From patchwork Sun Apr 17 21:04:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38637 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 824A027BBE9; Sun, 17 Apr 2022 22:06:24 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id F34A727BBEA for ; Sun, 17 Apr 2022 22:06:23 +0100 (BST) Received: from localhost ([::1]:39188 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC6B-0006vG-2u for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:06:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32870) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5r-0006Fl-J1 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43543) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5q-0000Xj-K7 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5q-00025v-Ef for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 01/12] gexp: Add 'references-file'. References: <20220417210107.27263-1-ludo@gnu.org> In-Reply-To: <20220417210107.27263-1-ludo@gnu.org> Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295507927 (code B ref 54997); Sun, 17 Apr 2022 21:06:02 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:50 +0000 Received: from localhost ([127.0.0.1]:37409 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5c-00023K-0C for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39436) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5Y-00022O-H3 for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58426) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5R-0000Uy-Cc; Sun, 17 Apr 2022 17:05:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=wbpXxlHeJZdI+lfL7OeHJxEDNXMLl91/Te59oUDq9Vk=; b=gmXw2AhRnWgnYn R+gRkp4FYtd3li8SFrdEf+NbR7XlLXX2UuqvCcvVPXNN4nBPdIirPn17Tz8kEX1Rrfbh8xf9HuRns L/sXu4m/OZUzInfJlgC3SvOJi6yrmuD7t04TR318ZSlgf1KZiuLr5k4XsGx3FbwICvAW2xgUEou3R KHQsUx6WCi9sA/sB7uZ+QkHyKe+h9Yb2Leoh/NftlPWURHzY7T2LO8bbqUv1viZXFQ5gceu9wowCg 0ihMxAL7ULwOMY97zjyypSdBE/zDAeOsGygk/Pxx3+d5gO2O6UZyKTs6SjEP4v8SD2aYRfMA+qvLW K9wyek48YpQricuOjFBg==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC4u-000268-9q; Sun, 17 Apr 2022 17:05:24 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:42 +0200 Message-Id: <20220417210453.27884-1-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/base.scm (references-file): Remove. * guix/gexp.scm (references-file): New procedure. * tests/gexp.scm ("references-file"): New test. --- gnu/services/base.scm | 22 ---------------------- guix/gexp.scm | 43 +++++++++++++++++++++++++++++++++++++++++++ tests/gexp.scm | 18 ++++++++++++++++++ 3 files changed, 61 insertions(+), 22 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 5d7c69a9cd..182badd97f 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -219,8 +219,6 @@ (define-module (gnu services base) pam-limits-service-type pam-limits-service - references-file - %base-services)) ;;; Commentary: @@ -1768,26 +1766,6 @@ (define (guix-activation config) (substitute-key-authorization authorized-keys guix) #~#f)))) -(define* (references-file item #:optional (name "references")) - "Return a file that contains the list of references of ITEM." - (if (struct? item) ;lowerable object - (computed-file name - (with-extensions (list guile-gcrypt) ;for store-copy - (with-imported-modules (source-module-closure - '((guix build store-copy))) - #~(begin - (use-modules (guix build store-copy)) - - (call-with-output-file #$output - (lambda (port) - (write (map store-info-item - (call-with-input-file "graph" - read-reference-graph)) - port)))))) - #:options `(#:local-build? #f - #:references-graphs (("graph" ,item)))) - (plain-file name "()"))) - (define guix-service-type (service-type (name 'guix) diff --git a/guix/gexp.scm b/guix/gexp.scm index 9fdb7a30be..9ef7622062 100644 --- a/guix/gexp.scm +++ b/guix/gexp.scm @@ -118,6 +118,7 @@ (define-module (guix gexp) mixed-text-file file-union directory-union + references-file imported-files imported-modules @@ -2173,6 +2174,48 @@ (define log-port #:resolve-collision (ungexp resolve-collision))))))))) +(define* (references-file item #:optional (name "references") + #:key guile) + "Return a file that contains the list of direct and indirect references (the +closure) of ITEM." + (if (struct? item) ;lowerable object + (computed-file name + (gexp (begin + (use-modules (ice-9 rdelim) + (ice-9 match)) + + (define (drop-lines port n) + ;; Drop N lines read from PORT. + (let loop ((n n)) + (unless (zero? n) + (read-line port) + (loop (- n 1))))) + + (define (read-graph port) + ;; Return the list of references read from + ;; PORT. This is a stripped-down version of + ;; 'read-reference-graph'. + (let loop ((items '())) + (match (read-line port) + ((? eof-object?) + items) + ((? string? item) + (let ((deriver (read-line port)) + (count + (string->number (read-line port)))) + (drop-lines port count) + (loop (cons item items))))))) + + (call-with-output-file (ungexp output) + (lambda (port) + (write (call-with-input-file "graph" + read-graph) + port))))) + #:guile guile + #:options `(#:local-build? #t + #:references-graphs (("graph" ,item)))) + (plain-file name "()"))) + ;;; ;;; Syntactic sugar. diff --git a/tests/gexp.scm b/tests/gexp.scm index c80ca13fab..35bd99e6d4 100644 --- a/tests/gexp.scm +++ b/tests/gexp.scm @@ -1606,6 +1606,24 @@ (define (contents=? file str) (not (member (derivation-file-name native) refs)) (member (derivation-file-name cross) refs)))))) +(test-assertm "references-file" + (let* ((exp #~(symlink #$%bootstrap-guile #$output)) + (computed (computed-file "computed" exp + #:guile %bootstrap-guile)) + (refs (references-file computed "refs" + #:guile %bootstrap-guile))) + (mlet* %store-monad ((drv0 (lower-object %bootstrap-guile)) + (drv1 (lower-object computed)) + (drv2 (lower-object refs))) + (mbegin %store-monad + (built-derivations (list drv2)) + (mlet %store-monad ((refs ((store-lift requisites) + (list (derivation->output-path drv1))))) + (return (lset= string=? + (call-with-input-file (derivation->output-path drv2) + read) + refs))))))) + (test-assert "lower-object & gexp-input-error?" (guard (c ((gexp-input-error? c) (gexp-error-invalid-input c))) From patchwork Sun Apr 17 21:04:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38634 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id BE60A27BBEA; Sun, 17 Apr 2022 22:06:14 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8E2B727BBE9 for ; Sun, 17 Apr 2022 22:06:14 +0100 (BST) Received: from localhost ([::1]:38272 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC61-0006HP-NV for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:06:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32866) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5r-0006Fj-Hy for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43542) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5q-0000Xh-74 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5q-00025n-1g for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 02/12] file-systems: Avoid load-time warnings when attempting to load (guix store). Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295487897 (code B ref 54997); Sun, 17 Apr 2022 21:06:02 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:48 +0000 Received: from localhost ([127.0.0.1]:37401 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5a-000235-M1 for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:47 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39438) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5Y-00022P-H3 for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:44 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58428) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5S-0000V8-H6; Sun, 17 Apr 2022 17:05:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=tCEcYbLVy9R+D55+gDP9TNw5g86IRjUi6cluKsFFGHM=; b=VQpzhMcr7b7aBkN/cown CUhZsoVAFUvW8IZFVs5JNk0b09QyKuyiXADT12Krqeob3o+5iDNKMhGaQhljBJ2OIBZzqtly3f5BC sYSzuxr296TziNUsVtuD2nk4MJw/KUNV8nrFYGbRffWNBp56216yxs6OD75GqK6xxJ1mS6QqYsQ9h 9cPDk4ffegz949sL40pbgDPfEhbhSCKMlReSrCNWucJ+oqSCfhix5bwMtTmzYk+aGqCF7lagBnPqD HaV8CMCSfYdTaQdwO2SuEF57v5/MgyG53yQkZkpDJSG998Dox+ZlVF+JWIUDRHCG1wiNWjXwM8ESc dPm4N/Md3rNR7w==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5R-000268-In; Sun, 17 Apr 2022 17:05:38 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:43 +0200 Message-Id: <20220417210453.27884-2-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches This makes sure warnings like "incompatible bytecode version" don't go through when looking for (guix store). * gnu/system/file-systems.scm (%store-prefix): Parameterize 'current-warning-port' around 'resolve-module' call. --- gnu/system/file-systems.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index 437f8da898..f8f4276283 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013-2021 Ludovic Courtès +;;; Copyright © 2013-2022 Ludovic Courtès ;;; Copyright © 2020 Google LLC ;;; Copyright © 2020 Jakub Kądziołka ;;; Copyright © 2020, 2021 Maxim Cournoyer @@ -272,7 +272,8 @@ (define (%store-prefix) ;; Note: If we have (guix store database) in the search path and we do *not* ;; have (guix store) proper, 'resolve-module' returns an empty (guix store) ;; with one sub-module. - (cond ((and=> (resolve-module '(guix store) #:ensure #f) + (cond ((and=> (parameterize ((current-warning-port (%make-void-port "w0"))) + (resolve-module '(guix store) #:ensure #f)) (lambda (store) (module-variable store '%store-prefix))) => From patchwork Sun Apr 17 21:04:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38635 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B2D6727BBEA; Sun, 17 Apr 2022 22:06:15 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 76CB427BBE9 for ; Sun, 17 Apr 2022 22:06:15 +0100 (BST) Received: from localhost ([::1]:38310 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC62-0006Ib-Kc for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:06:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32868) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5r-0006Fk-I4 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43544) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5r-0000Xl-09 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5q-000262-Qn for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 03/12] linux-container: 'call-with-container' relays SIGTERM and SIGINT. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295517949 (code B ref 54997); Sun, 17 Apr 2022 21:06:02 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:51 +0000 Received: from localhost ([127.0.0.1]:37418 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5d-00023n-Qn for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:50 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39442) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5Y-00022Q-IU for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58430) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5T-0000VD-3g; Sun, 17 Apr 2022 17:05:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=KQY2OhpYVR32wlhD9kgHENqTHQ9s/ec3P+TbLHhnwgU=; b=Pb8jPn6zMh8UsbHsWHy8 jQDIYoFBuzGFJDzTwDeKllxocjba5fBRIfFlEpNAtEtlQjRaOYoD/EmwrYycqXf81ieov7HmjGUTO xTqnF8syHQ9EpMmRsliBtWZaiEtTdmq1IvmEYVwy9dId3cMfOmxeWkLMpfG2ZUzRDbiXM6uCF20Ne Jl7/WXWh3VC/Plu1C7CJBRnB3He29YaZBnS6FldRsNav8VbFQIrnA4URj8+KNJCZUWEY9mhOfdu/k x4GOSPkYu/hSZ5OCS6DBPpomJJErXPmBwwForZwI+r+f6ggMd4nCQvqRCy9cPrd7cgA0YW5uuXcXO hjd43C6qZLuwgw==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5S-000268-NP; Sun, 17 Apr 2022 17:05:38 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:44 +0200 Message-Id: <20220417210453.27884-3-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/build/linux-container.scm (call-with-container): Add #:relayed-signals and honor it. --- gnu/build/linux-container.scm | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index bdeca2cdb9..c19029aa65 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -303,6 +303,7 @@ (define (call-with-temporary-directory proc) (define* (call-with-container mounts thunk #:key (namespaces %namespaces) (host-uids 1) (guest-uid 0) (guest-gid 0) + (relayed-signals (list SIGINT SIGTERM)) (process-spawned-hook (const #t))) "Run THUNK in a new container process and return its exit status; call PROCESS-SPAWNED-HOOK with the PID of the new process that has been spawned. @@ -320,6 +321,9 @@ (define* (call-with-container mounts thunk #:key (namespaces %namespaces) GUEST-UID and GUEST-GID specify the first UID (respectively GID) that host UIDs (respectively GIDs) map to in the namespace. +RELAYED-SIGNALS is the list of signals that are \"relayed\" to the container +process when caught by its parent. + Note that if THUNK needs to load any additional Guile modules, the relevant module files must be present in one of the mappings in MOUNTS and the Guile load path must be adjusted as needed." @@ -328,11 +332,12 @@ (define* (call-with-container mounts thunk #:key (namespaces %namespaces) (let ((pid (run-container root mounts namespaces host-uids thunk #:guest-uid guest-uid #:guest-gid guest-gid))) - ;; Catch SIGINT and kill the container process. - (sigaction SIGINT - (lambda (signum) - (false-if-exception - (kill pid SIGKILL)))) + (define (relay-signal signal) + (false-if-exception (kill pid signal))) + + (for-each (lambda (signal) + (sigaction signal relay-signal)) + relayed-signals) (process-spawned-hook pid) (match (waitpid pid) From patchwork Sun Apr 17 21:04:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38636 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 229C427BBE9; Sun, 17 Apr 2022 22:06:24 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7A76327BBE9 for ; Sun, 17 Apr 2022 22:06:23 +0100 (BST) Received: from localhost ([::1]:39122 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC6A-0006si-M5 for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:06:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32874) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5r-0006Fu-Lq for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43545) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5r-0000Xq-CT for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5r-000269-6o for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 04/12] Add (guix least-authority). Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295517956 (code B ref 54997); Sun, 17 Apr 2022 21:06:03 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:51 +0000 Received: from localhost ([127.0.0.1]:37420 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5e-00024A-TD for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:51 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39446) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5Y-00022R-S4 for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58432) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5T-0000VY-N8; Sun, 17 Apr 2022 17:05:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=d6/DPBbhkS1XwGbod43NES4lGvcR+/kUYIR+TVHhgW0=; b=RsDYF7s8GZ8jX+t7Wxnq WerDTerkqnvXcdbM2aXruSKHNDNeorIlQYa7t1q+KXzDA3HncgpWTVdN+IDKxoFBkLb3309DgiagG /RfnDFGrYaIfoq5qXog86XMdooeEqPi00VNalUCNOSk3uhb+SwAY3uUl7Qmu9De6MZigmdnRdU5SM 3KisbyxjcQfyNlsxl7VJYrDP82SjkocOCNIzA9N8xAcH9V677acDvS53idAJTEjs/YZQftnrL/G0f ESlAG5d/CLnlMSP3aTMxzlKTekoRmVILUOoWVf2mmT/QX14cv+S9Ntk/CWUq7PAVqzvrBUUxTI+2u mykJAiA6aGPlPg==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5T-000268-AS; Sun, 17 Apr 2022 17:05:39 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:45 +0200 Message-Id: <20220417210453.27884-4-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * guix/least-authority.scm: New file. * Makefile.am (MODULES): Add it. * gnu/build/shepherd.scm (default-mounts): Make public. --- Makefile.am | 1 + gnu/build/shepherd.scm | 3 +- guix/least-authority.scm | 131 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 guix/least-authority.scm diff --git a/Makefile.am b/Makefile.am index fecce7c6f7..d0d58da4e3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -130,6 +130,7 @@ MODULES = \ guix/cache.scm \ guix/cve.scm \ guix/workers.scm \ + guix/least-authority.scm \ guix/ipfs.scm \ guix/build-system.scm \ guix/build-system/android-ndk.scm \ diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm index d52e53eb78..f4caefce3c 100644 --- a/gnu/build/shepherd.scm +++ b/gnu/build/shepherd.scm @@ -31,7 +31,8 @@ (define-module (gnu build shepherd) exec-command %precious-signals) #:autoload (shepherd system) (unblock-signals) - #:export (make-forkexec-constructor/container + #:export (default-mounts + make-forkexec-constructor/container fork+exec-command/container)) ;;; Commentary: diff --git a/guix/least-authority.scm b/guix/least-authority.scm new file mode 100644 index 0000000000..806c47508f --- /dev/null +++ b/guix/least-authority.scm @@ -0,0 +1,131 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix least-authority) + #:use-module (guix gexp) + #:use-module (guix modules) + #:use-module ((guix store) #:select (%store-prefix)) + #:autoload (gnu build linux-container) (%namespaces) + #:autoload (gnu system file-systems) (file-system-mapping + file-system-mapping-source + spec->file-system + file-system->spec + file-system-mapping->bind-mount) + #:export (least-authority-wrapper)) + +;;; Commentary: +;;; +;;; This module provides tools to execute programs with the least authority +;;; necessary, using Linux namespaces. +;;; +;;; Code: + +(define %precious-variables + ;; Environment variables preserved by the wrapper by default. + '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER")) + +(define* (least-authority-wrapper program + #:key (name "pola-wrapper") + (guest-uid 1000) + (guest-gid 1000) + (mappings '()) + (namespaces %namespaces) + (directory "/") + (preserved-environment-variables + %precious-variables)) + "Return a wrapper of PROGRAM that executes it with the least authority. + +PROGRAM is executed in separate namespaces according to NAMESPACES, a list of +symbols; it turns with GUEST-UID and GUEST-GID. MAPPINGS is a list of + records indicating directories mirrored inside the +execution environment of PROGRAM. DIRECTORY is the working directory of the +wrapped process. Each environment listed in PRESERVED-ENVIRONMENT-VARIABLES +is preserved; other environment variables are erased." + (define code + (with-imported-modules (source-module-closure + '((gnu system file-systems) + (gnu build shepherd) + (gnu build linux-container))) + #~(begin + (use-modules (gnu system file-systems) + (gnu build linux-container) + ((gnu build shepherd) #:select (default-mounts)) + (srfi srfi-1)) + + (define variables + (filter-map (lambda (variable) + (let ((value (getenv variable))) + (and value + (string-append variable "=" value)))) + '#$preserved-environment-variables)) + + (define (read-file file) + (call-with-input-file file read)) + + (define references + (delete-duplicates + (append-map read-file + '#$(map references-file + (cons program + (map file-system-mapping-source + mappings)))))) + + (define (store? file-system) + (string=? (file-system-mount-point file-system) + #$(%store-prefix))) + + (define mounts + (append (map (lambda (item) + (file-system-mapping->bind-mount + (file-system-mapping (source item) + (target item)))) + references) + (remove store? + (default-mounts + #:namespaces '#$namespaces)) + (map spec->file-system + '#$(map (compose file-system->spec + file-system-mapping->bind-mount) + mappings)))) + + (define (reify-exit-status status) + (cond ((status:exit-val status) => exit) + ((or (status:term-sig status) + (status:stop-sig status)) + => (lambda (signal) + (format (current-error-port) + "~a terminated with signal ~a~%" + #$program signal) + (exit 126))))) + + ;; Note: 'call-with-container' creates a sub-process that this one + ;; waits for. This might seem suboptimal but unshare(2) isn't + ;; really applicable: the process would still run in the same PID + ;; namespace. + + (reify-exit-status + (call-with-container mounts + (lambda () + (chdir #$directory) + (environ variables) + (apply execl #$program #$program (cdr (command-line)))) + #:guest-uid #$guest-uid + #:guest-gid #$guest-gid + #:namespaces '#$namespaces))))) + + (program-file name code)) From patchwork Sun Apr 17 21:04:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38638 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id CE86527BBEA; Sun, 17 Apr 2022 22:06:32 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5794927BBE9 for ; Sun, 17 Apr 2022 22:06:32 +0100 (BST) Received: from localhost ([::1]:39988 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC6J-0007Sc-Dl for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:06:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32894) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5s-0006H6-DT for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43547) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5s-0000YJ-4t for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5r-00026O-Vv for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 05/12] services: dicod: Rewrite using 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295577978 (code B ref 54997); Sun, 17 Apr 2022 21:06:03 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:57 +0000 Received: from localhost ([127.0.0.1]:37424 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5l-00024W-0W for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39466) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5a-00022U-C7 for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:47 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58434) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5U-0000Vj-9z; Sun, 17 Apr 2022 17:05:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=C/R40NJJCuw3AQnu9NbuQVkDnge+l5uFaKySskrcw5Q=; b=DPx7eqS2muLdQOD+DjnB ncDd5vqHOHz5gqDHpYZmiMtCooS7acnBUqvX4hglEqR4/ppIdPVH8EEuT3rJkBI8ljcKHpPNU8UwN KKNQgyexyBE9Lxjq29dBI8/uZnoh1lwzuQ1p260WzPIkFpGGal8upLIvUPpRHYl1Zj8yv3yNaKHq6 eisBygy54Ix6a2H4L0vgGfLAh8zNGZS5Um8RRJ+1zCCZRnuBYtsFF5Pws7oU2mloHVWbXLiLGEOH7 kNxXJFyo/mvTLaJxSy5lmEGWK3UdD3yF5Mzk68iMFKwqe8ZydN98Pll0qSDMPjTZJf42P+JUz9Bxe mJiVnhs1rCuYtQ==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5T-000268-Tr; Sun, 17 Apr 2022 17:05:40 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:46 +0200 Message-Id: <20220417210453.27884-5-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/dict.scm (dicod-shepherd-service): Rewrite using 'least-authority-wrapper' plus 'make-forkexec-constructor' instead of 'make-forkexec-constructor/container'. --- gnu/services/dict.scm | 51 ++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm index a97ad8f608..62b21f8d53 100644 --- a/gnu/services/dict.scm +++ b/gnu/services/dict.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Sou Bunnbu -;;; Copyright © 2016, 2017, 2018, 2020 Ludovic Courtès +;;; Copyright © 2016, 2017, 2018, 2020, 2022 Ludovic Courtès ;;; Copyright © 2017 Huang Ying ;;; ;;; This file is part of GNU Guix. @@ -22,12 +22,15 @@ (define-module (gnu services dict) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix modules) + #:use-module (guix least-authority) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system shadow) #:use-module ((gnu packages admin) #:select (shadow)) #:use-module (gnu packages dico) #:use-module (gnu packages dictionaries) + #:autoload (gnu build linux-container) (%namespaces) + #:autoload (gnu system file-systems) (file-system-mapping) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 match) @@ -142,27 +145,31 @@ (define %dicod-activation (chown rundir (passwd:uid user) (passwd:gid user))))) (define (dicod-shepherd-service config) - (let ((dicod (file-append (dicod-configuration-dico config) - "/bin/dicod")) - (dicod.conf (dicod-configuration-file config))) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(dicod)) - (requirement '(user-processes)) - (documentation "Run the dicod daemon.") - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$dicod "--foreground" - (string-append "--config=" #$dicod.conf)) - #:user "dicod" #:group "dicod" - #:mappings (list (file-system-mapping - (source "/var/run/dicod") - (target source) - (writable? #t))))) - (stop #~(make-kill-destructor))))))) + (let* ((dicod.conf (dicod-configuration-file config)) + (dicod (least-authority-wrapper + (file-append (dicod-configuration-dico config) + "/bin/dicod") + #:name "dicod" + #:mappings (list (file-system-mapping + (source "/var/run/dicod") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") + (target source)) + (file-system-mapping + (source dicod.conf) + (target source))) + #:namespaces (delq 'net %namespaces)))) + (list (shepherd-service + (provision '(dicod)) + (requirement '(user-processes)) + (documentation "Run the dicod daemon.") + (start #~(make-forkexec-constructor + (list #$dicod "--foreground" + (string-append "--config=" #$dicod.conf)) + #:user "dicod" #:group "dicod")) + (stop #~(make-kill-destructor)))))) (define dicod-service-type (service-type From patchwork Sun Apr 17 21:04:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38640 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 4D3BE27BBEA; Sun, 17 Apr 2022 22:06:45 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 179E827BBE9 for ; Sun, 17 Apr 2022 22:06:45 +0100 (BST) Received: from localhost ([::1]:40524 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC6W-0007oD-9N for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:06:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32886) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5s-0006Gv-3U for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43546) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5r-0000YC-Qe for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5r-00026H-Jk for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 06/12] services: dicod: Use 'make-inetd-constructor'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295577971 (code B ref 54997); Sun, 17 Apr 2022 21:06:03 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:57 +0000 Received: from localhost ([127.0.0.1]:37422 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5k-00024U-O4 for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39472) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5a-00022V-CN for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:46 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58436) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5U-0000Vk-TK; Sun, 17 Apr 2022 17:05:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=MQpPXdmT27Sc0jQcJN7CCKM6M2Rthov0aXprrffF8VE=; b=h7juhjTWv/dHtYXB+umq vpWTNtfdkkA3QcXC202Pq/L0HJ+RoIOL2tTxUcW9b1E+KUhZYOhWn7y3/ae9LBSxq5THXpCWwe3Fb PeIGoRVK07nCxeuqfWsqbM6cAK2P8k44a60z6NdWoYhf3ZR+dS0oVkOvxUDXeOuSCDvR5WCV38zDA JBOrFNy8h2sZA1ol+VAe+MOW0FI0PJZGHHkwCd63cpx0jv6zivK3d8J/1GZZML3g9gla5Pfc79mAH YHuqqgSqMjmts7lBUZSXK1+yKGNUZBoh/ylwKfR7z/bDH+R7v6278Y84UjG0bi/AmqIMfiWeJzqVY hB0D9vGv8mNpUA==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5U-000268-Gr; Sun, 17 Apr 2022 17:05:40 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:47 +0200 Message-Id: <20220417210453.27884-6-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/dict.scm (dicod-shepherd-service): Use 'make-inetd-constructor' in the 'start' method when available. --- gnu/services/dict.scm | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm index 62b21f8d53..109917c05c 100644 --- a/gnu/services/dict.scm +++ b/gnu/services/dict.scm @@ -146,6 +146,7 @@ (define %dicod-activation (define (dicod-shepherd-service config) (let* ((dicod.conf (dicod-configuration-file config)) + (interfaces (dicod-configuration-interfaces config)) (dicod (least-authority-wrapper (file-append (dicod-configuration-dico config) "/bin/dicod") @@ -165,10 +166,19 @@ (define (dicod-shepherd-service config) (provision '(dicod)) (requirement '(user-processes)) (documentation "Run the dicod daemon.") - (start #~(make-forkexec-constructor - (list #$dicod "--foreground" - (string-append "--config=" #$dicod.conf)) - #:user "dicod" #:group "dicod")) + (start #~(if (and (defined? 'make-inetd-constructor) + #$(= 1 (length interfaces))) ;XXX + (make-inetd-constructor + (list #$dicod "--inetd" "--foreground" + (string-append "--config=" #$dicod.conf)) + (addrinfo:addr + (car (getaddrinfo #$(first interfaces) "dict"))) + #:user "dicod" #:group "dicod" + #:service-name-stem "dicod") + (make-forkexec-constructor + (list #$dicod "--foreground" + (string-append "--config=" #$dicod.conf)) + #:user "dicod" #:group "dicod"))) (stop #~(make-kill-destructor)))))) (define dicod-service-type From patchwork Sun Apr 17 21:04:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38645 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B798D27BBEA; Sun, 17 Apr 2022 22:09:02 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id AC54227BBE9 for ; Sun, 17 Apr 2022 22:09:01 +0100 (BST) Received: from localhost ([::1]:43412 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC8i-0001Qg-TC for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:09:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32900) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5t-0006JC-PO for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43548) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5s-0000YP-J7 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5s-00026V-CM for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 07/12] services: bitlbee: Use 'make-inetd-constructor'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295577986 (code B ref 54997); Sun, 17 Apr 2022 21:06:04 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:57 +0000 Received: from localhost ([127.0.0.1]:37426 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5l-00024d-C4 for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39476) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5a-00022W-LM for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:48 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58438) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5V-0000W0-GF; Sun, 17 Apr 2022 17:05:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=hqz/X8pTaIpKmynCFVw6ehRqbeudnNNz6KcSmFlF8kU=; b=oMFApLoR2pG10Qb7FTUu Yg0Y47XCAWtgAJ6T/HcIVLsvax/T94dNCciZd9+5l6HPFeA92+RpmYgaGTe31yS9sH1JRW8+6zTan XakUxrfC18407Kma54YpdyP3aSJTJxZKXmhTFg28eKd6b4Eiazsp+OIf8DmLz8TbbpugD0lhSKd1p zfz4bsKPxwhVGK1tRGWb78KYnI9J8jAZaawtfJc2By73FGyJCfJomVzl3q5OISnl4HuIXRnPyx1aH F5ut0O449ovli8fyY5s7KGI+1TSGNtAZIAFu1+Zmt8bYQeo/Z83RagpeBl05Qga8Uv0fs0JCrjNRy UXDOttZgyVPOvg==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5V-000268-3t; Sun, 17 Apr 2022 17:05:41 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:48 +0200 Message-Id: <20220417210453.27884-7-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/messaging.scm (bitlbee-shepherd-service): Add call to 'least-authority-wrapper'. In 'start' method, use 'make-inetd-constructor' when available. * gnu/tests/messaging.scm (run-bitlbee-test)["valid PID"]: Remove test. --- gnu/services/messaging.scm | 63 ++++++++++++++++++++++++++++---------- gnu/tests/messaging.scm | 21 +------------ 2 files changed, 48 insertions(+), 36 deletions(-) diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 4bceb1d37a..7fdd8cf285 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017, 2018 Clément Lassieur ;;; Copyright © 2017 Mathieu Othacehe -;;; Copyright © 2015, 2017, 2018, 2019, 2020 Ludovic Courtès +;;; Copyright © 2015, 2017-2020, 2022 Ludovic Courtès ;;; Copyright © 2018 Pierre-Antoine Rouby ;;; ;;; This file is part of GNU Guix. @@ -28,11 +28,14 @@ (define-module (gnu services messaging) #:use-module (gnu services shepherd) #:use-module (gnu services configuration) #:use-module (gnu system shadow) + #:autoload (gnu build linux-container) (%namespaces) + #:use-module ((gnu system file-systems) #:select (file-system-mapping)) #:use-module (guix gexp) #:use-module (guix modules) #:use-module (guix records) #:use-module (guix packages) #:use-module (guix deprecation) + #:use-module (guix least-authority) #:use-module (srfi srfi-1) #:use-module (srfi srfi-35) #:use-module (ice-9 match) @@ -821,7 +824,18 @@ (define bitlbee-shepherd-service DaemonInterface = " interface " DaemonPort = " (number->string port) " PluginDir = " plugins "/lib/bitlbee -" extra-settings))) +" extra-settings)) + (bitlbee* (least-authority-wrapper + (file-append bitlbee "/sbin/bitlbee") + #:name "bitlbee" + #:mappings (list (file-system-mapping + (source "/var/lib/bitlbee") + (target source) + (writable? #t)) + (file-system-mapping + (source conf) + (target conf))) + #:namespaces (delq 'net %namespaces)))) (with-imported-modules (source-module-closure '((gnu build shepherd) @@ -836,20 +850,37 @@ (define bitlbee-shepherd-service (modules '((gnu build shepherd) (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append bitlbee "/sbin/bitlbee") - "-n" "-F" "-u" "bitlbee" "-c" #$conf) - - ;; Allow 'bitlbee-purple' to use libpurple plugins. - #:environment-variables - (list (string-append "PURPLE_PLUGIN_PATH=" - #$plugins "/lib/purple-2")) - - #:pid-file "/var/run/bitlbee.pid" - #:mappings (list (file-system-mapping - (source "/var/lib/bitlbee") - (target source) - (writable? #t))))) + (start #~(if (defined? 'make-inetd-constructor) + + (make-inetd-constructor + (list #$bitlbee* "-I" + "-u" "bitlbee" "-c" #$conf) + (addrinfo:addr + (car (getaddrinfo #$interface + #$(number->string port) + (logior AI_NUMERICHOST + AI_NUMERICSERV)))) + #:service-name-stem "bitlbee" + + ;; Allow 'bitlbee-purple' to use libpurple plugins. + #:environment-variables + (list (string-append "PURPLE_PLUGIN_PATH=" + #$plugins "/lib/purple-2"))) + + (make-forkexec-constructor/container + (list #$(file-append bitlbee "/sbin/bitlbee") + "-n" "-F" "-u" "bitlbee" "-c" #$conf) + + ;; Allow 'bitlbee-purple' to use libpurple plugins. + #:environment-variables + (list (string-append "PURPLE_PLUGIN_PATH=" + #$plugins "/lib/purple-2")) + + #:pid-file "/var/run/bitlbee.pid" + #:mappings (list (file-system-mapping + (source "/var/lib/bitlbee") + (target source) + (writable? #t)))))) (stop #~(make-kill-destructor))))))))) (define %bitlbee-accounts diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm index 202a1c2f73..1e26c0ddea 100644 --- a/gnu/tests/messaging.scm +++ b/gnu/tests/messaging.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017, 2018 Clément Lassieur -;;; Copyright © 2017, 2018, 2021 Ludovic Courtès +;;; Copyright © 2017-2018, 2021-2022 Ludovic Courtès ;;; Copyright © 2018 Efraim Flashner ;;; ;;; This file is part of GNU Guix. @@ -198,25 +198,6 @@ (define marionette (start-service 'bitlbee)) marionette)) - (test-equal "valid PID" - #$(file-append bitlbee "/sbin/bitlbee") - (marionette-eval - '(begin - (use-modules (srfi srfi-1) - (gnu services herd)) - - (let ((bitlbee - (find (lambda (service) - (equal? '(bitlbee) - (live-service-provision service))) - (current-services)))) - (and (pk 'bitlbee-service bitlbee) - (let ((pid (live-service-running bitlbee))) - (readlink (string-append "/proc/" - (number->string pid) - "/exe")))))) - marionette)) - (test-assert "connect" (let* ((address (make-socket-address AF_INET INADDR_LOOPBACK 6667)) From patchwork Sun Apr 17 21:04:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38641 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 09C7327BBEA; Sun, 17 Apr 2022 22:07:06 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 20B6127BBE9 for ; Sun, 17 Apr 2022 22:07:05 +0100 (BST) Received: from localhost ([::1]:41150 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC6o-0008GY-Co for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:07:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32896) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5t-0006J6-Oz for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43549) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5s-0000YQ-U6 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5s-00026d-PH for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 08/12] services: ipfs: Adjust for Shepherd 0.9. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295587993 (code B ref 54997); Sun, 17 Apr 2022 21:06:04 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:58 +0000 Received: from localhost ([127.0.0.1]:37428 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5l-00024l-Qe for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:58 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39480) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5b-00022Y-Oj for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:48 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58440) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5W-0000WA-2u; Sun, 17 Apr 2022 17:05:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=0pgjMwjdOy4O50Emcy/6rmMMZOHshbrFdP+RNSSj450=; b=NAyKD2hz8QqmjIzpOd4Q 9qt/haZ2S2AvWaXLHSknwIYgY/Z1A5LocSz27efCnVIThvXnsi9JCk0Rv+5x9OoDdai/bqEJcPpNK EUS/8vTaJW8Hhc/ao0aU6DaCIDEzdq9qHJJVVxDiZ57ju5RLGbjAzvEwdVjPi3VAJuCuzcO9ntYWK gbD20DmXyRl+E4ubmqGd2EJK2YaSOH2sbPQypK3fv1x9yWzUDUSlRWwfFk0DubBtGuyV1jpHhL7BJ +Y9OmTwv/NiAWPlawIOqrjT/TJFDoMl8/nbnC4cZWLj6pQH+jAN6dDoKbm75iytiyxjuywec1xn1j DmKA1g6t0IM3hw==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5V-000268-N0; Sun, 17 Apr 2022 17:05:41 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:49 +0200 Message-Id: <20220417210453.27884-8-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches This is a followup to e1f0c88ea221d846b5a533c4dc88e99e953af63e. * gnu/services/networking.scm (%ipfs-activation)[shepherd&co]: New variable. [container-gexp]: Use it. --- gnu/services/networking.scm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 5bb8638930..b302be5aaf 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -2074,12 +2074,19 @@ (define inner-gexp #$@(map (cute apply set-config!-gexp <>) settings))) (define inner-script (program-file "ipfs-activation-inner" inner-gexp)) + + (define shepherd&co + ;; 'make-forkexec-constructor/container' needs version 0.9 for + ;; #:supplementary-groups. + (cons shepherd-0.9 + (list (lookup-package-input shepherd-0.9 "guile-fibers")))) + ;; Run ipfs init and ipfs config from a container, ;; in case the IPFS daemon was compromised at some point ;; and ~/.ipfs is now a symlink to somewhere outside ;; %ipfs-home. (define container-gexp - (with-extensions (list shepherd) + (with-extensions shepherd&co (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) From patchwork Sun Apr 17 21:04:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38642 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C21CF27BBEA; Sun, 17 Apr 2022 22:07:48 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2784E27BBE9 for ; Sun, 17 Apr 2022 22:07:48 +0100 (BST) Received: from localhost ([::1]:41620 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC7W-00009h-5U for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:07:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32902) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5u-0006K6-DB for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43552) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5u-0000Yj-2B for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5t-00026z-TR for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 09/12] services: ipfs: Use 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295598022 (code B ref 54997); Sun, 17 Apr 2022 21:06:05 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:59 +0000 Received: from localhost ([127.0.0.1]:37436 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5n-00025E-64 for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39484) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5b-00022Z-RY for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:50 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58442) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5W-0000WB-Me; Sun, 17 Apr 2022 17:05:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=KxaDcRI/s/OmdSnaAoayJmj06Soqk6ikskfeRXujx90=; b=relhP20yC46mTm32Bo1r hzBxrmyWxvzCh0fY4537Ccy+ozZNKN9ZFVL1oDT5wu1nupg1aQ+sIPh8/0FgyKwTAiRpfVNK+wkAH 5uqrqUG1bs588BLLFU3c8D7S/eVkYSGrH9AIBwO7PJvsYIaB8sUhgo8jc5qRSzdLh4W+aT19XVG2U dA+DF7tbumQFyZHw+ae1jSCUKJZLe5/fK0h6SoY02slDterTjwl9/sYGwhiHQ5F3fwh63a1V8usiX UwlTFi6DZfgr8miljNks8ys1s4mF7DGPwmcTxh0HycsGTYa6gyxrLLst1eppoqRsHE0PGPYXnOjLi tG8rA1Rlw1V1Aw==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5W-000268-9z; Sun, 17 Apr 2022 17:05:42 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:50 +0200 Message-Id: <20220417210453.27884-9-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/networking.scm (ipfs-binary): Call 'least-authority-wrapper'. (%ipfs-home-mapping): Remove surrounding gexp. (ipfs-shepherd-service)[exec-command]: New procedure. [ipfs-config-command, set-config!-gexp, shepherd&co] [container-gexp, container-script]: Remove. [inner-gexp]: Use 'exec-command'. --- gnu/services/networking.scm | 123 +++++++++++++++++------------------- 1 file changed, 58 insertions(+), 65 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index b302be5aaf..4708ade0ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès +;;; Copyright © 2013-2022 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016, 2018, 2020 Efraim Flashner ;;; Copyright © 2016 John Darrington @@ -43,6 +43,7 @@ (define-module (gnu services networking) #:use-module (gnu services dbus) #:use-module (gnu system shadow) #:use-module (gnu system pam) + #:use-module ((gnu system file-systems) #:select (file-system-mapping)) #:use-module (gnu packages admin) #:use-module (gnu packages base) #:use-module (gnu packages bash) @@ -59,6 +60,7 @@ (define-module (gnu services networking) #:use-module (gnu packages gnome) #:use-module (gnu packages ipfs) #:use-module (gnu build linux-container) + #:autoload (guix least-authority) (least-authority-wrapper) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix modules) @@ -2018,13 +2020,20 @@ (define %ipfs-accounts (system? #t)))) (define (ipfs-binary config) - (file-append (ipfs-configuration-package config) "/bin/ipfs")) + (define command + (file-append (ipfs-configuration-package config) "/bin/ipfs")) + + (least-authority-wrapper + command + #:name "ipfs" + #:mappings (list %ipfs-home-mapping) + #:namespaces (delq 'net %namespaces))) (define %ipfs-home-mapping - #~(file-system-mapping - (source #$%ipfs-home) - (target #$%ipfs-home) - (writable? #t))) + (file-system-mapping + (source %ipfs-home) + (target %ipfs-home) + (writable? #t))) (define %ipfs-environment #~(list #$(string-append "HOME=" %ipfs-home))) @@ -2033,82 +2042,66 @@ (define (ipfs-shepherd-service config) "Return a for IPFS with CONFIG." (define ipfs-daemon-command #~(list #$(ipfs-binary config) "daemon")) - (list - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (shepherd-service - (provision '(ipfs)) - ;; While IPFS is most useful when the machine is connected - ;; to the network, only loopback is required for starting - ;; the service. - (requirement '(loopback)) - (documentation "Connect to the IPFS network") - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - #$ipfs-daemon-command - #:namespaces '#$(fold delq %namespaces '(user net)) - #:mappings (list #$%ipfs-home-mapping) - #:log-file "/var/log/ipfs.log" - #:user "ipfs" - #:group "ipfs" - #:environment-variables #$%ipfs-environment)) - (stop #~(make-kill-destructor)))))) + + (list (shepherd-service + (provision '(ipfs)) + ;; While IPFS is most useful when the machine is connected + ;; to the network, only loopback is required for starting + ;; the service. + (requirement '(loopback)) + (documentation "Connect to the IPFS network") + (start #~(make-forkexec-constructor + #$ipfs-daemon-command + #:log-file "/var/log/ipfs.log" + #:user "ipfs" #:group "ipfs" + #:environment-variables #$%ipfs-environment)) + (stop #~(make-kill-destructor))))) (define (%ipfs-activation config) "Return an activation gexp for IPFS with CONFIG" - (define (ipfs-config-command setting value) - #~(#$(ipfs-binary config) "config" #$setting #$value)) - (define (set-config!-gexp setting value) - #~(system* #$@(ipfs-config-command setting value))) + (define (exec-command . args) + ;; Exec the given ifps command with the right authority. + #~(let ((pid (primitive-fork))) + (if (zero? pid) + (dynamic-wind + (const #t) + (lambda () + ;; Run ipfs init and ipfs config from a container, + ;; in case the IPFS daemon was compromised at some point + ;; and ~/.ipfs is now a symlink to somewhere outside + ;; %ipfs-home. + (let ((pw (getpwnam "ipfs"))) + (setgroups '#()) + (setgid (passwd:gid pw)) + (setuid (passwd:uid pw)) + (environ #$%ipfs-environment) + (execl #$(ipfs-binary config) #$@args))) + (lambda () + (primitive-exit 127))) + (waitpid pid)))) + (define settings `(("Addresses.API" ,(ipfs-configuration-api config)) ("Addresses.Gateway" ,(ipfs-configuration-gateway config)))) + (define inner-gexp #~(begin (umask #o077) ;; Create $HOME/.ipfs structure - (system* #$(ipfs-binary config) "init") + #$(exec-command "ipfs" "init") ;; Apply settings - #$@(map (cute apply set-config!-gexp <>) settings))) + #$@(map (match-lambda + ((setting value) + (exec-command "ipfs" "config" setting value))) + settings))) + (define inner-script (program-file "ipfs-activation-inner" inner-gexp)) - (define shepherd&co - ;; 'make-forkexec-constructor/container' needs version 0.9 for - ;; #:supplementary-groups. - (cons shepherd-0.9 - (list (lookup-package-input shepherd-0.9 "guile-fibers")))) - - ;; Run ipfs init and ipfs config from a container, - ;; in case the IPFS daemon was compromised at some point - ;; and ~/.ipfs is now a symlink to somewhere outside - ;; %ipfs-home. - (define container-gexp - (with-extensions shepherd&co - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - #~(begin - (use-modules (gnu build shepherd) - (gnu system file-systems)) - (let* ((constructor - (make-forkexec-constructor/container - (list #$inner-script) - #:namespaces '#$(fold delq %namespaces '(user)) - #:mappings (list #$%ipfs-home-mapping) - #:user "ipfs" - #:group "ipfs" - #:environment-variables #$%ipfs-environment)) - (pid (constructor))) - (waitpid pid)))))) ;; The activation may happen from the initrd, which uses ;; a statically-linked guile, while the guix container ;; procedures require a working dynamic-link. - (define container-script - (program-file "ipfs-activation-container" container-gexp)) - #~(system* #$container-script)) + #~(system* #$inner-script)) (define ipfs-service-type (service-type From patchwork Sun Apr 17 21:04:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38644 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0DBA927BBEA; Sun, 17 Apr 2022 22:08:38 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id C019B27BBE9 for ; Sun, 17 Apr 2022 22:08:37 +0100 (BST) Received: from localhost ([::1]:43192 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC8K-0001G5-Um for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:08:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32898) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5t-0006J8-P8 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43550) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5t-0000YR-A0 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5t-00026k-4t for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 10/12] services: wesnothd: Grant write access to /var/run/wesnothd. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295588000 (code B ref 54997); Sun, 17 Apr 2022 21:06:05 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:58 +0000 Received: from localhost ([127.0.0.1]:37430 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5m-00024s-4O for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:58 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39488) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5c-00022c-El for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58444) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5X-0000WQ-9F; Sun, 17 Apr 2022 17:05:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=lhnIdYueYMKsP0FP9RoKNHZvyfi11Q1eoeAAtVW/754=; b=JIOLPXDCZdDZkN5eAO1j oXDYPVpngMXf2vwANhx1tWBSSzGaGu2zelvayhHJ9dWRlnPxJ1x+kHqF7WwON7TjamPkPto7/nOOk sqbL0X7Z3P1/IraRdq+guPm0ZU5WVXhknMC5pK8TqsbZNHoULo9P7LmNE2ibmo58oS6hnjr4fa5Kw LsogkNkYgvJOk+hRKxdgoxQHJeqX4t/poyz7wjFpihBMGc4ikLUPrPNOCm8jjxBzP+D3LkZQlW8xN NkZebNdjo27Dfc7HOA/0YICIG6dj4GwGwH+YOhWZU0SKJWxPU9C+mrCQurda6R6j3IAxxBwBzYt33 uDoypE7JP8ViRQ==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5W-000268-T2; Sun, 17 Apr 2022 17:05:43 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:51 +0200 Message-Id: <20220417210453.27884-10-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/games.scm (wesnothd-shepherd-service): Augment 'modules' field. Pass #:mappings argument to 'make-forkexec-constructor/container'. (wesnothd-activation): New variable. (wesnothd-service-type): Extend ACTIVATION-SERVICE-TYPE. --- gnu/services/games.scm | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/gnu/services/games.scm b/gnu/services/games.scm index b743f6a4b6..dc0bfbe9dc 100644 --- a/gnu/services/games.scm +++ b/gnu/services/games.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Arun Isaac +;;; Copyright © 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -57,18 +58,35 @@ (define wesnothd-shepherd-service (match-lambda (($ package port) (with-imported-modules (source-module-closure - '((gnu build shepherd))) + '((gnu build shepherd) + (gnu system file-systems))) (shepherd-service (documentation "The Battle for Wesnoth server") (provision '(wesnoth-daemon)) (requirement '(networking)) - (modules '((gnu build shepherd))) + (modules '((gnu build shepherd) + (gnu system file-systems))) (start #~(make-forkexec-constructor/container (list #$(file-append package "/bin/wesnothd") "-p" #$(number->string port)) + #:mappings (list (file-system-mapping + (source "/var/run/wesnothd") + (target source) + (writable? #t))) #:user "wesnothd" #:group "wesnothd")) (stop #~(make-kill-destructor))))))) +(define wesnothd-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (let* ((user (getpw "wesnothd")) + (directory "/var/run/wesnothd")) + ;; wesnothd creates a Unix-domain socket in DIRECTORY. + (mkdir-p directory) + (chown directory (passwd:uid user) (passwd:gid user)))))) + (define wesnothd-service-type (service-type (name 'wesnothd) @@ -77,6 +95,8 @@ (define wesnothd-service-type (extensions (list (service-extension account-service-type (const %wesnothd-accounts)) + (service-extension activation-service-type + (const wesnothd-activation)) (service-extension shepherd-root-service-type (compose list wesnothd-shepherd-service)))) (default-value (wesnothd-configuration)))) From patchwork Sun Apr 17 21:04:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38643 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2716927BBEA; Sun, 17 Apr 2022 22:08:16 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id DFE0527BBE9 for ; Sun, 17 Apr 2022 22:08:15 +0100 (BST) Received: from localhost ([::1]:42240 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC7z-0000cX-1t for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:08:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32904) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5u-0006K8-E7 for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43551) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5t-0000Ye-Mv for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5t-00026r-HH for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 11/12] services: wesnothd: Use 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295598015 (code B ref 54997); Sun, 17 Apr 2022 21:06:05 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:05:59 +0000 Received: from localhost ([127.0.0.1]:37434 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5m-000256-Qb for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39496) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5d-00022d-0q for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:50 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58446) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5X-0000Wa-S9; Sun, 17 Apr 2022 17:05:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=Fs0Td2FhdDbA9Zx7+m4bcoGIq+I66Pyd3wX+b3zcZ+U=; b=Zxiy7ny65kDPR3uo1MJY 1is8khz9xxQxFXMw7kOJzMDd/R1HmbXLI69p931Qb8d4I8kp2NejPCcb4r75+U83J6hxH2W2of/li erR3IveDxkYRTQcLe1QhakR2IjPcCPSsWJBzFt8K8SWsQ9IR4CCrhCSpc6+IL9Qs1OVeFduBQk6Mi CED5xKcg7+QXBgwR2gQDf3NJoXBQN3oeZLuwumm0o/S+DLG6i+DxJMqIHD8F+mYXpIgPE03JpHTpl 7Ct7schbd/Vzpg8RrzZGfOoW3JggL12PY2n+QJ7qysCK2nHU7eVz8Ph62166LyqZn6ascytaw6EgY 2PYmWLNH+6mZjA==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5X-000268-Fk; Sun, 17 Apr 2022 17:05:43 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:52 +0200 Message-Id: <20220417210453.27884-11-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/games.scm (wesnothd-shepherd-service): Use 'least-authority-wrapper' instead of 'make-forkexec-constructor/container'. --- gnu/services/games.scm | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/gnu/services/games.scm b/gnu/services/games.scm index dc0bfbe9dc..6c2af44b49 100644 --- a/gnu/services/games.scm +++ b/gnu/services/games.scm @@ -23,6 +23,9 @@ (define-module (gnu services games) #:use-module (gnu packages admin) #:use-module (gnu packages games) #:use-module (gnu system shadow) + #:use-module ((gnu system file-systems) #:select (file-system-mapping)) + #:use-module (gnu build linux-container) + #:autoload (guix least-authority) (least-authority-wrapper) #:use-module (guix gexp) #:use-module (guix modules) #:use-module (guix records) @@ -57,22 +60,20 @@ (define %wesnothd-accounts (define wesnothd-shepherd-service (match-lambda (($ package port) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) + (let ((wesnothd (least-authority-wrapper + (file-append package "/bin/wesnothd") + #:name "wesnothd" + #:mappings (list (file-system-mapping + (source "/var/run/wesnothd") + (target source) + (writable? #t))) + #:namespaces (delq 'net %namespaces)))) (shepherd-service (documentation "The Battle for Wesnoth server") (provision '(wesnoth-daemon)) (requirement '(networking)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append package "/bin/wesnothd") - "-p" #$(number->string port)) - #:mappings (list (file-system-mapping - (source "/var/run/wesnothd") - (target source) - (writable? #t))) + (start #~(make-forkexec-constructor + (list #$wesnothd "-p" #$(number->string port)) #:user "wesnothd" #:group "wesnothd")) (stop #~(make-kill-destructor))))))) From patchwork Sun Apr 17 21:04:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38639 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 274F127BBEA; Sun, 17 Apr 2022 22:06:34 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id DE57127BBE9 for ; Sun, 17 Apr 2022 22:06:33 +0100 (BST) Received: from localhost ([::1]:40098 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC6L-0007X3-0d for patchwork@mira.cbaines.net; Sun, 17 Apr 2022 17:06:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32908) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5u-0006Ll-Un for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43553) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5u-0000Z5-Ef for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC5u-000276-9S for guix-patches@gnu.org; Sun, 17 Apr 2022 17:06:06 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 12/12] services: quassel: Use 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:06:06 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16502295608029 (code B ref 54997); Sun, 17 Apr 2022 21:06:06 +0000 Received: (at 54997) by debbugs.gnu.org; 17 Apr 2022 21:06:00 +0000 Received: from localhost ([127.0.0.1]:37438 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5n-00025L-P7 for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:06:00 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39506) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC5d-00022g-KA for 54997@debbugs.gnu.org; Sun, 17 Apr 2022 17:05:50 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58448) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC5Y-0000Wi-EW; Sun, 17 Apr 2022 17:05:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=3JvzXej9xh9iqV8fsnLduF9DnXG51SXcve0a7fRlY0U=; b=kJTPUmXGQfA/lMRs3JGx fKkn4nbbyBxAJP50lBLakQxrwcvjvfPG5Celi1p/aVm6sCTQG0N6w3mGs28frfyEEA4m7va51QImI MxMkVw3QeuAvoL15EaNeurv2VDNeIQiRu/DiCe+HsOVYzFQHfxUOu6BqQ+MmuLL6DhwGUH23XtZYk xpSt1QP6aRw8pgNoCXLAOrxkm0uQdPQ7dD3cCkU1TG2lDPLzwI8fjBGnPXPtCSjD/GMUgx+REyzTx Bz+iFA6BKqYRk0GahtvO87eS2syncxeHVJZ1Hy0DudYsuME54ykdaeVtOkDz+V1tDj9IMrNaxSBsD V+Vlm4QAkXC3GQ==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38870 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC5Y-000268-2P; Sun, 17 Apr 2022 17:05:44 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:04:53 +0200 Message-Id: <20220417210453.27884-12-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220417210453.27884-1-ludo@gnu.org> References: <20220417210453.27884-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/messaging.scm (quassel-shepherd-service): Use 'least-authority-wrapper' instead of 'make-forkexec-constructor/container'. --- gnu/services/messaging.scm | 42 ++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 7fdd8cf285..05bf6e784b 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -939,29 +939,31 @@ (define-record-type* (define quassel-shepherd-service (match-lambda (($ quassel interface port loglevel) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) + (let ((quassel (least-authority-wrapper + (file-append quassel "/bin/quasselcore") + #:name "quasselcore" + #:mappings (list (file-system-mapping + (source "/var/lib/quassel") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/log/quassel") + (target source) + (writable? #t))) + ;; XXX: The daemon needs to live in the main user + ;; namespace, as root, so it can access /var/lib/quassel + ;; owned by "quasselcore". + #:namespaces (fold delq %namespaces '(net user))))) (list (shepherd-service (provision '(quassel)) (requirement '(user-processes networking)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append quassel "/bin/quasselcore") - "--configdir=/var/lib/quassel" - "--logfile=/var/log/quassel/core.log" - (string-append "--loglevel=" #$loglevel) - (string-append "--port=" (number->string #$port)) - (string-append "--listen=" #$interface)) - #:mappings (list (file-system-mapping - (source "/var/lib/quassel") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/log/quassel") - (target source) - (writable? #t))))) + (start #~(make-forkexec-constructor + (list #$quassel + "--configdir=/var/lib/quassel" + "--logfile=/var/log/quassel/core.log" + (string-append "--loglevel=" #$loglevel) + (string-append "--port=" (number->string #$port)) + (string-append "--listen=" #$interface)))) (stop #~(make-kill-destructor)))))))) (define %quassel-account