From patchwork Fri Dec 1 00:45:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 57164 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9737027BBEA; Fri, 1 Dec 2023 00:46:13 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8375F27BBE2 for ; Fri, 1 Dec 2023 00:46:12 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r8rfH-0007an-Jy; Thu, 30 Nov 2023 19:45:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r8rfG-0007Zw-5e for guix-patches@gnu.org; Thu, 30 Nov 2023 19:45:54 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r8rfF-0002fw-PO for guix-patches@gnu.org; Thu, 30 Nov 2023 19:45:53 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r8rfO-0008RM-0d for guix-patches@gnu.org; Thu, 30 Nov 2023 19:46:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67555] [PATCH 1/2] services: kerberos.scm: Rename krb5-service-type and krb5-configuration. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 01 Dec 2023 00:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67555 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67555@debbugs.gnu.org Cc: Felix Lechner Received: via spool by 67555-submit@debbugs.gnu.org id=B67555.170139154832412 (code B ref 67555); Fri, 01 Dec 2023 00:46:01 +0000 Received: (at 67555) by debbugs.gnu.org; 1 Dec 2023 00:45:48 +0000 Received: from localhost ([127.0.0.1]:54763 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r8rfA-0008Qh-9Z for submit@debbugs.gnu.org; Thu, 30 Nov 2023 19:45:48 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:60898) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r8rf8-0008QZ-A7 for 67555@debbugs.gnu.org; Thu, 30 Nov 2023 19:45:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=5Ay5GIgtBpEOjs3 0ZAwBJLf93Kk+UFpi2OEqz7wER9M=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=P/OQnjJ34APwSk0YRdkhJO3Q1T09xNJmKoeecKHp cU0zQeKV4romXn1zc9BxGXgtS/DembtjIkJheXAEBZ9qxP7RHLP/np/hOHJ2Y+YZT/uDCn wbR9DRKIYsxBQiBJM+0vgI/HxFtHL2WEKzDyp8N8kVgbN0bzJmM07JWzwzY7c= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 8cdcaadf (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Fri, 1 Dec 2023 00:45:36 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 9dcd47a8; Fri, 1 Dec 2023 00:45:36 +0000 (UTC) Date: Thu, 30 Nov 2023 16:45:11 -0800 Message-ID: <7f5ebe249e930c046dafdfc3fb31985d5b820b07.1701390969.git.felix.lechner@lease-up.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches In preparation for a nearby commit that will add actual Kerberos services to Guix, the older names were made more specific. The original names were misleading and too generic. The krb5-service-type provided no service at all but merely created a file at /etc/krb5.conf that is needed to associate equipment with a Kerberos realm. The original names further suggested that at least some of the needed servers might be started, making it necessary to clarify otherwise in the documentation. Change-Id: I951c16aedcf1141d7d947f984cf89c22d3cc96ce --- doc/guix.texi | 16 ++++++++-------- gnu/services/kerberos.scm | 19 ++++++++++++++----- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 1fd2e21608..a5119d2058 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -29963,10 +29963,10 @@ Kerberos Services @subsection Kerberos Services @cindex Kerberos -The @code{(gnu services kerberos)} module provides services relating to -the authentication protocol @dfn{Kerberos}. +@subsubheading Krb5 Association Service -@subsubheading Krb5 Service +The @code{(gnu services kerberos)} module provides miscellaneous +services relating to the authentication protocol @dfn{Kerberos}. Programs using a Kerberos client library normally expect a configuration file in @file{/etc/krb5.conf}. @@ -29978,15 +29978,15 @@ Kerberos Services This service is known to work with the MIT client library, @code{mit-krb5}. Other implementations have not been tested. -@defvar krb5-service-type +@defvar krb5-association-service-type A service type for Kerberos 5 clients. @end defvar @noindent Here is an example of its use: @lisp -(service krb5-service-type - (krb5-configuration +(service krb5-association-service-type + (krb5-association-configuration (default-realm "EXAMPLE.COM") (allow-weak-crypto? #t) (realms (list @@ -30010,7 +30010,7 @@ Kerberos Services @item Accepts services which only support encryption types known to be weak. @end itemize -The @code{krb5-realm} and @code{krb5-configuration} types have many fields. +The @code{krb5-realm} and @code{krb5-association-configuration} types have many fields. Only the most commonly used ones are described here. For a full list, and more detailed explanation of each, see the MIT @uref{https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html,,krb5.conf} @@ -30035,7 +30035,7 @@ Kerberos Services @end table @end deftp -@deftp {Data Type} krb5-configuration +@deftp {Data Type} krb5-association-configuration @table @asis @item @code{allow-weak-crypto?} (default: @code{#f}) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index a6f540a9b6..ec9b6c10b5 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -20,6 +20,7 @@ (define-module (gnu services kerberos) #:use-module (gnu services) #:use-module (gnu services configuration) #:use-module (gnu system pam) + #:use-module (guix deprecation) #:use-module (guix gexp) #:use-module (guix records) #:use-module (srfi srfi-1) @@ -33,6 +34,10 @@ (define-module (gnu services kerberos) krb5-realm krb5-realm? + krb5-association-configuration + krb5-association-configuration? + krb5-association-service-type + krb5-configuration krb5-configuration? krb5-service-type)) @@ -228,7 +233,7 @@ (define-configuration krb5-realm ;; For a more detailed explanation of these fields see man 5 krb5.conf -(define-configuration krb5-configuration +(define-configuration krb5-association-configuration (allow-weak-crypto? (boolean/unset unset-field) "If true, permits access to services which only offer weak encryption.") @@ -394,20 +399,20 @@ (define-configuration krb5-configuration "The list of realms which clients may access.")) -(define (krb5-configuration-file config) +(define (krb5-association-configuration-file config) "Create a Kerberos 5 configuration file based on CONFIG" (mixed-text-file "krb5.conf" "[libdefaults]\n\n" (with-output-to-string (lambda () (serialize-configuration config - krb5-configuration-fields))))) + krb5-association-configuration-fields))))) (define (krb5-etc-service config) - (list `("krb5.conf" ,(krb5-configuration-file config)))) + (list `("krb5.conf" ,(krb5-association-configuration-file config)))) -(define krb5-service-type +(define krb5-association-service-type (service-type (name 'krb5) (extensions (list (service-extension etc-service-type @@ -416,6 +421,10 @@ (define krb5-service-type normally expect a configuration file in @file{/etc/krb5.conf}. This service generates such a file. It does not cause any daemon to be started."))) +(define-deprecated krb-configuration krb5-association-configuration) +(define-deprecated krb-configuration? krb5-association-configuration?) +(define-deprecated krb-service-type krb5-association-service-type) + (define-record-type*