GNU bug report logs -
#32141
[PATCH] services: Add ddclient service.
Previous Next
Reported by: Oleg Pykhalov <go.wigust <at> gmail.com>
Date: Fri, 13 Jul 2018 15:00:02 UTC
Severity: normal
Tags: patch
Done: Oleg Pykhalov <go.wigust <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Hi Oleg,
Sorry for the delay, I had forgotten about this patch. (Feel free to
ping when that happens!)
Oleg Pykhalov <go.wigust <at> gmail.com> skribis:
> I applied all your suggestions and updated the documentation. The patch
> is attached below. I run a ddclient service from this patch currently.
Neat.
> ludo <at> gnu.org (Ludovic Courtès) writes:
[...]
>> In short we must not manipulate secrets in anything that goes through
>> the store. The only thing I can suggest is to leave it up to the
>> user to create a file containing the secret in an out-of-band fashion;
>> /etc is a good place for such things.
>>
>> For example, they could create /etc/ddclient-secrets and then we would
>> somehow arrange to get that file read.
>>
>> To do that there are two possibilities that come to mind:
>>
>> 1. If the config file syntax has an “include” directive, just include
>> /etc/ddclient-secrets unconditionally in the generated config file.
>>
>> 2. Write an activation snippet that concatenates the generated config
>> file with /etc/ddclient-secrets and stores that as
>> /etc/ddclient.conf (or something like that.)
>>
>> Thoughts?
>
> Could we use ‘/etc/ddclient’ directory for secrets file, because
> ddclient program use this directory by default?
Sure.
> From 3f47ae60ecb2e8780c451e93976b5c83135d8420 Mon Sep 17 00:00:00 2001
> From: Oleg Pykhalov <go.wigust <at> gmail.com>
> Date: Fri, 13 Jul 2018 11:49:13 +0300
> Subject: [PATCH] services: Add ddclient service.
>
> * gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
> variables.
> (uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
> serialize-string, serialize-list, serialize-extra-options,
> ddclient-activation, ddclient-shepherd-service,
> generate-ddclient-documentation): New procedures.
> * doc/guix.texi (DNS Services): Document it.
[...]
> +By default, the @code{secret-file} in @code{ddclient-configuration} is
> +pointing to @file{/etc/ddclient/secrets.conf} file, which will be appended to
> +@file{/etc/ddclient/ddclient.conf} and should be created in advance. See
> +samples inside @file{/share/ddclient} directory of @code{ddclient} package.
I propose slightly different wording, to make it clear that users are
expected to provide the secret file:
The following example show instantiates the service with its default
configuration:
@example
(service ddclient-service-type)
@end example
Note that ddclient needs to access credentials that are stored in a
@dfn{secret file}, by default @file{/etc/ddclient/secrets} (see
@code{secret-file} below.) You are expected to create this file
manually, in an ``out-of-band'' fashion (you @emph{could} make this
file part of the service configuration, for instance by using
@code{plain-file}, but it will be world-readable @i{via}
@file{/gnu/store}.) See the examples in the @file{share/ddclient}
directory of the @code{ddclient} package.
WDYT?
> +@deftypevr {@code{ddclient-configuration} parameter} string secret-file
> +Secret file which will be appended to ddclient.conf file.
^
@file{ddclient.conf}
Maybe add:
This file contains credentials for use by ddclient. You are expected
to create it manually.
> +Defaults to @samp{"/etc/ddclient/secrets.conf"}.
OK with changes along these lines.
Thank you!
Ludo’.
This bug report was last modified 6 years and 271 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.