From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 19 23:45:30 2024 Received: (at submit) by debbugs.gnu.org; 20 Jun 2024 03:45:30 +0000 Received: from localhost ([127.0.0.1]:41523 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sK8jq-0006XL-9z for submit@debbugs.gnu.org; Wed, 19 Jun 2024 23:45:30 -0400 Received: from lists.gnu.org ([209.51.188.17]:42654) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sK8jm-0006Wr-8g for submit@debbugs.gnu.org; Wed, 19 Jun 2024 23:45:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sK8ji-0006hM-AY for guix-patches@gnu.org; Wed, 19 Jun 2024 23:45:22 -0400 Received: from mail-108-mta171.mxroute.com ([136.175.108.171]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sK8jg-0007En-Bu for guix-patches@gnu.org; Wed, 19 Jun 2024 23:45:22 -0400 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta171.mxroute.com (ZoneMTA) with ESMTPSA id 19033bfa8c000017a3.002 for (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Thu, 20 Jun 2024 03:45:16 +0000 X-Zone-Loop: 550f7fdd743d054c550dfccec133bac546296e6d7205 X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=freakingpenguin.com; s=x; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=yyBICg4O1y0fUS6c0vVAsrc8LuuVW7gya8VicEXI1fk=; b=GV2Ok24XjA7ipc7LweVS/akMPJ GnvlF2ytNRNvCP97oj09QU6JHrsJPziR1VEk9mqgEKju/D62kCwzQ9T5IKhD7fhOnF0fYU4+FBhk0 HmpQxEsElwAntkP248iZjJ+r95W1fd7OgIl9SQ4graa9HieTBCtuRU4jNNDtTOZCinYQA35vL+et4 IOp5/LNNeYsWnhLoWi+MH61nvK+5b0QQ+OE3Q6CzQyqPyZCtqa4ZtCpFhhSXrf/GFJBZ4e/umbU6K 68xRsfxPxBj26oCvX8lVLuUDBRrq1DjASBsr+SrxkKe/PDrsBo4wKnPSSnnJN6AVyVAzGgHU2BN2l CsGZVQqA==; From: Richard Sent To: guix-patches@gnu.org, 71639@debbugs.gnu.org Subject: [PATCH v2 2/5] services: backup: Add password-command support to restic-service Date: Wed, 19 Jun 2024 23:44:13 -0400 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Debbugs-Cc: Florian Pelz , Ludovic Courtès , Matthew Trzcinski , Maxim Cournoyer Content-Transfer-Encoding: 8bit X-Authenticated-Id: richard@freakingpenguin.com Received-SPF: pass client-ip=136.175.108.171; envelope-from=richard@freakingpenguin.com; helo=mail-108-mta171.mxroute.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: Richard Sent X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) * gnu/services/backup.scm (restic-backup-job): Add password-command. (verify-restic-backup-job-configuration): Create. (restic-backup-job-program): Set either RESTIC_PASSWORD or RESTIC_PASSWORD_COMMAND depending on what is configured. * doc/guix.texi (Miscellaneous Services): Document it. Change-Id: Ice9cf85d1ee4485a2737f515c63c969918219df0 --- doc/guix.texi | 7 +++++++ gnu/services/backup.scm | 41 ++++++++++++++++++++++++++++++++++++----- 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 63c9cbd1a7..f22d679023 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -41344,6 +41344,13 @@ Miscellaneous Services that will be used to set the @env{RESTIC_PASSWORD} environment variable for the current job. +@item @code{password-command} (type: file-like) +String path or file-like object representing the executable file that +prints password to stdout. If a file-like object is used, it is placed +in the store globally executable and in plain text. The executable +should be designed such that it does not compromise the password if an +unauthorized user runs it. + @item @code{schedule} (type: gexp-or-string) A string or a gexp that will be passed as time specification in the mcron job specification (@pxref{Syntax, mcron job specifications,, diff --git a/gnu/services/backup.scm b/gnu/services/backup.scm index 1279ece88f..fd904bc9a9 100644 --- a/gnu/services/backup.scm +++ b/gnu/services/backup.scm @@ -66,6 +66,9 @@ (define (lowerable? value) (define list-of-lowerables? (list-of lowerable?)) +(define-maybe/no-serialization string) +(define-maybe/no-serialization file-like) + (define-configuration/no-serialization restic-backup-job (restic (package restic) @@ -80,10 +83,16 @@ (define-configuration/no-serialization restic-backup-job (string) "The restic repository target of this job.") (password-file - (string) + (maybe-string) "Name of the password file, readable by the configured @code{user}, that will be used to set the @code{RESTIC_PASSWORD} environment variable for the current job.") + (password-command + (maybe-file-like) + "An executable file who's path is stored in @code{RESTIC_PASSWORD_COMMAND}. +When run, the file writes the password to standard output. Due to the nature +of the store this command will be globally executable and should have external +protections to ensure unauthorized users cannot retrieve the password.") (schedule (gexp-or-string) "A string or a gexp that will be passed as time specification in the mcron @@ -104,6 +113,14 @@ (define-configuration/no-serialization restic-backup-job "A list of values that are lowered to strings. These will be passed as command-line arguments to the current job @command{restic backup} invokation.")) +(define (verify-restic-backup-job-configuration config) + (unless (or (maybe-value-set? (restic-backup-job-password-file config)) + (maybe-value-set? (restic-backup-job-password-command config))) + (error "either password-file or password-command must be configured.")) + (when (and (maybe-value-set? (restic-backup-job-password-file config)) + (maybe-value-set? (restic-backup-job-password-command config))) + (error "password-file and password-command can not be configured simultaneously."))) + (define list-of-restic-backup-jobs? (list-of restic-backup-job?)) @@ -113,12 +130,21 @@ (define-configuration/no-serialization restic-backup-configuration "The list of backup jobs for the current system.")) (define (restic-backup-job-program config) + (define (maybe-value-or-false maybe) + (if (maybe-value-set? maybe) + maybe + #f)) + + (verify-restic-backup-job-configuration config) + (let ((restic (file-append (restic-backup-job-restic config) "/bin/restic")) (repository (restic-backup-job-repository config)) (password-file - (restic-backup-job-password-file config)) + (maybe-value-or-false (restic-backup-job-password-file config))) + (password-command + (maybe-value-or-false (restic-backup-job-password-command config))) (files (restic-backup-job-files config)) (extra-flags @@ -134,9 +160,14 @@ (define (restic-backup-job-program config) #~(begin (use-modules (ice-9 popen) (ice-9 rdelim)) - (setenv "RESTIC_PASSWORD" - (with-input-from-file #$password-file read-line)) - + (or (and=> #$password-file (lambda (x) + (setenv "RESTIC_PASSWORD" + (with-input-from-file x read-line)))) + (and=> #$password-command (lambda (x) + (setenv "RESTIC_PASSWORD_COMMAND" x))) + ;; Have a backup error message in case + ;; verify-restic-backup-job-configuration is messed with + (error "Neither password-file or password-command set")) (when #$init? ;; Use cat config to check if the repository exists. See ;; https://github.com/restic/restic/issues/1690 and -- 2.45.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 20 16:58:37 2024 Received: (at control) by debbugs.gnu.org; 20 Jun 2024 20:58:37 +0000 Received: from localhost ([127.0.0.1]:43935 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sKOrc-0004Yp-W7 for submit@debbugs.gnu.org; Thu, 20 Jun 2024 16:58:37 -0400 Received: from mail-108-mta189.mxroute.com ([136.175.108.189]:34501) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sKOra-0004YV-Uo for control@debbugs.gnu.org; Thu, 20 Jun 2024 16:58:35 -0400 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta189.mxroute.com (ZoneMTA) with ESMTPSA id 190377188a500017a3.001 for (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Thu, 20 Jun 2024 20:58:25 +0000 X-Zone-Loop: b14688dd8b66f8052c4e8668ac6b2cc79f2285ce5db0 X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=freakingpenguin.com; s=x; h=Subject:From:To:Message-Id:Date:Sender:Reply-To :Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=7tfX2jGbgyor0+Bu0O9dKNvkK4Pm5GZbvRaFiOZ82uM=; b=a45NEiVkoWKUCZeeQbZ1G5ENqL G/ibPjvErWfkMIW5EaG+5mIQpM2gDaLCIFjUVlTnRfbgFlR7882xTa8rzRRwgqS7rY1TwM7PoIyaS ScCvvCjR2CFSxXCj3DyGzQnQnLb1HVmSk9SSR378Cv9ClSy7PgWyYR5BOjmJe1PCVtb8NYyvSs7t1 6IUAYk1tpy1f7wlsL6r8y1mjTJ6hA/7t3ujvww8RlhRR2KqGA5OlKG0lQTFOdcxOlpx8IDKQhfyh8 Puj3wPXMDrossYtk/OsqgyF7q6OZVxrCC379YYjnSr6OlKWdQXHeKm9ijaaoR9xIMKlQC3H/vhi+a x1CcMAJg==; Date: Thu, 20 Jun 2024 16:58:22 -0400 Message-Id: <87bk3vqqkx.fsf@freakingpenguin.com> To: control@debbugs.gnu.org From: Richard Sent Subject: control message for bug #71662 X-Authenticated-Id: richard@freakingpenguin.com X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) close 71662 quit From unknown Sat Jun 21 10:45:44 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 20 Jul 2024 11:24:10 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator