Hi all, as reported in bug #22175, lshd does not honor /etc/environment. This was fixed here:
http://git.savannah.gnu.org/cgit/guix.git/commit/gnu/system.scm?id=2a5f0db4c45679cac6a747a48993fe73982cadca However, the order in /etc/profile is problematic: some variables are set up by "$HOME/.guix-profile/etc/profile", but then they get (wrongly) overriden by the values in /etc/environment. In my case, this happens with SSL_CERT_DIR, which has the value /home/csanchez/.guix-profile/etc/ssl/certs:/etc/ssl/certs then logging in locally, but only /etc/ssl/certs when logging in from lshd. I attach the proposed patch (just a change of order in /etc/profile). As 'cat' and 'cut' ar most surely available at system-level, it should not be dangerous to use them before setting up the user profile. BR Carlos
>From 474e8980ee933e6694cc55ca61607adae86dacf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20S=C3=A1nchez=20de=20La=20Lama?= <csanchez...@gmail.com> Date: Wed, 27 Jul 2016 14:27:00 +0200 Subject: [PATCH] Read /etc/environment first to allow changing environment from user profile. --- gnu/system.scm | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/gnu/system.scm b/gnu/system.scm index 476720b..3ae4ae7 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -408,6 +408,16 @@ GUIX_PROFILE=/run/current-system/profile \\ # Prepend setuid programs. export PATH=/run/setuid-programs:$PATH +# Since 'lshd' does not use pam_env, /etc/environment must be explicitly +# loaded when someone logs in via SSH. See <http://bugs.gnu.org/22175>. +# We need 'PATH' to be defined here, for 'cat' and 'cut'. +if [ -f /etc/environment -a -n \"$SSH_CLIENT\" \\ + -a -z \"$LINUX_MODULE_DIRECTORY\" ] +then + . /etc/environment + export `cat /etc/environment | cut -d= -f1` +fi + if [ -f \"$HOME/.guix-profile/etc/profile\" ] then # Load the user profile's settings. @@ -419,16 +429,6 @@ else export PATH=\"$HOME/.guix-profile/bin:$PATH\" fi -# Since 'lshd' does not use pam_env, /etc/environment must be explicitly -# loaded when someone logs in via SSH. See <http://bugs.gnu.org/22175>. -# We need 'PATH' to be defined here, for 'cat' and 'cut'. -if [ -f /etc/environment -a -n \"$SSH_CLIENT\" \\ - -a -z \"$LINUX_MODULE_DIRECTORY\" ] -then - . /etc/environment - export `cat /etc/environment | cut -d= -f1` -fi - # Set the umask, notably for users logging in via 'lsh'. # See <http://bugs.gnu.org/22650>. umask 022 -- 2.7.3
-- 'You did very well, Mr. Netherton,' she said. 'I scarcely did anything.' 'Opportunities to do very badly were manyfold. You avoided them. The major part in any success.' William Gibson, "The Peripheral" (2014)
