From patchwork Wed Apr 27 16:56:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38934 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 7889D27BBEA; Wed, 27 Apr 2022 17:58:07 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id E6AE827BBE9 for ; Wed, 27 Apr 2022 17:58:06 +0100 (BST) Received: from localhost ([::1]:54476 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njkzO-00042b-1G for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 12:58:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34530) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyL-0003RA-T5 for guix-patches@gnu.org; Wed, 27 Apr 2022 12:57:01 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50206) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyL-00055G-IT for guix-patches@gnu.org; Wed, 27 Apr 2022 12:57:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkyL-0003oi-Hs for guix-patches@gnu.org; Wed, 27 Apr 2022 12:57:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 01/15] gexp: Add 'references-file'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:57:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107861714642 (code B ref 54997); Wed, 27 Apr 2022 16:57:01 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:56:57 +0000 Received: from localhost ([127.0.0.1]:44097 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyG-0003nv-IB for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:56:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41142) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyE-0003nQ-Us for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:56:55 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60000) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njky9-00052q-EK; Wed, 27 Apr 2022 12:56:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=6C7LeNL03xVd+APXYMwW88t6a93WeJO2sRkdPIwKDwE=; b=BYtpsqMfot7vpl5DD09m ADXppDCTgfUvy9nJgww1rf4jEUuqGBl7/Ne0SvJWtNVJwnhhdW2BpBh8W3xmd9amQgBwtVvxBaX4Q wQJe9QY5wkazUw4IXiRy1flIwo3MpBdEDHv/EbQeZf+8lN2cMlrLAUncOKj0sGG7vh69Qo/bkhkEG c14L2kvguVK0WQiybT6NOkZMlGP+vtfCaMHSiu5DPzH21DpR7qHZeuvYymB5iCiRQktMr4EOJ22iW +IdLpAIg2YvqRVVkzcJUuzFPslwZhYX30286c2SsYsbYBPLdoj0JUeahq31KR7HbVKylxU9VQlJRv 4QfXjePv5qp++A==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njky8-0000Hl-VF; Wed, 27 Apr 2022 12:56:49 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:21 +0200 Message-Id: <20220427165635.8015-2-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/base.scm (references-file): Remove. * guix/gexp.scm (references-file): New procedure. * tests/gexp.scm ("references-file"): New test. --- gnu/services/base.scm | 22 ---------------------- guix/gexp.scm | 44 +++++++++++++++++++++++++++++++++++++++++++ tests/gexp.scm | 18 ++++++++++++++++++ 3 files changed, 62 insertions(+), 22 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 5d7c69a9cd..182badd97f 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -219,8 +219,6 @@ (define-module (gnu services base) pam-limits-service-type pam-limits-service - references-file - %base-services)) ;;; Commentary: @@ -1768,26 +1766,6 @@ (define (guix-activation config) (substitute-key-authorization authorized-keys guix) #~#f)))) -(define* (references-file item #:optional (name "references")) - "Return a file that contains the list of references of ITEM." - (if (struct? item) ;lowerable object - (computed-file name - (with-extensions (list guile-gcrypt) ;for store-copy - (with-imported-modules (source-module-closure - '((guix build store-copy))) - #~(begin - (use-modules (guix build store-copy)) - - (call-with-output-file #$output - (lambda (port) - (write (map store-info-item - (call-with-input-file "graph" - read-reference-graph)) - port)))))) - #:options `(#:local-build? #f - #:references-graphs (("graph" ,item)))) - (plain-file name "()"))) - (define guix-service-type (service-type (name 'guix) diff --git a/guix/gexp.scm b/guix/gexp.scm index 9fdb7a30be..ef92223048 100644 --- a/guix/gexp.scm +++ b/guix/gexp.scm @@ -118,6 +118,7 @@ (define-module (guix gexp) mixed-text-file file-union directory-union + references-file imported-files imported-modules @@ -2173,6 +2174,49 @@ (define log-port #:resolve-collision (ungexp resolve-collision))))))))) +(define* (references-file item #:optional (name "references") + #:key guile) + "Return a file that contains the list of direct and indirect references (the +closure) of ITEM." + (if (struct? item) ;lowerable object + (computed-file name + (gexp (begin + (use-modules (srfi srfi-1) + (ice-9 rdelim) + (ice-9 match)) + + (define (drop-lines port n) + ;; Drop N lines read from PORT. + (let loop ((n n)) + (unless (zero? n) + (read-line port) + (loop (- n 1))))) + + (define (read-graph port) + ;; Return the list of references read from + ;; PORT. This is a stripped-down version of + ;; 'read-reference-graph'. + (let loop ((items '())) + (match (read-line port) + ((? eof-object?) + (delete-duplicates items)) + ((? string? item) + (let ((deriver (read-line port)) + (count + (string->number (read-line port)))) + (drop-lines port count) + (loop (cons item items))))))) + + (call-with-output-file (ungexp output) + (lambda (port) + (write (call-with-input-file "graph" + read-graph) + port))))) + #:guile guile + #:options `(#:local-build? #t + #:references-graphs (("graph" ,item)))) + (plain-file name "()"))) + ;;; ;;; Syntactic sugar. diff --git a/tests/gexp.scm b/tests/gexp.scm index c80ca13fab..35bd99e6d4 100644 --- a/tests/gexp.scm +++ b/tests/gexp.scm @@ -1606,6 +1606,24 @@ (define (contents=? file str) (not (member (derivation-file-name native) refs)) (member (derivation-file-name cross) refs)))))) +(test-assertm "references-file" + (let* ((exp #~(symlink #$%bootstrap-guile #$output)) + (computed (computed-file "computed" exp + #:guile %bootstrap-guile)) + (refs (references-file computed "refs" + #:guile %bootstrap-guile))) + (mlet* %store-monad ((drv0 (lower-object %bootstrap-guile)) + (drv1 (lower-object computed)) + (drv2 (lower-object refs))) + (mbegin %store-monad + (built-derivations (list drv2)) + (mlet %store-monad ((refs ((store-lift requisites) + (list (derivation->output-path drv1))))) + (return (lset= string=? + (call-with-input-file (derivation->output-path drv2) + read) + refs))))))) + (test-assert "lower-object & gexp-input-error?" (guard (c ((gexp-input-error? c) (gexp-error-invalid-input c))) From patchwork Wed Apr 27 16:56:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38937 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 203B227BBEA; Wed, 27 Apr 2022 17:58:37 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D790127BBE9 for ; Wed, 27 Apr 2022 17:58:36 +0100 (BST) Received: from localhost ([::1]:56328 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njkzs-0005Jg-0j for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 12:58:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34716) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzM-0004Ml-KE for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50265) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzK-0005Be-N3 for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzK-0003t5-LK for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 02/15] file-systems: Avoid load-time warnings when attempting to load (guix store). Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864514788 (code B ref 54997); Wed, 27 Apr 2022 16:58:02 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:25 +0000 Received: from localhost ([127.0.0.1]:44131 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyT-0003q9-N7 for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:24 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41146) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyF-0003nS-Jo for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:56:56 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60004) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyA-00052y-4g; Wed, 27 Apr 2022 12:56:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=tCEcYbLVy9R+D55+gDP9TNw5g86IRjUi6cluKsFFGHM=; b=WhlZ7yVaCgLznS6276Q8 KShLBAvfLOSBvOt3pXDKl/gB8maw0qucTxSfwkMFdacs/XQfAt4RLcHgYfN/s9R+Sgs1Wdr3cyzXJ KLOdY2dH2Bf74sjaOVxSoRz8GU5cwYzmmuIXqIUrHkat5xwx6TybXHv0kCQ29ZlcVSoOg15K3FcZI ickpB4UG+7s0eR0RN50mGiFTv9GlH3S109haNkdzvrs3SRZp2Xmb/XSrX3UNsXvLqT4VenGDmR2vc jGqfXfWlR7ATKet7lAna6AQ7PKzkzOYdA3WjkNRyftIaFiIvLMh9FxOmyiPaG8WRyEGPpBZj1oVHn FkJ9v9XRG1sW1g==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njky9-0000Hl-H5; Wed, 27 Apr 2022 12:56:49 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:22 +0200 Message-Id: <20220427165635.8015-3-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches This makes sure warnings like "incompatible bytecode version" don't go through when looking for (guix store). * gnu/system/file-systems.scm (%store-prefix): Parameterize 'current-warning-port' around 'resolve-module' call. --- gnu/system/file-systems.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index 437f8da898..f8f4276283 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013-2021 Ludovic Courtès +;;; Copyright © 2013-2022 Ludovic Courtès ;;; Copyright © 2020 Google LLC ;;; Copyright © 2020 Jakub Kądziołka ;;; Copyright © 2020, 2021 Maxim Cournoyer @@ -272,7 +272,8 @@ (define (%store-prefix) ;; Note: If we have (guix store database) in the search path and we do *not* ;; have (guix store) proper, 'resolve-module' returns an empty (guix store) ;; with one sub-module. - (cond ((and=> (resolve-module '(guix store) #:ensure #f) + (cond ((and=> (parameterize ((current-warning-port (%make-void-port "w0"))) + (resolve-module '(guix store) #:ensure #f)) (lambda (store) (module-variable store '%store-prefix))) => From patchwork Wed Apr 27 16:56:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38935 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 97D4827BBEA; Wed, 27 Apr 2022 17:58:16 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5BC8027BBE9 for ; Wed, 27 Apr 2022 17:58:16 +0100 (BST) Received: from localhost ([::1]:55112 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njkzX-0004SJ-GC for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 12:58:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34720) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzM-0004Mt-Jy for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50266) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzL-0005Bg-C2 for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzL-0003tL-Au for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 03/15] linux-container: 'call-with-container' relays SIGTERM and SIGINT. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864514795 (code B ref 54997); Wed, 27 Apr 2022 16:58:03 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:25 +0000 Received: from localhost ([127.0.0.1]:44133 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyi-0003qS-Qf for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:25 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41154) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyG-0003nT-8a for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:56:56 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60006) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyA-000538-PF; Wed, 27 Apr 2022 12:56:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=rOh90PzYsv1YqfC5TCbLeH1wIQOt1L2So7nKBq8+ymU=; b=WP0k3oUOYeyxKhjnc1hw 9U6nKu6J9cfOVSqlnwO+nQRKdHoshoHkixyzuR9cYdvNQ0K4t9chQq9fvV+6o8Y1U2jNhtoqtcD0x afnEiStlu8CillvDoKKZnvFxqVgxw3fUZGoqMtKRBiWX5d20v+i/0oo2trG0XpL6LSR6ZgWIRJawF YRuHSLuZ1Pvg9B0Gj2t6kuX3nAN9vKORb0eOFDd81kcXc6AkLwg/P4PhsxByGiXtsrDfLBMiC6vUS AMWYWFgh1Nugia25uA52QvIE2+xn+pBpiEyPjTq291BsNj+GyAbdpg9WOV6Cwr6knewjVuhr+2Mae HKZ+9Gaemm7wUA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyA-0000Hl-Ah; Wed, 27 Apr 2022 12:56:50 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:23 +0200 Message-Id: <20220427165635.8015-4-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/build/linux-container.scm (call-with-container): Add #:relayed-signals. [install-signal-handlers]: New procedure. Call it. --- gnu/build/linux-container.scm | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index bdeca2cdb9..03c01439ce 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -303,6 +303,7 @@ (define (call-with-temporary-directory proc) (define* (call-with-container mounts thunk #:key (namespaces %namespaces) (host-uids 1) (guest-uid 0) (guest-gid 0) + (relayed-signals (list SIGINT SIGTERM)) (process-spawned-hook (const #t))) "Run THUNK in a new container process and return its exit status; call PROCESS-SPAWNED-HOOK with the PID of the new process that has been spawned. @@ -320,20 +321,27 @@ (define* (call-with-container mounts thunk #:key (namespaces %namespaces) GUEST-UID and GUEST-GID specify the first UID (respectively GID) that host UIDs (respectively GIDs) map to in the namespace. +RELAYED-SIGNALS is the list of signals that are \"relayed\" to the container +process when caught by its parent. + Note that if THUNK needs to load any additional Guile modules, the relevant module files must be present in one of the mappings in MOUNTS and the Guile load path must be adjusted as needed." + (define (install-signal-handlers pid) + ;; Install handlers that forward signals to PID. + (define (relay-signal signal) + (false-if-exception (kill pid signal))) + + (for-each (lambda (signal) + (sigaction signal relay-signal)) + relayed-signals)) + (call-with-temporary-directory (lambda (root) (let ((pid (run-container root mounts namespaces host-uids thunk #:guest-uid guest-uid #:guest-gid guest-gid))) - ;; Catch SIGINT and kill the container process. - (sigaction SIGINT - (lambda (signum) - (false-if-exception - (kill pid SIGKILL)))) - + (install-signal-handlers pid) (process-spawned-hook pid) (match (waitpid pid) ((_ . status) status)))))) From patchwork Wed Apr 27 16:56:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38942 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id CA58127BBEA; Wed, 27 Apr 2022 18:01:04 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5D6E527BBE9 for ; Wed, 27 Apr 2022 18:01:04 +0100 (BST) Received: from localhost ([::1]:32890 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl2F-00005X-Hq for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 13:01:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34718) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzM-0004Mr-KL for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50267) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzL-0005Bi-Sj for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzL-0003tW-Se for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 04/15] linux-container: Ensure signal-handling asyncs get a chance to run. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864514802 (code B ref 54997); Wed, 27 Apr 2022 16:58:03 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:25 +0000 Received: from localhost ([127.0.0.1]:44135 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyj-0003qa-6d for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:25 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41158) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyG-0003nW-Nx for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:56:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60008) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyB-00053E-Ah; Wed, 27 Apr 2022 12:56:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=QbRALRKaqmLoEUVK2vFlTVf7B0r6S1MzPcNflli99eg=; b=hZWk9n6SdJZtvBenVWfN U7dWAPmN3Y+ehzVK0suGvT8dcVgpbbsm6lIUxOV50mgSBrnbrUQAAx86SnAhjn8/IQc9yvz0hlXP0 xFo8XgOx00BRi2bAVnT0zBRz6iDtLAENvkZn1Lp1qRvAEhiOA1/vSelEY+rYDsbvtLY6MhukST6Gf +jFHoobymihRAObLDIGs2w4F8u0Rzgg22FwU0UoGA9sltIjoeg3AQYOZIE58WLRv7s63g2Hs8M+gV gxXrHARmPuV2pFjmVrYlmEnokqPnIm/+tk1yxHnapFF9dUk2+pGt8ToWWDj0dzMYqEx4Yo+N+q29b 6bsFAOKTWxQL8A==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyA-0000Hl-Uq; Wed, 27 Apr 2022 12:56:51 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:24 +0200 Message-Id: <20220427165635.8015-5-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Previously we could enter the blocking 'waitpid' call and miss an opportunity to run the signal handler async. * gnu/build/linux-container.scm (call-with-container) [periodically-schedule-asyncs]: New procedure. [install-signal-handlers]: Call it. --- gnu/build/linux-container.scm | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index 03c01439ce..1fac8f4b92 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -327,11 +327,20 @@ (define* (call-with-container mounts thunk #:key (namespaces %namespaces) Note that if THUNK needs to load any additional Guile modules, the relevant module files must be present in one of the mappings in MOUNTS and the Guile load path must be adjusted as needed." + (define (periodically-schedule-asyncs) + ;; XXX: In Guile there's a time window where a signal-handling async could + ;; be queued without being processed by the time we enter a blocking + ;; syscall like waitpid(2) (info "(guile) Signals"). This terrible hack + ;; ensures pending asyncs get a chance to run periodically. + (sigaction SIGALRM (lambda _ (alarm 1))) + (alarm 1)) + (define (install-signal-handlers pid) ;; Install handlers that forward signals to PID. (define (relay-signal signal) (false-if-exception (kill pid signal))) + (periodically-schedule-asyncs) (for-each (lambda (signal) (sigaction signal relay-signal)) relayed-signals)) From patchwork Wed Apr 27 16:56:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38946 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id F047827BBEA; Wed, 27 Apr 2022 18:02:16 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 6CC8C27BBE9 for ; Wed, 27 Apr 2022 18:02:16 +0100 (BST) Received: from localhost ([::1]:35354 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl3P-0001tY-Jf for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 13:02:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34726) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzM-0004My-Kp for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50268) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzM-0005Bj-9b for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzM-0003td-8i for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 05/15] linux-container: Add #:child-is-pid1? parameter to 'call-with-container'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864614810 (code B ref 54997); Wed, 27 Apr 2022 16:58:04 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:26 +0000 Received: from localhost ([127.0.0.1]:44137 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyj-0003qh-Gz for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:25 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyH-0003nY-9n for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:56:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60010) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyB-00053L-V5; Wed, 27 Apr 2022 12:56:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=0LVydHMmtuL6P5fuXcsSzQJKVSCpXHIOjVuhy0R2jSY=; b=r96BzlNl2Sw7IajVW1Ml nKKKoAgvUq+dGtkCdmVyP7pOByzEiMefcECATDBv5r4BxXIQoI4X/dS0xj6BKn8H3IA+tkBWzzFxE lQJUHj5kVkFKCeSjJ7n6EPnm7Xz2U8/SsPaE5g0ONNc3Zq9hlgEwSq6BhF5xJ9b4X+wNLyqjLzFg+ MBQxWL/nMxseJw5FCn5j/sRqzOlo/aAMZe5k3j/gIOBVgNQWspA6WJxUu3e2gXk1kt7/08niVc5di jL4VE0yIDbvYddib+R8OpywUiAaSRb8bjGLkiMvbx1j+UGUFM9dzh/4cYL/lEEWYJKxcgrZfM04m0 fOWrIAZeoWRNqA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyB-0000Hl-Gg; Wed, 27 Apr 2022 12:56:51 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:25 +0200 Message-Id: <20220427165635.8015-6-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/build/linux-container.scm (wait-child-process) (status->exit-status): New procedures. (call-with-container): Add #:child-is-pid1? parameter and honor it. [thunk*]: New variable. Pass it to 'run-container'. --- gnu/build/linux-container.scm | 49 ++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index 1fac8f4b92..a0c8174721 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -301,9 +301,28 @@ (define (call-with-temporary-directory proc) (lambda () (false-if-exception (delete-file-recursively tmp-dir)))))) +(define (wait-child-process) + "Wait for one child process and return a pair, like 'waitpid', or return #f +if there are no child processes left." + (catch 'system-error + (lambda () + (waitpid WAIT_ANY)) + (lambda args + (if (= ECHILD (system-error-errno args)) + #f + (apply throw args))))) + +(define (status->exit-status status) + "Reify STATUS as an exit status." + (or (status:exit-val status) + ;; See . + (+ 128 (or (status:term-sig status) + (status:stop-sig status))))) + (define* (call-with-container mounts thunk #:key (namespaces %namespaces) (host-uids 1) (guest-uid 0) (guest-gid 0) (relayed-signals (list SIGINT SIGTERM)) + (child-is-pid1? #t) (process-spawned-hook (const #t))) "Run THUNK in a new container process and return its exit status; call PROCESS-SPAWNED-HOOK with the PID of the new process that has been spawned. @@ -324,9 +343,37 @@ (define* (call-with-container mounts thunk #:key (namespaces %namespaces) RELAYED-SIGNALS is the list of signals that are \"relayed\" to the container process when caught by its parent. +When CHILD-IS-PID1? is true, and if NAMESPACES contains 'pid', then the child +process runs directly as PID 1. As such, it is responsible for (1) installing +signal handlers and (2) reaping terminated processes by calling 'waitpid'. +When CHILD-IS-PID1? is false, a new intermediate process is created instead +that takes this responsibility. + Note that if THUNK needs to load any additional Guile modules, the relevant module files must be present in one of the mappings in MOUNTS and the Guile load path must be adjusted as needed." + (define thunk* + (if (and (memq 'pid namespaces) + (not child-is-pid1?)) + (lambda () + ;; Behave like an init process: create a sub-process that calls + ;; THUNK, and wait for child processes. Furthermore, forward + ;; RELAYED-SIGNALS to the child process. + (match (primitive-fork) + (0 + (call-with-clean-exit thunk)) + (pid + (install-signal-handlers pid) + (let loop () + (match (wait-child-process) + ((child . status) + (if (= child pid) + (primitive-exit (status->exit-status status)) + (loop))) + (#f + (primitive-exit 128))))))) ;cannot happen + thunk)) + (define (periodically-schedule-asyncs) ;; XXX: In Guile there's a time window where a signal-handling async could ;; be queued without being processed by the time we enter a blocking @@ -347,7 +394,7 @@ (define (relay-signal signal) (call-with-temporary-directory (lambda (root) - (let ((pid (run-container root mounts namespaces host-uids thunk + (let ((pid (run-container root mounts namespaces host-uids thunk* #:guest-uid guest-uid #:guest-gid guest-gid))) (install-signal-handlers pid) From patchwork Wed Apr 27 16:56:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38940 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B518427BBE9; Wed, 27 Apr 2022 17:59:38 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 14FBF27BBE9 for ; Wed, 27 Apr 2022 17:59:38 +0100 (BST) Received: from localhost ([::1]:58290 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl0r-0006bL-7u for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 12:59:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34746) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzO-0004SD-4t for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50272) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzN-0005Cd-RU for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzN-0003u6-Qe for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 06/15] Add (guix least-authority). Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864714839 (code B ref 54997); Wed, 27 Apr 2022 16:58:05 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:27 +0000 Received: from localhost ([127.0.0.1]:44145 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyk-0003rA-Vi for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41196) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyM-0003oF-9J for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60012) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyC-00053S-KL; Wed, 27 Apr 2022 12:56:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=zSsIqSMO7CqR4PBtRZSYQv41k1Bfnhdhycb7G9A9iHo=; b=E3z2m4wuqT+l5P9Ym487 PZa4g93CC51FcoLofErhzGtK+O4XXh3eqRz2znCvSq8lG5huqhAXq147aTfZaxPEbK4Bs+7sX3+2p iB+UEWQlOljLNHqMpHnAmowekbutHuN/R34PlpGlzF/GPCRaxfRfo+XAsDue3jTogY0Dqxotv2Opl UQAuMs/gsR/XXChPwMqXzITclxQzh6S/Ofqxyi7BFd30zELXp6OGN82CH6zDz2vsOtH7v7RjT1e9t 8VXH3iSN0G7ktECisGMu73if7WU0zJfZMF6yHE7HeCIj2rsclPKvf9yiwqOFnqMfjQd79dL+tzpS7 sCfyiFLnZZkw/A==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyC-0000Hl-4Y; Wed, 27 Apr 2022 12:56:52 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:26 +0200 Message-Id: <20220427165635.8015-7-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * guix/least-authority.scm: New file. * Makefile.am (MODULES): Add it. * gnu/build/shepherd.scm (default-mounts): Make public. --- Makefile.am | 1 + gnu/build/shepherd.scm | 3 +- guix/least-authority.scm | 135 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 guix/least-authority.scm diff --git a/Makefile.am b/Makefile.am index fecce7c6f7..d0d58da4e3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -130,6 +130,7 @@ MODULES = \ guix/cache.scm \ guix/cve.scm \ guix/workers.scm \ + guix/least-authority.scm \ guix/ipfs.scm \ guix/build-system.scm \ guix/build-system/android-ndk.scm \ diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm index d52e53eb78..f4caefce3c 100644 --- a/gnu/build/shepherd.scm +++ b/gnu/build/shepherd.scm @@ -31,7 +31,8 @@ (define-module (gnu build shepherd) exec-command %precious-signals) #:autoload (shepherd system) (unblock-signals) - #:export (make-forkexec-constructor/container + #:export (default-mounts + make-forkexec-constructor/container fork+exec-command/container)) ;;; Commentary: diff --git a/guix/least-authority.scm b/guix/least-authority.scm new file mode 100644 index 0000000000..d871816fca --- /dev/null +++ b/guix/least-authority.scm @@ -0,0 +1,135 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix least-authority) + #:use-module (guix gexp) + #:use-module (guix modules) + #:use-module ((guix store) #:select (%store-prefix)) + #:autoload (gnu build linux-container) (%namespaces) + #:autoload (gnu system file-systems) (file-system-mapping + file-system-mapping-source + spec->file-system + file-system->spec + file-system-mapping->bind-mount) + #:export (least-authority-wrapper)) + +;;; Commentary: +;;; +;;; This module provides tools to execute programs with the least authority +;;; necessary, using Linux namespaces. +;;; +;;; Code: + +(define %precious-variables + ;; Environment variables preserved by the wrapper by default. + '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER")) + +(define* (least-authority-wrapper program + #:key (name "pola-wrapper") + (guest-uid 1000) + (guest-gid 1000) + (mappings '()) + (namespaces %namespaces) + (directory "/") + (preserved-environment-variables + %precious-variables)) + "Return a wrapper of PROGRAM that executes it with the least authority. + +PROGRAM is executed in separate namespaces according to NAMESPACES, a list of +symbols; it turns with GUEST-UID and GUEST-GID. MAPPINGS is a list of + records indicating directories mirrored inside the +execution environment of PROGRAM. DIRECTORY is the working directory of the +wrapped process. Each environment listed in PRESERVED-ENVIRONMENT-VARIABLES +is preserved; other environment variables are erased." + (define code + (with-imported-modules (source-module-closure + '((gnu system file-systems) + (gnu build shepherd) + (gnu build linux-container))) + #~(begin + (use-modules (gnu system file-systems) + (gnu build linux-container) + ((gnu build shepherd) #:select (default-mounts)) + (srfi srfi-1)) + + (define variables + (filter-map (lambda (variable) + (let ((value (getenv variable))) + (and value + (string-append variable "=" value)))) + '#$preserved-environment-variables)) + + (define (read-file file) + (call-with-input-file file read)) + + (define references + (delete-duplicates + (append-map read-file + '#$(map references-file + (cons program + (map file-system-mapping-source + mappings)))))) + + (define (store? file-system) + (string=? (file-system-mount-point file-system) + #$(%store-prefix))) + + (define mounts + (append (map (lambda (item) + (file-system-mapping->bind-mount + (file-system-mapping (source item) + (target item)))) + references) + (remove store? + (default-mounts + #:namespaces '#$namespaces)) + (map spec->file-system + '#$(map (compose file-system->spec + file-system-mapping->bind-mount) + mappings)))) + + (define (reify-exit-status status) + (cond ((status:exit-val status) => exit) + ((or (status:term-sig status) + (status:stop-sig status)) + => (lambda (signal) + (format (current-error-port) + "~a terminated with signal ~a~%" + #$program signal) + (exit (+ 128 signal)))))) + + ;; Note: 'call-with-container' creates a sub-process that this one + ;; waits for. This might seem suboptimal but unshare(2) isn't + ;; really applicable: the process would still run in the same PID + ;; namespace. + + (reify-exit-status + (call-with-container mounts + (lambda () + (chdir #$directory) + (environ variables) + (apply execl #$program #$program (cdr (command-line)))) + + ;; Don't assume PROGRAM can behave as an init process. + #:child-is-pid1? #f + + #:guest-uid #$guest-uid + #:guest-gid #$guest-gid + #:namespaces '#$namespaces))))) + + (program-file name code)) From patchwork Wed Apr 27 16:56:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38941 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C19B127BBEA; Wed, 27 Apr 2022 17:59:54 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 491C427BBE9 for ; Wed, 27 Apr 2022 17:59:54 +0100 (BST) Received: from localhost ([::1]:59090 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl17-000779-F9 for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 12:59:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34752) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzO-0004TV-HA for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50273) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzO-0005Cr-7A for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:06 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzO-0003uE-6z for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:06 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 07/15] services: dicod: Rewrite using 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:06 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864714846 (code B ref 54997); Wed, 27 Apr 2022 16:58:06 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:27 +0000 Received: from localhost ([127.0.0.1]:44147 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyl-0003rI-FQ for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41202) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyM-0003oG-9K for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60014) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyD-00053T-61; Wed, 27 Apr 2022 12:56:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=C/R40NJJCuw3AQnu9NbuQVkDnge+l5uFaKySskrcw5Q=; b=bmHIymvuojKW8WQiSTl2 OJET/guKDR2HbZixwfAHQtqIElfXRKr+VHgY2YamLSp0RKpK2iiS6VLgjyoTjEtYcgTNrd7SGsTMi In/gX2vJmOuAuWtO77mtB6PyvqEVdMymtDDWIhz0Oyo3OsF3O4VNfpg0TqD3sXWSUT2w2hUSoxPb0 Ec1hiaMcC3EBHsgIFUvKraza+QSMIhbgMYk5ENRA1p6SOMAobV6dweFEg5HFJA+5kKaRZpFCUzGXd xC1KFm74YIHPThpgZNsnOPFA2syWRGajEgLuTaRRKJHRfAbujJGeWn2hY0Lr6sCOGxhZ27Mh/SDSk rhJ29kixQSQZJA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyC-0000Hl-QQ; Wed, 27 Apr 2022 12:56:53 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:27 +0200 Message-Id: <20220427165635.8015-8-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/dict.scm (dicod-shepherd-service): Rewrite using 'least-authority-wrapper' plus 'make-forkexec-constructor' instead of 'make-forkexec-constructor/container'. --- gnu/services/dict.scm | 51 ++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm index a97ad8f608..62b21f8d53 100644 --- a/gnu/services/dict.scm +++ b/gnu/services/dict.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Sou Bunnbu -;;; Copyright © 2016, 2017, 2018, 2020 Ludovic Courtès +;;; Copyright © 2016, 2017, 2018, 2020, 2022 Ludovic Courtès ;;; Copyright © 2017 Huang Ying ;;; ;;; This file is part of GNU Guix. @@ -22,12 +22,15 @@ (define-module (gnu services dict) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix modules) + #:use-module (guix least-authority) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system shadow) #:use-module ((gnu packages admin) #:select (shadow)) #:use-module (gnu packages dico) #:use-module (gnu packages dictionaries) + #:autoload (gnu build linux-container) (%namespaces) + #:autoload (gnu system file-systems) (file-system-mapping) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 match) @@ -142,27 +145,31 @@ (define %dicod-activation (chown rundir (passwd:uid user) (passwd:gid user))))) (define (dicod-shepherd-service config) - (let ((dicod (file-append (dicod-configuration-dico config) - "/bin/dicod")) - (dicod.conf (dicod-configuration-file config))) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(dicod)) - (requirement '(user-processes)) - (documentation "Run the dicod daemon.") - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$dicod "--foreground" - (string-append "--config=" #$dicod.conf)) - #:user "dicod" #:group "dicod" - #:mappings (list (file-system-mapping - (source "/var/run/dicod") - (target source) - (writable? #t))))) - (stop #~(make-kill-destructor))))))) + (let* ((dicod.conf (dicod-configuration-file config)) + (dicod (least-authority-wrapper + (file-append (dicod-configuration-dico config) + "/bin/dicod") + #:name "dicod" + #:mappings (list (file-system-mapping + (source "/var/run/dicod") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") + (target source)) + (file-system-mapping + (source dicod.conf) + (target source))) + #:namespaces (delq 'net %namespaces)))) + (list (shepherd-service + (provision '(dicod)) + (requirement '(user-processes)) + (documentation "Run the dicod daemon.") + (start #~(make-forkexec-constructor + (list #$dicod "--foreground" + (string-append "--config=" #$dicod.conf)) + #:user "dicod" #:group "dicod")) + (stop #~(make-kill-destructor)))))) (define dicod-service-type (service-type From patchwork Wed Apr 27 16:56:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38943 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2C7D727BBEA; Wed, 27 Apr 2022 18:01:20 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D242427BBE9 for ; Wed, 27 Apr 2022 18:01:19 +0100 (BST) Received: from localhost ([::1]:33564 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl2V-0000fP-15 for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 13:01:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34742) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzN-0004Qp-P4 for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50271) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzN-0005CU-EY for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzN-0003tz-EE for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 08/15] services: dicod: Use 'make-inetd-constructor'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864714831 (code B ref 54997); Wed, 27 Apr 2022 16:58:05 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:27 +0000 Received: from localhost ([127.0.0.1]:44143 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyk-0003r3-Ks for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:26 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41188) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyM-0003oC-8w for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:03 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60016) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyD-00053U-OJ; Wed, 27 Apr 2022 12:56:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=MQpPXdmT27Sc0jQcJN7CCKM6M2Rthov0aXprrffF8VE=; b=AWhfDRPaYFltgn7hq4ZO 61RRDWgGNC7OspGe6YFl8bVJokegxytw2op+0GMNqHjmdYRVuFGWMDJmtym/8HiONr0dBTlNP/2Ay g75J24IPH6nR7KrTdB0rHfP4CcSDTmDtz/6fp/U0h2NYz3ZYT/MEaVydtcjBetS5Kuo1CI4XqWpiA 1MYEq2GwVt1WqRY54Ymvem9vBuY3b6wABa1ys9jqtZ9psbmqThjNZ0OeNfZm60YgMNsX/1aDrrrQK 5Nx8/RVyJV9Gs18y2tlMex6jVpvkZixJndBEqFCbSrLuMbeY6niIfjGyPVcVxTuc2IOmoJeRAWvAR SRoWlndTT6O4Wg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyD-0000Hl-C2; Wed, 27 Apr 2022 12:56:53 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:28 +0200 Message-Id: <20220427165635.8015-9-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/dict.scm (dicod-shepherd-service): Use 'make-inetd-constructor' in the 'start' method when available. --- gnu/services/dict.scm | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm index 62b21f8d53..109917c05c 100644 --- a/gnu/services/dict.scm +++ b/gnu/services/dict.scm @@ -146,6 +146,7 @@ (define %dicod-activation (define (dicod-shepherd-service config) (let* ((dicod.conf (dicod-configuration-file config)) + (interfaces (dicod-configuration-interfaces config)) (dicod (least-authority-wrapper (file-append (dicod-configuration-dico config) "/bin/dicod") @@ -165,10 +166,19 @@ (define (dicod-shepherd-service config) (provision '(dicod)) (requirement '(user-processes)) (documentation "Run the dicod daemon.") - (start #~(make-forkexec-constructor - (list #$dicod "--foreground" - (string-append "--config=" #$dicod.conf)) - #:user "dicod" #:group "dicod")) + (start #~(if (and (defined? 'make-inetd-constructor) + #$(= 1 (length interfaces))) ;XXX + (make-inetd-constructor + (list #$dicod "--inetd" "--foreground" + (string-append "--config=" #$dicod.conf)) + (addrinfo:addr + (car (getaddrinfo #$(first interfaces) "dict"))) + #:user "dicod" #:group "dicod" + #:service-name-stem "dicod") + (make-forkexec-constructor + (list #$dicod "--foreground" + (string-append "--config=" #$dicod.conf)) + #:user "dicod" #:group "dicod"))) (stop #~(make-kill-destructor)))))) (define dicod-service-type From patchwork Wed Apr 27 16:56:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38938 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B9B8827BBE9; Wed, 27 Apr 2022 17:59:04 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 0597127BBEA for ; Wed, 27 Apr 2022 17:59:04 +0100 (BST) Received: from localhost ([::1]:57120 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl0J-0005pX-5C for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 12:59:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34756) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzP-0004Y6-GF for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:07 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50279) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzP-0005D9-6Z for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:07 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzP-0003ua-5u for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:07 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 09/15] services: bitlbee: Use 'make-inetd-constructor'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:07 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864814861 (code B ref 54997); Wed, 27 Apr 2022 16:58:07 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:28 +0000 Received: from localhost ([127.0.0.1]:44151 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkym-0003rX-68 for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:28 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41206) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyM-0003oH-A0 for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60018) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyE-00053V-9X; Wed, 27 Apr 2022 12:56:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=hqz/X8pTaIpKmynCFVw6ehRqbeudnNNz6KcSmFlF8kU=; b=rcDgwWx/SLkrWvN4vyPR iLMXD3heLe3Fv5VouzjEltDIWB4WMopZkDb2l0eVY52KPqxyEWoOI7Mj3XabhQPBfhkvn5JQmVTuq KmXBVnL/YjgHMlpnelfRx7+kNCg/97nXY4vqttxa4vZS0TDDJzL0+IdoY60GbkuJ1RTqe004yC/cE DMIqTFPT+Zy4A+6gYcmBT19IZc5HjIO7bVa/I2xMMioFkH/CpolFwLK3MrWCIoAita81zfu7V85jf kmFxrtdRu0ZoMVxpHO0lVHOd54YxmE7sJA7x5X5wS1rkv3qQmOQB3sDt/WVIihJ0ZwNqIrkOvEPHV RdPqDZ52x3Ustw==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyD-0000Hl-U3; Wed, 27 Apr 2022 12:56:54 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:29 +0200 Message-Id: <20220427165635.8015-10-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/messaging.scm (bitlbee-shepherd-service): Add call to 'least-authority-wrapper'. In 'start' method, use 'make-inetd-constructor' when available. * gnu/tests/messaging.scm (run-bitlbee-test)["valid PID"]: Remove test. --- gnu/services/messaging.scm | 63 ++++++++++++++++++++++++++++---------- gnu/tests/messaging.scm | 21 +------------ 2 files changed, 48 insertions(+), 36 deletions(-) diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 4bceb1d37a..7fdd8cf285 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017, 2018 Clément Lassieur ;;; Copyright © 2017 Mathieu Othacehe -;;; Copyright © 2015, 2017, 2018, 2019, 2020 Ludovic Courtès +;;; Copyright © 2015, 2017-2020, 2022 Ludovic Courtès ;;; Copyright © 2018 Pierre-Antoine Rouby ;;; ;;; This file is part of GNU Guix. @@ -28,11 +28,14 @@ (define-module (gnu services messaging) #:use-module (gnu services shepherd) #:use-module (gnu services configuration) #:use-module (gnu system shadow) + #:autoload (gnu build linux-container) (%namespaces) + #:use-module ((gnu system file-systems) #:select (file-system-mapping)) #:use-module (guix gexp) #:use-module (guix modules) #:use-module (guix records) #:use-module (guix packages) #:use-module (guix deprecation) + #:use-module (guix least-authority) #:use-module (srfi srfi-1) #:use-module (srfi srfi-35) #:use-module (ice-9 match) @@ -821,7 +824,18 @@ (define bitlbee-shepherd-service DaemonInterface = " interface " DaemonPort = " (number->string port) " PluginDir = " plugins "/lib/bitlbee -" extra-settings))) +" extra-settings)) + (bitlbee* (least-authority-wrapper + (file-append bitlbee "/sbin/bitlbee") + #:name "bitlbee" + #:mappings (list (file-system-mapping + (source "/var/lib/bitlbee") + (target source) + (writable? #t)) + (file-system-mapping + (source conf) + (target conf))) + #:namespaces (delq 'net %namespaces)))) (with-imported-modules (source-module-closure '((gnu build shepherd) @@ -836,20 +850,37 @@ (define bitlbee-shepherd-service (modules '((gnu build shepherd) (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append bitlbee "/sbin/bitlbee") - "-n" "-F" "-u" "bitlbee" "-c" #$conf) - - ;; Allow 'bitlbee-purple' to use libpurple plugins. - #:environment-variables - (list (string-append "PURPLE_PLUGIN_PATH=" - #$plugins "/lib/purple-2")) - - #:pid-file "/var/run/bitlbee.pid" - #:mappings (list (file-system-mapping - (source "/var/lib/bitlbee") - (target source) - (writable? #t))))) + (start #~(if (defined? 'make-inetd-constructor) + + (make-inetd-constructor + (list #$bitlbee* "-I" + "-u" "bitlbee" "-c" #$conf) + (addrinfo:addr + (car (getaddrinfo #$interface + #$(number->string port) + (logior AI_NUMERICHOST + AI_NUMERICSERV)))) + #:service-name-stem "bitlbee" + + ;; Allow 'bitlbee-purple' to use libpurple plugins. + #:environment-variables + (list (string-append "PURPLE_PLUGIN_PATH=" + #$plugins "/lib/purple-2"))) + + (make-forkexec-constructor/container + (list #$(file-append bitlbee "/sbin/bitlbee") + "-n" "-F" "-u" "bitlbee" "-c" #$conf) + + ;; Allow 'bitlbee-purple' to use libpurple plugins. + #:environment-variables + (list (string-append "PURPLE_PLUGIN_PATH=" + #$plugins "/lib/purple-2")) + + #:pid-file "/var/run/bitlbee.pid" + #:mappings (list (file-system-mapping + (source "/var/lib/bitlbee") + (target source) + (writable? #t)))))) (stop #~(make-kill-destructor))))))))) (define %bitlbee-accounts diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm index 202a1c2f73..1e26c0ddea 100644 --- a/gnu/tests/messaging.scm +++ b/gnu/tests/messaging.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017, 2018 Clément Lassieur -;;; Copyright © 2017, 2018, 2021 Ludovic Courtès +;;; Copyright © 2017-2018, 2021-2022 Ludovic Courtès ;;; Copyright © 2018 Efraim Flashner ;;; ;;; This file is part of GNU Guix. @@ -198,25 +198,6 @@ (define marionette (start-service 'bitlbee)) marionette)) - (test-equal "valid PID" - #$(file-append bitlbee "/sbin/bitlbee") - (marionette-eval - '(begin - (use-modules (srfi srfi-1) - (gnu services herd)) - - (let ((bitlbee - (find (lambda (service) - (equal? '(bitlbee) - (live-service-provision service))) - (current-services)))) - (and (pk 'bitlbee-service bitlbee) - (let ((pid (live-service-running bitlbee))) - (readlink (string-append "/proc/" - (number->string pid) - "/exe")))))) - marionette)) - (test-assert "connect" (let* ((address (make-socket-address AF_INET INADDR_LOOPBACK 6667)) From patchwork Wed Apr 27 16:56:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38939 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C45C327BBEA; Wed, 27 Apr 2022 17:59:10 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8B15927BBE9 for ; Wed, 27 Apr 2022 17:59:10 +0100 (BST) Received: from localhost ([::1]:57296 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl0P-0005wQ-Ie for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 12:59:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34740) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzN-0004Po-Do for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50270) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzN-0005CN-2e for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzN-0003ts-2L for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 10/15] services: ipfs: Adjust for Shepherd 0.9. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864614824 (code B ref 54997); Wed, 27 Apr 2022 16:58:05 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:26 +0000 Received: from localhost ([127.0.0.1]:44141 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyk-0003qw-Ab for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:26 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41190) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyM-0003oD-8v for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:02 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60020) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyE-00053W-Vp; Wed, 27 Apr 2022 12:56:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=0pgjMwjdOy4O50Emcy/6rmMMZOHshbrFdP+RNSSj450=; b=J7defC/RnJK9+MCWWfk5 sr0VlAG+oi36Tc2ana5dnGNclzYc3gUf+1RAhEo+eBrpIgzlQeCsAgmb6so+Q1lUCqj7W68jrCBU4 OnoLBvWK/fgkNkjEg8Peo8qdWxgT6IjveUms9JK+C6Q//+BbZCiaEoK8kXYgreLOKYeGvrEi8YKZk z6zaFbz7tyOXgcGU8/9bzRpqcinUHJSgBLF2qYHrrIOHLYKxF1P3zWs5Oc4fyY55GSxko/7uWbH3h 8ghEM4XFEawsq3k40KnXQwKbdQ97uIbHXXx2GjG5n7yHGVDvzPZW/qqsWlkF0eO76zkUmW3o8drwb fDBpPs9ZSGFzug==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyE-0000Hl-FY; Wed, 27 Apr 2022 12:56:54 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:30 +0200 Message-Id: <20220427165635.8015-11-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches This is a followup to e1f0c88ea221d846b5a533c4dc88e99e953af63e. * gnu/services/networking.scm (%ipfs-activation)[shepherd&co]: New variable. [container-gexp]: Use it. --- gnu/services/networking.scm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 5bb8638930..b302be5aaf 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -2074,12 +2074,19 @@ (define inner-gexp #$@(map (cute apply set-config!-gexp <>) settings))) (define inner-script (program-file "ipfs-activation-inner" inner-gexp)) + + (define shepherd&co + ;; 'make-forkexec-constructor/container' needs version 0.9 for + ;; #:supplementary-groups. + (cons shepherd-0.9 + (list (lookup-package-input shepherd-0.9 "guile-fibers")))) + ;; Run ipfs init and ipfs config from a container, ;; in case the IPFS daemon was compromised at some point ;; and ~/.ipfs is now a symlink to somewhere outside ;; %ipfs-home. (define container-gexp - (with-extensions (list shepherd) + (with-extensions shepherd&co (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) From patchwork Wed Apr 27 16:56:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38944 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 72FF227BBEA; Wed, 27 Apr 2022 18:01:42 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id C5D1B27BBE9 for ; Wed, 27 Apr 2022 18:01:41 +0100 (BST) Received: from localhost ([::1]:34168 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl2q-00013l-Tl for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 13:01:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34758) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzP-0004Zg-U8 for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:07 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50280) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzP-0005DE-LS for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:07 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzP-0003uo-L9 for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:07 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 11/15] services: ipfs: Use 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:07 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864914869 (code B ref 54997); Wed, 27 Apr 2022 16:58:07 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:29 +0000 Received: from localhost ([127.0.0.1]:44153 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkym-0003re-Mz for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:29 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41192) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyM-0003oE-90 for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60022) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyF-00053Y-Mk; Wed, 27 Apr 2022 12:56:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=KxaDcRI/s/OmdSnaAoayJmj06Soqk6ikskfeRXujx90=; b=iiV7NLD5piecRmN+TyYX DvyD1zJxsLRoK4A/ttT5CsyqFMLGnEElZLmbtdpwUcmhSpKAuXzHeYNWIOc9hR815Pl96Ge/Pz0A1 FuyCqVbURKqD1C6wm+TLtSqG2tZtudrKhCQqY7QgV869dJrpGb9YClKw1Ev1vwYK/NmgFfcBAqDo7 biuQECw3z8v6l1QaCNxMPUVNoe+Szd5HS2HdBiREPm2A5Jb9+TVixVsEt9pzDjbhp0r2ZC/KbgnV7 +hPkCPvBGETXzCJ6vPWbfyZ56Qf+1cDYy9Low5vllyPYTg/qkKog0grU8AKx5lpWTO93kK+q95cwd urikruJXsWtVCQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyF-0000Hl-5f; Wed, 27 Apr 2022 12:56:55 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:31 +0200 Message-Id: <20220427165635.8015-12-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/networking.scm (ipfs-binary): Call 'least-authority-wrapper'. (%ipfs-home-mapping): Remove surrounding gexp. (ipfs-shepherd-service)[exec-command]: New procedure. [ipfs-config-command, set-config!-gexp, shepherd&co] [container-gexp, container-script]: Remove. [inner-gexp]: Use 'exec-command'. --- gnu/services/networking.scm | 123 +++++++++++++++++------------------- 1 file changed, 58 insertions(+), 65 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index b302be5aaf..4708ade0ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès +;;; Copyright © 2013-2022 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016, 2018, 2020 Efraim Flashner ;;; Copyright © 2016 John Darrington @@ -43,6 +43,7 @@ (define-module (gnu services networking) #:use-module (gnu services dbus) #:use-module (gnu system shadow) #:use-module (gnu system pam) + #:use-module ((gnu system file-systems) #:select (file-system-mapping)) #:use-module (gnu packages admin) #:use-module (gnu packages base) #:use-module (gnu packages bash) @@ -59,6 +60,7 @@ (define-module (gnu services networking) #:use-module (gnu packages gnome) #:use-module (gnu packages ipfs) #:use-module (gnu build linux-container) + #:autoload (guix least-authority) (least-authority-wrapper) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix modules) @@ -2018,13 +2020,20 @@ (define %ipfs-accounts (system? #t)))) (define (ipfs-binary config) - (file-append (ipfs-configuration-package config) "/bin/ipfs")) + (define command + (file-append (ipfs-configuration-package config) "/bin/ipfs")) + + (least-authority-wrapper + command + #:name "ipfs" + #:mappings (list %ipfs-home-mapping) + #:namespaces (delq 'net %namespaces))) (define %ipfs-home-mapping - #~(file-system-mapping - (source #$%ipfs-home) - (target #$%ipfs-home) - (writable? #t))) + (file-system-mapping + (source %ipfs-home) + (target %ipfs-home) + (writable? #t))) (define %ipfs-environment #~(list #$(string-append "HOME=" %ipfs-home))) @@ -2033,82 +2042,66 @@ (define (ipfs-shepherd-service config) "Return a for IPFS with CONFIG." (define ipfs-daemon-command #~(list #$(ipfs-binary config) "daemon")) - (list - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (shepherd-service - (provision '(ipfs)) - ;; While IPFS is most useful when the machine is connected - ;; to the network, only loopback is required for starting - ;; the service. - (requirement '(loopback)) - (documentation "Connect to the IPFS network") - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - #$ipfs-daemon-command - #:namespaces '#$(fold delq %namespaces '(user net)) - #:mappings (list #$%ipfs-home-mapping) - #:log-file "/var/log/ipfs.log" - #:user "ipfs" - #:group "ipfs" - #:environment-variables #$%ipfs-environment)) - (stop #~(make-kill-destructor)))))) + + (list (shepherd-service + (provision '(ipfs)) + ;; While IPFS is most useful when the machine is connected + ;; to the network, only loopback is required for starting + ;; the service. + (requirement '(loopback)) + (documentation "Connect to the IPFS network") + (start #~(make-forkexec-constructor + #$ipfs-daemon-command + #:log-file "/var/log/ipfs.log" + #:user "ipfs" #:group "ipfs" + #:environment-variables #$%ipfs-environment)) + (stop #~(make-kill-destructor))))) (define (%ipfs-activation config) "Return an activation gexp for IPFS with CONFIG" - (define (ipfs-config-command setting value) - #~(#$(ipfs-binary config) "config" #$setting #$value)) - (define (set-config!-gexp setting value) - #~(system* #$@(ipfs-config-command setting value))) + (define (exec-command . args) + ;; Exec the given ifps command with the right authority. + #~(let ((pid (primitive-fork))) + (if (zero? pid) + (dynamic-wind + (const #t) + (lambda () + ;; Run ipfs init and ipfs config from a container, + ;; in case the IPFS daemon was compromised at some point + ;; and ~/.ipfs is now a symlink to somewhere outside + ;; %ipfs-home. + (let ((pw (getpwnam "ipfs"))) + (setgroups '#()) + (setgid (passwd:gid pw)) + (setuid (passwd:uid pw)) + (environ #$%ipfs-environment) + (execl #$(ipfs-binary config) #$@args))) + (lambda () + (primitive-exit 127))) + (waitpid pid)))) + (define settings `(("Addresses.API" ,(ipfs-configuration-api config)) ("Addresses.Gateway" ,(ipfs-configuration-gateway config)))) + (define inner-gexp #~(begin (umask #o077) ;; Create $HOME/.ipfs structure - (system* #$(ipfs-binary config) "init") + #$(exec-command "ipfs" "init") ;; Apply settings - #$@(map (cute apply set-config!-gexp <>) settings))) + #$@(map (match-lambda + ((setting value) + (exec-command "ipfs" "config" setting value))) + settings))) + (define inner-script (program-file "ipfs-activation-inner" inner-gexp)) - (define shepherd&co - ;; 'make-forkexec-constructor/container' needs version 0.9 for - ;; #:supplementary-groups. - (cons shepherd-0.9 - (list (lookup-package-input shepherd-0.9 "guile-fibers")))) - - ;; Run ipfs init and ipfs config from a container, - ;; in case the IPFS daemon was compromised at some point - ;; and ~/.ipfs is now a symlink to somewhere outside - ;; %ipfs-home. - (define container-gexp - (with-extensions shepherd&co - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - #~(begin - (use-modules (gnu build shepherd) - (gnu system file-systems)) - (let* ((constructor - (make-forkexec-constructor/container - (list #$inner-script) - #:namespaces '#$(fold delq %namespaces '(user)) - #:mappings (list #$%ipfs-home-mapping) - #:user "ipfs" - #:group "ipfs" - #:environment-variables #$%ipfs-environment)) - (pid (constructor))) - (waitpid pid)))))) ;; The activation may happen from the initrd, which uses ;; a statically-linked guile, while the guix container ;; procedures require a working dynamic-link. - (define container-script - (program-file "ipfs-activation-container" container-gexp)) - #~(system* #$container-script)) + #~(system* #$inner-script)) (define ipfs-service-type (service-type From patchwork Wed Apr 27 16:56:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38948 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id DA8CA27BBEA; Wed, 27 Apr 2022 18:02:35 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9903827BBE9 for ; Wed, 27 Apr 2022 18:02:35 +0100 (BST) Received: from localhost ([::1]:35980 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl3i-0002JY-JJ for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 13:02:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34732) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzM-0004OK-W1 for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50269) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzM-0005CC-Lr for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzM-0003tk-Lz for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 12/15] services: wesnothd: Grant write access to /var/run/wesnothd. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864614817 (code B ref 54997); Wed, 27 Apr 2022 16:58:04 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:26 +0000 Received: from localhost ([127.0.0.1]:44139 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyj-0003qo-V6 for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:26 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41184) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyM-0003o9-7s for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:02 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60024) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyG-00053a-B0; Wed, 27 Apr 2022 12:56:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=lhnIdYueYMKsP0FP9RoKNHZvyfi11Q1eoeAAtVW/754=; b=esz7Cd3A1MmXzzn8FT6V cQPVMWv5WrfAfraGhWF0+sC24mmqBYLyNJzfKFUI5C/SwZq8C8fj0rnoWhy7Ut2WTANP3C6crRiL+ fevhBYHiD5ZBNHBEgcb+AsWK3Ld9RuxpQde56XD2OcYXZvNsWUpdnGD4j+DJFaBzGzFGwg+YBkpPa UQqeLp029bfA+4sgJvN7wGfqxpoUga7PjnM5+9Ya4M9c/wVFJkEjsyZl/TbCm4B44Rvwd+tG1Yy1Q PPSS4/cGjUsRCrhJYsVYZWl4rSfm3Mw75wUj886YH82gVVAx8D6wbgJ3Ls5gWK4jxkbCeQaiP0Nww BQR77VmhlfjdWw==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyF-0000Hl-Sd; Wed, 27 Apr 2022 12:56:56 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:32 +0200 Message-Id: <20220427165635.8015-13-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/games.scm (wesnothd-shepherd-service): Augment 'modules' field. Pass #:mappings argument to 'make-forkexec-constructor/container'. (wesnothd-activation): New variable. (wesnothd-service-type): Extend ACTIVATION-SERVICE-TYPE. --- gnu/services/games.scm | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/gnu/services/games.scm b/gnu/services/games.scm index b743f6a4b6..dc0bfbe9dc 100644 --- a/gnu/services/games.scm +++ b/gnu/services/games.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Arun Isaac +;;; Copyright © 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -57,18 +58,35 @@ (define wesnothd-shepherd-service (match-lambda (($ package port) (with-imported-modules (source-module-closure - '((gnu build shepherd))) + '((gnu build shepherd) + (gnu system file-systems))) (shepherd-service (documentation "The Battle for Wesnoth server") (provision '(wesnoth-daemon)) (requirement '(networking)) - (modules '((gnu build shepherd))) + (modules '((gnu build shepherd) + (gnu system file-systems))) (start #~(make-forkexec-constructor/container (list #$(file-append package "/bin/wesnothd") "-p" #$(number->string port)) + #:mappings (list (file-system-mapping + (source "/var/run/wesnothd") + (target source) + (writable? #t))) #:user "wesnothd" #:group "wesnothd")) (stop #~(make-kill-destructor))))))) +(define wesnothd-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (let* ((user (getpw "wesnothd")) + (directory "/var/run/wesnothd")) + ;; wesnothd creates a Unix-domain socket in DIRECTORY. + (mkdir-p directory) + (chown directory (passwd:uid user) (passwd:gid user)))))) + (define wesnothd-service-type (service-type (name 'wesnothd) @@ -77,6 +95,8 @@ (define wesnothd-service-type (extensions (list (service-extension account-service-type (const %wesnothd-accounts)) + (service-extension activation-service-type + (const wesnothd-activation)) (service-extension shepherd-root-service-type (compose list wesnothd-shepherd-service)))) (default-value (wesnothd-configuration)))) From patchwork Wed Apr 27 16:56:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38936 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1739D27BBEA; Wed, 27 Apr 2022 17:58:35 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id CECCE27BBE9 for ; Wed, 27 Apr 2022 17:58:34 +0100 (BST) Received: from localhost ([::1]:56092 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njkzp-0005AO-Tp for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 12:58:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34754) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzO-0004VR-Uf for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50276) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzO-0005D2-Jf for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:06 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzO-0003uM-JH for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:06 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 13/15] services: wesnothd: Use 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:06 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864814854 (code B ref 54997); Wed, 27 Apr 2022 16:58:06 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:28 +0000 Received: from localhost ([127.0.0.1]:44149 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyl-0003rP-Sa for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:28 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41216) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyM-0003oP-Rg for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60028) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyH-00053x-2O; Wed, 27 Apr 2022 12:56:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=Fs0Td2FhdDbA9Zx7+m4bcoGIq+I66Pyd3wX+b3zcZ+U=; b=hbwcMra4Xc8cZ3I+X9uD Mv1UPDS7LsnRjU8qORE+9X11qEX8NT+0k3mNqb54VphkewYh7qpPezLNt3pEqNn4cAeNT5m/zwVmt sOCOdYmqXVqkGtck5iHf2xiP361hUvW9T1MWgUnjpdgaFb+ldVMkpyBt9maFTq030oeumve9MI6Mn 55E7v4V2dw2V1ZM/xzSGxIny0+zqt3zTN2swnCY33CPiET81wTW8b9kMV1Z2pVsiJquLFn/aY+sA/ DoIjpPnZP9OkWa4Hk0fM5SslFpDvhtAnq1HzGE++ulBbBxhMOWsVZo/MhOuP7if3eV/v2IMaLPcTV stWBdd0tCn2e0Q==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyG-0000Hl-GB; Wed, 27 Apr 2022 12:56:56 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:33 +0200 Message-Id: <20220427165635.8015-14-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/games.scm (wesnothd-shepherd-service): Use 'least-authority-wrapper' instead of 'make-forkexec-constructor/container'. --- gnu/services/games.scm | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/gnu/services/games.scm b/gnu/services/games.scm index dc0bfbe9dc..6c2af44b49 100644 --- a/gnu/services/games.scm +++ b/gnu/services/games.scm @@ -23,6 +23,9 @@ (define-module (gnu services games) #:use-module (gnu packages admin) #:use-module (gnu packages games) #:use-module (gnu system shadow) + #:use-module ((gnu system file-systems) #:select (file-system-mapping)) + #:use-module (gnu build linux-container) + #:autoload (guix least-authority) (least-authority-wrapper) #:use-module (guix gexp) #:use-module (guix modules) #:use-module (guix records) @@ -57,22 +60,20 @@ (define %wesnothd-accounts (define wesnothd-shepherd-service (match-lambda (($ package port) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) + (let ((wesnothd (least-authority-wrapper + (file-append package "/bin/wesnothd") + #:name "wesnothd" + #:mappings (list (file-system-mapping + (source "/var/run/wesnothd") + (target source) + (writable? #t))) + #:namespaces (delq 'net %namespaces)))) (shepherd-service (documentation "The Battle for Wesnoth server") (provision '(wesnoth-daemon)) (requirement '(networking)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append package "/bin/wesnothd") - "-p" #$(number->string port)) - #:mappings (list (file-system-mapping - (source "/var/run/wesnothd") - (target source) - (writable? #t))) + (start #~(make-forkexec-constructor + (list #$wesnothd "-p" #$(number->string port)) #:user "wesnothd" #:group "wesnothd")) (stop #~(make-kill-destructor))))))) From patchwork Wed Apr 27 16:56:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38945 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 6384E27BBEA; Wed, 27 Apr 2022 18:02:06 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2440D27BBE9 for ; Wed, 27 Apr 2022 18:02:06 +0100 (BST) Received: from localhost ([::1]:34864 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl3F-0001Xx-6L for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 13:02:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34762) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzQ-0004bX-CP for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:08 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50281) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzQ-0005DM-1T for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:08 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzQ-0003uv-0p for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:08 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 14/15] services: quassel: Use 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:07 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864914876 (code B ref 54997); Wed, 27 Apr 2022 16:58:07 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:29 +0000 Received: from localhost ([127.0.0.1]:44155 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyn-0003rl-8S for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:29 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41222) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyN-0003oW-6U for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60030) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyH-00054W-N0; Wed, 27 Apr 2022 12:56:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=3JvzXej9xh9iqV8fsnLduF9DnXG51SXcve0a7fRlY0U=; b=NXgpRzLwMtnNR2USaS93 Att0o+Rno06Umqu0lM5WvQAXg0PaoB5BUag4HMGOatwUc+m9qF/udGD3XN7q341VHXKPAVENJ/9/m NfNpESiK3TohTJdTf/q6wj2Vks032NlJKORm8klI8VEacnkLSp1CTp/QQ9tXBm4BE7VUIGkkyjivK TPHONg8kp4kL2krASKNocgH5/hWc+pa0L6GFcLr/Q3//h4aEydw6jJPoWD+EufHRwS/MIhIx8hmqB eVxcPdh/6zIFPbDo2gsYmM2hUYNh0VaGfhDHq/McsAgJTWZJHcv2i0mjyAPhmOqaMX72I16Rz1Dye kGO53PZTV6g0Mg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyH-0000Hl-72; Wed, 27 Apr 2022 12:56:57 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:34 +0200 Message-Id: <20220427165635.8015-15-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/messaging.scm (quassel-shepherd-service): Use 'least-authority-wrapper' instead of 'make-forkexec-constructor/container'. --- gnu/services/messaging.scm | 42 ++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 7fdd8cf285..05bf6e784b 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -939,29 +939,31 @@ (define-record-type* (define quassel-shepherd-service (match-lambda (($ quassel interface port loglevel) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) + (let ((quassel (least-authority-wrapper + (file-append quassel "/bin/quasselcore") + #:name "quasselcore" + #:mappings (list (file-system-mapping + (source "/var/lib/quassel") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/log/quassel") + (target source) + (writable? #t))) + ;; XXX: The daemon needs to live in the main user + ;; namespace, as root, so it can access /var/lib/quassel + ;; owned by "quasselcore". + #:namespaces (fold delq %namespaces '(net user))))) (list (shepherd-service (provision '(quassel)) (requirement '(user-processes networking)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append quassel "/bin/quasselcore") - "--configdir=/var/lib/quassel" - "--logfile=/var/log/quassel/core.log" - (string-append "--loglevel=" #$loglevel) - (string-append "--port=" (number->string #$port)) - (string-append "--listen=" #$interface)) - #:mappings (list (file-system-mapping - (source "/var/lib/quassel") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/log/quassel") - (target source) - (writable? #t))))) + (start #~(make-forkexec-constructor + (list #$quassel + "--configdir=/var/lib/quassel" + "--logfile=/var/log/quassel/core.log" + (string-append "--loglevel=" #$loglevel) + (string-append "--port=" (number->string #$port)) + (string-append "--listen=" #$interface)))) (stop #~(make-kill-destructor)))))))) (define %quassel-account From patchwork Wed Apr 27 16:56:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 38947 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id EA9FB27BBEA; Wed, 27 Apr 2022 18:02:18 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id A4B8A27BBE9 for ; Wed, 27 Apr 2022 18:02:18 +0100 (BST) Received: from localhost ([::1]:35476 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl3R-0001yX-RG for patchwork@mira.cbaines.net; Wed, 27 Apr 2022 13:02:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34764) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzQ-0004ch-Ms for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:08 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50282) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzQ-0005DX-Dm for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:08 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzQ-0003v4-DH for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:08 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 15/15] services: opendht: Use 'least-authority-wrapper'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:08 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107865014882 (code B ref 54997); Wed, 27 Apr 2022 16:58:08 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:30 +0000 Received: from localhost ([127.0.0.1]:44157 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyn-0003rt-Kn for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:30 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41226) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyN-0003oX-L1 for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60032) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyI-00054h-91; Wed, 27 Apr 2022 12:56:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=JaLxsvYppwCzUdZhpyUCjqE9ZnjCMOGFJJmxJ6Ch/R0=; b=bLAGzNnzJyDCsYMOC4yI zj8XSr5a7nGdPoG5MXvXySxKWQ9KZjdkEeHzxPTvPetkhY8fsWZ0tZB2NBhW7n6QWdQZ5yCqtCOvG vSS9hbjoyEThoGgUKjEG90IY6H/RswS2jCAbM/ENcaYsO9ktF0VWz+qYtWNY398zIGVk5g/vox1yo a0H1fb4Yl+bbG62k23iBdzuB8TwBX1J+WMzjjqFyWZaUXn8b583imHxh9w6vLIAkcq5SUL3z5nhoG rE6TslUq7gKgJwTR3iDsALUlJYV3/wzs7l21/h6gi2OaKadyNvyhPIUbBmGmpcfowjo3HPwaJZ7Gq eX5j4kCY44cdMg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyH-0000Hl-Sm; Wed, 27 Apr 2022 12:56:58 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:35 +0200 Message-Id: <20220427165635.8015-16-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/networking.scm (opendht-configuration->command-line-arguments): Use 'least-authority-wrapper'. (opendht-shepherd-service): Use 'make-forkexec-constructor'. --- gnu/services/networking.scm | 40 ++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 4708ade0ca..5873070bdd 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -796,7 +796,19 @@ (define (opendht-configuration->command-line-arguments config) (match-record config (opendht bootstrap-host enable-logging? port debug? peer-discovery? proxy-server-port proxy-server-port-tls) - (let ((dhtnode #~(string-append #$opendht:tools "/bin/dhtnode"))) + (let ((dhtnode (least-authority-wrapper + ;; XXX: Work around lack of support for multiple outputs + ;; in 'file-append'. + (computed-file "dhtnode" + #~(symlink + (string-append #$opendht:tools + "/bin/dhtnode") + #$output)) + #:name "dhtnode" + #:mappings (list (file-system-mapping + (source "/dev/log") ;for syslog + (target source))) + #:namespaces (delq 'net %namespaces)))) `(,dhtnode "--service" ;non-forking mode ,@(if (string? bootstrap-host) @@ -822,23 +834,15 @@ (define (opendht-configuration->command-line-arguments config) (define (opendht-shepherd-service config) "Return a running OpenDHT." - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (shepherd-service - (documentation "Run an OpenDHT node.") - (provision '(opendht dhtnode dhtproxy)) - (requirement '(networking syslogd)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$@(opendht-configuration->command-line-arguments config)) - #:mappings (list (file-system-mapping - (source "/dev/log") ;for syslog - (target source))) - #:user "opendht" - #:group "opendht")) - (stop #~(make-kill-destructor))))) + (shepherd-service + (documentation "Run an OpenDHT node.") + (provision '(opendht dhtnode dhtproxy)) + (requirement '(networking syslogd)) + (start #~(make-forkexec-constructor + (list #$@(opendht-configuration->command-line-arguments config)) + #:user "opendht" + #:group "opendht")) + (stop #~(make-kill-destructor)))) (define opendht-service-type (service-type