[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#52533: guix deploy breaks SSH access with a PAM error
From: |
Ludovic Courtès |
Subject: |
bug#52533: guix deploy breaks SSH access with a PAM error |
Date: |
Mon, 17 Jan 2022 17:13:17 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>> sshd could also be started via socket activation; ‘sshd’ subprocesses
>> corresponding to existing logins would be unaffected.
>>
>>> Also, it seems to me inetd can already do "socket activation", if this
>>> was somehow useful.
>>
>> Yes, inetd can do that. It would be nicer though to have it all
>> integrated in the Shepherd.
>
> I'm not sure. The beauty of Shepherd, in my eyes, when compared to
> other init systems, is that it is lean and clean. Leveraging what's
> already out there (and part of GNU) seems an obvious path to me, as it:
>
> 1. Means less code to write, document and maintain.
> 2. Creates more cohesion between various components of the GNU project.
Heheh, Guix was started to address #2 actually. Today, I think #2 is
okay but should not be an obstacle.
As for #1, sure, but Shepherd will need to grow a proper event loop
anyway, so socket activation won’t make much of a difference.
Also, taking a step back, systemd undoubtedly changed user expectations
for the better in terms of integration, monitoring, and logging. Having
the same level of integration in the Shepherd would be a step in that
direction.
>> (Basically, it’s a choice we could make right away: do we move all
>> network daemons, plus things like guix-daemon, dbus-daemon, etc. etc. to
>> inetd services, or do we instead extend the Shepherd to support socket
>> activation? I’m rather in favor of the latter, but if in Guix System we
>> build an abstraction that can equally well target inetd or a future
>> Shepherd version, that’s even better.)
>
> We could start with just targeting inetd, and build the abstraction
> later, if the need arises, perhaps? We may never need it.
Yes, so what I had in mind is, in Guix System, something like
<socket-activated-service>, which would kinda look like
<shepherd-service> but be lowered (for now) to an inetd service.
Thanks,
Ludo’.