From patchwork Thu Jun 20 03:44:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Sent X-Patchwork-Id: 65506 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 70F9727BBEA; Thu, 20 Jun 2024 04:46:56 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id DFC8E27BBE2 for ; Thu, 20 Jun 2024 04:46:53 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sK8kP-0006vH-9h; Wed, 19 Jun 2024 23:46:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sK8kN-0006uI-CU for guix-patches@gnu.org; Wed, 19 Jun 2024 23:46:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sK8kN-0007TF-4K; Wed, 19 Jun 2024 23:46:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sK8kN-0006a1-8a; Wed, 19 Jun 2024 23:46:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71662] [PATCH v2 2/5] services: backup: Add password-command support to restic-service Resent-From: Richard Sent Original-Sender: "Debbugs-submit" Resent-CC: pelzflorian@pelzflorian.de, ludo@gnu.org, matt@excalamus.com, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Thu, 20 Jun 2024 03:46:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 71662 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 71662@debbugs.gnu.org, 71639@debbugs.gnu.org Cc: Richard Sent , Florian Pelz , Ludovic =?utf-8?q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer X-Debbugs-Original-To: guix-patches@gnu.org, 71639@debbugs.gnu.org X-Debbugs-Original-Xcc: Florian Pelz , Ludovic =?utf-8?q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer Received: via spool by submit@debbugs.gnu.org id=B.171885513025136 (code B ref -1); Thu, 20 Jun 2024 03:46:03 +0000 Received: (at submit) by debbugs.gnu.org; 20 Jun 2024 03:45:30 +0000 Received: from localhost ([127.0.0.1]:41523 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sK8jq-0006XL-9z for submit@debbugs.gnu.org; Wed, 19 Jun 2024 23:45:30 -0400 Received: from lists.gnu.org ([209.51.188.17]:42654) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sK8jm-0006Wr-8g for submit@debbugs.gnu.org; Wed, 19 Jun 2024 23:45:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sK8ji-0006hM-AY for guix-patches@gnu.org; Wed, 19 Jun 2024 23:45:22 -0400 Received: from mail-108-mta171.mxroute.com ([136.175.108.171]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sK8jg-0007En-Bu for guix-patches@gnu.org; Wed, 19 Jun 2024 23:45:22 -0400 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta171.mxroute.com (ZoneMTA) with ESMTPSA id 19033bfa8c000017a3.002 for (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Thu, 20 Jun 2024 03:45:16 +0000 X-Zone-Loop: 550f7fdd743d054c550dfccec133bac546296e6d7205 X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=freakingpenguin.com; s=x; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=yyBICg4O1y0fUS6c0vVAsrc8LuuVW7gya8VicEXI1fk=; b=GV2Ok24XjA7ipc7LweVS/akMPJ GnvlF2ytNRNvCP97oj09QU6JHrsJPziR1VEk9mqgEKju/D62kCwzQ9T5IKhD7fhOnF0fYU4+FBhk0 HmpQxEsElwAntkP248iZjJ+r95W1fd7OgIl9SQ4graa9HieTBCtuRU4jNNDtTOZCinYQA35vL+et4 IOp5/LNNeYsWnhLoWi+MH61nvK+5b0QQ+OE3Q6CzQyqPyZCtqa4ZtCpFhhSXrf/GFJBZ4e/umbU6K 68xRsfxPxBj26oCvX8lVLuUDBRrq1DjASBsr+SrxkKe/PDrsBo4wKnPSSnnJN6AVyVAzGgHU2BN2l CsGZVQqA==; From: Richard Sent Date: Wed, 19 Jun 2024 23:44:13 -0400 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Authenticated-Id: richard@freakingpenguin.com Received-SPF: pass client-ip=136.175.108.171; envelope-from=richard@freakingpenguin.com; helo=mail-108-mta171.mxroute.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/backup.scm (restic-backup-job): Add password-command. (verify-restic-backup-job-configuration): Create. (restic-backup-job-program): Set either RESTIC_PASSWORD or RESTIC_PASSWORD_COMMAND depending on what is configured. * doc/guix.texi (Miscellaneous Services): Document it. Change-Id: Ice9cf85d1ee4485a2737f515c63c969918219df0 --- doc/guix.texi | 7 +++++++ gnu/services/backup.scm | 41 ++++++++++++++++++++++++++++++++++++----- 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 63c9cbd1a7..f22d679023 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -41344,6 +41344,13 @@ Miscellaneous Services that will be used to set the @env{RESTIC_PASSWORD} environment variable for the current job. +@item @code{password-command} (type: file-like) +String path or file-like object representing the executable file that +prints password to stdout. If a file-like object is used, it is placed +in the store globally executable and in plain text. The executable +should be designed such that it does not compromise the password if an +unauthorized user runs it. + @item @code{schedule} (type: gexp-or-string) A string or a gexp that will be passed as time specification in the mcron job specification (@pxref{Syntax, mcron job specifications,, diff --git a/gnu/services/backup.scm b/gnu/services/backup.scm index 1279ece88f..fd904bc9a9 100644 --- a/gnu/services/backup.scm +++ b/gnu/services/backup.scm @@ -66,6 +66,9 @@ (define (lowerable? value) (define list-of-lowerables? (list-of lowerable?)) +(define-maybe/no-serialization string) +(define-maybe/no-serialization file-like) + (define-configuration/no-serialization restic-backup-job (restic (package restic) @@ -80,10 +83,16 @@ (define-configuration/no-serialization restic-backup-job (string) "The restic repository target of this job.") (password-file - (string) + (maybe-string) "Name of the password file, readable by the configured @code{user}, that will be used to set the @code{RESTIC_PASSWORD} environment variable for the current job.") + (password-command + (maybe-file-like) + "An executable file who's path is stored in @code{RESTIC_PASSWORD_COMMAND}. +When run, the file writes the password to standard output. Due to the nature +of the store this command will be globally executable and should have external +protections to ensure unauthorized users cannot retrieve the password.") (schedule (gexp-or-string) "A string or a gexp that will be passed as time specification in the mcron @@ -104,6 +113,14 @@ (define-configuration/no-serialization restic-backup-job "A list of values that are lowered to strings. These will be passed as command-line arguments to the current job @command{restic backup} invokation.")) +(define (verify-restic-backup-job-configuration config) + (unless (or (maybe-value-set? (restic-backup-job-password-file config)) + (maybe-value-set? (restic-backup-job-password-command config))) + (error "either password-file or password-command must be configured.")) + (when (and (maybe-value-set? (restic-backup-job-password-file config)) + (maybe-value-set? (restic-backup-job-password-command config))) + (error "password-file and password-command can not be configured simultaneously."))) + (define list-of-restic-backup-jobs? (list-of restic-backup-job?)) @@ -113,12 +130,21 @@ (define-configuration/no-serialization restic-backup-configuration "The list of backup jobs for the current system.")) (define (restic-backup-job-program config) + (define (maybe-value-or-false maybe) + (if (maybe-value-set? maybe) + maybe + #f)) + + (verify-restic-backup-job-configuration config) + (let ((restic (file-append (restic-backup-job-restic config) "/bin/restic")) (repository (restic-backup-job-repository config)) (password-file - (restic-backup-job-password-file config)) + (maybe-value-or-false (restic-backup-job-password-file config))) + (password-command + (maybe-value-or-false (restic-backup-job-password-command config))) (files (restic-backup-job-files config)) (extra-flags @@ -134,9 +160,14 @@ (define (restic-backup-job-program config) #~(begin (use-modules (ice-9 popen) (ice-9 rdelim)) - (setenv "RESTIC_PASSWORD" - (with-input-from-file #$password-file read-line)) - + (or (and=> #$password-file (lambda (x) + (setenv "RESTIC_PASSWORD" + (with-input-from-file x read-line)))) + (and=> #$password-command (lambda (x) + (setenv "RESTIC_PASSWORD_COMMAND" x))) + ;; Have a backup error message in case + ;; verify-restic-backup-job-configuration is messed with + (error "Neither password-file or password-command set")) (when #$init? ;; Use cat config to check if the repository exists. See ;; https://github.com/restic/restic/issues/1690 and