From patchwork Wed Mar 19 16:24:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 40439 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id ABCCC27BBE9; Wed, 19 Mar 2025 16:27:26 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_ALL,DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2B9B827BBE2 for ; Wed, 19 Mar 2025 16:27:26 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tuwG6-0006dB-J3; Wed, 19 Mar 2025 12:27:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tuwG1-0006cw-L6 for guix-patches@gnu.org; Wed, 19 Mar 2025 12:27:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tuwG0-0000UT-HV; Wed, 19 Mar 2025 12:27:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=lTXfkocgkeKK3Ub6c9gYAPqqOyzfmuWvO0E2T7qDEhA=; b=WCAt1mSD2nsMgNicUL15xH8xSh7kS/lURKVeCf/ADhxOtUSIHYNyRXQQ2ajCDPLOQOHj1TqDI/oOnM6coMuPGu2F2OCSYyFjT6TARAJvAV/yHoxm2R1UMlt4dWS/K587d6o7VHIFoy7TdlYOGVj/0l26s3nLNa3wyNnJvW5onPLJSfZe5Svz23scQKrW+DA5gLcJ1ZZbz7qYgrrhXU7dR29uakzHP+wQPwrj7q5fXcCl0qcRZ+ROF+4e/Yi6FVbs3rnZ1AkRPtJyHn4GfVNRo/AYCE22U8QEQ186uveK9Rrn6vgrh+MbzD2QATXo78gYjaZHFvpoqRc+sGNnNrAfVg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tuwG0-0007Vf-8z; Wed, 19 Mar 2025 12:27:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77001] [PATCH v2 8/8] services: krb5-service-type: Support launching KDC daemon. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Wed, 19 Mar 2025 16:27:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77001@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz>, Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77001-submit@debbugs.gnu.org id=B77001.174240157228350 (code B ref 77001); Wed, 19 Mar 2025 16:27:04 +0000 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:26:12 +0000 Received: from localhost ([127.0.0.1]:52717 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwF8-0007N0-QM for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:26:12 -0400 Received: from wolfsden.cz ([37.205.8.62]:51406) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwE5-000778-LA for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:13 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id B0B502984F4; Wed, 19 Mar 2025 16:25:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401500; bh=Oi6kYlstAyOW5qeycWYOh3FxtfPxgyo/stGUtDIjOig=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=oIjM82ytfFNFfKqMZ0u0IlKtgi8f4v/Sn6MilwU86e9d7z4QFmnNhbAWmQ+PJVUCK f2mg48DxUGpvJwI8x1Mm3o4JuMvON9iuypsl0y8Yp0hoQUkleprmXO6otRabH7ABJL /whHfLjUivP0mpXziwuk+qFl3UhQuT2SDQuIpVrGhVDB2bYzI1/xpuqN0KyTmbkwsh ZbNrMhzulPUtK5jOIOYvBrNdLxMauBP7wl/xs1OJWmV+M4E0agg3S2w1vw0o9AfX64 MJvSVineBnoDC4RBHJAIDQoZ44l39BIhUpyhOXZ/keEtOTI6u1ykYTk/aEyg3+Yxe3 SSVFNTVzmaIEewFM0PtcwSDCYj+5RLstg+EEFsckWUuBBV1OHzH8u/KDIjsVdIjljU 4kQ4LEoHup3zDsEkzWdJTSUbo4LMCY96IOUfCmik7+Uj7UeBeD3ISlaPpt8SqLQCUC NM5oDFMoPsafPYAYZqWkoj+UT3bYYtVUOBgMikjtIf2fdLFNVvqSsXI6v7rN5picUS kb2UsecYWlhG4WvS71JkMkZZllgM4vc5VZT5Oq2lOkZ9AL3f8TzSVV6iTfuqEhjwwT 8cPRX9tkg5KQRItCeIwH2PEpo+ivxBdPUh4R3JELpd2lPU82D33MXfpWfnZfVKvic/ ZB7ffeW5R4Wz5PAHFDJpjxmI= Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id D8A24299D16; Wed, 19 Mar 2025 16:24:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401499; bh=Oi6kYlstAyOW5qeycWYOh3FxtfPxgyo/stGUtDIjOig=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=d4SxaFAhgmah4uMB1P3drn4clLDjQL22c1QF5BRwe2RZTSMOlL+Kpif8zCO5IR/Fw Ln14Hred+AHGx48Kev8lBc/zTZDfuS8EJ5xqwV2Qnj46okSETWosZ8WsdCrjvNEQiK t2lev6gUheTbi7UZmqXRcvoRyx3s9gASW++rI4yEnUmuBXIx7zLRCnF+oYs3FkJESk w/QvVJ3umABzXSkpaF5qugWflIehrQH5ndCv3zcnocu60B7x1mBSO0CwzdH1WQA2C1 5TaFYO+cpjNtUEFNr4woeUg7lO+2eO9Q21LIyXryI/56nvQH36zv4azphv1F5PAHkB zFdzh348TtvU2hk42Eq+sW2Mj9I+jw+5hlZUOhazAuX6978OORITKBVTmVicSCngyR Tde3uXii6wy5LWQH+6mLmpz0RQXSVbY+az2IDz7huKllKWMihMnRqCno6AKGcYCJXQ iVZlQ8WsnhMUfPc+pQPSplASI4FAEhOR1g7rCBolln2YPQUhCMXWGt/ba90Mh3PphE 1Y4SR1/AH5UgwXNCiEIt3UvfcWnsgGw6uchLEOcxFZqm+dGkXpjJ+hYQKR0yNxC4ub a+A8uaBi5PQXfljRSjXbewWcKRaPoMAmgy/OYAsCExaiPanblzWnwwfvdSVULwpNtD aZ3LuwWs0hZTJg49nrJ7fqVw= From: Tomas Volf <~@wolfsden.cz> Date: Wed, 19 Mar 2025 17:24:34 +0100 Message-ID: <518d2488c89ccaf12e0cb1d491b6d66c1bdde925.1742401473.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/kerberos.scm (krb5-configuration): Add krb5, kdc-shepherd-service? fields. (krb5-activation, krb5-shepherd-services): New procedures. (krb5-service-type): Use them. Change-Id: I091ae2a6ef25f5ce95123c29588749483954c2ac Reviewed-by: Maxim Cournoyer --- doc/guix.texi | 12 ++++++----- gnu/services/kerberos.scm | 43 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index fe43ed2504..939683277b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32135,11 +32135,13 @@ Kerberos Services @subsubheading Krb5 Service -Programs using a Kerberos client library normally -expect a configuration file in @file{/etc/krb5.conf}. -This service generates such a file from a definition provided in the -operating system declaration. -It does not cause any daemon to be started. +Programs using a Kerberos client library normally expect a configuration +file in @file{/etc/krb5.conf}. This service generates such a file from +a definition provided in the operating system declaration. + +When @code{kdc-shepherd-service?} is set to @code{#t}, a shepherd +service for @acronym{KDC, Key Distribution Center} is created. +Otherwise no daemons are started. No ``keytab'' files are provided by this service---you must explicitly create them. This service is known to work with the MIT client library, @code{mit-krb5}. diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index fcb0ac1ab4..a721cf3be5 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -18,10 +18,13 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu services kerberos) + #:use-module (gnu packages kerberos) #:use-module (gnu services) #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) #:use-module (gnu system pam) #:use-module (guix gexp) + #:use-module (guix packages) #:use-module (guix records) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) @@ -417,7 +420,16 @@ (define-configuration krb5-configuration (realms (realm-list '()) - "The list of realms which clients may access.")) + "The list of realms which clients may access.") + + (krb5 + (package mit-krb5) + "The package to use for @command{krb5kdc}.") + + (kdc-shepherd-service? + (boolean #f) + "Whether to generate a shepherd service for the @acronym{KDC, Key +Distribution Center} daemon." empty-serializer)) (define (krb5-configuration-file config) @@ -432,15 +444,40 @@ (define (krb5-configuration-file config) (define (krb5-etc-service config) (list `("krb5.conf" ,(krb5-configuration-file config)))) +(define (krb5-activation config) + (if (krb5-configuration-kdc-shepherd-service? config) + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/krb5kdc")) + #~#t)) + +(define (krb5-shepherd-services config) + (match-record config + (krb5 kdc-shepherd-service?) + (if kdc-shepherd-service? + (list + (shepherd-service + (documentation "Run a krb5kdc daemon.") + (provision '(krb5kdc)) + (requirement '(user-processes)) + (start #~(make-forkexec-constructor + '(#$(file-append krb5 "/sbin/krb5kdc") "-n"))) + (stop #~(make-kill-destructor)))) + '()))) + (define krb5-service-type (service-type (name 'krb5) (extensions (list (service-extension etc-service-type - krb5-etc-service))) + krb5-etc-service) + (service-extension activation-service-type + krb5-activation) + (service-extension shepherd-root-service-type + krb5-shepherd-services))) (description "Programs using a Kerberos client library normally expect a configuration file in @file{/etc/krb5.conf}. This service -generates such a file. It does not cause any daemon to be started."))) +generates such a file and (optionally) a shepherd service to run a daemon.")))