[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] services: Add 'dropbear-service'.
From: |
David Craven |
Subject: |
Re: [PATCH 2/2] services: Add 'dropbear-service'. |
Date: |
Sat, 9 Jul 2016 23:31:41 +0200 |
Maybe this could also be seen as a test of the quality of the
documentation? But providing a example operating-system configuration
shouldn't be a problem.
```
(use-modules (gnu))
(use-service-modules base networking ssh)
(operating-system
(host-name "builder")
(timezone "Europe/Zurich")
(locale "en_US.UTF-8")
(bootloader (grub-configuration (device "/dev/vda")))
(file-systems (cons
(file-system
(device "/dev/vda1")
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons
(user-account
(name "test")
(group "users")
(supplementary-groups '("wheel"))
(home-directory "/home/dummy")
(password "sa5JEXtYx/rm6")) ;; password is pass
%base-user-accounts))
(services (cons*
(dhcp-client-service)
(dropbear-service)
%base-services))
)
```
On Sat, Jul 9, 2016 at 8:32 PM, Leo Famulari <address@hidden> wrote:
> On Sat, Jul 09, 2016 at 04:39:02PM +0200, David Craven wrote:
>> Yeah, I should have better said I don't know instead of talking out of my
>> ass.
>
> That's harsh! I'm not an expert either, but I have begun trying to
> understand the assumptions that programs like SSH daemons make in their
> security model. In some cases, they assume that /dev/urandom has been
> properly seeded, which it typically is not after first boot.
>
>> All I can really do is trust that the people who write security
>> related code know what they are doing.
>
> Right, but like I said above, we must make an effort to know the
> assumptions they are making about the system.
>
>> Is there anything else holding this up?
>
> I'm not the best person to review new services — they are still a little
> over my head. At least, I should not be the sole reviewer.
>
> In the meantime, can you provide an OS declaration (config.scm) that
> makes use of dropbear-service so we can easily test it?
>
> I'd like for this to become standard practice when new services are
> submitted for review.
- [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh), David Craven, 2016/07/04
- Re: [PATCH 2/2] services: Add 'dropbear-service'., Leo Famulari, 2016/07/09
- Re: [PATCH 2/2] services: Add 'dropbear-service'., Leo Famulari, 2016/07/09
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/09
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/09
- Re: [PATCH 2/2] services: Add 'dropbear-service'., Ludovic Courtès, 2016/07/11
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/13
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/13
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/13
Re: [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh), Efraim Flashner, 2016/07/05