[bug#77001,v2,8/8] services: krb5-service-type: Support launching KDC daemon.
Commit Message
* gnu/services/kerberos.scm (krb5-configuration): Add krb5,
kdc-shepherd-service? fields.
(krb5-activation, krb5-shepherd-services): New procedures.
(krb5-service-type): Use them.
Change-Id: I091ae2a6ef25f5ce95123c29588749483954c2ac
---
doc/guix.texi | 12 ++++++-----
gnu/services/kerberos.scm | 43 ++++++++++++++++++++++++++++++++++++---
2 files changed, 47 insertions(+), 8 deletions(-)
Comments
Hi,
I'm reviewing mostly just the doc part, which is the team I'm subscribed
to.
Tomas Volf <~@wolfsden.cz> writes:
[...]
> +++ b/doc/guix.texi
> @@ -32135,11 +32135,13 @@ Kerberos Services
>
> @subsubheading Krb5 Service
>
> -Programs using a Kerberos client library normally
> -expect a configuration file in @file{/etc/krb5.conf}.
> -This service generates such a file from a definition provided in the
> -operating system declaration.
> -It does not cause any daemon to be started.
> +Programs using a Kerberos client library normally expect a configuration
> +file in @file{/etc/krb5.conf}. This service generates such a file from
> +a definition provided in the operating system declaration.
> +
> +When @code{kdc-shepherd-service?} is set to @code{#t}, a shepherd
> +service for @acronym{KDC, Key Distribution Center} is created.
> +Otherwise no daemons are started.
I'd reword to more simply: "Whether a Shepherd service for @acronym{KDC,
Key Distribution Center} should be created." I'd find it also more
useful if the option was named: 'key-distribution-center?'. That it is
implemented as a service is an abstraction detail that is less important
for the user than the feature provided, in my opinion.
> No ``keytab'' files are provided by this service---you must explicitly create them.
> This service is known to work with the MIT client library, @code{mit-krb5}.
> diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm
> index fcb0ac1ab4..a721cf3be5 100644
> --- a/gnu/services/kerberos.scm
> +++ b/gnu/services/kerberos.scm
> @@ -18,10 +18,13 @@
> ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
>
> (define-module (gnu services kerberos)
> + #:use-module (gnu packages kerberos)
> #:use-module (gnu services)
> #:use-module (gnu services configuration)
> + #:use-module (gnu services shepherd)
> #:use-module (gnu system pam)
> #:use-module (guix gexp)
> + #:use-module (guix packages)
> #:use-module (guix records)
> #:use-module (srfi srfi-1)
> #:use-module (srfi srfi-34)
> @@ -417,7 +420,16 @@ (define-configuration krb5-configuration
>
> (realms
> (realm-list '())
> - "The list of realms which clients may access."))
> + "The list of realms which clients may access.")
> +
> + (krb5
> + (package mit-krb5)
> + "The package to use for @command{krb5kdc}.")
Maybe, "The package providing the @command{krb5kdc} command."
> +
> + (kdc-shepherd-service?
> + (boolean #f)
> + "Whether to generate a shepherd service for the @acronym{KDC, Key
> +Distribution Center} daemon." empty-serializer))
>
>
> (define (krb5-configuration-file config)
> @@ -432,15 +444,40 @@ (define (krb5-configuration-file config)
> (define (krb5-etc-service config)
> (list `("krb5.conf" ,(krb5-configuration-file config))))
>
> +(define (krb5-activation config)
> + (if (krb5-configuration-kdc-shepherd-service? config)
> + #~(begin
> + (use-modules (guix build utils))
> + (mkdir-p "/var/krb5kdc"))
> + #~#t))
> +
> +(define (krb5-shepherd-services config)
> + (match-record config <krb5-configuration>
> + (krb5 kdc-shepherd-service?)
> + (if kdc-shepherd-service?
> + (list
> + (shepherd-service
> + (documentation "Run a krb5kdc daemon.")
> + (provision '(krb5kdc))
> + (requirement '(user-processes))
> + (start #~(make-forkexec-constructor
> + '(#$(file-append krb5 "/sbin/krb5kdc") "-n")))
> + (stop #~(make-kill-destructor))))
> + '())))
> +
>
> (define krb5-service-type
> (service-type (name 'krb5)
> (extensions
> (list (service-extension etc-service-type
> - krb5-etc-service)))
> + krb5-etc-service)
> + (service-extension activation-service-type
> + krb5-activation)
> + (service-extension shepherd-root-service-type
> + krb5-shepherd-services)))
> (description "Programs using a Kerberos client library
> normally expect a configuration file in @file{/etc/krb5.conf}. This service
> -generates such a file. It does not cause any daemon to be started.")))
> +generates such a file and (optionally) a shepherd service to run a daemon.")))
s/shepherd/Shepherd/
Otherwise, LGTM for this 8/8 commit only.
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
--
Thanks,
Maxim
@@ -32135,11 +32135,13 @@ Kerberos Services
@subsubheading Krb5 Service
-Programs using a Kerberos client library normally
-expect a configuration file in @file{/etc/krb5.conf}.
-This service generates such a file from a definition provided in the
-operating system declaration.
-It does not cause any daemon to be started.
+Programs using a Kerberos client library normally expect a configuration
+file in @file{/etc/krb5.conf}. This service generates such a file from
+a definition provided in the operating system declaration.
+
+When @code{kdc-shepherd-service?} is set to @code{#t}, a shepherd
+service for @acronym{KDC, Key Distribution Center} is created.
+Otherwise no daemons are started.
No ``keytab'' files are provided by this service---you must explicitly create them.
This service is known to work with the MIT client library, @code{mit-krb5}.
@@ -18,10 +18,13 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services kerberos)
+ #:use-module (gnu packages kerberos)
#:use-module (gnu services)
#:use-module (gnu services configuration)
+ #:use-module (gnu services shepherd)
#:use-module (gnu system pam)
#:use-module (guix gexp)
+ #:use-module (guix packages)
#:use-module (guix records)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-34)
@@ -417,7 +420,16 @@ (define-configuration krb5-configuration
(realms
(realm-list '())
- "The list of realms which clients may access."))
+ "The list of realms which clients may access.")
+
+ (krb5
+ (package mit-krb5)
+ "The package to use for @command{krb5kdc}.")
+
+ (kdc-shepherd-service?
+ (boolean #f)
+ "Whether to generate a shepherd service for the @acronym{KDC, Key
+Distribution Center} daemon." empty-serializer))
(define (krb5-configuration-file config)
@@ -432,15 +444,40 @@ (define (krb5-configuration-file config)
(define (krb5-etc-service config)
(list `("krb5.conf" ,(krb5-configuration-file config))))
+(define (krb5-activation config)
+ (if (krb5-configuration-kdc-shepherd-service? config)
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p "/var/krb5kdc"))
+ #~#t))
+
+(define (krb5-shepherd-services config)
+ (match-record config <krb5-configuration>
+ (krb5 kdc-shepherd-service?)
+ (if kdc-shepherd-service?
+ (list
+ (shepherd-service
+ (documentation "Run a krb5kdc daemon.")
+ (provision '(krb5kdc))
+ (requirement '(user-processes))
+ (start #~(make-forkexec-constructor
+ '(#$(file-append krb5 "/sbin/krb5kdc") "-n")))
+ (stop #~(make-kill-destructor))))
+ '())))
+
(define krb5-service-type
(service-type (name 'krb5)
(extensions
(list (service-extension etc-service-type
- krb5-etc-service)))
+ krb5-etc-service)
+ (service-extension activation-service-type
+ krb5-activation)
+ (service-extension shepherd-root-service-type
+ krb5-shepherd-services)))
(description "Programs using a Kerberos client library
normally expect a configuration file in @file{/etc/krb5.conf}. This service
-generates such a file. It does not cause any daemon to be started.")))
+generates such a file and (optionally) a shepherd service to run a daemon.")))
�