From patchwork Mon Mar 31 21:37:11 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz>
X-Patchwork-Id: 41095
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 8D69827BBEA; Mon, 31 Mar 2025 22:38:19 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_ADSP_ALL,DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,
	RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id DC06F27BBE9
	for <patchwork@mira.cbaines.net>; Mon, 31 Mar 2025 22:38:18 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1tzMpZ-0001vj-FB; Mon, 31 Mar 2025 17:38:05 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tzMpX-0001vP-PM
 for guix-patches@gnu.org; Mon, 31 Mar 2025 17:38:04 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tzMpW-0002wj-G4
 for guix-patches@gnu.org; Mon, 31 Mar 2025 17:38:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org;
 h=MIME-Version:Date:From:To:Subject;
 bh=ZaRckcdW49WZM60IxdfcMsmhN03dzAmpicJiL4+UhqM=;
 b=WOxha/48sWLBVJYXoaI5EWeE7sKVfjSgVNl7rxdLc6R8nIdqz4BzV8OAYzdmTGK2Um7vq8k4+fKgaDdwUTtORJj234iXduwQY3JnPVGQRZueZtWrNVh8JQj03MTjhB1ErDZZ2iXADeRerbEsoQM5RbOYTHmiEb5OPiLJ6Lt5M6NO3llw/xSICG3EsORsx+3LWiUezEDS3oukb/+0qpo9mdKimx6fC4KqLUNOxw10vDKV5QZzIIb+Wp/6LgpbarVY4gyPMFrBDu811tNgMfDnwjgbx0vO+MxnwMfPIiC9KfbKh553LFa10XpoIFrcPyHm/jAfGSGyDsQSvMb+peXj3g==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tzMpW-0005Ih-5c
 for guix-patches@gnu.org; Mon, 31 Mar 2025 17:38:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#77419] [PATCH] services: Add svcgssd-service-type.
Resent-From: Tomas Volf <~@wolfsden.cz>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 31 Mar 2025 21:38:01 +0000
Resent-Message-ID: <handler.77419.B.174345705320209@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 77419
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 77419@debbugs.gnu.org
Cc: Tomas Volf <~@wolfsden.cz>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.174345705320209
 (code B ref -1); Mon, 31 Mar 2025 21:38:01 +0000
Received: (at submit) by debbugs.gnu.org; 31 Mar 2025 21:37:33 +0000
Received: from localhost ([127.0.0.1]:43210 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tzMp2-0005Fk-DJ
 for submit@debbugs.gnu.org; Mon, 31 Mar 2025 17:37:33 -0400
Received: from lists.gnu.org ([2001:470:142::17]:43418)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tzMoz-0005FG-G8
 for submit@debbugs.gnu.org; Mon, 31 Mar 2025 17:37:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tzMos-0001t0-Sd
 for guix-patches@gnu.org; Mon, 31 Mar 2025 17:37:22 -0400
Received: from wolfsden.cz ([37.205.8.62])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tzMoq-0002uC-Iv
 for guix-patches@gnu.org; Mon, 31 Mar 2025 17:37:22 -0400
Received: by wolfsden.cz (Postfix, from userid 104)
 id 4E35531D88D; Mon, 31 Mar 2025 21:37:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1743457037; bh=8U3JD4Wi+RbbqLt88BOWsLFlKRUEpTeUKZfEhzSqKpc=;
 h=From:To:Cc:Subject:Date;
 b=O0FdehoC1ZbHlZecduIJC8XqbCb/1+BxSuALmH4J+K+1pdvEa/ojRGz7qCgEYgWct
 zcTFYy3aYFDdzKGEVbOzErBjSXemkScXrG43bIQTYnYGRz0DoX/yHuBWf/Qaj6LRNL
 wS6e7f2VGZNLHvW9iXF2HOmfkaBkvoz++nhkR52gefimshci2BQiAvoFGzmK13Lk7U
 I+xZw+nOysCw4utG+cx/QM4/XKtmyCczkGuVfX/0Oi6mxeOmkJZk2i7Rz1+TQehYj/
 LIYqMo9X/hIphoandSM56iETyJbTNAG3LapZvbOwHPCmgqy1nJgKA/ClEnvEOiTLgA
 /0Yf9OKwRgLt905XW6bKJQS7QldoP7g/XEHPexxSl2OWJPhXTw4cr7FNhEuLt0U1Wl
 YzPTeySHB+TONNttXsysRoZhS3jlkLIUPaKAY9oLZFnQsGwHrWryaEsrOKAvem7pTn
 7gGkUJj+8BGSVTs1LOTDVaNB5RZz5jhokMiEPnDW9nr31057x4NMhr4mPcuLnSbfPk
 rzBddH/uhlHSSgSs/NCbi7FXkfkjLh1n98SaWCvmtgriqKJ8dI+WivGs3XD91eB1fL
 kPmn2seQrP8gh3l2rDmI+435iwV4GbMnuPDEbZUvg5fujvshprQElRW6fb63ddLa1K
 Aoz9NkYOqjE9xoA51DPdIofk=
Received: from localhost (unknown [128.0.188.242])
 by wolfsden.cz (Postfix) with ESMTPSA id F059A379991;
 Mon, 31 Mar 2025 21:37:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1743457036; bh=8U3JD4Wi+RbbqLt88BOWsLFlKRUEpTeUKZfEhzSqKpc=;
 h=From:To:Cc:Subject:Date;
 b=l5WxxiWqOfMrZTKHhzxE1K4b7wBVTfLzpvxb+PhxCEKpwvIMo0esSBpDCZPNR/cnw
 waYtde6O0tBRQd5xzCylTPDgmalxo9rRnjPps3IwFdP+EAEdqPOjFK0wEorCmyz0rP
 fPPhFzXWImsOdOdusYB3480AKzoH3E9RamOSONarf6QTGY/U71zENOVW2xrCFJieVu
 qgmomTydFo0z6ptml3gRFMrCGHtiVwo6vF/W0Jp2LvUHx6BIMdGTkGcqKT+tl1JpUv
 JCpK4GOWZD+JYshLktPLL/ZbG8gvemFtsgEJ/H76iJ4ICq8J3B1IpCCmITQL6ed9Hm
 hT+VLX9bTGDIemJdQ4zxEGmTdN1fwC/0doCcH8jAbIpIyu+oDgnwxm99Ks9GQvV5yY
 jH9XUa2HqRG3nDe8ChqAPpa/E9sp1bfPDU/ps1qRM4cQPKXnkFv5S2MNDoaABby8TW
 s8pV8XjryrCGMa+ZXZjynnJ+H3qeAl/nIXM21EcoSFszk0MyGONLtai98tjhWXCjax
 x+bTmATyXZWpG2s4SP86x4lDaBOsE5xyfIMM0g2dunQo5Vf4ohspTQ4YZIfAsvkFpN
 ro3UXvXnqy2CIGZF+balSH+bohy2nMsW4OP5ORix/O7/HtTFg8uZnFgeb0qSZYReHV
 J+s/RTjtWERUv2IxZ/YeDyz4=
From: Tomas Volf <~@wolfsden.cz>
Date: Mon, 31 Mar 2025 23:37:11 +0200
Message-ID: 
 <15e1a6a7c0467bc9edccd5c1e395def5f70d391e.1743457031.git.~@wolfsden.cz>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz;
 helo=wolfsden.cz
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

This service is required to get NFS with Kerberos support working.  No
documentation is provided, since this module is under-documented as a whole.
It could use some work.

* gnu/services/nfs.scm (<svcgssd-configuration>): New record type.
(svcgssd-service-type): New service type.
(nfs-service-type): Extend the svcgssd-service-type.

Change-Id: I14d6b7757a8500569c677caca6cd0b528b032c62
---
 gnu/services/nfs.scm | 80 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 78 insertions(+), 2 deletions(-)

diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index f5a1c6a44e..c9d10c9e5a 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,6 +20,7 @@
 
 (define-module (gnu services nfs)
   #:use-module (gnu)
+  #:use-module (gnu services configuration)
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages onc-rpc)
   #:use-module (gnu packages linux)
@@ -45,6 +46,10 @@ (define-module (gnu services nfs)
             gss-configuration
             gss-configuration?
 
+            svcgssd-service-type
+            svcgssd-configuration
+            svcgssd-configuration?
+
             nfs-service-type
             nfs-configuration
             nfs-configuration?))
@@ -189,6 +194,68 @@ (define gss-service-type
 
 
 
+(define-record-type* <svcgssd-configuration>
+  svcgssd-configuration make-svcgssd-configuration
+  svcgssd-configuration?
+  (verbosity            svcgssd-configuration-verbosity
+                        (default 0))
+  (verbosity-rpcsec-gss svcgssd-configuration-verbosity-rpcsec-gss
+                        (default 0))
+  (verbosity-nfsidmap   svcgssd-configuration-verbosity-nfsidmap
+                        (default 0))
+  (principal            svcgssd-configuration-principal
+                        (default %unset-value))
+  (host-credentials?    svcgssd-configuration-host-credentials?
+                        (default #f))
+  (nfs-utils            svcgssd-configuration-svcgssd
+                        (default nfs-utils)))
+
+(define svcgssd-service-type
+  (let ((proc
+         (lambda (config)
+           (define svcgssd-command
+             (match-record config <svcgssd-configuration>
+                           ( verbosity verbosity-rpcsec-gss verbosity-nfsidmap
+                             principal host-credentials? nfs-utils)
+               #~(list
+                  (string-append #$nfs-utils "/sbin/rpc.svcgssd") "-f"
+                  #$@(map (const "-v") (iota verbosity))
+                  #$@(map (const "-r") (iota verbosity-rpcsec-gss))
+                  #$@(map (const "-i") (iota verbosity-nfsidmap))
+                  #$@(if (maybe-value-set? principal)
+                         `("-p" ,principal)
+                         '())
+                  #$@(if host-credentials?
+                         '("-n")
+                         '()))))
+
+           (shepherd-service
+            (documentation "Start the RPC SVCGSSD daemon.")
+            (requirement '(user-processes rpcbind-daemon rpc-pipefs))
+            (provision '(rpc-svcgssd))
+
+            (start #~(make-forkexec-constructor #$svcgssd-command))
+            (stop #~(make-kill-destructor))))))
+    (service-type
+     (name 'svcgssd)
+     (extensions
+      (list (service-extension shepherd-root-service-type
+                               (compose list proc))))
+     ;; We use the extensions feature to allow other services to automatically
+     ;; configure and start this service.  Only one value can be provided.  We
+     ;; override it with the value returned by the extending service.
+     (compose identity)
+     (extend (lambda (config values)
+               (match values
+                 ((first . rest) first)
+                 (_ config))))
+     (default-value (svcgssd-configuration))
+     (description "Run the @dfn{global security system} (SVCGSSD) daemon,
+which provides strong security for protocols based on remote procedure
+calls (ONC RPC)."))))
+
+
+
 (define-record-type* <idmap-configuration>
   idmap-configuration make-idmap-configuration
   idmap-configuration?
@@ -282,7 +349,8 @@ (define-record-type* <nfs-configuration>
                        (default #f))
   (pipefs-directory    nfs-configuration-pipefs-directory
                        (default default-pipefs-directory))
-  ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, or mountd.
+  ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, mountd or
+  ;; svcgssd.
   (debug               nfs-configuration-debug
                        (default '())))
 
@@ -448,6 +516,14 @@ (define nfs-service-type
      (service-extension rpcbind-service-type
                         (lambda (config)
                           (rpcbind-configuration
-                           (rpcbind (nfs-configuration-rpcbind config)))))))
+                           (rpcbind (nfs-configuration-rpcbind config)))))
+     (service-extension svcgssd-service-type
+                        (lambda (config)
+                          (svcgssd-configuration
+                           (nfs-utils (nfs-configuration-nfs-utils config))
+                           (verbosity
+                            (if (member 'svcgssd
+                                        (nfs-configuration-debug config))
+                                10 0)))))))
    (description
     "Run all NFS daemons and refresh the list of exported file systems.")))