From patchwork Thu Mar 13 22:19:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 40148 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D8D7E27BBEA; Thu, 13 Mar 2025 22:22:02 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_ALL,DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 1997527BBE2 for ; Thu, 13 Mar 2025 22:22:02 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tsqvT-0001Ut-Ti; Thu, 13 Mar 2025 18:21:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tsqvL-0001S8-GM for guix-patches@gnu.org; Thu, 13 Mar 2025 18:21:08 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tsqvJ-0007gG-Tt; Thu, 13 Mar 2025 18:21:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=f7aPkk6s3YnFXMrh+j8hqbXP7Z6BOCUWkZXmNT5lfxs=; b=CtEDBMjKHXKlFgaLaUlzoInQLbzpcxOXma59wlFESumo8MlTffdSqWa/9kUQLK470PGbG+kUdnzncq7lPDSf9LQ8R/08w4UBkKFN3p0As34LgGp25poYFEyAnBSFjgklje5Lec/yLbPmP0S5H2Isl5Qxa6fOtbGH3AxJ1hCTbZT4a34lesrkyYfEp4k7EDZmAcJC4FG++NDLaOE8wN1ogV2BE7uxsyrbJmxZ3CKx9jm1l8347T8qA9QfsRN45y1eHV+RWA/hd1OQcUcdCl5lVoftbhfIp7L7YFh6BVCg3vvJLmBxclgdiE03IP3+qLSgvJxOlvS603DzlH98U237QQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tsqvJ-0004ME-LH; Thu, 13 Mar 2025 18:21:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77001] [PATCH 8/8] services: krb5-service-type: Support launching KDC daemon. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Thu, 13 Mar 2025 22:21:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77001@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz>, Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77001-submit@debbugs.gnu.org id=B77001.174190442316604 (code B ref 77001); Thu, 13 Mar 2025 22:21:05 +0000 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:23 +0000 Received: from localhost ([127.0.0.1]:58710 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsqud-0004Jd-1A for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:23 -0400 Received: from wolfsden.cz ([37.205.8.62]:39368) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquM-0004Cr-As for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:08 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 4147629C9AA; Thu, 13 Mar 2025 22:20:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904405; bh=WmtN665r4J5+lJ7TZXqEPoUma1BpLX0nWzOE5ShZzo8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=bZ8lqjyqc3JXNM8sTRx5ETC+YsIv8vzod4Cx5b777r4LTUVm47XwWg8VjZtKBlMgr 8ejtN+G5D7fltWvNxTPGewj0sUnstbUxE8C08Y5Y0OSz67rDv8xJirYl4k/ERQF4tk zJ0Gx7C2ZMHV2TuJ3AaCwxuqUhvPJrwATLE8mWQTiMkvz3W5boVYQsY0E4WRvwo50+ D4v0SXfcHX9TOACaS6JKJuGfGCzbh1tRh4sMTz7RBSjORPJLXqUcEVY9MdkTxPEV1R cIorbkS2ZaZzmhDVmrsbl7/c4sIAUdYrtncLfY2GAMFt89vkL/CicguVLmX5gFWth6 5Y8kSD64jSWq3larMhBOK+93FvXtMyUuLOzQVfQ03eIKLQGH3dSEyf2ppgz+s2rweS Carzd/nrzR7wlQgussKUdz+SIB9HcicCjWaGF/fiuGwTftW58royAHZhM9G7rwPXRp AucmCpXMH+NWqV7I6zpfIpTm93efGg5i1bDZYDt31PYssOXppyl0rK+GTDDXeuogxz yzJOniV0G9961vAL9EnjXr0lsWYylrTYHSpYuHVjySKHuhxUihG9TqKj0VXbqsL03p VAYcIchIuPpKvE3Tr4hWgFK0CYoSO6LgV0gaYzI9qU8Mf85wSkYBR4goTGZCcs50na a2NUhpGBXwvEuWCbRP0H6GT8= Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id AA5F929C88F; Thu, 13 Mar 2025 22:20:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904404; bh=WmtN665r4J5+lJ7TZXqEPoUma1BpLX0nWzOE5ShZzo8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=YaI+xEHMYFGH5EGglTJaaNC/gL9j/XHG7Rqp3AXgmt4/7BSjUO7DoigsJPZ8oJUEe cE1zQnChrEMa2v13i5/65vVUvovoW9oKDV4n8487v5TiPUpFwTC1sDh8Ez5F07bKsS vEINYDF2VWxOuv8JAYhUSx3gEtS/8R0E68uZ2e4JJueXwfWjItId/AEHzCkBuF/7S8 A1t+N6li1Re2ahZm+XcqY5iXcQh4fCQx4nASNGPdwOO2oJStYP6SHdHGp5sTIquipu xf75nsDVA0fVH+sLiOFX3WROd3C9U/jGt0Xwl7He1DaR+UY/6Cn3XRQqCgBEFnGkJ4 gr1Jir7Zl9DGBLOnqcbM2e11EPfrOvmjAjPigD+sq20mdS8kDpUeFB1VKjwM7psuCT VBwbQk+vZChScUdEteOX3nQgEt290vutnyoN2hdS6L3PZXIEF6cLU8wzq+lIinC/JN D7QeP3dG2EdLhK+MdRRfOUUwBYAf6mGbCpoXQ+CJDN9f403htNk8lApZDA5eEXuw7I a1+SmVSd5v510rRrHkB70eH7DsIE/9XOTzu1Ow+eVbTC/PYf3fYJUOD8bsMZSmT9jW 6LqAdyhEVNhmamdl+x0k/UH0p1K0LFhOFGtrWLPdzAnKDO/1eTKnJ48a2714vKeSQ8 mphkJEilNyf8UJu/IxeoYkVE= From: Tomas Volf <~@wolfsden.cz> Date: Thu, 13 Mar 2025 23:19:51 +0100 Message-ID: <152c7158621d0b623dfa36365a80370f69b2e06a.1741904210.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/kerberos.scm (krb5-configuration): Add krb5, kdc-shepherd-service? fields. (krb5-activation, krb5-shepherd-services): New procedures. (krb5-service-type): Use them. Change-Id: I091ae2a6ef25f5ce95123c29588749483954c2ac --- doc/guix.texi | 12 ++++++----- gnu/services/kerberos.scm | 43 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 05c855c5ea..a58cf40b63 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32125,11 +32125,13 @@ Kerberos Services @subsubheading Krb5 Service -Programs using a Kerberos client library normally -expect a configuration file in @file{/etc/krb5.conf}. -This service generates such a file from a definition provided in the -operating system declaration. -It does not cause any daemon to be started. +Programs using a Kerberos client library normally expect a configuration +file in @file{/etc/krb5.conf}. This service generates such a file from +a definition provided in the operating system declaration. + +When @code{kdc-shepherd-service?} is set to @code{#t}, a shepherd +service for @acronym{KDC, Key Distribution Center} is created. +Otherwise no daemons are started. No ``keytab'' files are provided by this service---you must explicitly create them. This service is known to work with the MIT client library, @code{mit-krb5}. diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index 1e826a1455..3d1ab01cb8 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -17,10 +17,13 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu services kerberos) + #:use-module (gnu packages kerberos) #:use-module (gnu services) #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) #:use-module (gnu system pam) #:use-module (guix gexp) + #:use-module (guix packages) #:use-module (guix records) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) @@ -416,7 +419,16 @@ (define-configuration krb5-configuration (realms (realm-list '()) - "The list of realms which clients may access.")) + "The list of realms which clients may access.") + + (krb5 + (package mit-krb5) + "The package to use for @command{krb5kdc}.") + + (kdc-shepherd-service? + (boolean #f) + "Whether to generate a shepherd service for the @acronym{KDC, Key +Distribution Center} daemon." empty-serializer)) (define (krb5-configuration-file config) @@ -431,15 +443,40 @@ (define (krb5-configuration-file config) (define (krb5-etc-service config) (list `("krb5.conf" ,(krb5-configuration-file config)))) +(define (krb5-activation config) + (if (krb5-configuration-kdc-shepherd-service? config) + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/krb5kdc")) + #~#t)) + +(define (krb5-shepherd-services config) + (match-record config + (krb5 kdc-shepherd-service?) + (if kdc-shepherd-service? + (list + (shepherd-service + (documentation "Run a krb5kdc daemon.") + (provision '(krb5kdc)) + (requirement '(user-processes)) + (start #~(make-forkexec-constructor + '(#$(file-append krb5 "/sbin/krb5kdc") "-n"))) + (stop #~(make-kill-destructor)))) + '()))) + (define krb5-service-type (service-type (name 'krb5) (extensions (list (service-extension etc-service-type - krb5-etc-service))) + krb5-etc-service) + (service-extension activation-service-type + krb5-activation) + (service-extension shepherd-root-service-type + krb5-shepherd-services))) (description "Programs using a Kerberos client library normally expect a configuration file in @file{/etc/krb5.conf}. This service -generates such a file. It does not cause any daemon to be started."))) +generates such a file and (optionally) a shepherd service to run a daemon.")))