bug#43762: ‘guix environment -C’ containers lack /etc/hosts

[Bengt Richter]

Hi Ludo,

On +2020-10-02 15:53:49 +0200, Ludovic Courtès wrote:
> Hi!
> 
> Look:
> 
> --8<---------------cut here---------------start------------->8---
> $ guix environment -C --ad-hoc coreutils -- cat /etc/hosts
> cat: /etc/hosts: No such file or directory
> $ guix describe
> Generacio 162   Oct 01 2020 00:23:38    (nuna)
>   guix 7607ace
>     repository URL: https://git.savannah.gnu.org/git/guix.git
>     branch: master
>     commit: 7607ace5091aea0157ba5c8a508129cc5fc4f931
> --8<---------------cut here---------------end--------------->8---
> 
> I think we should add /etc/hosts with an entry for “localhost”, just
> like libstore/build.cc does.
> 
> Ludo’.
> 

How sensitive is this data? E.g., compared to  /etc/hostname and 
/etc/machine-id ?

man machine-id says in part
--8<---------------cut here---------------start------------->8---
    This ID uniquely identifies the host. It should be considered 
"confidential", and must not be exposed in untrusted environments, in 
particular on
    the network. If a stable unique identifier that is tied to the machine is 
needed for some application, the machine ID or any part of it must not be
    used directly. Instead the machine ID should be hashed with a 
cryptographic, keyed hash function, using a fixed, application-specific key. 
That way
    the ID will be properly unique, and derived in a constant way from the 
machine ID but there will be no way to retrieve the original machine ID from
    the application-specific one. The sd_id128_get_machine_app_specific(3) API 
provides an implementation of such an algorithm.
--8<---------------cut here---------------end--------------->8---

And how do you pick an appropriate hostname (which often appears in /etc/hosts)
for an image that could be booted in the clouds, or like a live USB, on any 
compatible laptop?

-- 
Regards,
Bengt Richter