auto encrypt user passwords for opensmtpd-service

help-guix
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
auto encrypt user passwords for opensmtpd-service

From:	Joshua Branson
Subject:	auto encrypt user passwords for opensmtpd-service
Date:	Fri, 04 Nov 2022 13:27:24 -0400

I am currently trying to extend guix's opensmtpd-service, so that users may
configure the service via records. As a part of this journey, I thought it would
be cool, if users could specify password records like the following, which would
auto encrypt the passwords in the resulting configuration 1:

#+BEGIN_SRC scheme
(opensmtpd-table
 (name "cred-table")
 (data '(("joshua" . "password"))))
#+END_SRC

would turn into:

#+BEGIN_SRC text
table "creds-table" { "joshua" = 
"$6$yvZhvM.kFiUu0rGV$hbHcUimLf96eKlUFdGh1tIeKrmlL.cRgaftdefmf57R3iZ/L0iY7xVY/ytbqQuZS9b7yZj3Ju5l.INxjvZLuq0"
 }
#+END_SRC

Currently, users of opensmtpd, must generate user passwords manually, via the
following:

#+BEGIN_SRC shell
guix install opensmtpd
#+END_SRC

#+BEGIN_SRC shell
$(find /gnu/store -name '*encrypt*' | grep -m 1 opensmtpd) "password"
#+END_SRC

#+RESULTS:
: 
$6$3prHAJvjxNhDGz7G$74ENoGsV4AnxXiNvPnhS0d9.0Cj5ywgxBCwndgxfvSRHAUWeuOSpkmsTyHEFk4O4z.9dVkx3bMUiaX18HvTbA.

:TheActualFilePathOfTheEncryptBinary:
#+BEGIN_SRC shell
ls -lha $(find /gnu/store -name '*encrypt*' | grep -m 1 opensmtpd)
#+END_SRC

#+RESULTS:
: lrwxrwxrwx 1 root root 87 Dec 31  1969 
/gnu/store/i1bh9a0q9wshpmhl4dnkdkqygfq532dw-profile/libexec/opensmtpd/encrypt 
-> 
/gnu/store/qf84lf6nddsf1saan0qiv60qwz8hsic9-opensmtpd-6.8.0p2/libexec/opensmtpd/encrypt

:END:

I am trying to take a stab at auto-generating these user passwords, and as it
turns out... I really do NOT understand gexps.

In a guile repl, I am not getting, well anything to work.
#+BEGIN_SRC scheme
,use (gnu packages mail)
,use (guix gexps)
,use (guix monad-repl)
,m (gnu services mail)

#~(string-append #$(file-append opensmtpd "/sbin/smtpctl"))
$23 = #<gexp (string-append #<gexp-input #<file-append #<package 
opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> 
"/sbin/smtpctl">:out>) 7050f4a17750>
scheme@(gnu services mail) [11]> ,build $23
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (string-append #<gexp-input #<file-append 
#<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580> 
"/sbin/smtpctl">:out>) 7050f4a17750>
scheme@(gnu services mail) [11]> #~(begin (string-append #$opensmtpd 
"/sbin/smtpctl"))
$24 = #<gexp (begin (string-append #<gexp-input #<package opensmtpd@6.8.0p2 
gnu/packages/mail.scm:3114 7050f7f5f580>:out> "/sbin/smtpctl")) 7050f4532d50>
scheme@(gnu services mail) [11]> ,build $24
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (string-append #<gexp-input #<package 
opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 7050f7f5f580>:out> 
"/sbin/smtpctl")) 7050f4532d50>
scheme@(gnu services mail) [11]>
$25 = #<gexp (begin (system* (string-append opensmtpd "/sbin/smtpctl") " 
password\n")) 7050f4a6cd20>
scheme@(gnu services mail) [11]> ,build $25
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (system* (string-append opensmtpd 
"/sbin/smtpctl") " password\n")) 7050f4a6cd20>
scheme@(gnu services mail) [11]> (system* "ls")
ABOUT-NLS       build-aux         config.status  etc      guix         INSTALL  
    Makefile     po                                        scripts
aclocal.m4      ChangeLog         configure      gnu      guix-daemon  
libformat.a  Makefile.am  pre-inst-env                              test-env
AUTHORS         CODE-OF-CONDUCT   configure.ac   gnu.go   guix.go      
libstore.a   Makefile.in  README                                    tests
autom4te.cache  config-daemon.ac  COPYING        gnu.scm  guix.scm     
libutil.a    NEWS         ROADMAP                                   THANKS
bootstrap       config.log        doc            guile    HACKING      m4       
    nix          run-opensmtpd-record-sanitation-test.log  TODO
$26 = 0
scheme@(gnu services mail) [11]> #~(begin (system* (string-append opensmtpd #$ 
"/sbin/smtpctl") " password\n"))
$27 = #<gexp (begin (system* (string-append opensmtpd #<gexp-input 
"/sbin/smtpctl":out>) " password\n")) 7050f4364480>
scheme@(gnu services mail) [11]> ,build $27
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (system* (string-append opensmtpd 
#<gexp-input "/sbin/smtpctl":out>) " password\n")) 7050f4364480>
scheme@(gnu services mail) [11]> #~(begin $#opensmtpd)
$28 = #<gexp (begin #{$#opensmtpd}#) 705106769e70>
scheme@(gnu services mail) [11]> ,build $28
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin #{$#opensmtpd}#) 705106769e70>
scheme@(gnu services mail) [11]> #~(begin (mkdir #$output)
                                          (chdir #$output)
                                        #$opensmtpd)
$29 = #<gexp (begin (mkdir #<gexp-output out>) (chdir #<gexp-output out>) 
#<gexp-input #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:3114 
7050f7f5f580>:out>) 7050f5cd3f60>
scheme@(gnu services mail) [11]> ,build $29
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (mkdir #<gexp-output out>) (chdir 
#<gexp-output out>) #<gexp-input #<package opensmtpd@6.8.0p2 
gnu/packages/mail.scm:3114 7050f7f5f580>:out>) 7050f5cd3f60>
scheme@(gnu services mail) [11]> ,bt
           1 (string-append #<file-append #<package opensmtpd@6.8.0p2 
gnu/packages/mail.scm:3114 7050f7f5f580> "/sbin/smtpctl"> "/sbin/smtpctl")
In ice-9/boot-9.scm:
  1685:16  0 (raise-exception _ #:continuable? _)
scheme@(gnu services mail) [11]> #~(begin (mkdir $#output)
                                          (mkdir (string-append #$output) 
"/libexec")
                                          (string-append opensmtpd 
"/opensmtpd"))
$30 = #<gexp (begin (mkdir #{$#output}#) (mkdir (string-append #<gexp-output 
out>) "/libexec") (string-append opensmtpd "/opensmtpd")) 7050f5b271b0>
scheme@(gnu services mail) [11]> ,build $30
While executing meta-command:
ERROR:
  1. &gexp-input-error: #<gexp (begin (mkdir #{$#output}#) (mkdir 
(string-append #<gexp-output out>) "/libexec") (string-append opensmtpd 
"/opensmtpd")) 7050f5b271b0>
scheme@(gnu services mail) [11]>
#+END_SRC

Any tips, suggestions, or example code that I should look at would be very
helpful.  Thanks!

Joshua

1.  It is entirely possible, that it would be better for users to manually
   generate their own passwords.  And NOT allow the service to generate those
   passwords for them.  If that is your opinion, don't hesitate to let me know.
   :)
[Prev in Thread]
Current Thread
[Next in Thread]
auto encrypt user passwords for opensmtpd-service, Joshua Branson <=
Prev by Date: Re: which package gets built first?
Next by Date: Re: which package gets built first?
Previous by thread: Re: how to fix this G-exp?
Next by thread: Re: tor
Index(es):
- Date
- Thread