Re: network-manager-openconnect setup

2019-08-10 Thread Jelle Licht 
Hi!

"Santana, Divan"  writes:

> Hi Guix,
>
> I'm glad to see network-manager-openconnect is now packaged! :) Thank
> you to who ever did that.
>
> Trying to use it, after I installed it system wide and rebooted I get
> this;
>
> ~ ᐅ sudo nmcli con up vpn-fnb --ask
> Error: Connection activation failed: The VPN service 
> 'org.freedesktop.NetworkManager.openconnect' was not installed.
>
> I read the manual which says:
>
>  ‘vpn-plugins’ (default: ‘'()’)
>   This is the list of available plugins for virtual private
>   networks (VPNs).  An example of this is the
>   ‘network-manager-openvpn’ package, which allows NetworkManager
>   to manage VPNs via OpenVPN.
>
> I therefore tried this in my config
>
> (network-manager-service-type
>  config => (network-manager-configuration
> (inherit config)
> (dns "dnsmasq")
> (vpn-plugins '("network-manager-openconnect"))
> ))

If nothing else, you should go with the `network-manager-openconnect'
package object here. In your snippet, you are referring to the string
"network-manager-openconnect" instead.

Something like the following should solve your immediate issue:
  (vpn-plugins (list network-manager-openconnect))

>
> But I get this error:
>
> --8<---cut here---start->8---
> ~ ᐅ sudo -E guix system reconfigure  ~/.config/guix/system-config/swift.scm
> Password:
> Backtrace:
> In srfi/srfi-1.scm:
>592:29 19 (map1 (# …))
>592:29 18 (map1 (# …))
>592:29 17 (map1 (# …))
>592:29 16 (map1 (# …))
>592:29 15 (map1 (# …))
>592:29 14 (map1 (# …))
>592:29 13 (map1 (# …))
>592:29 12 (map1 (# …))
>592:29 11 (map1 (# …))
>592:29 10 (map1 (# …))
>592:29  9 (map1 (# …))
>592:29  8 (map1 (# …))
>592:29  7 (map1 (# …))
>592:29  6 (map1 (# …))
>592:29  5 (map1 (# …))
>592:29  4 (map1 (# …))
>592:17  3 (map1 ("network-manager-openconnect" #))
> In guix/inferior.scm:
>588:24  2 (inferior-package->manifest-entry "network-manager-ope…" …)
> 363:4  1 (inferior-package-input-field "network-manager-opencon…" …)
>307:18  0 (inferior-package-field _ _)
>
> guix/inferior.scm:307:18: In procedure inferior-package-field:
> In procedure struct_vtable: Wrong type argument in position 1 (expecting
> struct): "network-manager-openconnect"
> --8<---cut here---end--->8---
>
>
> What am I doing wrong?
>
> Seperate topic:
>
> Bonus points for anyone who knows why when I copy and paste into Emacs I
> get these weird characters.
>
>588:24  2 (inferior-package->manifest-entry "network-manager-ope…" …)
No clue, sorry :/
>  
>
> This email is subject to a disclaimer.
>
> Visit the FNB website and view the email disclaimer by clicking the "About 
> FNB + Legal" and "Legal Matters" links.
> If you are unable to access our website, please contact us to send you a copy 
> of the email disclaimer.

You might want to reconsider adding this disclaimer, as this is a
mailing list with publicly available archive at
https://lists.gnu.org/archive/html/help-guix/

network-manager-openconnect setup

2019-08-10 Thread Santana, Divan 
Hi Guix,

I'm glad to see network-manager-openconnect is now packaged! :) Thank
you to who ever did that.

Trying to use it, after I installed it system wide and rebooted I get
this;

~ ᐅ sudo nmcli con up vpn-fnb --ask
Error: Connection activation failed: The VPN service 
'org.freedesktop.NetworkManager.openconnect' was not installed.

I read the manual which says:

 ‘vpn-plugins’ (default: ‘'()’)
  This is the list of available plugins for virtual private
  networks (VPNs).  An example of this is the
  ‘network-manager-openvpn’ package, which allows NetworkManager
  to manage VPNs via OpenVPN.

I therefore tried this in my config

(network-manager-service-type
 config => (network-manager-configuration
(inherit config)
(dns "dnsmasq")
(vpn-plugins '("network-manager-openconnect"))
))

But I get this error:

--8<---cut here---start->8---
~ ᐅ sudo -E guix system reconfigure  ~/.config/guix/system-config/swift.scm
Password:
Backtrace:
In srfi/srfi-1.scm:
   592:29 19 (map1 (# …))
   592:29 18 (map1 (# …))
   592:29 17 (map1 (# …))
   592:29 16 (map1 (# …))
   592:29 15 (map1 (# …))
   592:29 14 (map1 (# …))
   592:29 13 (map1 (# …))
   592:29 12 (map1 (# …))
   592:29 11 (map1 (# …))
   592:29 10 (map1 (# …))
   592:29  9 (map1 (# …))
   592:29  8 (map1 (# …))
   592:29  7 (map1 (# …))
   592:29  6 (map1 (# …))
   592:29  5 (map1 (# …))
   592:29  4 (map1 (# …))
   592:17  3 (map1 ("network-manager-openconnect" #))
In guix/inferior.scm:
   588:24  2 (inferior-package->manifest-entry "network-manager-ope…" …)
363:4  1 (inferior-package-input-field "network-manager-opencon…" …)
   307:18  0 (inferior-package-field _ _)

guix/inferior.scm:307:18: In procedure inferior-package-field:
In procedure struct_vtable: Wrong type argument in position 1 (expecting
struct): "network-manager-openconnect"
--8<---cut here---end--->8---


What am I doing wrong?

Seperate topic:

Bonus points for anyone who knows why when I copy and paste into Emacs I
get these weird characters.

   588:24  2 (inferior-package->manifest-entry "network-manager-ope…" …)
 

This email is subject to a disclaimer.

Visit the FNB website and view the email disclaimer by clicking the "About FNB 
+ Legal" and "Legal Matters" links.
If you are unable to access our website, please contact us to send you a copy 
of the email disclaimer.

Re: Customize PAM configuration

2019-08-10 Thread Jone 
Important notice, thank you!
I have read the detailed answer on this page:
https://stackoverflow.com/questions/4129631/linux-securing-environment-variables
and suppose I could use file instead variable.

An alternative solution would probably be to configure
sudoers file. But here comes the problem with running
scripts with root privileges..

Re: Customize PAM configuration

2019-08-10 Thread Ricardo Wurmus 


Jone  writes:

> The password is entered once at login and exported
> to environment variable. As a result, password is available during the user
> session (for some automation with bash scripts).

Please know that environment variables are readable in /proc and in the
output of process managers.  An environment variable is not a good place
for a secret.

--
Ricardo

Re: Customize PAM configuration

2019-08-10 Thread Jone 
Thanks, Timothy! And sorry for my bad english.

> I don’t fully understand what you are trying to do

It's elementary! One password for any "local services", such as sudo, GPG
encryption, etc. The password is entered once at login and exported
to environment variable. As a result, password is available during the user
session (for some automation with bash scripts).
>From a security perspective, this well normal decision, in my opinion.

Thanks for this example. I haven't used G-Expressions yet. In my case, the
final
script will of course be ordinary bash script (maybe in ~/).

What can you say about this idea?

Re: Customize PAM configuration

2019-08-10 Thread Timothy Sample 
Hi Jone,

Jone  writes:

> Hello! I want enter user/root password only once per session. To do this,
> it will probably be convenient to export the password to shell variable.
> For example, adding this to PAM configuration file:
>
>auth sufficient pam_exec.so expose_authtok /path/to/script.sh
>
> But how to write it in system-config.scm? Sorry, I couldn't find any examples.

I don’t fully understand what you are trying to do, but here’s your
example translated into Guix:

(operating-system
  ...
  (pam-services (append (list (pam-service
   (name "my-pam-service") ; or whatever
   (auth (list (pam-entry
(control "sufficient")
(module "pam_exec.so")
(arguments
 (list "expose_authok"
   "/path/to/script.sh")))
(base-pam-services

Note that the “arguments” field of “pam-entry” takes G-Expressions.
This means that the script you want to execute could be a Guile script
built using “program-file”.  Alternatively, it could be a shell script
built using “computed-file” or some script that is outside of the store
using an absolute path.

Hope that helps!


-- Tim

Re: guix package conflict

2019-08-10 Thread Carlo Zancanaro 



On Sat, Aug 10 2019, Ricardo Wurmus wrote:
hint: Try upgrading both `python-pycairo' and `gtk+', or remove 
one of them from the profile.


Have you tried that?


In particular, I think `guix package -i python-pycairo gtk+` might 
do the trick.


Does “guix package -u” not fix this problem for you?  Or is this 
the output of “guix package -u”?


It looks like `guix package -u` compares the version of the 
package, and only updates if the package's version has changed 
(and even then, only if it has increased). This means that if a 
package's inputs (and thus its store hash) have changed, but its 
version has not, the version left in the profile will have 
outdated inputs, which can conflict if they are propagated. So 
`guix package -u` doesn't fix this problem.


`guix package -i`, on the other hand, just installs whatever it's 
told to, so it will install the same package at the same version, 
but with updated inputs. Then all the propagated inputs end up 
being the same, so there is no conflict.


Carlo

Re: guix package conflict

2019-08-10 Thread Ricardo Wurmus 


Hi Andy,

> guix package: error: profile contains conflicting entries for cairo
> guix package: error:   first entry: cairo@1.16.0
> /gnu/store/4d8rc6vjkhsk1b20rigz0nzl7zffn4b5-cairo-1.16.0
> guix package: error:... propagated from python-pycairo@1.17.1
> guix package: error:   second entry: cairo@1.16.0
> /gnu/store/cwqv36m84ipbpwn52wyy560xbxrzknsz-cairo-1.16.0
> guix package: error:... propagated from pango@1.42.4
> guix package: error:... propagated from gtk+@3.24.9
> hint: Try upgrading both `python-pycairo' and `gtk+', or remove one of them
> from
> the profile.

Have you tried that?

> I regularly do
>
> guix pull && guix package -u
>
> so I cannot recall how I got into this situation.   I have packages
> depending on both gtk+ and
> python-pycairo' so it seems I cannot just remove either one of them.  What
> would be the best approach to fix this?

Does “guix package -u” not fix this problem for you?  Or is this the
output of “guix package -u”?

-- 
Ricardo