From patchwork Wed Apr 9 17:26:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roman Scherer X-Patchwork-Id: 41507 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 548DC27BC4A; Wed, 9 Apr 2025 18:27:43 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 45E7227BC4C for ; Wed, 9 Apr 2025 18:27:40 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u2ZCw-0001LN-Ft; Wed, 09 Apr 2025 13:27:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u2ZCn-0001Jj-Kr for guix-patches@gnu.org; Wed, 09 Apr 2025 13:27:18 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u2ZCg-0008AN-Oq for guix-patches@gnu.org; Wed, 09 Apr 2025 13:27:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=jPlN7262b9QpjfkksjlYlbVDhYX0/8bNmV5i4MZ4Jd8=; b=DUFSCzRd41xrg36FGG/706u2BWchzzXN61yJVjIa8SaLOsPlkuZTXK50dVu4CNoboS03tPpyN0TvxAuOn7FCeQ27cBfQd4eOPvufDS1xpnffWemqmXn9zvIDCkILAqx+w9wE2NLQh8r3Mx0C4+xZfVRuVoBYEzNTEsq+yO0AtIb+orubXFlKa1i086mFbSIU2w09UU6U4Y0dpO9X+jRAJvytQuHfttHh9XS6UlbZgxftX/C5Sxc1S7erKF/1RT4mPq3C9pKGao8LI0VbNx6ol16imW2HIB8xFiImnqOAmOS1cJDAKNUBg2vhsGxoQXgNl81IiL1zHKm+WC1vz8Cucw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1u2ZCY-0004sN-Hm; Wed, 09 Apr 2025 13:27:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77383] [PATCH v3 1/3] gnu: speakersafetyd: Update to 1.1.2. References: In-Reply-To: Resent-From: Roman Scherer Original-Sender: "Debbugs-submit" Resent-CC: divya@subvertising.org, efraim@flashner.co.il, hako@ultrarare.space, steve@futurile.net, guix-patches@gnu.org Resent-Date: Wed, 09 Apr 2025 17:27:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77383 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77383@debbugs.gnu.org Cc: Roman Scherer , Divya Ranjan Pattanaik , Efraim Flashner , Hilton Chain , Steve George X-Debbugs-Original-Xcc: Divya Ranjan Pattanaik , Efraim Flashner , Hilton Chain , Steve George Received: via spool by 77383-submit@debbugs.gnu.org id=B77383.174421958718654 (code B ref 77383); Wed, 09 Apr 2025 17:27:02 +0000 Received: (at 77383) by debbugs.gnu.org; 9 Apr 2025 17:26:27 +0000 Received: from localhost ([127.0.0.1]:41501 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u2ZBy-0004qm-Kf for submit@debbugs.gnu.org; Wed, 09 Apr 2025 13:26:26 -0400 Received: from mail-wm1-x32e.google.com ([2a00:1450:4864:20::32e]:45368) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u2ZBv-0004qI-DI for 77383@debbugs.gnu.org; Wed, 09 Apr 2025 13:26:23 -0400 Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-43ed8d32a95so45032915e9.3 for <77383@debbugs.gnu.org>; Wed, 09 Apr 2025 10:26:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=burningswell-com.20230601.gappssmtp.com; s=20230601; t=1744219576; x=1744824376; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=jPlN7262b9QpjfkksjlYlbVDhYX0/8bNmV5i4MZ4Jd8=; b=gYZEWHu563rIyJPW7RkmqLuo7QzjqEHwGwfrju2ZJ77itC/S86z6r3GLIn/aeZRwJP iJ7WXWXqFxhLmjEkBZZSCHtXXZ3hiw+5HjH2mWqfp1gzjcP2NT9VDp/kcEOQFXFGXQ1R FAATcnKa63L1WFiAtoeBzdkxksjJbwsnbPkgjdE6HZSsrAalSz59naC9TvhRKaI3F4x8 UfBzcx7FDCNuXvbUioQlHi9MKuoI5302x9yPQZAP56KEDDadSFPGlHzG4/p3kgteg5iZ /0KvXEypR8R8MoqPB8LDkjzL6xOHM+UunCWRIlhMVDjCiH+zCb4albReMupKQntAuBv3 wfqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744219576; x=1744824376; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jPlN7262b9QpjfkksjlYlbVDhYX0/8bNmV5i4MZ4Jd8=; b=Bt+Kas+Dr3dnPKvXbsUYQ2/txEigv/Uqf0w94TjteKkp5C5cH26MZ18SUxEUcp24li 9yGYZn2vBvlf2Ibavo72ExuMVhwvVBBSZ7FLo53mn30oxnwyTNfpkAdqNnZLYcGAwacU lKh+WAyTcqr0aItZcFo4a2Mjjih5Q3g1Abk2inhIam4TqzsTh9Ab/ILQEvil1iGE0Hii zHqm0TF7Rv8UC+/s86mTuWg65EpWLGFd09XuIrMq6ezOlCSPVBfhxikd5HKHKPrcKhLN IPLBHh/4MOSuvsehz9G7A0ISEMyICY+8TRiYQUsUr6JUCyHcAj5QEMSE8P+Ipk/mnxnF sieg== X-Gm-Message-State: AOJu0YxgJmNqO56REitxXr5r5Q5jZ7LKMqz4zzDp81iapgJsXUhmadZe lzEF1TT9qxHIYt6z47+KVMwBxUQYis4HxF4k9jr802ngy3HpM5Z5xhsOLKri9udH7CLkAdpkZ82 0huXJQw== X-Gm-Gg: ASbGncuLADN/587me/hm9QLPqJtJ0Okz/CeQWXE6SrTNliSQEDss6ilnxikW9m8SckD KYVxF25luW9uULi/FvafVK6wapFFn46qcIt5YZr/M8B8kAo62ulXIcy1h9s8sg0AZ0u+PW/Gpjc y+HM6qCoIKkTutp27/+Lm8CVzf+8aaBsYeGzkJp/EDbS43Ip7v6tse6ggyqcNIOgfxEV22EtcJH cKS4fgjndQPO7jgScMsTgQwjtZL+23/s6TiOKRDZetr0IxatCf+cEIEmvsrfINicNlW1bqPOckG JuPgMXKKPAOqbXiKj54ViR+3oNlzRcKKAsjDOEH9i7V254fZ+GNVxrGbsCU= X-Google-Smtp-Source: AGHT+IHII3fwLy0QjFySKkTnIyJAAMndJXF1WVRo5TiY4K6JGKG7obeA0O+5Y27gWciZo1j6BDdaZQ== X-Received: by 2002:a5d:59a8:0:b0:391:31f2:b99a with SMTP id ffacd0b85a97d-39d87aa8ae0mr3927386f8f.5.1744219576369; Wed, 09 Apr 2025 10:26:16 -0700 (PDT) Received: from localhost.localdomain ([2a01:599:107:ea74:97c3:d481:d15d:ea6d]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-39d8938b5f7sm2208918f8f.57.2025.04.09.10.26.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 10:26:15 -0700 (PDT) From: Roman Scherer Date: Wed, 9 Apr 2025 19:26:09 +0200 Message-ID: <58e6296eb44b3e82e5d6367ae85b681463a38613.1744217514.git.roman@burningswell.com> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/rust-apps.scm (speakersafetyd): Update to 1.1.2. Change-Id: I1c6d7b6080b18bd8228e8b39d1a0b42267e2b7e1 --- gnu/packages/rust-apps.scm | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) base-commit: f0c0769189d11debf7b237a02695c44c9773d52a diff --git a/gnu/packages/rust-apps.scm b/gnu/packages/rust-apps.scm index 2f933d836c..4d9430e5da 100644 --- a/gnu/packages/rust-apps.scm +++ b/gnu/packages/rust-apps.scm @@ -3211,14 +3211,14 @@ (define-public sniffglue (define-public speakersafetyd (package (name "speakersafetyd") - (version "1.0.2") + (version "1.1.2") (source (origin (method url-fetch) (uri (crate-uri "speakersafetyd" version)) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "104xgyqhsg2rxa3ndkizrpndibmcbr25h63phcjswadbm8i790bz")))) + (base32 "1c4yk8mq8nazshdcasimlgnyhx27wzkad4wzicy5x43grq26b966")))) (build-system cargo-build-system) (arguments (list @@ -3243,15 +3243,13 @@ (define-public speakersafetyd (lambda _ (substitute* "95-speakersafetyd.rules" ((".*SYSTEMD_WANTS.*") "")))) - (add-after 'install 'install-data + (add-before 'install 'prepare-to-install (lambda _ - (setenv "BINDIR" (string-append #$output "/bin")) - (setenv "UNITDIR" (string-append #$output "/lib/systemd/system")) - (setenv "UDEVDIR" (string-append #$output "/lib/udev/rules.d")) - (setenv "TMPFILESDIR" (string-append #$output "/usr/lib/tmpfiles.d")) - (setenv "SHAREDIR" (string-append #$output "/share")) - (setenv "VARDIR" (string-append #$output "/var")) - (invoke "make" "install-data")))))) + (setenv "DESTDIR" #$output) + (setenv "SHAREDIR" "/share") + (setenv "SPEAKERSAFETYD_GROUP" "nixbld") + (setenv "SPEAKERSAFETYD_USER" "nixbld") + (invoke "make" "install")))))) (inputs (list alsa-lib)) (native-inputs (list pkg-config)) (home-page "https://github.com/AsahiLinux/speakersafetyd/") From patchwork Wed Apr 9 17:26:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roman Scherer X-Patchwork-Id: 41506 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id A92D727BC4A; Wed, 9 Apr 2025 18:27:42 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 4000927BC49 for ; Wed, 9 Apr 2025 18:27:40 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u2ZCn-0001J3-EK; Wed, 09 Apr 2025 13:27:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u2ZCa-0001IF-95 for guix-patches@gnu.org; Wed, 09 Apr 2025 13:27:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u2ZCZ-00088S-8M; Wed, 09 Apr 2025 13:27:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=T0RTWC32aPTxZ72IdASJX40IWx8tXoDAno/OPyl839Q=; b=LJDZbWFxedyLKEeeQWfwcREMBnTwAh/86xTU5qJHdmfWAG2B7gsMevxoWfE0mFCiSmZlT45nPq+yT8JCmO7auQPRj5NGv5DiLNARfGfk3wPQEzEcTpYk3UPmE6A/kUrkwkT6a3vgJ/XsjoYzxJ6bz3sMEENK1kRZL51PFbldhynX4KIagFfWYor2g8Yp5vbMMCRpFC6zHYQEZvv0x9RLSd+UhgQ4NTmeQsgBdjZbilkJDu42e4fw6Vjh6rr+o8yIbH305+9/0u8p/BUNEXILD9R5rV5wa0Q6HoShkXe3rEBlFauTdiDdgwbKK1etSjG9fe4oKtOGaCR7AR6/iojCzw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1u2ZCZ-0004sT-3Z; Wed, 09 Apr 2025 13:27:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77383] [PATCH v3 2/3] gnu: speakersafetyd: Run as unprivileged user. Resent-From: Roman Scherer Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Wed, 09 Apr 2025 17:27:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77383 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77383@debbugs.gnu.org Cc: Roman Scherer , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77383-submit@debbugs.gnu.org id=B77383.174421958718660 (code B ref 77383); Wed, 09 Apr 2025 17:27:03 +0000 Received: (at 77383) by debbugs.gnu.org; 9 Apr 2025 17:26:27 +0000 Received: from localhost ([127.0.0.1]:41503 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u2ZBz-0004qp-0I for submit@debbugs.gnu.org; Wed, 09 Apr 2025 13:26:27 -0400 Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]:51326) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u2ZBw-0004qK-3L for 77383@debbugs.gnu.org; Wed, 09 Apr 2025 13:26:24 -0400 Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-3913b539aabso4393667f8f.2 for <77383@debbugs.gnu.org>; Wed, 09 Apr 2025 10:26:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=burningswell-com.20230601.gappssmtp.com; s=20230601; t=1744219578; x=1744824378; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=T0RTWC32aPTxZ72IdASJX40IWx8tXoDAno/OPyl839Q=; b=P+7fGmILONTfBGcZELo/QiS4Ycy7wHoXmpl5uko7Ori4q/qOI0XwmmiAInr7TXLd0Y yEKdSUM1ma6TI9BPxay0UWXLs+/s3QU1q1TPj2yO+MUUsj3qOANVmh4m50FJ9EUU1YZL xTBMIhNXCgRvW2/qJgwVtBPV4/CgY4cyXIWx1sWsdyXQ/QxvTemLfsiWFp95dPUCo+H/ cdH99aY9ZTSdJ355ROPFCAge0be+4j9c+kjRG2EMzx6+LZ0GHs9vwO8jTum0atnbWtK4 /ixVqq9//lvL/0nPBP66ITOMsaXX23Z/dM3/kIXMThfQSha6G9G9xp/QVnicVHjG3TEI kstw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744219578; x=1744824378; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=T0RTWC32aPTxZ72IdASJX40IWx8tXoDAno/OPyl839Q=; b=hSOuYqjPIDEdjYBvkSxI8gIsDS6DG3cUC7xGnNp2DF2x8CSOkYLD+GMK6gPMRjhuzI tf8NCWaCKG8rOk7AuMHmOf33A79RxK875MV983tf6S3foJhukWWvrGnhacmjnzK2FSrZ h203+NDJFm94bIuQhx7A2KeL80JvSAN0/yBOC9C0zKYrBH5xvvpGq+tT3vbjlNkMMNPZ jL5d64x9312P8poqVxI7gH0A/5kFpfgCie+m7U3ywKo7ZNuA0kNVx16mMfPM9EfWpQDI l2yrunAgEjotIel1aa91Lkk4wsu+EOdJGtQNKMVEqMwW28ZsgCH3RcATKi731ifNnMZs 6PQw== X-Gm-Message-State: AOJu0YwtU6bgDWcqIjYcB9rfhmbrYlDaMQwSVzK4ZKENPG+7PygAAdfu mpfoToQs9hxbdBoxA07wIxkLyeCBcYoKFiv43S2h+q3TbU5Ni9NibeWrsV8zxQ7DOK0PTiQlyy3 6AewuPA== X-Gm-Gg: ASbGncuJwX2erPuTUzkrfy8JQF1Wrgs7PwxiDPXHdSIMYe0yyKRmBYq0yiBLa2C3E/M MRJLVPvTPkcLYxpCrX98gR3xINWe8pG4GOTevgc5HQJPmk1RUjPt72xp3JprMYwtOm+TF/0Cr3r 2ZJn2UUvz5Xt08FnEGyVoFVVM3GPdU/TpHyOgbXDDtD74RKmkqNXlkmxi27+S1N832Caf44VhSC l45AfcHlJtkGk8kW5iv+KUNUwP+4qBveCC5ZeZrCp+VTtvnBBQqTSdM4cdQsXd7Wv1IZhP2Sm+q wddFJSObmWGWrxYK6PVeTF6va1MQv1zBhBj21jCEcKbxRwh45ukaERkB8U8= X-Google-Smtp-Source: AGHT+IE9eoh6sDyt1vcxzRcVw7QgQYNr9UxsuNV0QmaLA6R0B5cgPDaPpQ/K47nKxYVs1Xpi6RJLVA== X-Received: by 2002:a05:6000:4308:b0:39d:6f2b:e74d with SMTP id ffacd0b85a97d-39d88564b64mr3156323f8f.39.1744219577662; Wed, 09 Apr 2025 10:26:17 -0700 (PDT) Received: from localhost.localdomain ([2a01:599:107:ea74:97c3:d481:d15d:ea6d]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-39d8938b5f7sm2208918f8f.57.2025.04.09.10.26.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 10:26:17 -0700 (PDT) From: Roman Scherer Date: Wed, 9 Apr 2025 19:26:10 +0200 Message-ID: <140f135aa4f94ad69765f7c2a7b38684342ca382.1744217514.git.roman@burningswell.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <58e6296eb44b3e82e5d6367ae85b681463a38613.1744217514.git.roman@burningswell.com> References: <58e6296eb44b3e82e5d6367ae85b681463a38613.1744217514.git.roman@burningswell.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/sound.scm (speakersafetyd): Run as unprivileged user. Change-Id: I870bc7bfd69249da3a9c981f627e751395386bd2 --- doc/guix.texi | 6 +++++ gnu/services/sound.scm | 51 ++++++++++++++++++++++++++++++++++++++---- 2 files changed, 53 insertions(+), 4 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index bee80cd4e2..6acbf1ba55 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27267,12 +27267,18 @@ Sound Services The base directory as a G-expression (@pxref{G-Expressions}) that contains the configuration files of the speaker models. +@item @code{group} (default: @code{"speakersafetyd"}) (type: string) +The group to run the Speaker Safety Daemon as. + @item @code{maximum-gain-reduction} (default: @code{7}) (type: integer) Maximum gain reduction before panicking, useful for debugging. @item @code{speakersafetyd} (default: @code{speakersafetyd}) (type: file-like) The Speaker Safety Daemon package to use. +@item @code{user} (default: @code{"speakersafetyd"}) (type: string) +The user to run the Speaker Safety Daemon as. + @end table @end deftp @c %end of fragment diff --git a/gnu/services/sound.scm b/gnu/services/sound.scm index fbaa55c553..0558d4fce8 100644 --- a/gnu/services/sound.scm +++ b/gnu/services/sound.scm @@ -29,10 +29,12 @@ (define-module (gnu services sound) #:use-module (gnu system shadow) #:use-module (guix diagnostics) #:use-module (guix gexp) + #:use-module (guix modules) #:use-module (guix packages) #:use-module (guix records) #:use-module (guix store) #:use-module (guix ui) + #:use-module (gnu packages admin) #:use-module (gnu packages audio) #:use-module (gnu packages linux) #:use-module (gnu packages pulseaudio) @@ -288,16 +290,50 @@ (define-configuration/no-serialization speakersafetyd-configuration (file-like (file-append speakersafetyd "/share/speakersafetyd")) "The base directory as a G-expression (@pxref{G-Expressions}) that contains the configuration files of the speaker models.") + (group + (string "speakersafetyd") + "The group to run the Speaker Safety Daemon as.") (maximum-gain-reduction (integer 7) "Maximum gain reduction before panicking, useful for debugging.") (speakersafetyd (file-like speakersafetyd) - "The Speaker Safety Daemon package to use.")) + "The Speaker Safety Daemon package to use.") + (user + (string "speakersafetyd") + "The user to run the Speaker Safety Daemon as.")) + +(define speakersafetyd-accounts + (match-record-lambda + (group user) + (list (user-group + (name group) + (system? #t)) + (user-account + (name user) + (group group) + (system? #t) + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")) + (supplementary-groups '("audio")))))) + +(define speakersafetyd-activation + (match-record-lambda + (blackbox-directory group user) + (with-imported-modules (source-module-closure '((gnu build activation))) + #~(begin + (use-modules (gnu build activation)) + (let ((user (getpwnam #$user))) + (mkdir-p/perms "/run/speakersafetyd" user #o755) + (mkdir-p/perms "/var/lib/speakersafetyd" user #o755) + ;; Blackbox files contain audio recordings and might be sensitive + ;; information + (mkdir-p/perms #$blackbox-directory user #o700)))))) (define speakersafetyd-shepherd-service (match-record-lambda - (blackbox-directory configuration-directory maximum-gain-reduction speakersafetyd) + ( blackbox-directory configuration-directory group + maximum-gain-reduction speakersafetyd user) (shepherd-service (documentation "Run the speaker safety daemon") (provision '(speakersafetyd)) @@ -306,7 +342,10 @@ (define speakersafetyd-shepherd-service (list #$(file-append speakersafetyd "/bin/speakersafetyd") "--config-path" #$configuration-directory "--blackbox-path" #$blackbox-directory - "--max-reduction" (number->string #$maximum-gain-reduction)))) + "--max-reduction" (number->string #$maximum-gain-reduction)) + #:group #$group + #:supplementary-groups '("audio") + #:user #$user)) (stop #~(make-kill-destructor))))) (define speakersafetyd-service-type @@ -324,7 +363,11 @@ (define speakersafetyd-service-type (compose list speakersafetyd-configuration-speakersafetyd)) (service-extension profile-service-type - (compose list speakersafetyd-configuration-speakersafetyd)))) + (compose list speakersafetyd-configuration-speakersafetyd)) + (service-extension account-service-type + speakersafetyd-accounts) + (service-extension activation-service-type + speakersafetyd-activation))) (default-value (speakersafetyd-configuration)))) ;;; sound.scm ends here From patchwork Wed Apr 9 17:26:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roman Scherer X-Patchwork-Id: 41508 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 794E027BC4A; Wed, 9 Apr 2025 18:27:45 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 06CB227BC49 for ; Wed, 9 Apr 2025 18:27:44 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u2ZCr-0001KK-KL; Wed, 09 Apr 2025 13:27:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u2ZCa-0001IG-Aj for guix-patches@gnu.org; Wed, 09 Apr 2025 13:27:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u2ZCZ-00088Z-OS; Wed, 09 Apr 2025 13:27:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=gpDlCB1a117k6mGr6Ebn+z6ay+P5wNyHIiwpHQ+pSV8=; b=dngIST0y/Hds/dAWmCDjXLwax2DNuZ91jOCp19RQ+JCknjw2+3FqrjjmGfP+EqPeCsGk8iSoMRNMfjFGqVwuTlg1zt1S44qI3AHpHxBjzbSumFf+4DJ+ceblBrMKslR3OERSigxWEHcNKxWmyMxQNJ96tRCsCmsksUZTdQ+iWJrUF7sXFNU0QMLEARBQ4fSq6IZuFxcGlRUqOmUZDdy8h/U9DBLmMI9/XpGJDWXB4jKFBwen/WYfCfz/Ak6qiajd6ck8PcjLkqVOXNMrfChW+k9feLJ2oGkVFpk86Lug0PU0Nn0UddM4zHQPSZ2BDBeYxJL9E53xq6VHSHWuKTmrVg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1u2ZCZ-0004sc-Iw; Wed, 09 Apr 2025 13:27:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77383] [PATCH v3 3/3] gnu: speakersafetyd: Add log file. Resent-From: Roman Scherer Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Wed, 09 Apr 2025 17:27:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77383 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77383@debbugs.gnu.org Cc: Roman Scherer , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77383-submit@debbugs.gnu.org id=B77383.174421959218675 (code B ref 77383); Wed, 09 Apr 2025 17:27:03 +0000 Received: (at 77383) by debbugs.gnu.org; 9 Apr 2025 17:26:32 +0000 Received: from localhost ([127.0.0.1]:41505 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u2ZC3-0004r9-R0 for submit@debbugs.gnu.org; Wed, 09 Apr 2025 13:26:32 -0400 Received: from mail-wr1-x431.google.com ([2a00:1450:4864:20::431]:54537) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u2ZBw-0004qM-V3 for 77383@debbugs.gnu.org; Wed, 09 Apr 2025 13:26:25 -0400 Received: by mail-wr1-x431.google.com with SMTP id ffacd0b85a97d-3914a5def6bso4259985f8f.1 for <77383@debbugs.gnu.org>; Wed, 09 Apr 2025 10:26:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=burningswell-com.20230601.gappssmtp.com; s=20230601; t=1744219579; x=1744824379; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gpDlCB1a117k6mGr6Ebn+z6ay+P5wNyHIiwpHQ+pSV8=; b=AUTZLunL4w/z2IVUm5YP0Zl2be1/LNazxYn5sKKXa3kdQyr4qTfkNGlJQO4EGO6D4D CL4DHRLIoW2SUEO1U8FzKCXZBOueLL/xWfIOqRjZVLHxSEpLrR1F3VzB3ut8qGmbSJWf VjBjNvbhPP7dcfRStDdgn+C0Y3Qg7srksB5giJUjTmop6P3vCGeGMEr1ar1u9vqMSPpR IrmQZlTJ96kK4PkXS5G5bK/g5tOTtKSUuomIVNkUgSEbohlKx7IBd3pPOFPp8TI/ICKb vZaP8sBCyN0DSr8MonIhdm6If0UmXvc/G6B69IjEn8mJMmT18EJMTvNO3OsNPlNK6w7u UGpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744219579; x=1744824379; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gpDlCB1a117k6mGr6Ebn+z6ay+P5wNyHIiwpHQ+pSV8=; b=oK15AMfaQo0r5FQR/QqOfCjeWdM4db9JpuYJuiLGYgE5FvYxRCE+5r3EafZ60IAxGC kYHrGLHSxGdnUjMmv9d3yAi0n4j85PcBXW5M2UlndUC+QZCXuKxkjJ+3q4gmcAB6Z38k Wz/O6cem8Uxb5VHbtlihmCt7GxA9eUQU2L5noAOusruE1Dax3gbaPenuCta99JH14VwV 5WUDHFpTdBaJhff/Ru1KSdZEle4uGxoAgoGbJEBXhCvmvKPfl6XHcPKQbY5GRcKbc9+V qslqXVrwlkN+9nxEN/E3QDNMQoPFN7HkOYq+5AMkH953nNe/qkdjg6+4Ec2PncWFI+rj Hi3g== X-Gm-Message-State: AOJu0YxDlpiWtEaQ3ob/OZ9RH5q8qXTrH42dWzQXyo+8aevjL1e9o2Fo O6P19mTomr2Kh3/kz8sdb6r7fxnt0ZNu7Cj0T72bh1SlverkRMRpgJitSn9qefB/ciAegvoVk55 RhxHSdQ== X-Gm-Gg: ASbGncsEpHw6ujL/YmEFemxPLesrGUGG+M1FylzHOD+q//HZ1wg0CP7ussv954BKhLJ F0jBqZpuBzkshgFsZlFqBgoRq2n9z/H490nDmFmKiiASuSt7HWtYLXdeWnYJZhEmDlS6cWTr8bd zklQDxCmUeUfaMUYs9BpvpdchJGg+xnfcOmQfO/Wco9JUh+F6GUwNMYTksyA11gl7jOd7twyGYk fH4zaP3f4Id5xFVwN5mZd2MpKPOz489D4QNGGguCqqwSm8SQoWoVxIiE1UHpsTKYjrQnczL9Iaj GCw85dF13WwK2EGZZFR3fNS7u/SbKuNFm7iMjXeJ0LgNJE8mM9uJ9hzz78A= X-Google-Smtp-Source: AGHT+IFXQegVvPpTgSxaED50x08Prs+Z0TVugOxdJj7IG+TLE4Ykn4rjsrta+461PPqM60U3VRfqNA== X-Received: by 2002:a05:6000:2c6:b0:38d:dd52:1b5d with SMTP id ffacd0b85a97d-39d8852380fmr3092307f8f.4.1744219578686; Wed, 09 Apr 2025 10:26:18 -0700 (PDT) Received: from localhost.localdomain ([2a01:599:107:ea74:97c3:d481:d15d:ea6d]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-39d8938b5f7sm2208918f8f.57.2025.04.09.10.26.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 10:26:18 -0700 (PDT) From: Roman Scherer Date: Wed, 9 Apr 2025 19:26:11 +0200 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: <58e6296eb44b3e82e5d6367ae85b681463a38613.1744217514.git.roman@burningswell.com> References: <58e6296eb44b3e82e5d6367ae85b681463a38613.1744217514.git.roman@burningswell.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/sound.scm (speakersafetyd): Add log file. Change-Id: I870bc7bfd69249da3a9c981f627e751395386bd2 --- doc/guix.texi | 3 +++ gnu/services/sound.scm | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 6acbf1ba55..60a82081d4 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27270,6 +27270,9 @@ Sound Services @item @code{group} (default: @code{"speakersafetyd"}) (type: string) The group to run the Speaker Safety Daemon as. +@item @code{log-file} (default: @code{"/var/log/speakersafetyd.log"}) (type: string) +The file name to the Speaker Safety Daemon log file. + @item @code{maximum-gain-reduction} (default: @code{7}) (type: integer) Maximum gain reduction before panicking, useful for debugging. diff --git a/gnu/services/sound.scm b/gnu/services/sound.scm index 0558d4fce8..23f92f6bee 100644 --- a/gnu/services/sound.scm +++ b/gnu/services/sound.scm @@ -293,6 +293,9 @@ (define-configuration/no-serialization speakersafetyd-configuration (group (string "speakersafetyd") "The group to run the Speaker Safety Daemon as.") + (log-file + (string "/var/log/speakersafetyd.log") + "The file name to the Speaker Safety Daemon log file.") (maximum-gain-reduction (integer 7) "Maximum gain reduction before panicking, useful for debugging.") @@ -332,7 +335,7 @@ (define speakersafetyd-activation (define speakersafetyd-shepherd-service (match-record-lambda - ( blackbox-directory configuration-directory group + ( blackbox-directory configuration-directory group log-file maximum-gain-reduction speakersafetyd user) (shepherd-service (documentation "Run the speaker safety daemon") @@ -344,6 +347,7 @@ (define speakersafetyd-shepherd-service "--blackbox-path" #$blackbox-directory "--max-reduction" (number->string #$maximum-gain-reduction)) #:group #$group + #:log-file #$log-file #:supplementary-groups '("audio") #:user #$user)) (stop #~(make-kill-destructor)))))