From patchwork Tue Nov 14 14:09:10 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56455
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 33E1127BBEA; Tue, 14 Nov 2023 14:10:49 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 5CA2C27BBE2
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:10:48 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7b-00008H-0C; Tue, 14 Nov 2023 09:10:31 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7Q-0008Vi-25
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:20 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7P-00027I-Pq
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:19 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1r2u85-0005cp-Mc
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:11:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 1/9] services: pagekite: Use =?utf-8?b?4oCYbGVh?=
	=?utf-8?b?c3QtYXV0aG9yaXR5LXdyYXBwZXLigJku?=
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:01 +0000
Resent-Message-ID: <handler.67175.B67175.169997103721479@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997103721479
 (code B ref 67175); Tue, 14 Nov 2023 14:11:01 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:37 +0000
Received: from localhost ([127.0.0.1]:60568 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7g-0005aN-VG
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:37 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:42266)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7f-0005a4-Qk
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:36 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u6t-0001r0-Qx; Tue, 14 Nov 2023 09:09:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=fb+XjT86CGeA6T1dLr7Vjt+ceFNklNVlGFBxP45nCmg=; b=GMaDrnkj6ysbNxXWSPyX
 WQK7OZk1padCbaumsaBN+c+f0ofKo5rIttUgod3oSTBTuoRnYYpTKiNF6clAm52RD9hh0IUkdUlwG
 gn29zV9B0IRJiGpNld+oUP2BNffaP9BSMdyNbVK0hqcRFwXHyjq91I32YbBH918O6VKWjGzNQuOgk
 g9Mxe0ComPe9uyZvTdTPsLpbBZQP71rIHXbz4SqMlg5c5gcMoctCYWt9vM+C6Rt9/0qCsGJhmdhS3
 0ZsZtoG4l0p6rH9tNjaQCcfRDeuvo9tCgWLDQwl3zpeloVReFIFCFVQ5aan9c7FOk1C+10EBD2Bcn
 3wVdTp3Y8upzyA==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:10 +0100
Message-ID: 
 <52f588ecd8c438019142d9cb4766933407d42ee7.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/services/networking.scm (pagekite-shepherd-service): Define
‘config-file’ and ‘mappings’; define ‘pagekite’ in terms of
‘least-authority-wrapper’.  Remove now-unneeded ‘with-imported-modules’
form and ‘modules’ field.  Use ‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’.

Change-Id: I7c6c6266785f6a0f81a69d85f070779a0d6edd91
---
 gnu/services/networking.scm | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 0508a4282c..d3376f9acb 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1918,29 +1918,34 @@ (define (pagekite-configuration-file config)
 (define (pagekite-shepherd-service config)
   (match-record config <pagekite-configuration>
     (package kitename kitesecret frontend kites extra-file)
-    (with-imported-modules (source-module-closure
-                            '((gnu build shepherd)
-                              (gnu system file-systems)))
+    (let* ((config-file (pagekite-configuration-file config))
+           (mappings (cons (file-system-mapping
+                            (source config-file)
+                            (target source))
+                           (if extra-file
+                               (list (file-system-mapping
+                                      (source extra-file)
+                                      (target source)))
+                               '())))
+           (pagekite (least-authority-wrapper
+                      (file-append package "/bin/pagekite")
+                      #:name "pagekite"
+                      #:mappings mappings
+                      ;; 'pagekite' changes user IDs to it needs to run in the
+                      ;; global user namespace.
+                      #:namespaces (fold delq %namespaces '(net user)))))
       (shepherd-service
        (documentation "Run the PageKite service.")
        (provision '(pagekite))
        (requirement '(networking))
-       (modules '((gnu build shepherd)
-                  (gnu system file-systems)))
-       (start #~(make-forkexec-constructor/container
-                 (list #$(file-append package "/bin/pagekite")
+       (start #~(make-forkexec-constructor
+                 (list #$pagekite
                        "--clean"
                        "--nullui"
                        "--nocrashreport"
                        "--runas=pagekite:pagekite"
-                       (string-append "--optfile="
-                                      #$(pagekite-configuration-file config)))
-                 #:log-file "/var/log/pagekite.log"
-                 #:mappings #$(if extra-file
-                                  #~(list (file-system-mapping
-                                           (source #$extra-file)
-                                           (target source)))
-                                  #~'())))
+                       (string-append "--optfile=" #$config-file))
+                 #:log-file "/var/log/pagekite.log"))
        ;; SIGTERM doesn't always work for some reason.
        (stop #~(make-kill-destructor SIGINT))))))
 

From patchwork Tue Nov 14 14:09:11 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56454
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id E486427BBEA; Tue, 14 Nov 2023 14:10:43 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 8D29E27BBE2
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:10:43 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7c-00008N-K9; Tue, 14 Nov 2023 09:10:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7Q-0008Vl-9k
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:24 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7Q-00027S-1d
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:20 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1r2u86-0005cz-4h
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:11:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 2/9] services: pagekite: Add =?utf-8?b?4oCYY29u?=
	=?utf-8?b?ZmlndXJhdGlvbuKAmQ==?= action.
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:02 +0000
Resent-Message-ID: <handler.67175.B67175.169997103921506@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997103921506
 (code B ref 67175); Tue, 14 Nov 2023 14:11:02 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:39 +0000
Received: from localhost ([127.0.0.1]:60576 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7j-0005ac-AS
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:39 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60924)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7h-0005a8-E7
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:37 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u6v-0001rL-EH; Tue, 14 Nov 2023 09:09:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=UVYK2PlcnEvYqwN9+uAfeq5zvdujhrYrLUhPR93w0Hg=; b=D93oWhknmwzGxt0PfQt2
 7eEni/GttuHbID/jtyuXksKL0vmFu2A1Zmk8wjR78EKINdlW/C2cxzq3GBXxFOFAoSJUQT1XgNojN
 P4pzgEAVBg+s4bOX0oifNOMGvEa7ivYB6CXZkgV8sNiV59cMAFHutmSUpfpNbF6x0YDnH4h+K5wjE
 awQf/tpcmE9LNYhtxJdAwQ7O5zWd5CSPtvZCnupxtwUpkQ3qpIfN4KA4D99lQMrnYlhFMIw8RG5b+
 zbqBACRqbFiWVhCcKgd40BagPHYBQjN0Dkx5uZ2s/1fcjgZvfMKNvJNYBZDuqieaGAauitO3hBuAY
 DpNkHDSUVbsI7Q==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:11 +0100
Message-ID: 
 <7a171625d8ce12535c7a64aacf68e135e75e1d5c.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/services/networking.scm (pagekite-shepherd-service): Add ‘actions’
field.

Change-Id: I04daa846d505b0700b574a82472ecd99b492d7c4
---
 gnu/services/networking.scm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index d3376f9acb..7c114fa53c 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1938,6 +1938,7 @@ (define (pagekite-shepherd-service config)
        (documentation "Run the PageKite service.")
        (provision '(pagekite))
        (requirement '(networking))
+       (actions (list (shepherd-configuration-action config-file)))
        (start #~(make-forkexec-constructor
                  (list #$pagekite
                        "--clean"

From patchwork Tue Nov 14 14:09:12 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56458
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id E317F27BBEA; Tue, 14 Nov 2023 14:10:57 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 3744227BBE2
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:10:56 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7c-00008h-U4; Tue, 14 Nov 2023 09:10:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7Q-0008W5-Mb
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:24 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7Q-00027l-Ed
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:20 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1r2u86-0005d6-I2
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:11:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 3/9] services: bitlbee: Remove use of
	=?utf-8?q?=E2=80=98make-forkexec-constructor/container=E2=80=99=2E?=
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:02 +0000
Resent-Message-ID: <handler.67175.B67175.169997104221516@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997104221516
 (code B ref 67175); Tue, 14 Nov 2023 14:11:02 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:42 +0000
Received: from localhost ([127.0.0.1]:60578 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7l-0005aw-PO
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:42 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60930)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7i-0005aA-Se
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:39 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u6x-0001rX-9s; Tue, 14 Nov 2023 09:09:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=gjqM5RJZzFq8WYPAMn5MThjxiPS0doUChdMxCB+9OgA=; b=MJ48iX9zqihRIzcCFpdp
 tgFVZ2YLvykegBjyrV+WixWm4HbtUgqDw33e8lyQypwYd6e1owy1myLhqU6UY80VHx1XvB8U2u+Dq
 zqtNmLbXNJ9NQwDlvqb4KgYccYQYB6pR7ve1rDuN0K71pux9L2DcaLn5RsLlaACHGdn7fb0NhI6Of
 VO0D4ZHsSoMN0eO35pJVhkVIe0zRMQIQf61OmeGoilen9RjpGB0hQQok9AJlhipxRbx0AEY515a5w
 0hrRcTUAhcilROX+OQZV5Ghgv6P5DHpX01pRAicGPdqbrstkTomDEpXsXab3pyy5nLxG9uibADdSS
 BDTE9LZVhP/3lw==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:12 +0100
Message-ID: 
 <5e1107fcac6fbce929778e3e9cc5c2f1cc655aeb.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

This will only affect systems running Shepherd < 0.9.0, which was
released in August 2022.

* gnu/services/messaging.scm (bitlbee-shepherd-service): Remove
‘with-imported-modules’ and ‘modules’ field.  Use
‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’ when ‘make-inetd-constructor’ is
missing.

Change-Id: I35a0487bccaee4799ad0d81388d540e5c7891f7e
---
 gnu/services/messaging.scm | 77 +++++++++++++++++---------------------
 1 file changed, 34 insertions(+), 43 deletions(-)

diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index c4963936a0..7505810e7c 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -849,56 +849,47 @@ (define bitlbee-shepherd-service
                                          (target conf)))
                        #:namespaces (delq 'net %namespaces))))
 
-       (with-imported-modules (source-module-closure
-                               '((gnu build shepherd)
-                                 (gnu system file-systems)))
-         (list (shepherd-service
-                (provision '(bitlbee))
+       (list (shepherd-service
+              (provision '(bitlbee))
 
-                ;; Note: If networking is not up, then /etc/resolv.conf
-                ;; doesn't get mapped in the container, hence the dependency
-                ;; on 'networking'.
-                (requirement '(user-processes networking))
+              ;; Note: If networking is not up, then /etc/resolv.conf
+              ;; doesn't get mapped in the container, hence the dependency
+              ;; on 'networking'.
+              (requirement '(user-processes networking))
 
-                (modules '((gnu build shepherd)
-                           (gnu system file-systems)))
-                (start #~(if (defined? 'make-inetd-constructor)
+              (start #~(if (defined? 'make-inetd-constructor)
 
-                             (make-inetd-constructor
-                              (list #$bitlbee* "-I" "-c" #$conf)
-                              (list (endpoint
-                                     (addrinfo:addr
-                                      (car (getaddrinfo #$interface
-                                                        #$(number->string port)
-                                                        (logior AI_NUMERICHOST
-                                                                AI_NUMERICSERV))))))
-                              #:requirements '#$requirement
-                              #:service-name-stem "bitlbee"
-                              #:user "bitlbee" #:group "bitlbee"
+                           (make-inetd-constructor
+                            (list #$bitlbee* "-I" "-c" #$conf)
+                            (list (endpoint
+                                   (addrinfo:addr
+                                    (car (getaddrinfo #$interface
+                                                      #$(number->string port)
+                                                      (logior AI_NUMERICHOST
+                                                              AI_NUMERICSERV))))))
+                            #:requirements '#$requirement
+                            #:service-name-stem "bitlbee"
+                            #:user "bitlbee" #:group "bitlbee"
 
-                              ;; Allow 'bitlbee-purple' to use libpurple plugins.
-                              #:environment-variables
-                              (list (string-append "PURPLE_PLUGIN_PATH="
-                                                   #$plugins "/lib/purple-2")
-                                    "GUIX_LOCPATH=/run/current-system/locale"))
+                            ;; Allow 'bitlbee-purple' to use libpurple plugins.
+                            #:environment-variables
+                            (list (string-append "PURPLE_PLUGIN_PATH="
+                                                 #$plugins "/lib/purple-2")
+                                  "GUIX_LOCPATH=/run/current-system/locale"))
 
-                             (make-forkexec-constructor/container
-                              (list #$(file-append bitlbee "/sbin/bitlbee")
-                                    "-n" "-F" "-u" "bitlbee" "-c" #$conf)
+                           (make-forkexec-constructor
+                            (list #$(file-append bitlbee "/sbin/bitlbee")
+                                  "-n" "-F" "-u" "bitlbee" "-c" #$conf)
 
-                              ;; Allow 'bitlbee-purple' to use libpurple plugins.
-                              #:environment-variables
-                              (list (string-append "PURPLE_PLUGIN_PATH="
-                                                   #$plugins "/lib/purple-2"))
+                            ;; Allow 'bitlbee-purple' to use libpurple plugins.
+                            #:environment-variables
+                            (list (string-append "PURPLE_PLUGIN_PATH="
+                                                 #$plugins "/lib/purple-2"))
 
-                              #:pid-file "/var/run/bitlbee.pid"
-                              #:mappings (list (file-system-mapping
-                                                (source "/var/lib/bitlbee")
-                                                (target source)
-                                                (writable? #t))))))
-                (stop  #~(if (defined? 'make-inetd-destructor)
-                             (make-inetd-destructor)
-                             (make-kill-destructor))))))))))
+                            #:pid-file "/var/run/bitlbee.pid")))
+              (stop  #~(if (defined? 'make-inetd-destructor)
+                           (make-inetd-destructor)
+                           (make-kill-destructor)))))))))
 
 (define %bitlbee-accounts
   ;; User group and account to run BitlBee.

From patchwork Tue Nov 14 14:09:13 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56461
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id A2D2727BBE9; Tue, 14 Nov 2023 14:11:09 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id D3E7727BBE2
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:11:08 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7h-0000Bb-Jc; Tue, 14 Nov 2023 09:10:37 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7V-0008WQ-8J
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:26 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7U-0002BB-TC; Tue, 14 Nov 2023 09:10:24 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u86-0005dD-Va; Tue, 14 Nov 2023 09:11:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 4/9] least-authority: Add support for changing
 UIDs/GIDs before exec.
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org,
 rekado@elephly.net, zimon.toutoune@gmail.com, me@tobias.gr,
 guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:02 +0000
Resent-Message-ID: <handler.67175.B67175.169997104421544@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>,
 Christopher Baines <guix@cbaines.net>, Josselin Poiret <dev@jpoiret.xyz>,
 Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>,
 Mathieu Othacehe <othacehe@gnu.org>, Ricardo Wurmus <rekado@elephly.net>,
 Simon Tournier <zimon.toutoune@gmail.com>,
 Tobias Geerinckx-Rice <me@tobias.gr>
X-Debbugs-Original-Xcc: Christopher Baines <guix@cbaines.net>,
 Josselin Poiret <dev@jpoiret.xyz>,
 Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>,
 Mathieu Othacehe <othacehe@gnu.org>, Ricardo Wurmus <rekado@elephly.net>,
 Simon Tournier <zimon.toutoune@gmail.com>,
 Tobias Geerinckx-Rice <me@tobias.gr>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997104421544
 (code B ref 67175); Tue, 14 Nov 2023 14:11:02 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:44 +0000
Received: from localhost ([127.0.0.1]:60586 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7m-0005az-9L
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:43 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60934)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7i-0005aB-Sx
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:39 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u6x-0001rf-4Y; Tue, 14 Nov 2023 09:09:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=c2yRPCiw/zizh9hGqgCexpBiw40UrhjUFBoU9GL8Q5I=; b=VV6K4gM5DoguvIMxbpmc
 a4J0PjJ0fDFsgIQkzRkhfi6oHbGKVG+r0jW4ZS2FHhXCHAjTP8ky+sTAU0BK0tOBnprXMgH5cc/4q
 Q2fQqURzwdgSrYn0FDYuqNee2dKL6GeN2lU2cjNMUvEkcWCDA4MFUQEabZw7SLgyY8Fcx/o85U6zJ
 Q0rYDvdigu2c3eFoWak9LFiJA3NXF8M68lhXprEyou+Vp4eF1igNAp5gBXrMNEAHRLbuFlpMNAhw5
 /diVpPDsABtVh7BcbHG8X+wbufLLvZppNttamVDI9ZR6jyWPB95kEtWNIl+E6MVcnfu/ZaWo6OmGK
 hOeZsRBMML9tIw==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:13 +0100
Message-ID: 
 <9044b132a3746d6874969615923f5c534ba00152.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* guix/least-authority.scm (least-authority-wrapper): Add #:user
and #:group.
[code]: Add calls to ‘setgid’ and ‘setuid’ when appropriate.

Change-Id: I2aad8e5686b42b5c92fc306b114c5c60cb8bc551
---
 guix/least-authority.scm | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/guix/least-authority.scm b/guix/least-authority.scm
index bfd7275e7c..3465fe9a48 100644
--- a/guix/least-authority.scm
+++ b/guix/least-authority.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2022-2023 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -41,6 +41,8 @@ (define %precious-variables
 
 (define* (least-authority-wrapper program
                                   #:key (name "pola-wrapper")
+                                  (user #f)
+                                  (group #f)
                                   (guest-uid 1000)
                                   (guest-gid 1000)
                                   (mappings '())
@@ -55,7 +57,11 @@ (define* (least-authority-wrapper program
 <file-system-mapping> records indicating directories mirrored inside the
 execution environment of PROGRAM.  DIRECTORY is the working directory of the
 wrapped process.  Each environment listed in PRESERVED-ENVIRONMENT-VARIABLES
-is preserved; other environment variables are erased."
+is preserved; other environment variables are erased.
+
+When USER and GROUP are set and NAMESPACES does not include 'user, change UIDs
+and GIDs to these prior to executing PROGRAM.  This usually requires that the
+resulting wrapper be executed as root so it can call setgid(2) and setuid(2)."
   (define code
     (with-imported-modules (source-module-closure
                             '((gnu system file-systems)
@@ -113,6 +119,10 @@ (define* (least-authority-wrapper program
                                 #$program signal)
                         (exit (+ 128 signal))))))
 
+          (define namespaces '#$namespaces)
+          (define host-group '#$group)
+          (define host-user '#$user)
+
           ;; Note: 'call-with-container' creates a sub-process that this one
           ;; waits for.  This might seem suboptimal but unshare(2) isn't
           ;; really applicable: the process would still run in the same PID
@@ -123,6 +133,17 @@ (define* (least-authority-wrapper program
              (lambda ()
                (chdir #$directory)
                (environ variables)
+
+               (unless (memq 'user namespaces)
+                 ;; This process lives in its parent user namespace,
+                 ;; presumably as root; now is the time to setgid/setuid if
+                 ;; asked for it (the 'clone' call would fail with EPERM if we
+                 ;; changed UIDs/GIDs beforehand).
+                 (when host-group
+                   (setgid (group:gid (getgr host-group))))
+                 (when host-user
+                   (setuid (passwd:uid (getpw host-user)))))
+
                (apply execl #$program #$program (cdr (command-line))))
 
              ;; Don't assume PROGRAM can behave as an init process.

From patchwork Tue Nov 14 14:09:14 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56457
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id CB12327BBEC; Tue, 14 Nov 2023 14:10:56 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 63AB327BBEA
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:10:56 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7c-00008M-K0; Tue, 14 Nov 2023 09:10:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7R-0008WB-Sc
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:24 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7R-00028N-KQ
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:21 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u87-0005dS-NL; Tue, 14 Nov 2023 09:11:03 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 5/9] tests: jami: Check status of Jami D-Bus
 session.
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: maxim.cournoyer@gmail.com, guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:03 +0000
Resent-Message-ID: <handler.67175.B67175.169997104921581@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>,
 Maxim Cournoyer <maxim.cournoyer@gmail.com>
X-Debbugs-Original-Xcc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997104921581
 (code B ref 67175); Tue, 14 Nov 2023 14:11:03 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:49 +0000
Received: from localhost ([127.0.0.1]:60595 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7s-0005by-Qo
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:49 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60944)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7l-0005aK-R5
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:43 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u6y-0001s0-Lj; Tue, 14 Nov 2023 09:09:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=jRGQi7SsU6cfNLYfud2uepi1KPHVYjrJsjRze/fTXOE=; b=KPcHulbR2qhbYFgW39Wu
 0QqkY4VLXZaqNxVtwIlbb5nXjupaWkhKVkpO2bQhQAyENl+CRg0cbopha6vMmazqAP4pn0CUNn99p
 vkE4TzLDcIbp5XGYZqxVuuS+dxrvWsFg0OAY2kkx9bKqeKzETbzGYVlR9/EU1qLIzYohLo4OyBG0x
 KUQXQ9tATaRth8LFKndQ6Q8BXDBkb3MVynejfFnAPGW2ij7s6/TqkfQaUSO3l9gJtz8bWCz9vdQ18
 M4ScoiqBeFtaY77LC1hG3HtViQsxi1tu3mJjwbyuIylODB1GrAEop9/2sgCeEs32F9HkyYie6HpFa
 4JETeBLpUCO5Nw==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:14 +0100
Message-ID: 
 <2dcf5b29c48d4c243efaa7875d797c90c0b4a06a.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/tests/telephony.scm (run-jami-test)["dbus session is up"]: New
test.

Change-Id: Ifa9b57c732f3c64e1ec6bf3028b69a57cee56320
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
---
 gnu/tests/telephony.scm | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/gnu/tests/telephony.scm b/gnu/tests/telephony.scm
index 442258dbc3..f159e970f7 100644
--- a/gnu/tests/telephony.scm
+++ b/gnu/tests/telephony.scm
@@ -184,6 +184,15 @@ (define* (run-jami-test #:key provisioning? partial?)
                 %load-path)
              marionette))
 
+          (test-assert "dbus session is up"
+            (and (marionette-eval
+                  '(begin
+                     (use-modules (gnu services herd))
+                     (wait-for-service 'jami-dbus-session))
+                  marionette)
+                 (wait-for-unix-socket "/var/run/jami/bus"
+                                       marionette)))
+
           (test-assert "service is running"
             (marionette-eval
              '(begin

From patchwork Tue Nov 14 14:09:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56462
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 1F70C27BBE9; Tue, 14 Nov 2023 14:11:14 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 0E85D27BBE2
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:11:12 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7c-00008j-Tk; Tue, 14 Nov 2023 09:10:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7U-0008WL-SG
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:26 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7S-00028k-2x
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:24 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u88-0005dd-6j; Tue, 14 Nov 2023 09:11:04 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 6/9] services: jami-dbus-session: Use
	=?utf-8?b?4oCYbGVhc3QtYXV0aG9yaXR5LXdyYXBwZXLigJku?=
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: maxim.cournoyer@gmail.com, guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:04 +0000
Resent-Message-ID: <handler.67175.B67175.169997104921587@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>,
 Maxim Cournoyer <maxim.cournoyer@gmail.com>
X-Debbugs-Original-Xcc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997104921587
 (code B ref 67175); Tue, 14 Nov 2023 14:11:04 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:49 +0000
Received: from localhost ([127.0.0.1]:60597 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7t-0005c2-4l
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:49 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60952)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7l-0005aL-R8
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:43 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u6z-0001s7-GT; Tue, 14 Nov 2023 09:09:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=j7dQB2VANLfzcj2zYZyAVwxUHSkKgm7CCa+nV9XFbKU=; b=qlXU8akTAolj/MXOruuK
 MFOQ6vvULiHtKmmSdxKH5tbfJ5AIUr2xjoZiJmq6Tr1O+CT5RR8Mt874YCYFFWsinVHyE5nYX8vQr
 ppaIk7BraF7JoknQ+TqfdVpZBP+j9AcPs5yLGDuUdAXse7E+c9rfK6nzeyU8sMQJ7IvAGqvIHTGMa
 X4x0RNxC1uiDpbDnP9iJmZNx58vP6OgmiSu3hqC3Ms6S2eCWm8CSil565ZXenZsBJ0eLUX2qlBdi0
 ZJkV4O4Mi+kFRW3V5cvt5D06KRvF+ZldgDdMtAiSe3CtpoiYcmosgEZ76QM5/aSbiwdQdbfFNSnnE
 sXapM40uCm2DPw==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:15 +0100
Message-ID: 
 <05c3a9993783b02b89083b1ae0562a79af4c61b2.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/services/telephony.scm (jami-shepherd-services): Use
‘least-authority-wrapper’ for ‘dbus-daemon’.  Use ‘fork+exec-command’
instead of ‘make-forkexec-constructor/container’ in the ‘start’ method’.
Remove reference to (gnu build shepherd).

Change-Id: I9d9f8de6ecea77950000ff64aa8c8d097dc028a0
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
---
 gnu/services/telephony.scm | 66 +++++++++++++++++++++++++-------------
 1 file changed, 43 insertions(+), 23 deletions(-)

diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
index c9b5d6cd99..832470527d 100644
--- a/gnu/services/telephony.scm
+++ b/gnu/services/telephony.scm
@@ -34,6 +34,9 @@ (define-module (gnu services telephony)
   #:use-module (guix modules)
   #:use-module (guix packages)
   #:use-module (guix gexp)
+  #:autoload   (guix least-authority) (least-authority-wrapper)
+  #:autoload   (gnu system file-systems) (file-system-mapping)
+  #:autoload   (gnu build linux-container) (%namespaces)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-2)
   #:use-module (srfi srfi-26)
@@ -298,7 +301,28 @@ (define (jami-shepherd-services config)
   (let* ((libjami (jami-configuration-libjami config))
          (nss-certs (jami-configuration-nss-certs config))
          (dbus (jami-configuration-dbus config))
-         (dbus-daemon (file-append dbus "/bin/dbus-daemon"))
+         (dbus-daemon (least-authority-wrapper
+                       (file-append dbus "/bin/dbus-daemon")
+                       #:name "dbus-daemon"
+                       #:user "jami"
+                       #:group "jami"
+                       #:preserved-environment-variables
+                       '("XDG_DATA_DIRS")
+                       #:mappings
+                       (list (file-system-mapping
+                              (source "/dev/log") ;for syslog
+                              (target source))
+                             (file-system-mapping
+                              (source "/var/run/jami")
+                              (target source)
+                              (writable? #t))
+                             (file-system-mapping
+                              (source (gexp-input libjami "bin"))
+                              (target source)))
+                       ;; 'dbus-daemon' wants to look up users in /etc/passwd
+                       ;; so run it in the global user namespace.
+                       #:namespaces
+                       (fold delq %namespaces '(net user))))
          (accounts (jami-configuration-accounts config))
          (declarative-mode? (maybe-value-set? accounts)))
 
@@ -490,8 +514,7 @@ (define (jami-shepherd-services config)
         (list (shepherd-service
                (documentation "Run a D-Bus session for the Jami daemon.")
                (provision '(jami-dbus-session))
-               (modules `((gnu build shepherd)
-                          (gnu build dbus-service)
+               (modules `((gnu build dbus-service)
                           (gnu build jami-service)
                           (gnu system file-systems)
                           ,@%default-modules))
@@ -499,26 +522,23 @@ (define (jami-shepherd-services config)
                ;; activation for D-Bus, such as a /etc/machine-id file.
                (requirement '(dbus-system syslogd))
                (start
-                #~(make-forkexec-constructor/container
-                   (list #$dbus-daemon "--session"
-                         "--address=unix:path=/var/run/jami/bus"
-                         "--syslog-only")
-                   #:pid-file "/var/run/jami/pid"
-                   #:mappings
-                   (list (file-system-mapping
-                          (source "/dev/log") ;for syslog
-                          (target source))
-                         (file-system-mapping
-                          (source "/var/run/jami")
-                          (target source)
-                          (writable? #t)))
-                   #:user "jami"
-                   #:group "jami"
-                   #:environment-variables
-                   ;; This is so that the cx.ring.Ring service D-Bus
-                   ;; definition is found by dbus-daemon.
-                   (list (string-append "XDG_DATA_DIRS="
-                                        #$libjami:bin "/share"))))
+                #~(lambda ()
+                    (define pid
+                      (fork+exec-command
+                       (list #$dbus-daemon "--session"
+                             "--address=unix:path=/var/run/jami/bus"
+                             "--syslog-only")
+                       #:environment-variables
+                       ;; This is so that the cx.ring.Ring service D-Bus
+                       ;; definition is found by dbus-daemon.
+                       (list (string-append "XDG_DATA_DIRS="
+                                            #$libjami:bin "/share"))))
+
+                    ;; The PID file contains the "wrong" PID (the one in the
+                    ;; separate PID namespace) so ignore it and return the
+                    ;; value returned by 'fork+exec-command'.
+                    (and (read-pid-file "/var/run/jami/pid")
+                         pid)))
                (stop #~(make-kill-destructor)))
 
               (shepherd-service

From patchwork Tue Nov 14 14:09:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56460
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id F24CD27BBE2; Tue, 14 Nov 2023 14:11:04 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 04AD527BBE9
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:11:04 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7d-00009N-IE; Tue, 14 Nov 2023 09:10:33 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7R-0008W9-KE
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:24 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7R-00028B-79
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:21 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u87-0005dK-At; Tue, 14 Nov 2023 09:11:03 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 7/9] services: jami: Use =?utf-8?b?4oCYbGVhc3Qt?=
	=?utf-8?b?YXV0aG9yaXR5LXdyYXBwZXLigJku?=
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: maxim.cournoyer@gmail.com, guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:03 +0000
Resent-Message-ID: <handler.67175.B67175.169997104821572@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>,
 Maxim Cournoyer <maxim.cournoyer@gmail.com>
X-Debbugs-Original-Xcc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997104821572
 (code B ref 67175); Tue, 14 Nov 2023 14:11:03 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:48 +0000
Received: from localhost ([127.0.0.1]:60593 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7s-0005bq-0a
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:48 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60968)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7l-0005aM-RB
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:42 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u70-0001s9-CE; Tue, 14 Nov 2023 09:09:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=bsUL5ut2xAvw6xsw81b1e8m+qf52gQs58+To7iwqDGI=; b=pMQoMzgAQGM3mZeXifpk
 6IFaOH8fajuMfskRjr2+QRScQ7E+tFBAKO2J20or9VX1b1q0WEhJx9dyGhorrlIY6GsmHuVUrGIoN
 L/9+cIDvsOkfNV5lKYWFXYwMz8bV/UL+tRUieP+EDUWIoysfMR3VTUle3I/gquNaWaMWDHXAG1SvJ
 QADhXpLj6H6eyPnr3qDbricEvJSlXgW9b7cMCYwljpNtcGptpVQwSHVf3LjxPcwpFeS2AJcOMS1qp
 p67zdbFcSyxADpp010835eIyiTd4DIpp7/su+HadJIoGKxps5KfI0cB5bghf4dY2SNPM9x/EnMeB7
 5LBTS7OuqTbymw==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:16 +0100
Message-ID: 
 <d11e633a8b8d905e6a3c6c00599db03dec973cfb.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/services/telephony.scm (jami-configuration->command-line-arguments)
[wrapper]: New procedure.
Use it.
(jami-shepherd-services): In ‘start’ method of ‘jami’ service, use
‘fork+exec-command’ instead of ‘make-forkexec-constructor/container’.
Remove use of (gnu build shepherd).

Change-Id: Ic71c0c88477d92bf137d9d0a5832bae8721cc210
---
 gnu/services/telephony.scm | 66 +++++++++++++++++++++-----------------
 1 file changed, 37 insertions(+), 29 deletions(-)

diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
index 832470527d..16d109b8b1 100644
--- a/gnu/services/telephony.scm
+++ b/gnu/services/telephony.scm
@@ -261,9 +261,37 @@ (define %jami-accounts
 (define (jami-configuration->command-line-arguments config)
   "Derive the command line arguments to used to launch the Jami daemon from
 CONFIG, a <jami-configuration> object."
+  (define (wrapper libjami)
+    (least-authority-wrapper
+     ;; XXX: 'gexp-input' is needed as the outer layer so that
+     ;; 'references-file' picks the right output of LIBJAMI.
+     (gexp-input (file-append (gexp-input libjami "bin") "/libexec/jamid")
+                 "bin")
+     #:mappings
+     (list (file-system-mapping
+            (source "/dev/log") ;for syslog
+            (target source))
+           (file-system-mapping
+            (source "/var/lib/jami")
+            (target source)
+            (writable? #t))
+           (file-system-mapping
+            (source "/var/run/jami")
+            (target source)
+            (writable? #t))
+           ;; Expose TLS certificates for GnuTLS.
+           (file-system-mapping
+            (source (file-append nss-certs "/etc/ssl/certs"))
+            (target "/etc/ssl/certs")))
+     #:preserved-environment-variables
+     '("DBUS_SESSION_BUS_ADDRESS" "SSL_CERT_DIR")
+     #:user "jami"
+     #:group "jami"
+     #:namespaces (fold delq %namespaces '(net user))))
+
   (match-record config <jami-configuration>
     (libjami dbus enable-logging? debug? auto-answer?)
-    `(,#~(string-append #$libjami:bin "/libexec/jamid")
+    `(,(wrapper libjami)
       "--persistent"                    ;stay alive after client quits
       ,@(if enable-logging?
             '()                         ;logs go to syslog by default
@@ -334,7 +362,6 @@ (define (jami-shepherd-services config)
       (with-imported-modules (source-module-closure
                               '((gnu build dbus-service)
                                 (gnu build jami-service)
-                                (gnu build shepherd)
                                 (gnu system file-systems)))
 
         (define list-accounts-action
@@ -562,7 +589,6 @@ (define (jami-shepherd-services config)
                           (srfi srfi-26)
                           (gnu build dbus-service)
                           (gnu build jami-service)
-                          (gnu build shepherd)
                           (gnu system file-systems)
                           ,@%default-modules))
                (start
@@ -608,32 +634,14 @@ (define (jami-shepherd-services config)
 
                     ;; Start the daemon.
                     (define daemon-pid
-                      ((make-forkexec-constructor/container
-                        (list #$@(jami-configuration->command-line-arguments
-                                  config))
-                        #:mappings
-                        (list (file-system-mapping
-                               (source "/dev/log") ;for syslog
-                               (target source))
-                              (file-system-mapping
-                               (source "/var/lib/jami")
-                               (target source)
-                               (writable? #t))
-                              (file-system-mapping
-                               (source "/var/run/jami")
-                               (target source)
-                               (writable? #t))
-                              ;; Expose TLS certificates for GnuTLS.
-                              (file-system-mapping
-                               (source #$(file-append nss-certs "/etc/ssl/certs"))
-                               (target "/etc/ssl/certs")))
-                        #:user "jami"
-                        #:group "jami"
-                        #:environment-variables
-                        (list (string-append "DBUS_SESSION_BUS_ADDRESS="
-                                             "unix:path=/var/run/jami/bus")
-                              ;; Expose TLS certificates for OpenSSL.
-                              "SSL_CERT_DIR=/etc/ssl/certs"))))
+                      (fork+exec-command
+                       (list #$@(jami-configuration->command-line-arguments
+                                 config))
+                       #:environment-variables
+                       (list (string-append "DBUS_SESSION_BUS_ADDRESS="
+                                            "unix:path=/var/run/jami/bus")
+                             ;; Expose TLS certificates for OpenSSL.
+                             "SSL_CERT_DIR=/etc/ssl/certs")))
 
                     (setenv "DBUS_SESSION_BUS_ADDRESS"
                             "unix:path=/var/run/jami/bus")

From patchwork Tue Nov 14 14:09:17 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56459
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 667C427BBEA; Tue, 14 Nov 2023 14:11:01 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 4D52F27BBE2
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:11:00 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7h-0000BZ-8l; Tue, 14 Nov 2023 09:10:37 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7U-0008WN-T1
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:26 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7S-00029A-F0
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:24 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1r2u88-0005dl-IL
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:11:04 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 8/9] services: Remove unnecessary references to
 (gnu build shepherd).
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:04 +0000
Resent-Message-ID: <handler.67175.B67175.169997105021596@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997105021596
 (code B ref 67175); Tue, 14 Nov 2023 14:11:04 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:50 +0000
Received: from localhost ([127.0.0.1]:60599 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7t-0005cD-Km
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:50 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60978)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7m-0005aV-M1
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:44 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u71-0001sk-6P; Tue, 14 Nov 2023 09:09:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=kggIVBwqg15PvFVCNAv10Mp04NMevZ4yCjBx7VM5dTo=; b=iT7lwSyjEOb4ZkDXcEyw
 q7rYCg9aL8si5Y8vh+Xv8zbA7mnZZhk05bFy010eTMDsIjcnVbQA27P9ZQMNO4qGxlTy3Cwh01Juq
 Qwa/ogl0c1VMdRvYXD3tHf22iG+eOIoEOAFhxk56FQfnxmjq6kqEgi1Mnf8RFPmIdatnoqmR79YwQ
 SB+DqbeySH4jWP8w27rrB8FNNkcKdr9ivPWylxSWZ5pSMJ1zn4BT2yPydpdtJxVal0Aza7SdI9M9I
 B3kzBKugOeqzkF4I5h1oHqh8VhBh82V7souznpElBcytEa/qbdNc2SbPQngFC40PjTY+Q0OXo33E/
 ppcvIs/9r6CaIw==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:17 +0100
Message-ID: 
 <9d76fe617e048052bab9f1033d292fe068b1652c.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/services/databases.scm (memcached-shepherd-service): Remove
‘with-imported-modules’ form and ‘modules’ field.
* gnu/services/security-token.scm (pcscd-shepherd-service): Remove
‘with-imported-modules’ form.
* gnu/services/web.scm (hpcguix-web-shepherd-service): Likewise.

Change-Id: Ieb817508f1751e0c1ff551a0e078789a4a813c1c
---
 gnu/services/databases.scm      | 41 +++++++++++++--------------
 gnu/services/security-token.scm | 29 +++++++++----------
 gnu/services/web.scm            | 50 ++++++++++++++++-----------------
 3 files changed, 56 insertions(+), 64 deletions(-)

diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index d3fee2a8ef..580031cb42 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -512,28 +512,25 @@ (define memcached-shepherd-service
   (match-lambda
     (($ <memcached-configuration> memcached interfaces tcp-port udp-port
                                   additional-options)
-     (with-imported-modules (source-module-closure
-                             '((gnu build shepherd)))
-       (list (shepherd-service
-              (provision '(memcached))
-              (documentation "Run the Memcached daemon.")
-              (requirement '(user-processes loopback))
-              (modules '((gnu build shepherd)))
-              (start #~(make-forkexec-constructor
-                        `(#$(file-append memcached "/bin/memcached")
-                          "-l" #$(string-join interfaces ",")
-                          "-p" #$(number->string tcp-port)
-                          "-U" #$(number->string udp-port)
-                          "--daemon"
-                          ;; Memcached changes to the memcached user prior to
-                          ;; writing the pid file, so write it to a directory
-                          ;; that memcached owns.
-                          "-P" "/var/run/memcached/pid"
-                          "-u" "memcached"
-                          ,#$@additional-options)
-                        #:log-file "/var/log/memcached"
-                        #:pid-file "/var/run/memcached/pid"))
-              (stop #~(make-kill-destructor))))))))
+     (list (shepherd-service
+            (provision '(memcached))
+            (documentation "Run the Memcached daemon.")
+            (requirement '(user-processes loopback))
+            (start #~(make-forkexec-constructor
+                      `(#$(file-append memcached "/bin/memcached")
+                        "-l" #$(string-join interfaces ",")
+                        "-p" #$(number->string tcp-port)
+                        "-U" #$(number->string udp-port)
+                        "--daemon"
+                        ;; Memcached changes to the memcached user prior to
+                        ;; writing the pid file, so write it to a directory
+                        ;; that memcached owns.
+                        "-P" "/var/run/memcached/pid"
+                        "-u" "memcached"
+                        ,#$@additional-options)
+                      #:log-file "/var/log/memcached"
+                      #:pid-file "/var/run/memcached/pid"))
+            (stop #~(make-kill-destructor)))))))
 
 (define memcached-service-type
   (service-type (name 'memcached)
diff --git a/gnu/services/security-token.scm b/gnu/services/security-token.scm
index 2356273398..d971091e73 100644
--- a/gnu/services/security-token.scm
+++ b/gnu/services/security-token.scm
@@ -50,22 +50,19 @@ (define-record-type* <pcscd-configuration>
 (define pcscd-shepherd-service
   (match-lambda
     (($ <pcscd-configuration> pcsc-lite)
-     (with-imported-modules (source-module-closure
-                             '((gnu build shepherd)))
-       (shepherd-service
-        (documentation "PC/SC Smart Card Daemon")
-        (provision '(pcscd))
-        (requirement '(syslogd))
-        (modules '((gnu build shepherd)))
-        (start #~(lambda _
-                   (let ((socket "/run/pcscd/pcscd.comm"))
-                     (when (file-exists? socket)
-                       (delete-file socket)))
-                   (fork+exec-command
-                    (list #$(file-append pcsc-lite "/sbin/pcscd")
-                          "--foreground")
-                    #:log-file "/var/log/pcscd.log")))
-        (stop #~(make-kill-destructor)))))))
+     (shepherd-service
+      (documentation "PC/SC Smart Card Daemon")
+      (provision '(pcscd))
+      (requirement '(syslogd))
+      (start #~(lambda _
+                 (let ((socket "/run/pcscd/pcscd.comm"))
+                   (when (file-exists? socket)
+                     (delete-file socket)))
+                 (fork+exec-command
+                  (list #$(file-append pcsc-lite "/sbin/pcscd")
+                        "--foreground")
+                  #:log-file "/var/log/pcscd.log")))
+      (stop #~(make-kill-destructor))))))
 
 (define pcscd-activation
   (match-lambda
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 818226a4f7..8eb00f76e3 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -1231,32 +1231,30 @@ (define %hpcguix-web-log-rotations
 (define (hpcguix-web-shepherd-service config)
   (let ((specs       (hpcguix-web-configuration-specs config))
         (hpcguix-web (hpcguix-web-package config)))
-    (with-imported-modules (source-module-closure
-                            '((gnu build shepherd)))
-      (shepherd-service
-       (documentation "hpcguix-web daemon")
-       (provision     '(hpcguix-web))
-       (requirement   '(networking))
-       (start #~(make-forkexec-constructor
-                 (list #$(file-append hpcguix-web "/bin/hpcguix-web")
-                       (string-append "--listen="
-                                      #$(hpcguix-web-configuration-address
-                                         config))
-                       "-p"
-                       #$(number->string
-                          (hpcguix-web-configuration-port config))
-                       #$@(if specs
-                              #~((string-append "--config="
-                                                #$(scheme-file
-                                                   "hpcguix-web.scm" specs)))
-                              #~()))
-                 #:user "hpcguix-web"
-                 #:group "hpcguix-web"
-                 #:environment-variables
-                 (list "XDG_CACHE_HOME=/var/cache/guix/web"
-                       "SSL_CERT_DIR=/etc/ssl/certs")
-                 #:log-file #$%hpcguix-web-log-file))
-       (stop #~(make-kill-destructor))))))
+    (shepherd-service
+     (documentation "hpcguix-web daemon")
+     (provision     '(hpcguix-web))
+     (requirement   '(networking))
+     (start #~(make-forkexec-constructor
+               (list #$(file-append hpcguix-web "/bin/hpcguix-web")
+                     (string-append "--listen="
+                                    #$(hpcguix-web-configuration-address
+                                       config))
+                     "-p"
+                     #$(number->string
+                        (hpcguix-web-configuration-port config))
+                     #$@(if specs
+                            #~((string-append "--config="
+                                              #$(scheme-file
+                                                 "hpcguix-web.scm" specs)))
+                            #~()))
+               #:user "hpcguix-web"
+               #:group "hpcguix-web"
+               #:environment-variables
+               (list "XDG_CACHE_HOME=/var/cache/guix/web"
+                     "SSL_CERT_DIR=/etc/ssl/certs")
+               #:log-file #$%hpcguix-web-log-file))
+     (stop #~(make-kill-destructor)))))
 
 (define hpcguix-web-service-type
   (service-type

From patchwork Tue Nov 14 14:09:18 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 56456
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 1194E27BBEB; Tue, 14 Nov 2023 14:10:50 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 737CF27BBE2
	for <patchwork@mira.cbaines.net>; Tue, 14 Nov 2023 14:10:49 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1r2u7d-00009r-QP; Tue, 14 Nov 2023 09:10:33 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7U-0008WM-SG
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:26 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1r2u7S-00029H-RX
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:10:24 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1r2u88-0005ds-Ux
 for guix-patches@gnu.org; Tue, 14 Nov 2023 09:11:04 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67175] [PATCH 9/9] shepherd: Remove =?utf-8?q?=E2=80=98make-fo?=
	=?utf-8?q?rkexec-constructor/container=E2=80=99=2E?=
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 14 Nov 2023 14:11:04 +0000
Resent-Message-ID: <handler.67175.B67175.169997105021603@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67175
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67175@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 67175-submit@debbugs.gnu.org id=B67175.169997105021603
 (code B ref 67175); Tue, 14 Nov 2023 14:11:04 +0000
Received: (at 67175) by debbugs.gnu.org; 14 Nov 2023 14:10:50 +0000
Received: from localhost ([127.0.0.1]:60601 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1r2u7u-0005cH-74
 for submit@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:50 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60984)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r2u7n-0005aa-Fb
 for 67175@debbugs.gnu.org; Tue, 14 Nov 2023 09:10:44 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r2u72-0001tD-0x; Tue, 14 Nov 2023 09:09:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=8UUzoZ8WYkWViLnVfuRZp0DdKyxtHcDjT7hKIVtIjT0=; b=TWvlOFPIARVAQmovpMsQ
 eoswQvflA3wIMKhdbc77S0O6R6W9DEOD3vOlsppTsnHzsZ7XijlgDkKu6HHCfjrPAWPnL+KMgMCwK
 2QLhus7GTfWfe7NhQBXowqQ2HcXo/DBCpmwzP5DJ8wZ3SRboXY9VU0ohSDysIPXQXD1ZjakjwPSOx
 uDxMo6bOdclSNmN9LFDk2foY1G3054GO9uDmhP7CE79sEdI09QzDeu96d83GKyXMyZNmnNhHwYK1C
 2FniOdnWco19w9LaJzVjh01LEbFIQrZwVPIoripTE87DjE2l8HXmKupaWwTcR2enPags9JTTf5DpB
 1TQDWpBEwunARg==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Nov 2023 15:09:18 +0100
Message-ID: 
 <814e03ee68566de3912c5962a43e2241b1775b52.1699970930.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
References: <cover.1699970930.git.ludo@gnu.org>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

This was superseded by ‘least-authority-wrapper’.

* gnu/build/shepherd.scm (read-pid-file/container)
(make-forkexec-constructor/container): Remove.

Change-Id: I6acccdff2609a35807608f865a4d381146113a88
---
 gnu/build/shepherd.scm | 90 ------------------------------------------
 1 file changed, 90 deletions(-)

diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm
index 9d9bfcfbc0..4ead27be0b 100644
--- a/gnu/build/shepherd.scm
+++ b/gnu/build/shepherd.scm
@@ -33,7 +33,6 @@ (define-module (gnu build shepherd)
                                  %precious-signals)
   #:autoload (shepherd system) (unblock-signals)
   #:export (default-mounts
-            make-forkexec-constructor/container
             fork+exec-command/container))
 
 ;;; Commentary:
@@ -101,27 +100,6 @@ (define* (default-mounts #:key (namespaces (default-namespaces '())))
                            (file-exists? (file-system-mapping-source mapping)))
                          mappings)))))
 
-(define* (read-pid-file/container pid pid-file #:key (max-delay 5))
-  "Read PID-FILE in the container namespaces of PID, which exists in a
-separate mount and PID name space.  Return the \"outer\" PID. "
-  (match (container-excursion* pid
-           (lambda ()
-             ;; XXX: Trick for Shepherd 0.9: prevent 'read-pid-file' from
-             ;; using (@ (fibers) sleep), which would try to suspend the
-             ;; current task, which doesn't work in this extra process.
-             (with-continuation-barrier
-              (lambda ()
-                (read-pid-file pid-file
-                               #:max-delay max-delay)))))
-    (#f
-     ;; Send SIGTERM to the whole process group.
-     (catch-system-error (kill (- pid) SIGTERM))
-     #f)
-    ((? integer? container-pid)
-     ;; XXX: When COMMAND is started in a separate PID namespace, its
-     ;; PID is always 1, but that's not what Shepherd needs to know.
-     pid)))
-
 (define* (exec-command* command #:key user group log-file pid-file
                         (supplementary-groups '())
                         (directory "/") (environment-variables (environ)))
@@ -144,74 +122,6 @@ (define* (exec-command* command #:key user group log-file pid-file
                 #:directory directory
                 #:environment-variables environment-variables))
 
-(define* (make-forkexec-constructor/container command
-                                              #:key
-                                              (namespaces
-                                               (default-namespaces args))
-                                              (mappings '())
-                                              (user #f)
-                                              (group #f)
-                                              (supplementary-groups '())
-                                              (log-file #f)
-                                              pid-file
-                                              (pid-file-timeout 5)
-                                              (directory "/")
-                                              (environment-variables
-                                               (environ))
-                                              #:rest args)
-  "This is a variant of 'make-forkexec-constructor' that starts COMMAND in
-NAMESPACES, a list of Linux namespaces such as '(mnt ipc).  MAPPINGS is the
-list of <file-system-mapping> to make in the case of a separate mount
-namespace, in addition to essential bind-mounts such /proc."
-  (define container-directory
-    (match command
-      ((program _  ...)
-       (string-append "/var/run/containers/" (basename program)))))
-
-  (define auto-mappings
-    `(,@(if log-file
-            (list (file-system-mapping
-                   (source log-file)
-                   (target source)
-                   (writable? #t)))
-            '())))
-
-  (define mounts
-    (append (map file-system-mapping->bind-mount
-                 (append auto-mappings mappings))
-            (default-mounts #:namespaces namespaces)))
-
-  (lambda args
-    (mkdir-p container-directory)
-
-    (when log-file
-      ;; Create LOG-FILE so we can map it in the container.
-      (unless (file-exists? log-file)
-        (close (open log-file (logior O_CREAT O_APPEND O_CLOEXEC) #o640))
-        (when user
-          (let ((pw (getpwnam user)))
-            (chown log-file (passwd:uid pw) (passwd:gid pw))))))
-
-    (let ((pid (run-container container-directory
-                              mounts namespaces 1
-                              (lambda ()
-                                (exec-command* command
-                                               #:user user
-                                               #:group group
-                                               #:supplementary-groups
-                                               supplementary-groups
-                                               #:pid-file pid-file
-                                               #:log-file log-file
-                                               #:directory directory
-                                               #:environment-variables
-                                               environment-variables)))))
-      (if pid-file
-          (if (or (memq 'mnt namespaces) (memq 'pid namespaces))
-              (read-pid-file/container pid pid-file
-                                       #:max-delay pid-file-timeout)
-              (read-pid-file pid-file #:max-delay pid-file-timeout))
-          pid))))
-
 (define* (fork+exec-command/container command
                                       #:key pid
                                       #:allow-other-keys