Package: guix-patches;
Reported by: Tomas Volf <~@wolfsden.cz>
Date: Thu, 13 Mar 2025 22:19:02 UTC
Severity: normal
Tags: patch
View this message in rfc822 format
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Tomas Volf <~@wolfsden.cz> Cc: 77001 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org> Subject: [bug#77001] [PATCH v2 8/8] services: krb5-service-type: Support launching KDC daemon. Date: Thu, 20 Mar 2025 15:27:00 +0900
Hi, I'm reviewing mostly just the doc part, which is the team I'm subscribed to. Tomas Volf <~@wolfsden.cz> writes: [...] > +++ b/doc/guix.texi > @@ -32135,11 +32135,13 @@ Kerberos Services > > @subsubheading Krb5 Service > > -Programs using a Kerberos client library normally > -expect a configuration file in @file{/etc/krb5.conf}. > -This service generates such a file from a definition provided in the > -operating system declaration. > -It does not cause any daemon to be started. > +Programs using a Kerberos client library normally expect a configuration > +file in @file{/etc/krb5.conf}. This service generates such a file from > +a definition provided in the operating system declaration. > + > +When @code{kdc-shepherd-service?} is set to @code{#t}, a shepherd > +service for @acronym{KDC, Key Distribution Center} is created. > +Otherwise no daemons are started. I'd reword to more simply: "Whether a Shepherd service for @acronym{KDC, Key Distribution Center} should be created." I'd find it also more useful if the option was named: 'key-distribution-center?'. That it is implemented as a service is an abstraction detail that is less important for the user than the feature provided, in my opinion. > No ``keytab'' files are provided by this service---you must explicitly create them. > This service is known to work with the MIT client library, @code{mit-krb5}. > diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm > index fcb0ac1ab4..a721cf3be5 100644 > --- a/gnu/services/kerberos.scm > +++ b/gnu/services/kerberos.scm > @@ -18,10 +18,13 @@ > ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. > > (define-module (gnu services kerberos) > + #:use-module (gnu packages kerberos) > #:use-module (gnu services) > #:use-module (gnu services configuration) > + #:use-module (gnu services shepherd) > #:use-module (gnu system pam) > #:use-module (guix gexp) > + #:use-module (guix packages) > #:use-module (guix records) > #:use-module (srfi srfi-1) > #:use-module (srfi srfi-34) > @@ -417,7 +420,16 @@ (define-configuration krb5-configuration > > (realms > (realm-list '()) > - "The list of realms which clients may access.")) > + "The list of realms which clients may access.") > + > + (krb5 > + (package mit-krb5) > + "The package to use for @command{krb5kdc}.") Maybe, "The package providing the @command{krb5kdc} command." > + > + (kdc-shepherd-service? > + (boolean #f) > + "Whether to generate a shepherd service for the @acronym{KDC, Key > +Distribution Center} daemon." empty-serializer)) > > > (define (krb5-configuration-file config) > @@ -432,15 +444,40 @@ (define (krb5-configuration-file config) > (define (krb5-etc-service config) > (list `("krb5.conf" ,(krb5-configuration-file config)))) > > +(define (krb5-activation config) > + (if (krb5-configuration-kdc-shepherd-service? config) > + #~(begin > + (use-modules (guix build utils)) > + (mkdir-p "/var/krb5kdc")) > + #~#t)) > + > +(define (krb5-shepherd-services config) > + (match-record config <krb5-configuration> > + (krb5 kdc-shepherd-service?) > + (if kdc-shepherd-service? > + (list > + (shepherd-service > + (documentation "Run a krb5kdc daemon.") > + (provision '(krb5kdc)) > + (requirement '(user-processes)) > + (start #~(make-forkexec-constructor > + '(#$(file-append krb5 "/sbin/krb5kdc") "-n"))) > + (stop #~(make-kill-destructor)))) > + '()))) > + > > (define krb5-service-type > (service-type (name 'krb5) > (extensions > (list (service-extension etc-service-type > - krb5-etc-service))) > + krb5-etc-service) > + (service-extension activation-service-type > + krb5-activation) > + (service-extension shepherd-root-service-type > + krb5-shepherd-services))) > (description "Programs using a Kerberos client library > normally expect a configuration file in @file{/etc/krb5.conf}. This service > -generates such a file. It does not cause any daemon to be started."))) > +generates such a file and (optionally) a shepherd service to run a daemon."))) s/shepherd/Shepherd/ Otherwise, LGTM for this 8/8 commit only. Reviewed-by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> -- Thanks, Maxim
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.