~abcdw/rde-discuss

9 3

Userland shepherd not work

Danila Kryukov
Details
Message ID
<11750245.O9o76ZdvQC@functional>
DKIM signature
pass
Download raw message
Hello,

When I just try to run guix home with your provided command: 
GUILE_LOAD_PATH=./ guix home reconfigure ./examples/home-environment.scm.tmpl

it fails with error
examples/home-environment.scm.tmpl:74:14: error: (%home-gnupg-configuration 
(ssh-agent #t)): extraneous field initializers (ssh-agent)

ok, i remove this part of config and another error comming:
examples/home-environment.scm.tmpl:52:32: error: gnupg: unbound variable
hint: Did you forget `(use-modules (gnu packages gnupg))'?

and then i add include directive its fail with error:
error: connect: /run/user/1000/shepherd/socket: No such file or directory

If it can help I use guix
guix 9c9a36d
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 9c9a36de732ea8485e47e84b888e121233f68452

commit of used rde:
eb8816ee6d23c8a2edb8e0e2037374a744984e81

this is my guix system config:
https://pastebin.com/5GEk0nSs

------------------
with regards,
Danila Kryukov
Details
Message ID
<87sg47ws3t.fsf@yoctocell.xyz>
In-Reply-To
<11750245.O9o76ZdvQC@functional> (view parent)
DKIM signature
pass
Download raw message
On Sat, Apr 03 2021, Danila Kryukov wrote:

> Hello,
>
> When I just try to run guix home with your provided command: 
> GUILE_LOAD_PATH=./ guix home reconfigure ./examples/home-environment.scm.tmpl
>
> it fails with error
> examples/home-environment.scm.tmpl:74:14: error: (%home-gnupg-configuration 
> (ssh-agent #t)): extraneous field initializers (ssh-agent)
>
> ok, i remove this part of config and another error comming:
> examples/home-environment.scm.tmpl:52:32: error: gnupg: unbound variable
> hint: Did you forget `(use-modules (gnu packages gnupg))'?

It looks like it example configuraiton isn't up to date.  Guix Home is
still in early stages of development, and there is no proper
documentation.  I wouldn't recommend using it unless you want to take
the time and dig into the source code.  We will start to invite a few
people to test it in the coming weeks or months, so it's probably better
to wait for that.  Though, if you really don't want to wait; you can
take a look at my configs[1].

> and then i add include directive its fail with error:

I am not sure exactly what you mean with this.  Could you show the
relevant parts of the config?

[1]: https://git.sr.ht/~yoctocell/guixrc/tree/master/item/home/security.scm
Danila Kryukov
Details
Message ID
<7919740.T7Z3S40VBb@functional>
In-Reply-To
<87sg47ws3t.fsf@yoctocell.xyz> (view parent)
DKIM signature
pass
Download raw message
Thank you for you explanation about project state. I trying use your config, it 
work pretty fine, but it not use shepherd as user's service manager. Userland 
shepherd seems broken in current time(gnu/home-services/shepherd.scm file).

On Saturday, 3 April 2021 18:00:06 +07 you wrote:
> I am not sure exactly what you mean with this.  Could you show the
> relevant parts of the config?
This is patch of changes:

diff --git a/examples/home-environment.scm.tmpl b/examples/home-
environment.scm.tmpl
index e9ff0f2..04f73ea 100644
--- a/examples/home-environment.scm.tmpl
+++ b/examples/home-environment.scm.tmpl
@@ -12,7 +12,7 @@
             (gnu packages linux)
             (gnu system keyboard)
             (guix gexp))
-
+(use-modules (gnu packages gnupg))
 
 (define sample-he
   (home-environment
@@ -69,8 +69,6 @@
               (extra-config
                (list
                 (ssh-host "savannah"
-                          '((compression . #f)))))))
-     (service home-gnupg-service-type
-             (home-gnupg-configuration (ssh-agent #t)))))))
+                          '((compression . #f)))))))))))
 
 sample-he

But, how i resently mention, userland shepard not work properly, maybe this is 
caused my troubles with provided example configuration.

------------------
with regards,
Danila Kryukov
Danila Kryukov
Details
Message ID
<4321503.LvFx2qVVIh@functional>
In-Reply-To
<87sg47ws3t.fsf@yoctocell.xyz> (view parent)
DKIM signature
pass
Download raw message
Finally,  i found cause of issue:
error: connect: /run/user/1000/shepherd/socket: No such file or directory

It's related with elogind, then i login to machine throught ssh with disabled 
PAM, elogind not start and not create folder /run/user/1000. I think it worth 
to mention in requirements for guix home that userland shepherd needs enabled 
session manager for every user login. 

------------------
with regards,
Danila Kryukov
Details
Message ID
<874kgmwhs9.fsf@yoctocell.xyz>
In-Reply-To
<4321503.LvFx2qVVIh@functional> (view parent)
DKIM signature
pass
Download raw message
On Sun, Apr 04 2021, Danila Kryukov wrote:

> Finally,  i found cause of issue:
> error: connect: /run/user/1000/shepherd/socket: No such file or directory
>
> It's related with elogind, then i login to machine throught ssh with disabled 
> PAM, elogind not start and not create folder /run/user/1000. I think it worth 
> to mention in requirements for guix home that userland shepherd needs enabled 
> session manager for every user login. 

Hmm, interesting, I am not too familiar with elogind, and I am on a
foreign distro running Sytemd, so I don't know how much I can help.

Though, I would expect Shepherd to create the directory if it doesn't
already exist[1].

When are you getting this error?  What command are you running?  How
could I or someone else try to reproduce the issue?

Thanks for looking into this!

[1]: https://git.savannah.gnu.org/cgit/git/shepherd.git/tree/modules/shepherd/support.scm?h=master#n388
Danila Kryukov
Details
Message ID
<7891850.T7Z3S40VBb@functional>
In-Reply-To
<874kgmwhs9.fsf@yoctocell.xyz> (view parent)
DKIM signature
pass
Download raw message
On Sunday, 4 April 2021 15:55:18 +07 you wrote:

>Hmm, interesting, I am not too familiar with elogind, and I am on a
>foreign distro running Sytemd, so I don't know how much I can help.

In systemd this daemon called logind.

> Though, I would expect Shepherd to create the directory if it doesn't
> already exist[1].

This fuction create /run/user/nnn/shepherd dir, not /run/user/nnn

> When are you getting this error?

I disable pam auth in sshd on my machine, and then i connected i see error: 
error: connect: /run/user/1000/shepherd/socket: No such file or directory
because pam start elogind for ssh session.

> What command are you running?
if my session not controlled by session manager(elogind)
shephderd , and any herd ACTION commands.

> How could I or someone else try to reproduce the issue?
Disable pam authecation or remove rule from pam config like this
session LEVEL elogind
and login into the pam session, discribed by the config.
As example delete string form file /etc/pam.d/sshd string what mention elogind, 
login through ssh to this host and try to use anything that call userland 
shepherd.

------------------
with regards,
Danila Kryukov
Details
Message ID
<87wntiv0p6.fsf@yoctocell.xyz>
In-Reply-To
<7891850.T7Z3S40VBb@functional> (view parent)
DKIM signature
pass
Download raw message
On Sun, Apr 04 2021, Danila Kryukov wrote:

>> Though, I would expect Shepherd to create the directory if it doesn't
>> already exist[1].
>
> This fuction create /run/user/nnn/shepherd dir, not /run/user/nnn

Yeah, but it uses 'mkdir-p' so /run/user/nnn will also get created.

>> When are you getting this error?
>
> I disable pam auth in sshd on my machine, and then i connected i see error: 
> error: connect: /run/user/1000/shepherd/socket: No such file or directory
> because pam start elogind for ssh session.

What do you mean by "and then I connected I see error"?  What do you
connect to?

>> How could I or someone else try to reproduce the issue?
> Disable pam authecation or remove rule from pam config like this
> session LEVEL elogind
> and login into the pam session, discribed by the config.
> As example delete string form file /etc/pam.d/sshd string what mention elogind, 
                           ^^^^
You mean "from"?

/etc/pam.d/sshd doesn't mention elogind or logind, only
'pam_loginuid.so', is this relevant?

--8<---------------cut here---------------start------------->8---
# Account management.
account required pam_unix.so

# Authentication management.
auth required pam_deny.so

# Password management.
password sufficient pam_unix.so nullok sha512

# Session management.
session required pam_env.so conffile=/nix/store/yi9vc3f0inssdpq0sfpw80nxq95akfdx-pam-environment readenv=0

session required pam_unix.so
session required pam_loginuid.so

session optional /nix/store/caz5k18ar764161b0amywc002cp39lgx-systemd-247.3/lib/security/pam_systemd.so
--8<---------------cut here---------------end--------------->8---

> login through ssh to this host and try to use anything that call userland 
> shepherd.

Sorry I only have one machine so I can't really help you here.
Danila Kryukov
Details
Message ID
<3588019.kQq0lBPeGt@functional>
In-Reply-To
<87wntiv0p6.fsf@yoctocell.xyz> (view parent)
DKIM signature
pass
Download raw message
On Sunday, 4 April 2021 16:49:41 +07 you wrote:
> On Sun, Apr 04 2021, Danila Kryukov wrote:
> >> Though, I would expect Shepherd to create the directory if it doesn't
> >> already exist[1].
> > 
> > This fuction create /run/user/nnn/shepherd dir, not /run/user/nnn
> 
> Yeah, but it uses 'mkdir-p' so /run/user/nnn will also get created.
> 

My fault, but is not created anyway folder /run/user/nnn. 


> What do you mean by "and then I connected I see error"?  What do you
> connect to?

Connect from another machine to guix pc.

> >> How could I or someone else try to reproduce the issue?
> > 
> > Disable pam authecation or remove rule from pam config like this
> > session LEVEL elogind
> > and login into the pam session, discribed by the config.
> > As example delete string form file /etc/pam.d/sshd string what mention
> > elogind,
>                            ^^^^
> You mean "from"?

Yes.

> /etc/pam.d/sshd doesn't mention elogind or logind, only
> 'pam_loginuid.so', is this relevant?

Yes.

> Sorry I only have one machine so I can't really help you here.

I just announce this curcumstances for further test, or requerments. I fix it 
in my pc just enable pam auth in sshd config.

Thank you for patient.

------------------
with regards,
Danila Kryukov
Details
Message ID
<CABrWRW0oopJSt_x49H9uZCV4P8Gb2c6ozBJHsbrgjqtrv=rpFQ@mail.gmail.com>
In-Reply-To
<3588019.kQq0lBPeGt@functional> (view parent)
DKIM signature
missing
Download raw message
> it fails with error
> examples/home-environment.scm.tmpl:74:14: error: (%home-gnupg-configuration
> (ssh-agent #t)): extraneous field initializers (ssh-agent)
>
> ok, i remove this part of config and another error comming:
> examples/home-environment.scm.tmpl:52:32: error: gnupg: unbound variable
> hint: Did you forget `(use-modules (gnu packages gnupg))'?

Oups, forgot to update an example after refactoring. Fix is already in a
master branch.

> and then i add include directive its fail with error:
> error: connect: /run/user/1000/shepherd/socket: No such file or directory

Developing some of functionality of `guix home` I expected elogind or
systemd to be present and manage users sessions, create/cleanup
/run/user/... dirs. However, AFAIR, the only part relying on it is
on-login script, which runs shepherd, but as Xinglu correctly mentioned,
Shepherd ensures that socket dir exists and it shouldn't fail.  I
suspect that it can't create a directory itself cause of permission.

Because enabling elogind works for you I will postpone bug
investigation, if you want to track the progress check the link:

https://todo.sr.ht/~abcdw/rde/3

Or send any text email to the address below to subscribe to ticket's
updates.

~abcdw/rde/3/subscribe@todo.sr.ht

-- 
Best regards,
Andrew Tropin
Details
Message ID
<CABrWRW1uv6STZ=VVJcGPuQRjyKuz4-HFTJMwrt1JUEbHQeLwqA@mail.gmail.com>
In-Reply-To
<CABrWRW0oopJSt_x49H9uZCV4P8Gb2c6ozBJHsbrgjqtrv=rpFQ@mail.gmail.com> (view parent)
DKIM signature
missing
Download raw message
> error: connect: /run/user/1000/shepherd/socket: No such file or directory

I just realised that the problem was during reconfigure, I thought you
are trying to start shepherd yourself.  Yep, it's expected behavior,
because herd tries to connect to shepherd, which has not started yet. I'll
add a guard, which will ensure that shepherd started after reconfigure
if it's not started yet.

Generally, shepherd is started when the login shell spawns, but yep, it's
logical to ensure it's started on reconfigure too.  Will fix it in near future.
Reply to thread Export thread (mbox)