From patchwork Sat Jan 15 13:49:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josselin Poiret X-Patchwork-Id: 566 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 4D57C27BBEA; Sat, 15 Jan 2022 13:54:01 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 0512E27BBE9 for ; Sat, 15 Jan 2022 13:54:01 +0000 (GMT) Received: from localhost ([::1]:43640 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n8jVI-0000Vu-6u for patchwork@mira.cbaines.net; Sat, 15 Jan 2022 08:54:00 -0500 Received: from eggs.gnu.org ([209.51.188.92]:37740) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n8jSR-0005DS-4r for guix-patches@gnu.org; Sat, 15 Jan 2022 08:51:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:46617) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n8jSQ-0004EE-OC for guix-patches@gnu.org; Sat, 15 Jan 2022 08:51:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1n8jSQ-0001qU-FL for guix-patches@gnu.org; Sat, 15 Jan 2022 08:51:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#53063] [PATCH v2 wip-harden-installer 00/18] General improvements to the installer Resent-From: Josselin Poiret Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 15 Jan 2022 13:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 53063 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Mathieu Othacehe Cc: 53063@debbugs.gnu.org, ludo@gnu.org, Josselin Poiret Received: via spool by 53063-submit@debbugs.gnu.org id=B53063.16422546306891 (code B ref 53063); Sat, 15 Jan 2022 13:51:02 +0000 Received: (at 53063) by debbugs.gnu.org; 15 Jan 2022 13:50:30 +0000 Received: from localhost ([127.0.0.1]:39472 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n8jRt-0001mp-Kv for submit@debbugs.gnu.org; Sat, 15 Jan 2022 08:50:30 -0500 Received: from jpoiret.xyz ([206.189.101.64]:48130) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n8jRo-0001mH-LQ for 53063@debbugs.gnu.org; Sat, 15 Jan 2022 08:50:28 -0500 Received: from authenticated-user (jpoiret.xyz [206.189.101.64]) by jpoiret.xyz (Postfix) with ESMTPA id 49A86184C99; Sat, 15 Jan 2022 13:50:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim; t=1642254622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9UYggPvCU4ArqdLCCkosWTpKpRczDulM0rlXZCijdQY=; b=h5juTFF5b7bWOAizX59iku5J1tZbVTueKhYVLXihXLGLxTvrtO6Ww0z9xiAAbc2NYQDHPH Z8b8Rdpf9crBUDsO05xGZYZMyzAlmRI8Ey/16Um6PfsmllrL5ionjKPLcwa1GRCtqY1lIf 2U7n02cs/Sttk6obfidThvxmbVwuRbSwzzV3KMase/iSo7AJuxZ2efm6OoOJjZGb/+90Kb /ElbyasQ0OG3njHaJU2thAiJmbGkprXWpGlViSwv9bEmZSjf17OZC628SRfETtYN8fltwK dPc6jDoJcNl4QtjFWTeP/irdkpnU0AgdH4i2XFlRp4GYVxK8sWgaVGgHMxQlNQ== Date: Sat, 15 Jan 2022 14:49:53 +0100 Message-Id: <20220115135011.5817-1-dev@jpoiret.xyz> In-Reply-To: <8735lz4xsv.fsf@gnu.org> References: <8735lz4xsv.fsf@gnu.org> MIME-Version: 1.0 X-Spamd-Bar: ++++ Authentication-Results: jpoiret.xyz; auth=pass smtp.auth=jpoiret@jpoiret.xyz smtp.mailfrom=dev@jpoiret.xyz X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" Reply-to: Josselin Poiret X-ACL-Warn: , Josselin Poiret via Guix-patches X-Patchwork-Original-From: Josselin Poiret via Guix-patches via From: Josselin Poiret X-getmail-retrieved-from-mailbox: Patches Hello again Mathieu and Ludo, Here is a v2 that should follow the suggestions: the installer now only shows command output and status when the command fails, so that shouldn't break the installer tests. The internal mechanism to capture a command's output and error was reworked along Ludo's advice, and now uses open-pipe* instead (with a small workaround to avoid https://debbugs.gnu.org/cgi/bugreport.cgi?bug=52835). The second to last commit makes password objects opaque, so that installer dumps don't accidentally contain them in cleartext. Finally, the last commit (a big one) lets users choose whether to dump or not from the error page, and from there they can choose and edit the files (using nano) they would like to include in the dump archive. It expands upon the initial work of Mathieu in 84d0d8ad3d. For now, you can choose to include the installer backtrace, the installer result alist, and the syslog and dmesg. We could also include a more stripped down installer-log that the new logging facility produces, but I think that it should be enough for now. Things work smoothly on my end, but the installer test "gui-installed-os" seems to fail while running `guix system init`, when building linux-libre, but it seems unrelated to this patchset. Best, Josselin Josselin Poiret (18): installer: Use define instead of let at top-level. installer: Generalize logging facility. installer: Use new installer-log-line everywhere. installer: Un-export syslog syntax. installer: Keep PATH inside the install container. installer: Remove specific logging code. installer: Capture external commands output. installer: Add installer-specific run command process. installer: Use run-command-in-installer in (gnu installer parted). installer: Raise condition when mklabel fails. installer: Fix run-file-textbox-page when edit-button is #f. installer: Replace run-command by invoke in newt/page.scm. installer: Add nano to PATH. installer: Use named prompt to abort or break installer steps. installer: Add error page when running external commands. installer: Use dynamic-wind to setup installer. installer: Turn passwords into opaque records. installer: Make dump archive creation optional and selective. gnu/installer.scm | 95 ++++++++++-------- gnu/installer/dump.scm | 67 ++++++++----- gnu/installer/final.scm | 28 +++--- gnu/installer/newt.scm | 126 +++++++++++++++++++----- gnu/installer/newt/dump.scm | 36 ------- gnu/installer/newt/ethernet.scm | 8 +- gnu/installer/newt/final.scm | 12 +-- gnu/installer/newt/keymap.scm | 8 +- gnu/installer/newt/locale.scm | 25 ++--- gnu/installer/newt/network.scm | 16 +-- gnu/installer/newt/page.scm | 163 +++++++++++++++++++++++++++++-- gnu/installer/newt/partition.scm | 10 +- gnu/installer/newt/services.scm | 16 +-- gnu/installer/newt/timezone.scm | 4 +- gnu/installer/newt/user.scm | 11 +-- gnu/installer/newt/welcome.scm | 2 +- gnu/installer/newt/wifi.scm | 4 +- gnu/installer/parted.scm | 104 +++++++++----------- gnu/installer/record.scm | 12 ++- gnu/installer/steps.scm | 127 +++++++++++------------- gnu/installer/user.scm | 18 +++- gnu/installer/utils.scm | 158 +++++++++++++++++++++++++----- gnu/local.mk | 1 - 23 files changed, 656 insertions(+), 395 deletions(-) delete mode 100644 gnu/installer/newt/dump.scm