Re: WIP gnu social package

[Ludovic Courtès]

Hello,

nee <address@hidden> skribis:

> Am 05.10.2017 um 17:00 schrieb Ludovic Courtès:
>> For this particular case, I would do nothing: the first time, the
>> service wouldn’t start (I guess).  Users would have to explicitly set
>> the passwords on the command line, and then run “herd start gnu-social”.
>> 
> The advantage of using a service is the easy setup with mysql and the
> gnu-social-cli-installer, otherwise people could just run nginx and
> clone gnu social to /srv/gnu-social/ and manually create the database
> like you would on Debian.
>
> I saw that NixOS has something called passwordFile.
> https://github.com/NixOS/nixpkgs/issues/24288
> I haven't found any details about it, but it seems like a text file from
> which passwords can be read during `system reconfigure`.
>
> As a start I could add a password-file field to the configuration of
> gnu-social and read an alist of passwords from it during initialization.
> That could later be extended by generating it with randomized passwords
> if it doesn't exist to maximize the ease of installation.
>
>>> - The password of the database-user ends up in the config.php which is
>>>   generated by mixed-text-file. This file can be read by everyone. Can I
>>>   somehow set the owner on it and remove the reading rights from other
>>>   users?
>> 
>> No, the store is world-readable.  If there are secrets, they should be
>> stored elsewhere, but there’s currently no standard way to do that in
>> Guix.
>> 
> Could a function in guix/gexp.scm be modified to generate a file outside
> of the store?

We could use Guile’s standard I/O primitives to create files wherever we
like:

  https://www.gnu.org/software/guile/manual/html_node/Input-and-Output.html

and/or simply refer to a non-store file; if that file exists,
everything’s fine, and if it does not, the service might fail to start
or print an error.

Ludo’.