Re: network-manager-openconnect setup
Hi! "Santana, Divan" writes: > Hi Guix, > > I'm glad to see network-manager-openconnect is now packaged! :) Thank > you to who ever did that. > > Trying to use it, after I installed it system wide and rebooted I get > this; > > ~ á sudo nmcli con up vpn-fnb --ask > Error: Connection activation failed: The VPN service > 'org.freedesktop.NetworkManager.openconnect' was not installed. > > I read the manual which says: > > ‘vpn-plugins’ (default: ‘'()’) > This is the list of available plugins for virtual private > networks (VPNs). An example of this is the > ‘network-manager-openvpn’ package, which allows NetworkManager > to manage VPNs via OpenVPN. > > I therefore tried this in my config > > (network-manager-service-type > config => (network-manager-configuration > (inherit config) > (dns "dnsmasq") > (vpn-plugins '("network-manager-openconnect")) > )) If nothing else, you should go with the `network-manager-openconnect' package object here. In your snippet, you are referring to the string "network-manager-openconnect" instead. Something like the following should solve your immediate issue: (vpn-plugins (list network-manager-openconnect)) > > But I get this error: > > --8<---cut here---start->8--- > ~ á sudo -E guix system reconfigure ~/.config/guix/system-config/swift.scm > Password: > Backtrace: > In srfi/srfi-1.scm: >592:29 19 (map1 (# â¦)) >592:29 18 (map1 (# â¦)) >592:29 17 (map1 (# â¦)) >592:29 16 (map1 (# â¦)) >592:29 15 (map1 (# â¦)) >592:29 14 (map1 (# â¦)) >592:29 13 (map1 (# â¦)) >592:29 12 (map1 (# â¦)) >592:29 11 (map1 (# â¦)) >592:29 10 (map1 (# â¦)) >592:29 9 (map1 (# â¦)) >592:29 8 (map1 (# â¦)) >592:29 7 (map1 (# â¦)) >592:29 6 (map1 (# â¦)) >592:29 5 (map1 (# â¦)) >592:29 4 (map1 (# â¦)) >592:17 3 (map1 ("network-manager-openconnect" #)) > In guix/inferior.scm: >588:24 2 (inferior-package->manifest-entry "network-manager-opeâ¦" â¦) > 363:4 1 (inferior-package-input-field "network-manager-openconâ¦" â¦) >307:18 0 (inferior-package-field _ _) > > guix/inferior.scm:307:18: In procedure inferior-package-field: > In procedure struct_vtable: Wrong type argument in position 1 (expecting > struct): "network-manager-openconnect" > --8<---cut here---end--->8--- > > > What am I doing wrong? > > Seperate topic: > > Bonus points for anyone who knows why when I copy and paste into Emacs I > get these weird characters. > >588:24 2 (inferior-package->manifest-entry "network-manager-opeâ¦" â¦) No clue, sorry :/ > > > This email is subject to a disclaimer. > > Visit the FNB website and view the email disclaimer by clicking the "About > FNB + Legal" and "Legal Matters" links. > If you are unable to access our website, please contact us to send you a copy > of the email disclaimer. You might want to reconsider adding this disclaimer, as this is a mailing list with publicly available archive at https://lists.gnu.org/archive/html/help-guix/
network-manager-openconnect setup
Hi Guix, I'm glad to see network-manager-openconnect is now packaged! :) Thank you to who ever did that. Trying to use it, after I installed it system wide and rebooted I get this; ~ á sudo nmcli con up vpn-fnb --ask Error: Connection activation failed: The VPN service 'org.freedesktop.NetworkManager.openconnect' was not installed. I read the manual which says: ‘vpn-plugins’ (default: ‘'()’) This is the list of available plugins for virtual private networks (VPNs). An example of this is the ‘network-manager-openvpn’ package, which allows NetworkManager to manage VPNs via OpenVPN. I therefore tried this in my config (network-manager-service-type config => (network-manager-configuration (inherit config) (dns "dnsmasq") (vpn-plugins '("network-manager-openconnect")) )) But I get this error: --8<---cut here---start->8--- ~ á sudo -E guix system reconfigure ~/.config/guix/system-config/swift.scm Password: Backtrace: In srfi/srfi-1.scm: 592:29 19 (map1 (# â¦)) 592:29 18 (map1 (# â¦)) 592:29 17 (map1 (# â¦)) 592:29 16 (map1 (# â¦)) 592:29 15 (map1 (# â¦)) 592:29 14 (map1 (# â¦)) 592:29 13 (map1 (# â¦)) 592:29 12 (map1 (# â¦)) 592:29 11 (map1 (# â¦)) 592:29 10 (map1 (# â¦)) 592:29 9 (map1 (# â¦)) 592:29 8 (map1 (# â¦)) 592:29 7 (map1 (# â¦)) 592:29 6 (map1 (# â¦)) 592:29 5 (map1 (# â¦)) 592:29 4 (map1 (# â¦)) 592:17 3 (map1 ("network-manager-openconnect" #)) In guix/inferior.scm: 588:24 2 (inferior-package->manifest-entry "network-manager-opeâ¦" â¦) 363:4 1 (inferior-package-input-field "network-manager-openconâ¦" â¦) 307:18 0 (inferior-package-field _ _) guix/inferior.scm:307:18: In procedure inferior-package-field: In procedure struct_vtable: Wrong type argument in position 1 (expecting struct): "network-manager-openconnect" --8<---cut here---end--->8--- What am I doing wrong? Seperate topic: Bonus points for anyone who knows why when I copy and paste into Emacs I get these weird characters. 588:24 2 (inferior-package->manifest-entry "network-manager-opeâ¦" â¦) This email is subject to a disclaimer. Visit the FNB website and view the email disclaimer by clicking the "About FNB + Legal" and "Legal Matters" links. If you are unable to access our website, please contact us to send you a copy of the email disclaimer.
Re: Customize PAM configuration
Important notice, thank you! I have read the detailed answer on this page: https://stackoverflow.com/questions/4129631/linux-securing-environment-variables and suppose I could use file instead variable. An alternative solution would probably be to configure sudoers file. But here comes the problem with running scripts with root privileges..
Re: Customize PAM configuration
Jone writes: > The password is entered once at login and exported > to environment variable. As a result, password is available during the user > session (for some automation with bash scripts). Please know that environment variables are readable in /proc and in the output of process managers. An environment variable is not a good place for a secret. -- Ricardo
Re: Customize PAM configuration
Thanks, Timothy! And sorry for my bad english. > I don’t fully understand what you are trying to do It's elementary! One password for any "local services", such as sudo, GPG encryption, etc. The password is entered once at login and exported to environment variable. As a result, password is available during the user session (for some automation with bash scripts). >From a security perspective, this well normal decision, in my opinion. Thanks for this example. I haven't used G-Expressions yet. In my case, the final script will of course be ordinary bash script (maybe in ~/). What can you say about this idea?
Re: Customize PAM configuration
Hi Jone, Jone writes: > Hello! I want enter user/root password only once per session. To do this, > it will probably be convenient to export the password to shell variable. > For example, adding this to PAM configuration file: > >auth sufficient pam_exec.so expose_authtok /path/to/script.sh > > But how to write it in system-config.scm? Sorry, I couldn't find any examples. I don’t fully understand what you are trying to do, but here’s your example translated into Guix: (operating-system ... (pam-services (append (list (pam-service (name "my-pam-service") ; or whatever (auth (list (pam-entry (control "sufficient") (module "pam_exec.so") (arguments (list "expose_authok" "/path/to/script.sh"))) (base-pam-services Note that the “arguments” field of “pam-entry” takes G-Expressions. This means that the script you want to execute could be a Guile script built using “program-file”. Alternatively, it could be a shell script built using “computed-file” or some script that is outside of the store using an absolute path. Hope that helps! -- Tim
Re: guix package conflict
On Sat, Aug 10 2019, Ricardo Wurmus wrote: hint: Try upgrading both `python-pycairo' and `gtk+', or remove one of them from the profile. Have you tried that? In particular, I think `guix package -i python-pycairo gtk+` might do the trick. Does “guix package -u” not fix this problem for you? Or is this the output of “guix package -u”? It looks like `guix package -u` compares the version of the package, and only updates if the package's version has changed (and even then, only if it has increased). This means that if a package's inputs (and thus its store hash) have changed, but its version has not, the version left in the profile will have outdated inputs, which can conflict if they are propagated. So `guix package -u` doesn't fix this problem. `guix package -i`, on the other hand, just installs whatever it's told to, so it will install the same package at the same version, but with updated inputs. Then all the propagated inputs end up being the same, so there is no conflict. Carlo
Re: guix package conflict
Hi Andy, > guix package: error: profile contains conflicting entries for cairo > guix package: error: first entry: cairo@1.16.0 > /gnu/store/4d8rc6vjkhsk1b20rigz0nzl7zffn4b5-cairo-1.16.0 > guix package: error:... propagated from python-pycairo@1.17.1 > guix package: error: second entry: cairo@1.16.0 > /gnu/store/cwqv36m84ipbpwn52wyy560xbxrzknsz-cairo-1.16.0 > guix package: error:... propagated from pango@1.42.4 > guix package: error:... propagated from gtk+@3.24.9 > hint: Try upgrading both `python-pycairo' and `gtk+', or remove one of them > from > the profile. Have you tried that? > I regularly do > > guix pull && guix package -u > > so I cannot recall how I got into this situation. I have packages > depending on both gtk+ and > python-pycairo' so it seems I cannot just remove either one of them. What > would be the best approach to fix this? Does “guix package -u” not fix this problem for you? Or is this the output of “guix package -u”? -- Ricardo