Forwarding discussion from <https://issues.guix.info/issue/35341>.
I wrote: > "pelzflorian (Florian Pelz)" <[email protected]> skribis: > > > I installed Guix System from a USB flash drive from the current git > > master. The manual describes I should set up a password with passwd. > > I think the installer should automate this, so users do not need to > > know the passwd command. > > I think it’d be nice if the installer would initialize the user > password, and also root’s password (which is empty by default). > > The obvious approach would be to add a dialog box in the installer and > then set the ‘password’ field of each <user-account>, and also add a > <user-account> for root itself with the ‘password’ field set. > > The problem with this approach is that password hashes would end > world-readable in the store, so we would need to add warnings asking > users to change passwords after logging in. Not great. > > Another option would be to have an activation snippet that runs when > booting the newly installed system: if would check for a flag or > something (it could check for uninitialized passwords), and if it > determines it’s a first boot, open a dialog box asking for passwords. > We’d need to add a “post-install” service in the OS config that would do > just that. > > That would be the most robust approach, but it’s also a bit more work I > guess. It’s also not so nice that users will see this extra service in > their config. > > Thoughts? To which Florian replied: > Why can’t the installer just chroot into the new system and call > passwd? That makes a lot of sense, I feel silly for not thinking about it. :-) (In fact, we don’t even have to chroot since we can directly use (gnu build accounts) to write the shadow file in the right place.) I’ll try to give it a spin if nobody beats me… Ludo’.
