From patchwork Wed Sep 20 14:36:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolaos Chatzikonstantinou X-Patchwork-Id: 54077 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 57E9227BBEA; Wed, 20 Sep 2023 15:50:21 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 754EE27BBE2 for ; Wed, 20 Sep 2023 15:50:20 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qiyWO-0001y6-RY; Wed, 20 Sep 2023 10:49:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qiyJy-00058x-9N for guix-patches@gnu.org; Wed, 20 Sep 2023 10:36:54 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qiyJx-00020T-CC for guix-patches@gnu.org; Wed, 20 Sep 2023 10:36:53 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qiyK6-0006SW-Ew for guix-patches@gnu.org; Wed, 20 Sep 2023 10:37:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66121] [PATCH] system: bare-bones: Add comments about nss-cert and NTP service. Resent-From: Nikolaos Chatzikonstantinou Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 20 Sep 2023 14:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 66121 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66121@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.169522060724801 (code B ref -1); Wed, 20 Sep 2023 14:37:02 +0000 Received: (at submit) by debbugs.gnu.org; 20 Sep 2023 14:36:47 +0000 Received: from localhost ([127.0.0.1]:60120 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qiyJq-0006Ru-Jk for submit@debbugs.gnu.org; Wed, 20 Sep 2023 10:36:46 -0400 Received: from lists.gnu.org ([2001:470:142::17]:55054) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qiyJp-0006Rg-GS for submit@debbugs.gnu.org; Wed, 20 Sep 2023 10:36:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qiyJY-0004Fr-3D for guix-patches@gnu.org; Wed, 20 Sep 2023 10:36:28 -0400 Received: from mail-yb1-xb2b.google.com ([2607:f8b0:4864:20::b2b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qiyJV-0001x3-7Y for guix-patches@gnu.org; Wed, 20 Sep 2023 10:36:26 -0400 Received: by mail-yb1-xb2b.google.com with SMTP id 3f1490d57ef6-d849df4f1ffso3977996276.0 for ; Wed, 20 Sep 2023 07:36:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695220583; x=1695825383; darn=gnu.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=ZHuQpToavjh73uQ40mNhikGi+eThtkWN5JAxh08teZU=; b=fugtjF4R8FxbJ7XAt/TtETXwjP2JUfTA6uf1/fDt+mCOgMGuO5H01zAaOjTQGRX3N5 UOoZnU5ovLfGVsRfUEo7Q5O2PrOGkkBXvhBeh6rQsQIU9Ak1v5YZFVRRYj4KLnmLfEhN DDadz9MUIIfRlXmuw5ZVcGGlXQ03Ok7zV9Hm7/caP9QOAY7L6XkxhRqzWgwrmnaIEvGi x8lOo2laBBdQk0tQE5HGeRRGA5BjO1FN93BX2gVACsSQEvGAsV63H7C9lxT7NSxunvYI Ypa8rfUk2hfJVvo58Rx9e2jrZnGHSadM7tNN1iQ7TOMHHHBRskTrludrmhQC49gqfb/n jNHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695220583; x=1695825383; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ZHuQpToavjh73uQ40mNhikGi+eThtkWN5JAxh08teZU=; b=K66bJJjhMAvTTv/Ni+uMZdMBavGgg87wwjdk9KUM59nBISzmz9MyrKV0e+6VsVw88C DMxknLXra6PyWnjDugSwEOToopgRt0RqALvgkxTqKS9N31uwib2Sr6UW87EpGP13oyfU 4Dt1bZmfIJwfa3WAxL+fl4jy1FlmoUZmDs40El0EqODO11/1cGIgX/dqAJ2IJjIZiAC2 11JtTWAnY9xocENUA7xs8orO3SuGwC6OPZpguhtSnU5+vMlFrp0xdqyhYqw0kNI6M3p4 kGRrFRoUM71wCbpwI2w8d3t1gRosZgcVW+TXcaw8RBEKdaVyVckALeIoPRrzvzePBHTX D8fQ== X-Gm-Message-State: AOJu0Yxwitol2MXRhxFmtZ1X45AEN9NwiOV8kuaS4X/Lfhl6QYuz0ZKG szytBn7EPm9pBcjdP33nYl4ckvUR+XXYCu6GJUkBc6Ql X-Google-Smtp-Source: AGHT+IFjdYOp8bAdJxiyDvd4IarSBluAkBhNr7+Dd3fF8LcohXY0xEHBszEfmEwAdJx7lzOJiuGzpdCEik80Vij74YU= X-Received: by 2002:a25:690d:0:b0:d44:351c:8ac2 with SMTP id e13-20020a25690d000000b00d44351c8ac2mr3007906ybc.35.1695220583352; Wed, 20 Sep 2023 07:36:23 -0700 (PDT) MIME-Version: 1.0 From: Nikolaos Chatzikonstantinou Date: Wed, 20 Sep 2023 17:36:12 +0300 Message-ID: Received-SPF: pass client-ip=2607:f8b0:4864:20::b2b; envelope-from=nchatz314@gmail.com; helo=mail-yb1-xb2b.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Wed, 20 Sep 2023 10:49:43 -0400 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Just adding some clarifying comments on the bare-bones configuration. When I first used the bare-bones configuration I had TLS issues, but thankfully I was aided by the IRC support channel. On my own I would've been lost because I wouldn't be able to guess there were CA certificates I was missing. Because truly bare-bones setups may want to avoid both an NTP service and Mozilla's CA certificates, I decided to only add them as comment suggestions. Regards, Nikolaos Chatzikonstantinou From 7feb542b50ad29e5de5208c503f92993e4b86a01 Mon Sep 17 00:00:00 2001 From: Nikolaos Chatzikonstantinou Date: Wed, 20 Sep 2023 17:13:11 +0300 Subject: [PATCH] system: bare-bones: Add comments about nss-cert and NTP service. TLS errors may be confusing to some users. Two comments are added: one comment should help clarify the extra step required for root CA certificates to be installed, while the other will help users keep their clocks synchronized, another source of TLS errors due to clock drift. * gnu/system/examples/bare-bones.tmpl: Add nss-cert and NTP service comments. Signed-off-by: Nikolaos Chatzikonstantinou --- gnu/system/examples/bare-bones.tmpl | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl index 45b4995574..dc6aff5273 100644 --- a/gnu/system/examples/bare-bones.tmpl +++ b/gnu/system/examples/bare-bones.tmpl @@ -4,6 +4,9 @@ (use-modules (gnu)) (use-service-modules networking ssh) +;; If you want to use HTTPS, you most likely want to include +;; "certs" in the line below. Also read the comment about +;; "nss-certs" later in this file. (use-package-modules screen ssh) (operating-system @@ -43,10 +46,12 @@ %base-user-accounts)) ;; Globally-installed packages. + ;; Add "nss-certs" for Mozilla's approved CA certs. You would + ;; have to have included "certs" in use-package-modules above. (packages (cons screen %base-packages)) - ;; Add services to the baseline: a DHCP client and - ;; an SSH server. + ;; Add services to the baseline: a DHCP client and an SSH + ;; server. You may wish to add an NTP service here. (services (append (list (service dhcp-client-service-type) (service openssh-service-type (openssh-configuration -- 2.39.2