[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WIP gnu social package
|
From: |
Ludovic Courtès |
|
Subject: |
Re: WIP gnu social package |
|
Date: |
Thu, 05 Oct 2017 17:00:11 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Hello,
nee <address@hidden> skribis:
> I made a package that builds the translations and installs gnu social
> into the store.
[...]
> Here is an example config: http://paste.lisp.org/display/356859
Really cool that we can set up a complex service like this with just a
few lines!
> Here are a bunch of issues I have with guixSD in general:
>
> - Setting up the database requires the sql root password, the new
> social_db_user password, and a password for the first admin user to
> create in gnu social.
> Having plaintext passwords in /etc/config.scm sounds pretty bad.
> I'm not sure what the solution here is.
> - Could we add a password store to guix? It could automatically
> generate passwords and pass them to services.
> - Should I generate a script that must be run manually and asks for
> password input through stdin?
> - Something else?
For this particular case, I would do nothing: the first time, the
service wouldn’t start (I guess). Users would have to explicitly set
the passwords on the command line, and then run “herd start gnu-social”.
> - The password of the database-user ends up in the config.php which is
> generated by mixed-text-file. This file can be read by everyone. Can I
> somehow set the owner on it and remove the reading rights from other
> users?
No, the store is world-readable. If there are secrets, they should be
stored elsewhere, but there’s currently no standard way to do that in
Guix.
Thanks for sharing, and sorry for the late reply!
Ludo’.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: WIP gnu social package,
Ludovic Courtès <=