set up passwords
Date: Thu, 25 Apr 2019 09:44:42 +0200

On 2019-04-25 00:51, Ludovic Courtès wrote:
> Ludovic Courtès <ludo <at> gnu.org> skribis:
> 
>>> Another option would be to have an activation snippet that runs when
>>> booting the newly installed system: if would check for a flag or
>>> something (it could check for uninitialized passwords), and if it
>>> determines it’s a first boot, open a dialog box asking for passwords.
>>> We’d need to add a “post-install” service in the OS config that would do
>>> just that.
>>>
>>> That would be the most robust approach, but it’s also a bit more work I
>>> guess.  It’s also not so nice that users will see this extra service in
>>> their config.
>>>
>>> Thoughts?
>>
>> To which Florian replied:
>>
>>> Why can’t the installer just chroot into the new system and call
>>> passwd?
>>
>> That makes a lot of sense, I feel silly for not thinking about it.  :-)
>>
>> (In fact, we don’t even have to chroot since we can directly use (gnu
>> build accounts) to write the shadow file in the right place.)
> 
> This is implemented by these commits:
> 
>    91a7c4998f installer: Ask for the root account password.
>    898677ed17 installer: Ask for user password and initialize /etc/shadow.
> 
> I ran a full install and confirmed that it works as expected.  You’re of
> course welcome to try it out!
> 
> I realized later that I forgot to add a password confirmation box.  I
> guess we should add one, right?

Yes, that sounds like a good idea.

-- 
Cheers
Swedebugia

Message #18 received at 35399-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: swedebugia <swedebugia <at> riseup.net>
Cc: 35399-done <at> debbugs.gnu.org
Subject: Re: bug#35399: Guix System installer does not set up passwords
Date: Thu, 25 Apr 2019 12:25:34 +0200

swedebugia <swedebugia <at> riseup.net> skribis:

> On 2019-04-25 00:51, Ludovic Courtès wrote:
>> Ludovic Courtès <ludo <at> gnu.org> skribis:
>>
>>>> Another option would be to have an activation snippet that runs when
>>>> booting the newly installed system: if would check for a flag or
>>>> something (it could check for uninitialized passwords), and if it
>>>> determines it’s a first boot, open a dialog box asking for passwords.
>>>> We’d need to add a “post-install” service in the OS config that would do
>>>> just that.
>>>>
>>>> That would be the most robust approach, but it’s also a bit more work I
>>>> guess.  It’s also not so nice that users will see this extra service in
>>>> their config.
>>>>
>>>> Thoughts?
>>>
>>> To which Florian replied:
>>>
>>>> Why can’t the installer just chroot into the new system and call
>>>> passwd?
>>>
>>> That makes a lot of sense, I feel silly for not thinking about it.  :-)
>>>
>>> (In fact, we don’t even have to chroot since we can directly use (gnu
>>> build accounts) to write the shadow file in the right place.)
>>
>> This is implemented by these commits:
>>
>>    91a7c4998f installer: Ask for the root account password.
>>    898677ed17 installer: Ask for user password and initialize /etc/shadow.
>>
>> I ran a full install and confirmed that it works as expected.  You’re of
>> course welcome to try it out!
>>
>> I realized later that I forgot to add a password confirmation box.  I
>> guess we should add one, right?
>
> Yes, that sounds like a good idea.

Done!

  187122b902 installer: Ask for confirmation of the user passwords.
  8f2b7e3cb4 installer: Ask for confirmation of the root password.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.