From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 30 22:28:57 2025 Received: (at submit) by debbugs.gnu.org; 31 Mar 2025 02:28:58 +0000 Received: from localhost ([127.0.0.1]:38737 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tz4tE-0003vU-Ak for submit@debbugs.gnu.org; Sun, 30 Mar 2025 22:28:57 -0400 Received: from lists.gnu.org ([2001:470:142::17]:51022) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tz4t3-0003si-Fg for submit@debbugs.gnu.org; Sun, 30 Mar 2025 22:28:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tz4sx-00054A-Na for guix-patches@gnu.org; Sun, 30 Mar 2025 22:28:23 -0400 Received: from mail-pl1-x630.google.com ([2607:f8b0:4864:20::630]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tz4st-0005Kn-C2 for guix-patches@gnu.org; Sun, 30 Mar 2025 22:28:23 -0400 Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-224100e9a5cso73372305ad.2 for ; Sun, 30 Mar 2025 19:28:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743388096; x=1743992896; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=IMPtvH3TgMvq7yQpVykMJCrufiPvwdinWiKaklV6ARk=; b=AaBVINxRIBq3zj68NYohv/gARbs1e7CvRYHa2j1hQqdvdXQ/nbukb0/6jBFXjdcJtY Ff4xcDXAbyo4fBNYtZqJ20LKHosAgvmSa5D5Jzpj8dSIaUnVnJbxAsLGB5tW4YmXtkLu UmCg6BFC4BfCIlsbZthEQ25YaRxSqc4T6np/97Wrow7knJxtKF44GGrs9eit2hZ6O9uR nAX9DUx5M+b/h1cnJEnd3SgxHTeK6fK8vUlC40HUDDLdwFlBW7ILH2FatyhQF9lcyfRY cyOYxepxszQA7TvZenLXiRNmkSB6Y3UHeC7YOBp3aO2KFi46lQJxLduxVkVM7AjOc285 Trcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743388096; x=1743992896; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IMPtvH3TgMvq7yQpVykMJCrufiPvwdinWiKaklV6ARk=; b=JRa3jSACshV/jjIjlu9JFhhxbgnof9pmHDn24oekFOk46kPvXD1Vdt+umerrhafbT7 bEflAoO/jvgZZSjqNunAz75+MkVvAPYu8WBcN2GFdIjCGBnbgQKAvQpK9I4E8FiUQeGc q8zB1/3IvvFR9fqaycXgW3UnvhVHIIuqRCHcW+5pPFImEK1n7TmAzQNHFFtA6q64U1SS hYL2lvao6mGWeklrG5PbaMZunqllzmzdjUZhHk4oOWro0q177U7YuGt3oq7xDiQbmOr8 C2Hn2LkgFC4kEmQG33MSiLaRc9AzeOZ8imq9fPkzfqgGWNoLIfimhJYKfKmmzVYiI7FT r+RA== X-Gm-Message-State: AOJu0YznnRAksu0WuvMvyBPUcN2ym7WHb4SJTQW6URSWnFBIiSb30E9q PqqNqrcPVLMjzvmSKgt0V+SiVPqYVLeLO7Of6l2H9xBw6w8Lo0pHHmNTjQ== X-Gm-Gg: ASbGnct9uKLdk+pPne3oOfgs8dX9ueAGOpypW5xy1RtwYh0ZIxq53Z80lk+bMHAjzju OkrAdIbG/AeHfA5wBbN14KrUrm5JtwUb8hDEugs6vdMDHcf3bgaVnEbE9GXH/cZHqhYhvk1VmNQ e2MacQfPqjkoL67e8eq2MHRY9onMfjC+73aJG0aynS4PyNGt3/USo+Uu0X/GJqNjQtwURDnm/Fv 1UdVFhxpMM8wxKUhxWbJCQs2UUx5r10PvmBIom38SuVs7BWAcX3+owrBydPAzn970XOkMzf4keP 1ahyyMRptWJgQS9J0YlKCvaxRMTxnJXw6I8p0ROP+jIQ46BkgoRjHN65SdMKIMs/c/AO1I1QmJ8 = X-Google-Smtp-Source: AGHT+IFoNo5CW964P+M3laIAIzX5u76cDWcT0J2acRKKxgVyieGig1ioFO2bdee1aZqZNP0y5ri0Jg== X-Received: by 2002:a17:902:ecc3:b0:224:826:277f with SMTP id d9443c01a7336-2292f9db08fmr113311505ad.33.1743388094966; Sun, 30 Mar 2025 19:28:14 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2291eedfbe3sm59443865ad.89.2025.03.30.19.28.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Mar 2025 19:28:14 -0700 (PDT) From: Maxim Cournoyer To: guix-patches@gnu.org Subject: [PATCH] services: Add ngircd-service-type. Date: Mon, 31 Mar 2025 11:27:48 +0900 Message-ID: X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-Debbugs-Cc: Ludovic Courtès , Maxim Cournoyer Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::630; envelope-from=maxim.cournoyer@gmail.com; helo=mail-pl1-x630.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: Maxim Cournoyer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) * gnu/services/messaging.scm (pascal-case, ngircd-serialize-string) (ngircd-serialize-boolean, ngircd-serialize-file-like) (ngircd-serialize-list-of-strings, ngircd-serialize-list-of-ports) (ngircd-serialize-number, ngircd-serialize-port) (string-or-number?, ngircd-serialize-string-or-number): New procedures. (ngircd-global, ngircd-limits, ngircd-options, ngircd-ssl) (ngircd-operator, ngircd-server, ngircd-channel) (ngircd-configuration): New configurations. (serialize-ngircd-global, serialize-ngircd-limits) (serialize-ngircd-options, serialize-ngircd-operator) (serialize-list-of-ngircd-operators, serialize-ngircd-server) (serialize-ngircd-channel, serialize-list-of-ngircd-channels) (serialize-ngircd-configuration): New procedures. (list-of-ngircd-operators?, list-of-ngircd-servers?) (list-of-ngircd-channels?): New predicates. (ngircd-generate-documentation): New procedure. (ngircd-user+group, ngircd-account, ngircd-wrapper): Likewise. (ngircd-shepherd-service): New shepherd service. (%ngircd-activation): New procedure. (ngircd-service-type): New service type. * gnu/tests/messaging.scm (%ngircd-os): New variable. (run-ngircd-test): New procedure. (%test-ngircd): New test. * doc/guix.texi (Messaging Services): Document it. Change-Id: I3ce9a7fd0b33afab22cf15942a1db0cf5b12bfdb --- doc/guix.texi | 394 ++++++++++++++++++++++ gnu/services/messaging.scm | 650 +++++++++++++++++++++++++++++++++++++ gnu/tests/messaging.scm | 73 +++++ 3 files changed, 1117 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index f6d774fd13..06aec854b3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -30351,6 +30351,400 @@ Messaging Services @end table @end deftp +@subsubheading ngIRCd service + +@cindex IRCd, Internet Relay Chat daemon +@cindex IRC daemon service +@cindex IRC server service +@cindex IRC (Internet Relay Chat) + +@url{https://ngircd.barton.de/, ngIRCd}, is a lightweight @acronym{IRCd, +Internet Relay Chat daemon}, which can be used to host your own IRC +server. + +@defvar ngircd-service-type +The service type for ngIRCd. Its value is a @code{ngircd-configuration} +object, documented below. +@end defvar + +@c To regenerate the rest of this section documentation, use the +@c `ngircd-generate-documentation' procedure in (gnu services +@c messaging). + +@c %start of fragment + +@deftp {Data Type} ngircd-configuration +Available @code{ngircd-configuration} fields are: + +@table @asis +@item @code{ngircd} (default: @code{ngircd}) (type: file-like) +The @code{ngircd} package to use. + +@item @code{debug?} (default: @code{#f}) (type: boolean) +Turn on debugging messages. + +@item @code{global} (type: ngircd-global) +A ngircd-global record object used to specify global options. + +@item @code{limits} (type: maybe-ngircd-limits) +The ngircd-limits record object used to specify limits options. + +@item @code{options} (type: maybe-ngircd-options) +The ngircd-options record object used to specify optional features and +configuration options. + +@item @code{ssl} (type: maybe-ngircd-ssl) +The ngircd-ssl record object used to specify the SSL-related options. + +@item @code{operators} (type: maybe-list-of-ngircd-operators) +A list of ngircd-operator record objects used to specify the operators. + +@item @code{servers} (type: maybe-list-of-ngircd-servers) +A list of ngircd-server record objects used to specify other remote +servers to connect to. + +@item @code{channels} (type: maybe-list-of-ngircd-channels) +A list of ngircd-channels record objects specifying pre-defined channels +to be created by the server when starting up. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-global +Available @code{ngircd-global} fields are: + +@table @asis +@item @code{name} (type: maybe-string) +Server name in the IRC network. This is an individual name of the IRC +server, it is not related to the DNS host name. It must be unique in +the IRC network and must contain at least one dot (@samp{.}) character. +When not set, ngIRCd tries to deduce a valid IRC server name from the +local host name. + +@item @code{admin-info-1} (type: maybe-string) +First administrator information. + +@item @code{admin-info-2} (type: maybe-string) +Second administrator information. + +@item @code{admin-email} (type: maybe-string) +Email to reach administrators. + +@item @code{help-file} (type: maybe-file-like) +File-like containing the ngIRCd help text. + +@item @code{info} (type: maybe-string) +Info text of the server. This will be shown by WHOIS and LINKS requests +for example. + +@item @code{listen} (default: @code{("::" "0.0.0.0")}) (type: maybe-list-of-strings) +A list of IP address on which the server should listen. By default it +listens on all interfaces. + +@item @code{motd-file} (type: file-like) +Text file with the @i{message of the day} (MOTD). This message will be +shown to all users connecting to the server. + +@item @code{motd-phrase} (type: maybe-string) +A simple Phrase (<127 chars) to use if you don't want to use a MOTD +file. + +@item @code{network} (type: maybe-string) +The name of the IRC network to which this server belongs. This name is +optional, should only contain ASCII characters, and can't contain +spaces. It is only used to inform clients. + +@item @code{password} (type: maybe-string) +Global password or all users needed to connect to the server. By +default, no password is required. PAM must be disabled for this option +to have an effect. + +@item @code{pid-file} (default: @code{"/run/ngircd/ngircd.pid"}) (type: string) +The file name where the PID of ngIRCd is written after it starts. + +@item @code{ports} (default: @code{(6667)}) (type: maybe-list-of-ports) +Port number(s) on which the server should listen for @emph{unencrypted} +connections. + +@item @code{server-uid} (default: @code{"ngircd"}) (type: string-or-number) +The user that the @command{ngircd} command should run as. + +@item @code{server-gid} (default: @code{"ngircd"}) (type: string-or-number) +The group that the @command{ngircd} command should run as. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-limits +Available @code{ngircd-limits} fields are: + +@table @asis +@item @code{connect-retry} (default: @code{60}) (type: maybe-number) +The number of seconds the server should wait before re-attempting to +establish a link to not yet (or no longer) connected servers. + +@item @code{max-connections} (default: @code{0}) (type: maybe-number) +Maximum number of simultaneous in- and outbound connections the server +is allowed to accept. There is no limit by default. + +@item @code{max-connections-ip} (default: @code{5}) (type: maybe-number) +Maximum number of simultaneous connections from a single IP address that +the server will accept. This configuration options lowers the risk of +denial of service attacks (DoS). Set to 0 to remove the limit. + +@item @code{max-joins} (default: @code{10}) (type: maybe-number) +Maximum number of channels a user can be member of. Set to 0 to remove +the limit. + +@item @code{max-list-size} (default: @code{100}) (type: maybe-number) +Maximum number of channels returned in response to a LIST command. + +@item @code{ping-timeout} (default: @code{120}) (type: maybe-number) +Number of seconds of inactivity after which the server will send a PING +to the peer to test whether it is alive or not. + +@item @code{pong-timeout} (default: @code{20}) (type: maybe-number) +If a client fails to answer a PING with a PONG within this amount of +seconds, it will be disconnected by the server. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-options +Available @code{ngircd-options} fields are: + +@table @asis +@item @code{allowed-channel-types} (default: @code{"#&+"}) (type: maybe-string) +List of allowed channel types (channel prefixes) for newly created +channels on the local server. By default, all supported channel types +are allowed. + +@item @code{allow-remote-oper?} (default: @code{#f}) (type: maybe-boolean) +If this option is active, IRC operators connected to remote servers are +allowed to control this local server using administrative commands, for +example like CONNECT, DIE, SQUIT, etc. + +@item @code{connect-ipv4?} (default: @code{#t}) (type: maybe-boolean) +Set to @code{#f} to prevent ngIRCd from connecting to other IRC servers +using the IPv4 protocol, allowed by default. + +@item @code{connect-ipv6?} (default: @code{#t}) (type: maybe-boolean) +Set to @code{#f} to prevent ngIRCd from connecting to other IRC servers +using the IPv6 protocol, allowed by default. + +@item @code{dns?} (default: @code{#t}) (type: maybe-boolean) +Set to @code{#f} to disable DNS lookups when clients connect. If you +configure the daemon to connect to other servers, ngIRCd may still +perform a DNS lookup if required. + +@item @code{more-privacy?} (default: @code{#f}) (type: maybe-boolean) +Set this to @code{#t} to have ngIRCd censor user idle time, logon time +as well as the PART/QUIT messages (that sometimes used to inform +everyone about which client software is being used). WHOWAS requests +are also silently ignored, and NAMES output doesn't list any clients for +non-members. This option is most useful when ngIRCd is being used +together with anonymizing software such as TOR or I2P and one does not +wish to make it too easy to collect statistics on the users. + +@item @code{notice-before-registration?} (default: @code{#f}) (type: maybe-boolean) +Normally ngIRCd doesn't send any messages to a client until it is +registered. Enable this option to let the daemon send @samp{NOTICE *} +messages to clients while connecting. + +@item @code{oper-can-use-mode?} (default: @code{#f}) (type: maybe-boolean) +Should IRC Operators be allowed to use the MODE command even if they are +not(!) channel-operators? + +@item @code{oper-chan-p-auto-op?} (default: @code{#t}) (type: maybe-boolean) +Should IRC Operators get AutoOp (+o) in persistent (+P) channels? + +@item @code{oper-server-mode?} (default: @code{#f}) (type: maybe-boolean) +If @code{open-can-use-mode?} is @code{#t}, this may lead the +compatibility problems with servers that run the ircd-irc2 software. +This option masks mode requests by non-chanops as if they were coming +from the server. Only enable this if you have ircd-irc2 servers in your +IRC network. + +@item @code{pam?} (default: @code{#t}) (type: maybe-boolean) +Set to @code{#f} to disable all calls to the PAM library at runtime; all +users connecting without password are allowed to connect, all passwords +given will fail. Users identified without PAM are registered with a +tilde (@samp{~}) prepended to their user name. + +@item @code{pam-is-optional?} (default: @code{#f}) (type: maybe-boolean) +Set to @code{#t} to make PAM authentication optional, causing clients +not sending a password to still be able to connect, but won't become +identified and keep the tilder (@samp{~}) character prepended to their +supplied user name. + +@item @code{require-auth-ping?} (default: @code{#f}) (type: maybe-boolean) +Set to @code{#t} to have ngIRCd send an authentication PING when a new +client connects, and register this client only after receiving the +corresponding PONG reply. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-ssl +Available @code{ngircd-ssl} fields are: + +@table @asis +@item @code{cert-file} (type: maybe-string) +SSL certificate file of the private server key. + +@item @code{key-file} (type: maybe-string) +File name of the SSL Server Key to be used for SSL connections, which is +required for SSL/TLS support. + +@item @code{ca-file} (default: @code{"/etc/ssl/certs/ca-certificates.crt"}) (type: string) +A file listing all the certificates of the trusted Certificate +Authorities. + +@item @code{ports} (type: maybe-list-of-ports) +Like the global configuration's @code{port} option, except that ngIRCd +will expect incoming connections to be SSL/TLS encrypted. Common port +numbers for SSL-encrypted IRC are 6669 and 6697. + +@item @code{cipher-list} (type: maybe-string) +The GnuTLS cipher suites allowed for SSL/TLS connections, a value such +as @code{"SECURE128:-VERS-SSL3.0"}. Refer to @samp{man 3 +gnutls_priority_init} for details. + +@item @code{dh-file} (type: maybe-file-like) +A file-like containing the Diffie-Hellman parameters, which can be +created with GnuTLS via @samp{certtool --generate-dh-params}. If this +file is not present, the Diffie-Hellman parameters will be computed on +startup, which may take some time. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-operator +Available @code{ngircd-operator} fields are: + +@table @asis +@item @code{name} (type: string) +ID of the operator (may be different of the nickname). + +@item @code{password} (type: string) +Password of the IRC operator. + +@item @code{mask} (type: maybe-string) +Mask that is to be checked before an /OPER for this account is accepted, +for example: @code{"nick!ident@@*.example.com"}. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-server +Available @code{ngircd-server} fields are: + +@table @asis +@item @code{name} (type: string) +IRC name of the remote server. + +@item @code{host} (type: string) +Internet host name (or IP address) of the peer. + +@item @code{my-password} (type: string) +Own password for this connection. This password has to be configured as +@code{peer-password} on the other server and must not have @samp{:} as +first character. + +@item @code{peer-password} (type: string) +Foreign password for this connection. This password has to be +configured as @code{my-password} on the other server. + +@item @code{bind} (type: maybe-string) +IP address to use as source IP for the outgoing connection. The default +is to let the operating system decide. + +@item @code{port} (type: maybe-port) +Port of the remote server to which ngIRCd should connect (active). If +no port is assigned to a configured server, the daemon only waits for +incoming connections (passive, which is the default). + +@item @code{group} (type: maybe-number) +Group of this server. + +@item @code{passive?} (default: @code{#f}) (type: maybe-boolean) +Set to @code{#t} to disable automatic connection even if the port value +is specified. + +@item @code{ssl-connect?} (default: @code{#f}) (type: maybe-boolean) +Connect to the remote server using TLS/SSL. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-channel +Available @code{ngircd-channel} fields are: + +@table @asis +@item @code{name} (type: string) +Name of the channel, including channel prefix ("#" or "&"). + +@item @code{topic} (type: maybe-string) +Topic for this channel. + +@item @code{modes} (type: maybe-list-of-strings) +Initial channel modes, as used in MODE commands. Modifying lists (ban +list, invite list, exception list) is supported. If multiple MODE +strings are specified, they are evaluated in the order listed (left to +right). + +@item @code{key-file} (type: maybe-file-like) +Path and file name of a ngIRCd key file containing individual channel +keys for different users. Refer to @samp{man 5 ngircd.conf} for more +details. + +@end table + +@end deftp +@c %end of fragment + @subsubheading Quassel Service @cindex IRC (Internet Relay Chat) diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 9bfeabacf4..341583ea58 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2017 Mathieu Othacehe ;;; Copyright © 2015, 2017-2020, 2022-2024 Ludovic Courtès ;;; Copyright © 2018 Pierre-Antoine Rouby +;;; Copyright © 2025 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -20,6 +21,7 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu services messaging) + #:use-module ((gnu home services utils) #:select (object->camel-case-string)) #:use-module (gnu packages admin) #:use-module (gnu packages base) #:use-module (gnu packages irc) @@ -38,7 +40,10 @@ (define-module (gnu services messaging) #:use-module (guix deprecation) #:use-module (guix least-authority) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) #:use-module (srfi srfi-35) + #:use-module (srfi srfi-71) + #:use-module (ice-9 format) #:use-module (ice-9 match) #:export (prosody-service-type prosody-configuration @@ -58,6 +63,32 @@ (define-module (gnu services messaging) bitlbee-configuration? bitlbee-service-type + + ngircd-configuration + ngircd-configuration? + + ngircd-global + ngircd-global? + + ngircd-limits + ngircd-limits? + + ngircd-options + ngircd-options? + + ngircd-ssl + ngircd-ssl? + + ngircd-operator + ngircd-operator? + + ngircd-server + ngircd-server? + + ngircd-channel + ngircd-channel? + ngircd-service-type + quassel-configuration quassel-service-type @@ -921,6 +952,625 @@ (define bitlbee-service-type "Run @url{http://bitlbee.org,BitlBee}, a daemon that acts as a gateway between IRC and chat networks."))) + +;;; +;;; ngIRCd. +;;; + +(define-maybe string + (prefix ngircd-)) + +(define-maybe file-like + (prefix ngircd-)) + +(define-maybe list-of-strings + (prefix ngircd-)) + +(define (port? x) + (and (number? x) + (and (>= x 0) (<= x 65535)))) + +(define list-of-ports? + (list-of port?)) + +(define-maybe port + (prefix ngircd-)) + +(define-maybe list-of-ports + (prefix ngircd-)) + +(define-maybe number + (prefix ngircd-)) + +(define-maybe boolean + (prefix ngircd-)) + +(define (pascal-case text) + (object->camel-case-string text 'upper)) + +(define (ngircd-serialize-string field value) + (format #f "~a = ~a~%" (pascal-case field) value)) + +(define (ngircd-serialize-boolean field value) + (let* ((field (symbol->string field)) + (name (if (string-suffix? "?" field) + (string-drop-right field 1) + field))) + (format #f "~a = ~:[false~;true~]~%" (pascal-case name) value))) + +(define (ngircd-serialize-file-like field value) + #~(format #f "~a = ~a~%" #$(pascal-case field) #$value)) + +(define (ngircd-serialize-list-of-strings field value) + (format #f "~a = ~{~a~^,~}~%" (pascal-case field) value)) + +(define ngircd-serialize-list-of-ports + ngircd-serialize-list-of-strings) + +(define ngircd-serialize-number ngircd-serialize-string) + +(define ngircd-serialize-port ngircd-serialize-number) + +(define (string-or-number? x) + (or (string? x) (number? x))) + +(define ngircd-serialize-string-or-number ngircd-serialize-string) + +(define-configuration ngircd-global ;[Global] + (name + maybe-string + "Server name in the IRC network. This is an individual name of the IRC +server, it is not related to the DNS host name. It must be unique in the IRC +network and must contain at least one dot (@samp{.}) character. When not set, +ngIRCd tries to deduce a valid IRC server name from the local host name.") + (admin-info-1 + maybe-string + "First administrator information.") + (admin-info-2 + maybe-string + "Second administrator information.") + (admin-email + maybe-string + "Email to reach administrators.") + (help-file + maybe-file-like + "File-like containing the ngIRCd help text.") + (info + maybe-string + "Info text of the server. This will be shown by WHOIS and LINKS requests +for example.") + (listen + (maybe-list-of-strings (list "::" "0.0.0.0")) + "A list of IP address on which the server should listen. By default it +listens on all interfaces.") + (motd-file + ;; Provide an empty default file to avoid a warning when running --conftest + ;; in the activation script. + (file-like (plain-file "ngircd.motd" "")) + "Text file with the @i{message of the day} (MOTD). This message will be +shown to all users connecting to the server.") + (motd-phrase + maybe-string + "A simple Phrase (<127 chars) to use if you don't want to use a MOTD +file.") + (network + maybe-string + "The name of the IRC network to which this server belongs. This name is +optional, should only contain ASCII characters, and can't contain spaces. It +is only used to inform clients.") + (password + maybe-string + "Global password or all users needed to connect to the server. By default, +no password is required. PAM must be disabled for this option to have an +effect.") + (pid-file + (string "/run/ngircd/ngircd.pid") + "The file name where the PID of ngIRCd is written after it starts.") + (ports + (maybe-list-of-ports (list 6667)) + "Port number(s) on which the server should listen for @emph{unencrypted} +connections.") + (server-uid + (string-or-number "ngircd") + "The user that the @command{ngircd} command should run as.") + (server-gid + (string-or-number "ngircd") + "The group that the @command{ngircd} command should run as.") + (prefix ngircd-)) + +(define (serialize-ngircd-global _ config) + #~(string-append + "[Global]\n" + #$(serialize-configuration config ngircd-global-fields))) + +(define-configuration ngircd-limits ;[Limits] + (connect-retry + (maybe-number 60) + "The number of seconds the server should wait before re-attempting to +establish a link to not yet (or no longer) connected servers.") + (max-connections + (maybe-number 0) + "Maximum number of simultaneous in- and outbound connections the server is +allowed to accept. There is no limit by default.") + (max-connections-ip + (maybe-number 5) + "Maximum number of simultaneous connections from a single IP address that +the server will accept. This configuration options lowers the risk of denial +of service attacks (DoS). Set to 0 to remove the limit.") + (max-joins + (maybe-number 10) + "Maximum number of channels a user can be member of. Set to 0 to remove +the limit.") + (max-list-size + (maybe-number 100) + "Maximum number of channels returned in response to a LIST command.") + (ping-timeout + (maybe-number 120) + "Number of seconds of inactivity after which the server will send a PING to +the peer to test whether it is alive or not.") + (pong-timeout + (maybe-number 20) + "If a client fails to answer a PING with a PONG within this amount of +seconds, it will be disconnected by the server.") + (prefix ngircd-)) + +(define (serialize-ngircd-limits _ config) + #~(string-append + "\n[Limits]\n" + #$(serialize-configuration config ngircd-limits-fields))) + +(define-maybe ngircd-limits) + +(define-configuration ngircd-options ;[Options] + (allowed-channel-types + (maybe-string "#&+") + "List of allowed channel types (channel prefixes) for newly created +channels on the local server. By default, all supported channel types are +allowed.") + (allow-remote-oper? + (maybe-boolean #f) + "If this option is active, IRC operators connected to remote servers are +allowed to control this local server using administrative commands, for +example like CONNECT, DIE, SQUIT, etc.") + (connect-ipv4? + (maybe-boolean #t) + "Set to @code{#f} to prevent ngIRCd from connecting to other IRC servers +using the IPv4 protocol, allowed by default.") + (connect-ipv6? + (maybe-boolean #t) + "Set to @code{#f} to prevent ngIRCd from connecting to other IRC servers +using the IPv6 protocol, allowed by default.") + (dns? + (maybe-boolean #t) + "Set to @code{#f} to disable DNS lookups when clients connect. If you +configure the daemon to connect to other servers, ngIRCd may still perform a +DNS lookup if required.") + (more-privacy? + (maybe-boolean #f) + "Set this to @code{#t} to have ngIRCd censor user idle time, logon time as +well as the PART/QUIT messages (that sometimes used to inform everyone about +which client software is being used). WHOWAS requests are also silently +ignored, and NAMES output doesn't list any clients for non-members. This +option is most useful when ngIRCd is being used together with anonymizing +software such as TOR or I2P and one does not wish to make it too easy to +collect statistics on the users.") + (notice-before-registration? + (maybe-boolean #f) + "Normally ngIRCd doesn't send any messages to a client until it is +registered. Enable this option to let the daemon send @samp{NOTICE *} +messages to clients while connecting.") + (oper-can-use-mode? + (maybe-boolean #f) + "Should IRC Operators be allowed to use the MODE command even if they are +not(!) channel-operators?") + (oper-chan-p-auto-op? + (maybe-boolean #t) + "Should IRC Operators get AutoOp (+o) in persistent (+P) channels?") + (oper-server-mode? + (maybe-boolean #f) + "If @code{open-can-use-mode?} is @code{#t}, this may lead the compatibility +problems with servers that run the ircd-irc2 software. This option masks mode +requests by non-chanops as if they were coming from the server. Only enable +this if you have ircd-irc2 servers in your IRC network.") + (pam? + (maybe-boolean #t) + "Set to @code{#f} to disable all calls to the PAM library at runtime; all +users connecting without password are allowed to connect, all passwords given +will fail. Users identified without PAM are registered with a +tilde (@samp{~}) prepended to their user name.") + (pam-is-optional? + (maybe-boolean #f) + "Set to @code{#t} to make PAM authentication optional, causing clients not +sending a password to still be able to connect, but won't become identified +and keep the tilder (@samp{~}) character prepended to their supplied user +name.") + (require-auth-ping? + (maybe-boolean #f) + "Set to @code{#t} to have ngIRCd send an authentication PING when a new +client connects, and register this client only after receiving the +corresponding PONG reply.") + (prefix ngircd-)) + +(define (serialize-ngircd-options _ config) + #~(string-append + "\n[Options]\n" + #$(serialize-configuration config ngircd-options-fields))) + +(define-maybe ngircd-options) + +(define-configuration ngircd-ssl ;[SSL] + (cert-file + maybe-string + "SSL certificate file of the private server key.") + (key-file + maybe-string + "File name of the SSL Server Key to be used for SSL connections, which is +required for SSL/TLS support.") + (ca-file + (string "/etc/ssl/certs/ca-certificates.crt") + "A file listing all the certificates of the trusted Certificate +Authorities.") + (ports + maybe-list-of-ports + "Like the global configuration's @code{port} option, except that ngIRCd +will expect incoming connections to be SSL/TLS encrypted. Common port numbers +for SSL-encrypted IRC are 6669 and 6697.") + (cipher-list + maybe-string + "The GnuTLS cipher suites allowed for SSL/TLS connections, a value such as +@code{\"SECURE128:-VERS-SSL3.0\"}. Refer to @samp{man 3 gnutls_priority_init} +for details.") + (dh-file + maybe-file-like + "A file-like containing the Diffie-Hellman parameters, which can be created +with GnuTLS via @samp{certtool --generate-dh-params}. If this file is not +present, the Diffie-Hellman parameters will be computed on startup, which may +take some time.") + (prefix ngircd-)) + +(define (serialize-ngircd-ssl _ config) + #~(string-append + "\n[SSL]\n" + #$(serialize-configuration config ngircd-ssl-fields))) + +(define-maybe ngircd-ssl) + +(define-configuration ngircd-operator ;[Operator] + (name + string + "ID of the operator (may be different of the nickname).") + (password + string + "Password of the IRC operator.") + (mask + maybe-string + "Mask that is to be checked before an /OPER for this account is accepted, +for example: @code{\"nick!ident@@*.example.com\"}.") + (prefix ngircd-)) + +(define list-of-ngircd-operators? + (list-of ngircd-operator?)) + +(define (serialize-ngircd-operator _ operator) + #~(string-append + "\n[Operator]\n" + #$(serialize-configuration operator ngircd-operator-fields))) + +(define (serialize-list-of-ngircd-operators _ operators) + #~(string-append #$@(map (cut serialize-ngircd-operator #f <>) operators))) + +(define-maybe list-of-ngircd-operators) + +(define-configuration ngircd-server ;[Server] + (name + string + "IRC name of the remote server.") + (host + string + "Internet host name (or IP address) of the peer.") + (my-password + string + "Own password for this connection. This password has to be configured as +@code{peer-password} on the other server and must not have @samp{:} as first +character.") + (peer-password + string + "Foreign password for this connection. This password has to be configured +as @code{my-password} on the other server.") + (bind + maybe-string + "IP address to use as source IP for the outgoing connection. The default +is to let the operating system decide.") + (port + maybe-port + "Port of the remote server to which ngIRCd should connect (active). If no +port is assigned to a configured server, the daemon only waits for incoming +connections (passive, which is the default).") + (group + maybe-number + "Group of this server.") + (passive? + (maybe-boolean #f) + "Set to @code{#t} to disable automatic connection even if the port value is +specified.") + (ssl-connect? + (maybe-boolean #f) + "Connect to the remote server using TLS/SSL.") + (prefix ngircd-)) + +(define list-of-ngircd-servers? + (list-of ngircd-server?)) + +(define (serialize-ngircd-server _ server) + #~(string-append + "\n[Server]\n" + #$(serialize-configuration server ngircd-server-fields))) + +(define (serialize-list-of-ngircd-servers _ servers) + #~(string-append #$@(map (cut serialize-ngircd-server #f <>) servers))) + +(define-maybe list-of-ngircd-servers) + +(define-configuration ngircd-channel ;[Channel] + (name + string + "Name of the channel, including channel prefix (\"#\" or \"&\").") + (topic + maybe-string + "Topic for this channel.") + (modes + maybe-list-of-strings + "Initial channel modes, as used in MODE commands. Modifying lists (ban +list, invite list, exception list) is supported. If multiple MODE strings are +specified, they are evaluated in the order listed (left to right)." + (serializer (lambda (_ value) + ;; Special case: each mode string gets serialized to a + ;; separate option. + (format #f "~{Modes = ~a~%~}" value)))) + (key-file + maybe-file-like + "Path and file name of a ngIRCd key file containing individual channel keys +for different users. Refer to @samp{man 5 ngircd.conf} for more details.") + (prefix ngircd-)) + +(define list-of-ngircd-channels? + (list-of ngircd-channel?)) + +(define (serialize-ngircd-channel _ channel) + #~(string-append + "\n[Channel]\n" + #$(serialize-configuration channel ngircd-channel-fields))) + +(define (serialize-list-of-ngircd-channels _ channels) + #~(string-append #$@(map (cut serialize-ngircd-channel #f <>) channels))) + +(define-maybe list-of-ngircd-channels) + +(define-configuration ngircd-configuration + (ngircd + (file-like ngircd) + "The @code{ngircd} package to use.") + (debug? + (boolean #f) + "Turn on debugging messages." + (serializer empty-serializer)) + (global + ;; Always use a ngircd-global default to ensure the correct PidFile option + ;; is set, as it is required by the service. + (ngircd-global (ngircd-global)) + "A ngircd-global record object used to specify global options.") + (limits + maybe-ngircd-limits + "The ngircd-limits record object used to specify limits options.") + (options + maybe-ngircd-options + "The ngircd-options record object used to specify optional features and +configuration options.") + (ssl + maybe-ngircd-ssl + "The ngircd-ssl record object used to specify the SSL-related options.") + (operators + maybe-list-of-ngircd-operators + "A list of ngircd-operator record objects used to specify the operators.") + (servers + maybe-list-of-ngircd-servers + "A list of ngircd-server record objects used to specify other remote +servers to connect to.") + (channels + maybe-list-of-ngircd-channels + "A list of ngircd-channels record objects specifying pre-defined channels +to be created by the server when starting up.")) + +(define (ngircd-generate-documentation) + (configuration->documentation 'ngircd-configuration) + (configuration->documentation 'ngircd-global) + (configuration->documentation 'ngircd-limits) + (configuration->documentation 'ngircd-options) + (configuration->documentation 'ngircd-ssl) + (configuration->documentation 'ngircd-operator) + (configuration->documentation 'ngircd-server) + (configuration->documentation 'ngircd-channel)) + +(define (ngircd-user+group config) + "Return the Global->ServerUID and Global->ServerGID configuration options as +values." + (let* ((global (ngircd-configuration-global config)) + (user (ngircd-global-server-uid global)) + (group (ngircd-global-server-gid global))) + (values user group))) + +(define (ngircd-account config) + (let* ((user group (ngircd-user+group config)) + (group-name (if (string? group) + group + "ngircd")) + (user-name (if (string? user) + user + "ngircd")) + (gid (if (number? group) + group + #f)) + (uid (if (number? user) + user + #f))) + (list (user-group + (name group-name) + (id gid) + (system? #t)) + (user-account + (name user-name) + (uid uid) + (group group-name) + (system? #t) + (comment "Ngircd daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))))) + +(define (serialize-ngircd-configuration config) + "Return a file-like object corresponding to the serialized + record." + (mixed-text-file "ngircd.conf" + (serialize-configuration + config ngircd-configuration-fields))) + +(define (ngircd-wrapper config) + "Take CONFIG, a object, and provide a least-authority +wrapper for the 'ngircd' command." + (let* ((ngircd.conf (serialize-ngircd-configuration config)) + (user group (ngircd-user+group config)) + (global (ngircd-configuration-global config)) + (pid-file (ngircd-global-pid-file global)) + (help-file (ngircd-global-help-file global)) + (motd-file (ngircd-global-motd-file global)) + (ssl (ngircd-configuration-ssl config)) + (ca-file (ngircd-ssl-ca-file ssl)) + (cert-file (ngircd-ssl-cert-file ssl)) + (key-file (ngircd-ssl-key-file ssl)) + (dh-file (ngircd-ssl-dh-file ssl)) + (channels (ngircd-configuration-channels config))) + (least-authority-wrapper + (file-append (ngircd-configuration-ngircd config) "/sbin/ngircd") + #:name "ngircd-pola-wrapper" + ;; Expose all needed files, such as all options corresponding to + ;; file-like objects and string file names. + #:mappings + (append + (list (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source ngircd.conf) + (target source)) + (file-system-mapping + (source (string-append (dirname pid-file))) + (target source) + (writable? #t))) + (if (maybe-value-set? help-file) + (list (file-system-mapping + (source help-file) + (target source))) + '()) + (if (maybe-value-set? motd-file) + (list (file-system-mapping + (source motd-file) + (target source))) + '()) + (if (maybe-value-set? ssl) + ;; When SSL is used, expose the specified keys and certificates. + (append + (if (maybe-value-set? ca-file) + (list (file-system-mapping + (source ca-file) + (target source))) + '()) + (if (maybe-value-set? cert-file) + (list (file-system-mapping + (source cert-file) + (target source))) + '()) + (if (maybe-value-set? key-file) + (list (file-system-mapping + (source key-file) + (target source))) + '()) + (if (maybe-value-set? dh-file) + (list (file-system-mapping + (source dh-file) + (target source))) + '())) + '()) + (if (maybe-value-set? channels) + (filter-map (lambda (channel) + (let ((key-file (ngircd-channel-key-file channel))) + (and (maybe-value-set? key-file) + key-file))) + channels) + '())) + #:user user + #:group group + ;; ngircd wants to look up users in /etc/passwd so run in the global user + ;; namespace. Also preserve the PID namespaces otherwise the PID file + ;; would contain an unrelated PID number and confuse Shepherd. + #:namespaces (fold delq %namespaces '(net pid user))))) + +(define (ngircd-shepherd-service config) + (match-record config + (ngircd debug? global) + (let ((ngircd.conf (serialize-ngircd-configuration config)) + (ngircd (file-append ngircd "/sbin/ngircd")) + (pid-file (ngircd-global-pid-file global)) + (user group (ngircd-user+group config))) + (list (shepherd-service + (provision '(ngircd)) + (requirement '(user-processes networking syslogd)) + (actions (list (shepherd-configuration-action ngircd.conf))) + (start #~(make-forkexec-constructor + (append (list #$(ngircd-wrapper config) + "--nodaemon" "--syslog" + "--config" #$ngircd.conf) + (if #$debug? + '("--debug") + '())) + #:pid-file #$pid-file)) + + (stop #~(make-kill-destructor))))))) + +(define (ngircd-activation config) + (let* ((ngircd (file-append (ngircd-configuration-ngircd config))) + (pid-file (ngircd-global-pid-file + (ngircd-configuration-global config))) + (ngircd.conf (serialize-ngircd-configuration config)) + (user _ (ngircd-user+group config))) + #~(begin + (use-modules (guix build utils) + (ice-9 match)) + (define pw (match #$user + ((? number?) (getpwuid #$user)) + ((? string?) (getpwnam #$user)))) + (mkdir-p/perms #$(dirname pid-file) pw #o755) + (system (string-join + (list #$(file-append ngircd "/sbin/ngircd") + "--configtest" "--config" #$ngircd.conf + ;; Ensure stdin is not a TTY to avoid pausing for a key + ;; during boot when a problem is detected. + "<" "/dev/null")))))) + +(define ngircd-service-type + (service-type + (name 'ngircd) + (extensions + (list (service-extension shepherd-root-service-type + ngircd-shepherd-service) + (service-extension profile-service-type + (compose list ngircd-configuration-ngircd)) + (service-extension account-service-type + ngircd-account) + (service-extension activation-service-type + ngircd-activation))) + (description + "Run @url{https://ngircd.barton.de/, ngIRCd}, a lightweight @acronym{IRC, +Internet Relay Chat} daemon."))) + ;;; ;;; Quassel. diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm index 9eae3f6049..ed31b16957 100644 --- a/gnu/tests/messaging.scm +++ b/gnu/tests/messaging.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2017, 2018 Clément Lassieur ;;; Copyright © 2017-2018, 2021-2022 Ludovic Courtès ;;; Copyright © 2018 Efraim Flashner +;;; Copyright © 2025 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -31,6 +32,7 @@ (define-module (gnu tests messaging) #:use-module (guix modules) #:export (%test-prosody %test-bitlbee + %test-ngircd %test-quassel)) (define (run-xmpp-test name xmpp-service pid-file create-account) @@ -217,6 +219,77 @@ (define %test-bitlbee (description "Connect to a BitlBee IRC server.") (value (run-bitlbee-test)))) + +;;; +;;; ngIRCd. +;;; + +(define %ngircd-os + (marionette-operating-system + (simple-operating-system + (service dhcp-client-service-type) + (service ngircd-service-type + (ngircd-configuration + (debug? #t) + (global + (ngircd-global + (pid-file "/var/ngircd/ngircd.pid") + (server-uid 990) + (server-gid 990))) + ;; There is no need to serialize the following sections, which + ;; are all optional, but include them anyway to test the + ;; serializers. + (limits (ngircd-limits)) + (options (ngircd-options)) + (ssl (ngircd-ssl)) + (operators (list (ngircd-operator + (name "maxim") + (password "1234")))) + (channels (list (ngircd-channel + (name "#guix"))))))) + #:imported-modules (source-module-closure '((gnu services herd))))) + +(define (run-ngircd-test) + (define vm + (virtual-machine (operating-system %ngircd-os))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette (list #$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "ngircd") + + (test-assert "ngircd service runs" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (wait-for-service 'ngircd)) + marionette)) + + (test-assert "ngircd listens on TCP port 6667" + (wait-for-tcp-port 6667 marionette)) + + (test-end)))) + + (gexp->derivation "ngircd-test" test)) + +(define %test-ngircd + (system-test + (name "ngircd") + (description "Connect to a ngircd IRC server.") + (value (run-ngircd-test)))) + + +;;; +;;; Quassel. +;;; + (define (run-quassel-test) (define os (marionette-operating-system base-commit: 8c43056aabc2d22da61dc86049b143f7ae1ef516 -- 2.49.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 01 08:17:06 2025 Received: (at 77396) by debbugs.gnu.org; 1 Apr 2025 12:17:07 +0000 Received: from localhost ([127.0.0.1]:46880 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tzaYB-0000mD-5g for submit@debbugs.gnu.org; Tue, 01 Apr 2025 08:17:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54216) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tzaY8-0000kf-EI for 77396@debbugs.gnu.org; Tue, 01 Apr 2025 08:17:01 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tzaY3-00006Q-1s; Tue, 01 Apr 2025 08:16:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=dylb0tjacv5QRth6vWXgePLFSwDK+tAZviwDKkqc5J0=; b=SLaT9/zdoA+DFbLgvnbN lVZKsPEminZCw7e296XvXa6a+tUyuqj0f3X+xtegtaT7lB63ONZbU7Ufj1/SqzOWRb1bNCq8o4M0l qLw2211DCHbuKGE1HBR4gQ/zHEsqIFDLxnrDkLw+AFvSNVdt2B29DZtKVsiTrz5M1djShu+FqPC9F SQLxlT2sGUII8Ol2mwe4xV0TmSxHCKhfPQO4ylvy4GuUD4IEDCVpx+e77b7+Xb9ndgq5SwcT/DSy1 WnvF6pnTJ7eOpdNynqQVxfRtWpdhpW4WcdYRz/ve0JnJSTCilm2/dzznGBSZMqncbqzdjz3pUZi1Y dMBwxoImqEHWdQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: [bug#77396] [PATCH] services: Add ngircd-service-type. In-Reply-To: (Maxim Cournoyer's message of "Mon, 31 Mar 2025 11:27:48 +0900") References: X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Duodi 12 Germinal an 233 de la =?utf-8?Q?R=C3=A9volu?= =?utf-8?Q?tion=2C?= jour du Charme X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 01 Apr 2025 14:16:50 +0200 Message-ID: <87bjtgdqkt.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77396 Cc: 77396@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! Maxim Cournoyer skribis: > * gnu/services/messaging.scm (pascal-case, ngircd-serialize-string) > (ngircd-serialize-boolean, ngircd-serialize-file-like) > (ngircd-serialize-list-of-strings, ngircd-serialize-list-of-ports) > (ngircd-serialize-number, ngircd-serialize-port) > (string-or-number?, ngircd-serialize-string-or-number): New procedures. > (ngircd-global, ngircd-limits, ngircd-options, ngircd-ssl) > (ngircd-operator, ngircd-server, ngircd-channel) > (ngircd-configuration): New configurations. > (serialize-ngircd-global, serialize-ngircd-limits) > (serialize-ngircd-options, serialize-ngircd-operator) > (serialize-list-of-ngircd-operators, serialize-ngircd-server) > (serialize-ngircd-channel, serialize-list-of-ngircd-channels) > (serialize-ngircd-configuration): New procedures. > (list-of-ngircd-operators?, list-of-ngircd-servers?) > (list-of-ngircd-channels?): New predicates. > (ngircd-generate-documentation): New procedure. > (ngircd-user+group, ngircd-account, ngircd-wrapper): Likewise. > (ngircd-shepherd-service): New shepherd service. > (%ngircd-activation): New procedure. > (ngircd-service-type): New service type. > * gnu/tests/messaging.scm (%ngircd-os): New variable. > (run-ngircd-test): New procedure. > (%test-ngircd): New test. > * doc/guix.texi (Messaging Services): Document it. > > Change-Id: I3ce9a7fd0b33afab22cf15942a1db0cf5b12bfdb [=E2=80=A6] > +@cindex IRC (Internet Relay Chat) > + > +@url{https://ngircd.barton.de/, ngIRCd}, is a lightweight @acronym{IRCd, > +Internet Relay Chat daemon}, which can be used to host your own IRC > +server. Could you add an example configuration, as is usually done for services? It=E2=80=99s always nice to have something to copy/paste to get started. > + > + ngircd-configuration > + ngircd-configuration? > + > + ngircd-global > + ngircd-global? > + > + ngircd-limits > + ngircd-limits? > + > + ngircd-options > + ngircd-options? > + > + ngircd-ssl > + ngircd-ssl? > + > + ngircd-operator > + ngircd-operator? > + > + ngircd-server > + ngircd-server? > + Please don=E2=80=99t export record type descriptors like since that makes it impossible to provide any guarantee (ABI, validity of fields, etc.). > +(define (ngircd-shepherd-service config) > + (match-record config > + (ngircd debug? global) > + (let ((ngircd.conf (serialize-ngircd-configuration config)) > + (ngircd (file-append ngircd "/sbin/ngircd")) > + (pid-file (ngircd-global-pid-file global)) > + (user group (ngircd-user+group config))) > + (list (shepherd-service > + (provision '(ngircd)) > + (requirement '(user-processes networking syslogd)) I would drop =E2=80=98networking=E2=80=99: see . > + (actions (list (shepherd-configuration-action ngircd.conf))) > + (start #~(make-forkexec-constructor > + (append (list #$(ngircd-wrapper config) > + "--nodaemon" "--syslog" I=E2=80=99d use #:log-file and drop =E2=80=98--syslog=E2=80=99; I find it m= ore convenient. > + "--config" #$ngircd.conf) > + (if #$debug? > + '("--debug") > + '())) > + #:pid-file #$pid-file)) If ngircd supports socket activation, I=E2=80=99d suggest using =E2=80=98make-systemd-constructor=E2=80=99 instead of #:pid-file: it equall= y achieves startup synchronization, but it allows for shorter startup times and can start the daemon lazily on-demand. > + (mkdir-p/perms #$(dirname pid-file) pw #o755) > + (system (string-join > + (list #$(file-append ngircd "/sbin/ngircd") > + "--configtest" "--config" #$ngircd.conf > + ;; Ensure stdin is not a TTY to avoid pausing for= a key > + ;; during boot when a problem is detected. > + "<" "/dev/null")))))) I think you can do: (parameterize ((current-input-port (%make-void-port "r"))) (system* #$(file-append =E2=80=A6) "--configtest" =E2=80=A6)) But! if it=E2=80=99s about checking the configuration, I would do it in a derivation (instead of at activation time), similar to how this is done for mcron. > + (test-assert "ngircd listens on TCP port 6667" > + (wait-for-tcp-port 6667 marionette)) Maybe try a /JOIN command or whatever? Thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 02:37:09 2025 Received: (at 77396) by debbugs.gnu.org; 3 Apr 2025 06:37:09 +0000 Received: from localhost ([127.0.0.1]:60574 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0ECK-0004Kq-Oh for submit@debbugs.gnu.org; Thu, 03 Apr 2025 02:37:09 -0400 Received: from mail-pf1-x435.google.com ([2607:f8b0:4864:20::435]:50576) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u0ECH-0004KB-Dy for 77396@debbugs.gnu.org; Thu, 03 Apr 2025 02:37:06 -0400 Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-73712952e1cso491332b3a.1 for <77396@debbugs.gnu.org>; Wed, 02 Apr 2025 23:37:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743662219; x=1744267019; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JIWtXvcvbBHDVpkDQyQM6qn/1zARIVEInxbT+M8BNco=; b=I8VkDX3fZDCpHnqkVBwj5+YeUsWGN9s1x4azLD6eSRxNGyVuUWQR1+a2w4mTThJz8k G0nvEgmZlU/d7qY7+xSWF1rlDNupXbbdttWF9zuVqYX0wkGjx78UGxPo8Mj2eLxru/6V Jzo2Apsr3S8aUmUjRjlsJF0Awmci9ZUm+SbwFO9kTHOOmBURpMzq0zRs7oZuw8HMWuoe TQq1AVxbs30XnlM8F/az6UUbg7Jp1HhzIWMf2wu/T1wZeRy06me16DANC1os5llT+cnE ekvsa7U1Sq2pAqWXcz8ka6wd05lNqIy6Uzb9aQ+8sC/BelyDhyPzVP90CwMroxZLzZ8U rgzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743662219; x=1744267019; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=JIWtXvcvbBHDVpkDQyQM6qn/1zARIVEInxbT+M8BNco=; b=BcOT5a5BdEWnQeWQTrh5W6WwtqKYxN5+RR5aOFUil0sf5OOl5wNRlaj23gajBipMNF cbPObVZPJX5dxBfHwK69g2Z4wDWdeQOHHKyfc33HEhEPPDh4o8QEvd5yyXH77EgIS2HO fZOUdL93Pw7ALGTbl61Eqj29X7e2IoHjq06wnn27y3nJ0JnyQ228E+Nk6OYsgLbKnUdu LmF+VeAVaPgoFedIh9BLnWD+Xz9/wL0VwcG+Dh6RlJ9Nsxj0GqII+8kLaYBpZIhRMWSV AWdlOVS4rTFIiR3PIB3tGLZBasBJG4fsj27X7hbVhqssfbULTfw3ZnbLkip2fRcLokoS aBlQ== X-Gm-Message-State: AOJu0YyRAWBRkFDZIScwaYvxFF9GNgoL6Av3j4+6uYzcZat8iJovPRKI YpPrk3WeeBTXloME9kfPl+frjClmqClHKz5RJxlczUC9DvcRRCdoCWEDjA== X-Gm-Gg: ASbGncvYw7qOSdjwzcowrIzFgpf/ounjQr677MwMF1e6q3B7gqJXB7G99o3dQocz1Pv Ssa2sUqDdkkkre4BSJ44XhC6ju8SafsKUAKBvKwmfu4Jw3t/vuB4mgd3HhBbZ5bo4CNGAn460U5 5cukoo4QzkIJENTKQmRVs/fpW/yLIWckP9XI3buggC/3fgGJVKfQXTF57yoerAsdKC4Eqvlz1eZ AoWX/mFe5B6zChnFizPc1QOljYavjeSR540jLIPAOcSsJqHT5f3h4oqmIWoYvuGXQWQGoBlj4xk 0asvi7DuQ1unGJtyBae9tMxKSEkM4VOhDEWUNwP/Ask= X-Google-Smtp-Source: AGHT+IEedcueVyQxuqkDq596FGMInT33/hL80qkp07GuW8eS9Kd/qkbW/oD5qwgTwK4JbgAyCafzyQ== X-Received: by 2002:a05:6a00:244a:b0:736:5725:59b4 with SMTP id d2e1a72fcca58-739d84e568cmr2088597b3a.3.1743662218267; Wed, 02 Apr 2025 23:36:58 -0700 (PDT) Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-739d97d17absm695054b3a.17.2025.04.02.23.36.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Apr 2025 23:36:57 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#77396] [PATCH] services: Add ngircd-service-type. In-Reply-To: <87bjtgdqkt.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Tue, 01 Apr 2025 14:16:50 +0200") References: <87bjtgdqkt.fsf@gnu.org> Date: Thu, 03 Apr 2025 15:36:40 +0900 Message-ID: <87mscx21l3.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77396 Cc: 77396@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi! Thanks for the prompt review! Ludovic Court=C3=A8s writes: [...] >> +@cindex IRC (Internet Relay Chat) >> + >> +@url{https://ngircd.barton.de/, ngIRCd}, is a lightweight @acronym{IRCd, >> +Internet Relay Chat daemon}, which can be used to host your own IRC >> +server. > > Could you add an example configuration, as is usually done for services? > It=E2=80=99s always nice to have something to copy/paste to get started. I've added a not-too-serious one: --8<---------------cut here---------------start------------->8--- modified doc/guix.texi @@ -30365,6 +30365,21 @@ Messaging Services @defvar ngircd-service-type The service type for ngIRCd. Its value is a @code{ngircd-configuration} object, documented below. + +A simple example configuration could look like: + +@lisp +(service ngircd-service-type + (ngircd-configuration + (channels + (list (ngircd-channel + (name "#fruits") + (topic "All things fruits -- veggies are off-topic")))) + (operators + (list (ngircd-operator + (name "mikan") + (password "tomatoes-are-fruits/carrots-are-not")))))) +@end lisp @end defvar =20 @c To regenerate the rest of this section documentation, use the --8<---------------cut here---------------end--------------->8--- >> + >> + ngircd-configuration >> + ngircd-configuration? >> + >> + ngircd-global >> + ngircd-global? >> + >> + ngircd-limits >> + ngircd-limits? >> + >> + ngircd-options >> + ngircd-options? >> + >> + ngircd-ssl >> + ngircd-ssl? >> + >> + ngircd-operator >> + ngircd-operator? >> + >> + ngircd-server >> + ngircd-server? >> + > > Please don=E2=80=99t export record type descriptors like > since that makes it impossible to provide any guarantee (ABI, validity > of fields, etc.). Since there would be so many fields to export, I was hoping to punt on exporting all individual accessors, and at least let users be able to use 'match-record', which requires the record type. Isn't match-record intended to be used by users as well as service authors? >> +(define (ngircd-shepherd-service config) >> + (match-record config >> + (ngircd debug? global) >> + (let ((ngircd.conf (serialize-ngircd-configuration config)) >> + (ngircd (file-append ngircd "/sbin/ngircd")) >> + (pid-file (ngircd-global-pid-file global)) >> + (user group (ngircd-user+group config))) >> + (list (shepherd-service >> + (provision '(ngircd)) >> + (requirement '(user-processes networking syslogd)) > > I would drop =E2=80=98networking=E2=80=99: see . I've read the link above, and I think it's probably safer to keep it, since the interfaces that should be listened can be configured by the user. Also, the 'contrib' systemd service uses 'After=3Dnetwork.target' [0]. [0] https://github.com/ngircd/ngircd/blob/512af135d06e7dad93f51eae51b3979e= 1d4005cc/contrib/ngircd.service#L7 >> + (actions (list (shepherd-configuration-action ngircd.conf)= )) >> + (start #~(make-forkexec-constructor >> + (append (list #$(ngircd-wrapper config) >> + "--nodaemon" "--syslog" > > I=E2=80=99d use #:log-file and drop =E2=80=98--syslog=E2=80=99; I find it= more convenient. Do you find it more convenient because of the new 'herd log service' functionality when #:log-file is used? Otherwise I usually prefer searching messages in a single place as opposed to various log files. >> + "--config" #$ngircd.conf) >> + (if #$debug? >> + '("--debug") >> + '())) >> + #:pid-file #$pid-file)) > > If ngircd supports socket activation, I=E2=80=99d suggest using > =E2=80=98make-systemd-constructor=E2=80=99 instead of #:pid-file: it equa= lly achieves > startup synchronization, but it allows for shorter startup times and can > start the daemon lazily on-demand. It's a bit weird to me that something as permanent as an IRC server should be lazily started by socket activation, but it does support that, and it simplifies things a bit, so I've made the switch, like so: --8<---------------cut here---------------start------------->8--- 1 file changed, 44 insertions(+), 43 deletions(-) gnu/services/messaging.scm | 87 +++++++++++++++++++++++++++++++++++++++++++= +------------------------------------------- modified gnu/services/messaging.scm @@ -1040,9 +1040,9 @@ (define-configuration ngircd-global ;[Global] "Info text of the server. This will be shown by WHOIS and LINKS requests for example.") (listen - (maybe-list-of-strings (list "::" "0.0.0.0")) + (list-of-strings (list "::" "0.0.0.0")) "A list of IP address on which the server should listen. By default it -listens on all interfaces.") +listens on all configured IP addresses and interfaces.") (motd-file ;; Provide an empty default file to avoid a warning when running --conf= test ;; in the activation script. @@ -1064,10 +1064,11 @@ (define-configuration ngircd-global ;[Global] no password is required. PAM must be disabled for this option to have an effect.") (pid-file - (string "/run/ngircd/ngircd.pid") - "The file name where the PID of ngIRCd is written after it starts.") + maybe-string + "The file name where the PID of ngIRCd should be written after it start= s. +By default, no PID file is created.") (ports - (maybe-list-of-ports (list 6667)) + (list-of-ports (list 6667)) "Port number(s) on which the server should listen for @emph{unencrypted} connections.") (server-uid @@ -1207,7 +1208,7 @@ (define-configuration ngircd-ssl ;[SSL] "File name of the SSL Server Key to be used for SSL connections, which = is required for SSL/TLS support.") (ca-file - (string "/etc/ssl/certs/ca-certificates.crt") + (maybe-string "/etc/ssl/certs/ca-certificates.crt") "A file listing all the certificates of the trusted Certificate Authorities.") (ports @@ -1439,7 +1440,6 @@ (define (ngircd-wrapper config) (let* ((ngircd.conf (serialize-ngircd-configuration config)) (user group (ngircd-user+group config)) (global (ngircd-configuration-global config)) - (pid-file (ngircd-global-pid-file global)) (help-file (ngircd-global-help-file global)) (motd-file (ngircd-global-motd-file global)) (ssl (ngircd-configuration-ssl config)) @@ -1460,11 +1460,7 @@ (define (ngircd-wrapper config) (target source)) (file-system-mapping (source ngircd.conf) - (target source)) - (file-system-mapping - (source (string-append (dirname pid-file))) - (target source) - (writable? #t))) + (target source))) (if (maybe-value-set? help-file) (list (file-system-mapping (source help-file) @@ -1509,53 +1505,58 @@ (define (ngircd-wrapper config) #:user user #:group group ;; ngircd wants to look up users in /etc/passwd so run in the global = user - ;; namespace. Also preserve the PID namespaces otherwise the PID file - ;; would contain an unrelated PID number and confuse Shepherd. - #:namespaces (fold delq %namespaces '(net pid user))))) + ;; namespace. + #:namespaces (fold delq %namespaces '(net user))))) =20 (define (ngircd-shepherd-service config) (match-record config - (ngircd debug? global) - (let ((ngircd.conf (serialize-ngircd-configuration config)) - (ngircd (file-append ngircd "/sbin/ngircd")) - (pid-file (ngircd-global-pid-file global)) - (user group (ngircd-user+group config))) + (ngircd debug? global ssl) + (let* ((ngircd.conf (serialize-ngircd-configuration config)) + (ngircd (file-append ngircd "/sbin/ngircd")) + (addresses (ngircd-global-listen global)) + (ports* (ngircd-global-ports global)) + (ports (if (and (maybe-value-set? ssl) + (maybe-value-set? (ngircd-ssl-ports ssl))) + (append ports* (ngircd-ssl-ports ssl)) + ports*))) (list (shepherd-service (provision '(ngircd)) (requirement '(user-processes networking syslogd)) + (modules (cons '(srfi srfi-1) %default-modules)) (actions (list (shepherd-configuration-action ngircd.conf))) - (start #~(make-forkexec-constructor + (start #~(make-systemd-constructor (append (list #$(ngircd-wrapper config) "--nodaemon" "--syslog" "--config" #$ngircd.conf) (if #$debug? '("--debug") '())) - #:pid-file #$pid-file)) - - (stop #~(make-kill-destructor))))))) + ;; Compute endpoints for each listen addresses/ports + ;; combinations. + (append-map + (lambda (port) + (map (lambda (addr) + (endpoint + (addrinfo:addr + (car (getaddrinfo + addr + (number->string port) + (logior AI_NUMERICHOST + AI_NUMERICSERV)))))) + (list #$@addresses))) + (list #$@ports)))) + (stop #~(make-systemd-destructor))))))) =20 (define (ngircd-activation config) (let* ((ngircd (file-append (ngircd-configuration-ngircd config))) - (pid-file (ngircd-global-pid-file - (ngircd-configuration-global config))) - (ngircd.conf (serialize-ngircd-configuration config)) - (user _ (ngircd-user+group config))) - (with-imported-modules (source-module-closure - '((gnu build activation))) - #~(begin - (use-modules (gnu build activation) - (ice-9 match)) - (define pw (match #$user - ((? number?) (getpwuid #$user)) - ((? string?) (getpwnam #$user)))) - (mkdir-p/perms #$(dirname pid-file) pw #o755) - (system (string-join - (list #$(file-append ngircd "/sbin/ngircd") - "--configtest" "--config" #$ngircd.conf - ;; Ensure stdin is not a TTY to avoid pausing for= a key - ;; during boot when a problem is detected. - "<" "/dev/null"))))))) + (ngircd.conf (serialize-ngircd-configuration config))) + #~(begin + (system (string-join + (list #$(file-append ngircd "/sbin/ngircd") + "--configtest" "--config" #$ngircd.conf + ;; Ensure stdin is not a TTY to avoid pausing for a= key + ;; during boot when a problem is detected. + "<" "/dev/null")))))) =20 (define ngircd-service-type (service-type --8<---------------cut here---------------end--------------->8--- >> + (mkdir-p/perms #$(dirname pid-file) pw #o755) >> + (system (string-join >> + (list #$(file-append ngircd "/sbin/ngircd") >> + "--configtest" "--config" #$ngircd.conf >> + ;; Ensure stdin is not a TTY to avoid pausing fo= r a key >> + ;; during boot when a problem is detected. >> + "<" "/dev/null")))))) > > I think you can do: > > (parameterize ((current-input-port (%make-void-port "r"))) > (system* #$(file-append =E2=80=A6) "--configtest" =E2=80=A6)) Neat! I seemed to remember a buggy Guile interaction between 'system' and stdin/stdout redirections from Guile (e.g. bug#43364), but it doesn't seem to be an issue with your suggestion above. > But! if it=E2=80=99s about checking the configuration, I would do it in a > derivation (instead of at activation time), similar to how this is done > for mcron. Hm, I have looked at the mcron service and others, but haven't found it. Could you please point me to the exact file/line? >> + (test-assert "ngircd listens on TCP port 6667" >> + (wait-for-tcp-port 6667 marionette)) > > Maybe try a /JOIN command or whatever? Done, using the 'ii' minimalist IRC client, with something like this: --8<---------------cut here---------------start------------->8--- 2 files changed, 81 insertions(+), 28 deletions(-) gnu/services/messaging.scm | 12 +++++++----- gnu/tests/messaging.scm | 97 +++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++----------------------- modified gnu/services/messaging.scm @@ -1174,11 +1174,13 @@ (define-configuration ngircd-options ;[Options] requests by non-chanops as if they were coming from the server. Only enab= le this if you have ircd-irc2 servers in your IRC network.") (pam? - (maybe-boolean #t) - "Set to @code{#f} to disable all calls to the PAM library at runtime; a= ll -users connecting without password are allowed to connect, all passwords gi= ven -will fail. Users identified without PAM are registered with a -tilde (@samp{~}) prepended to their user name.") + (boolean #f) + "Set to @code{#t} to enable calls to the PAM library at runtime; all us= ers +connecting without password are allowed to connect, all passwords given wi= ll +fail. Users identified without PAM are registered with a tilde (@samp{~}) +prepended to their user name. This defaults to @code{#f} in Guix because = the +service runs as a unpriveleged user and thus cannot authenticate other use= rs +via the @code{pam_unix} PAM module.") (pam-is-optional? (maybe-boolean #f) "Set to @code{#t} to make PAM authentication optional, causing clients = not modified gnu/tests/messaging.scm @@ -24,9 +24,13 @@ (define-module (gnu tests messaging) #:use-module (gnu system) #:use-module (gnu system vm) #:use-module (gnu services) + #:use-module (gnu services base) #:use-module (gnu services messaging) #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (gnu packages irc) #:use-module (gnu packages messaging) + #:use-module (gnu packages screen) #:use-module (guix gexp) #:use-module (guix store) #:use-module (guix modules) @@ -225,32 +229,50 @@ (define %test-bitlbee ;;; =20 (define %ngircd-os - (marionette-operating-system - (simple-operating-system - (service dhcp-client-service-type) - (service ngircd-service-type - (ngircd-configuration - (debug? #t) - (global - (ngircd-global - (server-uid 990) - (server-gid 990))) - ;; There is no need to serialize the following sections, whi= ch - ;; are all optional, but include them anyway to test the - ;; serializers. - (limits (ngircd-limits)) - (options (ngircd-options)) - (ssl (ngircd-ssl)) - (operators (list (ngircd-operator - (name "maxim") - (password "1234")))) - (channels (list (ngircd-channel - (name "#guix"))))))) - #:imported-modules (source-module-closure '((gnu services herd))))) + (operating-system + (inherit %simple-os) + (packages (cons* ii screen %base-packages)) + (services + (cons* + (service dhcp-client-service-type) + ;; For ease of debugging. Run the vm with: + ;; '-nic user,model=3Dvirtio-net-pci,hostfwd=3Dtcp::10022-:22' + (service openssh-service-type ;for ease of debugging + (openssh-configuration + (permit-root-login #t) + (allow-empty-passwords? #t))) + (service ngircd-service-type + (ngircd-configuration + (debug? #t) + (global + (ngircd-global + (server-uid 990) + (server-gid 990))) + ;; There is no need to serialize the following sections, w= hich + ;; are all optional, but include them anyway to test the + ;; serializers. + (limits (ngircd-limits)) + (options (ngircd-options)) + (ssl (ngircd-ssl)) + (operators (list (ngircd-operator + (name "apteryx") + (password "1234")))) + (channels + (list (ngircd-channel + (name "#guix") + (topic "GNU Guix | https://guix.gnu.org")))))) + %base-services)))) =20 (define (run-ngircd-test) (define vm - (virtual-machine (operating-system %ngircd-os))) + (virtual-machine + (operating-system + (marionette-operating-system + %ngircd-os + #:imported-modules (source-module-closure + '((gnu build dbus-service) + (guix build utils) + (gnu services herd))))))) =20 (define test (with-imported-modules '((gnu build marionette)) @@ -274,6 +296,35 @@ (define (run-ngircd-test) (test-assert "ngircd listens on TCP port 6667" (wait-for-tcp-port 6667 marionette)) =20 + (test-assert "basic irc operations function as expected" + (marionette-eval + '(begin + (use-modules ((gnu build dbus-service) #:select (with-retr= ies)) + (ice-9 textual-ports)) + + (define (write-command command) + (call-with-output-file "in" + (lambda (port) + (display (string-append command "\n") port)))) + + (define (grep-output text) + (with-retries 5 1 ;retry for 5 seconds + (string-contains (call-with-input-file "out" get-strin= g-all) + text))) + + (unless (zero? (system "ii -s localhost -i /tmp &")) + (error "error connecting to irc server")) + + (with-retries 5 1 + (chdir "/tmp/localhost")) ;move to FIFO directory + + (write-command "/join #guix") + (grep-output "GNU Guix | https://guix.gnu.org") + + (write-command "/oper apteryx 1234") + (grep-output "+o")) + marionette)) + (test-end)))) =20 (gexp->derivation "ngircd-test" test)) --8<---------------cut here---------------end--------------->8--- I'll send a v2 with the above changes. The remaining points, pending my above questions, are: - Use dedicated log file? - Move configuration check to a derivation --=20 Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 02:44:00 2025 Received: (at 77396) by debbugs.gnu.org; 3 Apr 2025 06:44:00 +0000 Received: from localhost ([127.0.0.1]:60595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0EIx-0004e9-O9 for submit@debbugs.gnu.org; Thu, 03 Apr 2025 02:44:00 -0400 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]:52227) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u0EIu-0004dr-Nf for 77396@debbugs.gnu.org; Thu, 03 Apr 2025 02:43:57 -0400 Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-7340e6f3ce1so423526b3a.0 for <77396@debbugs.gnu.org>; Wed, 02 Apr 2025 23:43:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743662630; x=1744267430; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=9dx0P1Az3ScDvUq8kR6JJfEWO73dI45oYtmmbmn8ZM8=; b=RtyIsf+/GiER7qmmeLnpTK8DuayKVpJO8LyBID5shtGSJrcFG2m7Q1n8y0Sckl7fmm kzaaNbt9BvAL5BgO1r4LrnroG7Fjp0iwBPQ2qSieBln5ZxUaHCENqiHt+FPD4z5oI6Rh lOvzP25QI4CfC+groQHfI2HdoEi0J0y8HQnW8JYbj5ddQCkvm2evKnFdoPKRh1GfmbdF e8xTeiaPwo+8tqetL7ffXj6DJMVg85DnrykarR7ACCyJgefMbevjdRpDZ9n4fh9K6YKi HYF1ypuQ/sXDTp64cL5xGUD3ifypvCcrPsb4ADJCi9mFcRNSVYMOpvEs7NJM8X4K66Fz nqog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743662630; x=1744267430; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9dx0P1Az3ScDvUq8kR6JJfEWO73dI45oYtmmbmn8ZM8=; b=PHCBbfElblShkqo+EURMVTNeCa7wBf0f3b5ucJq9uhL86vSvPDgYEW2ILeKUYZYTqQ OdX1tk4gy4V3Q5mQSVHUxzpHiOs4gyFLVbgmTr/wwmCkmXY85TZS25t76lw7XtDb6vHU A4+CvdCiFr8iZwBhhwW0nTADXcCdbpieipaVqWWu8DWVAXVurqkFMVDAJk3bpkpwrQu5 a9NzxUE38frF3t8rMLwPNXzY7skCSkvAU6LK7alW3O2iFPnneFZfZ61R2FCKs5dl0CJA tsGnfM5rzQ8NsG0davIm3rGbXWLQG8tqzd5jbmKyF9PaGOEwht3GbROvBmZQw9cVowcY zKsQ== X-Gm-Message-State: AOJu0YzJFoaC8cSkFvKDlzjYM93pac9QiJdtrHZXFevPqBTX/QLTuLfd 8+KLKcPn/KJoc7e2UcxrzuSbV/SXRc5YA58KVlKAEWJw2sz6Qf8UNp4Z3A== X-Gm-Gg: ASbGnctsTnxaHo7nNZOmlCv2N7nrAefp+cnZyON2M634oFwYZcdeFmMxPiJ7NDwwObx jG4aEvVRcCVMvWs1rvTX76Cs+WYyfNeJ9QTg+hG7scxMsOHOeZYzl4u1/NA/H//jjNJanARxnSi pevmqqud/cukjvGgd/p7UfCwyv4gc4ou+gTjgXrpicZYQPFuqNvSZtV9ktyTDk/FX+kxOY7ncD5 QwGoR+ihIDM9idtK5dzh8/Sw6zvgRA2s+IPxK4oRdqy/CUdeB+ztC2Q9wHqSnvnN6nrf3AxQOWm WUIkx8Q1xqxKiDFzg1M7Zf5X0QJZAF2oIKgMgtxQE/BA5uggWw3AE5oCRLzTERS3 X-Google-Smtp-Source: AGHT+IEscBv7p1DThmgFNQTu/hv+dUJo73dXLBv6jcoprko6wzkejHHlNlrj8/wOwASh2ERmJavKtg== X-Received: by 2002:a05:6a20:c90d:b0:1f5:a3e8:64dd with SMTP id adf61e73a8af0-200f713321cmr2705400637.0.1743662630051; Wed, 02 Apr 2025 23:43:50 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-af9bc330489sm527711a12.32.2025.04.02.23.43.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Apr 2025 23:43:49 -0700 (PDT) From: Maxim Cournoyer To: 77396@debbugs.gnu.org Subject: [PATCH v2 1/2] least-authority: Preserve systemd LISTEN_* environment variables. Date: Thu, 3 Apr 2025 15:43:24 +0900 Message-ID: X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-Debbugs-Cc: Maxim Cournoyer , Ludovic Courtès , Christopher Baines , Josselin Poiret , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77396 Cc: Maxim Cournoyer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Otherwise, combining make-systemd-constructor with least-authority-wrapper would not work correctly out of the box. * guix/least-authority.scm (%precious-variables): Rename to... (%default-preserved-environment-variables): ... this, and export it. Add "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES" environment variables. (least-authority-wrapper): Adjust accordingly. Change-Id: Idd259b15463920965f530e1917d76bf97def3b7b --- guix/least-authority.scm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/guix/least-authority.scm b/guix/least-authority.scm index 3465fe9a48..cd846aaa61 100644 --- a/guix/least-authority.scm +++ b/guix/least-authority.scm @@ -26,7 +26,8 @@ (define-module (guix least-authority) spec->file-system file-system->spec file-system-mapping->bind-mount) - #:export (least-authority-wrapper)) + #:export (least-authority-wrapper + %default-preserved-environment-variables)) ;;; Commentary: ;;; @@ -35,9 +36,10 @@ (define-module (guix least-authority) ;;; ;;; Code: -(define %precious-variables +(define %default-preserved-environment-variables ;; Environment variables preserved by the wrapper by default. - '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER")) + '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER" + "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES")) ;for make-systemd-constructor (define* (least-authority-wrapper program #:key (name "pola-wrapper") @@ -49,7 +51,7 @@ (define* (least-authority-wrapper program (namespaces %namespaces) (directory "/") (preserved-environment-variables - %precious-variables)) + %default-preserved-environment-variables)) "Return a wrapper of PROGRAM that executes it with the least authority. PROGRAM is executed in separate namespaces according to NAMESPACES, a list of base-commit: 8c43056aabc2d22da61dc86049b143f7ae1ef516 -- 2.49.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 02:44:07 2025 Received: (at 77396) by debbugs.gnu.org; 3 Apr 2025 06:44:07 +0000 Received: from localhost ([127.0.0.1]:60601 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0EJ3-0004ex-Ae for submit@debbugs.gnu.org; Thu, 03 Apr 2025 02:44:07 -0400 Received: from mail-pf1-x42c.google.com ([2607:f8b0:4864:20::42c]:59487) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u0EIz-0004dz-F4 for 77396@debbugs.gnu.org; Thu, 03 Apr 2025 02:44:04 -0400 Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-7359aca7ef2so654841b3a.2 for <77396@debbugs.gnu.org>; Wed, 02 Apr 2025 23:44:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743662634; x=1744267434; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K14hP8MALA4eahg/H2A+RJMtvuks++Ki0I0witvVbCk=; b=T2a5sKkX88KpQeRPZNiQ4EnIlEqcjWgw/NlnYZJ8lsuXfAnnEI9xpY/o9n8puCKFPv 5OE1W1YRCE8Pco4YycICHwMVRrNofNBYS3I/DmNdVSBUmoioQ6Q5JuULDm0mfqiCr4BI FL5yYGLuETX3JERERHATsVjcDHrx7QESO0zWuwU7gP7K3DuUNXF+rUjUpANaziLU5QGD 2QWog3+77HsOvBJcYffGSLrYBrr9SMfYtfx8l71jCVup85JohXYqpNQIXECFbOTHlW91 NML1TGVKo78Gn/hOzYR7fNVhsraxM3d/Am06+MJe39MlORL0mirds6x6wYcpSdaskisy /4QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743662634; x=1744267434; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K14hP8MALA4eahg/H2A+RJMtvuks++Ki0I0witvVbCk=; b=XDoiqjouRth1XP0PNPAfgwUM+9AzMBAq8oIq2XYd/Zxp7dDjb6Azf9cJsm7zahjy5/ D3GYllP4eOkmiuDIPN9673Z6MPE7otRNZmAmpjf6L/8b1BEUNPbWGtzwY4sX7JSGr+oy M8m0hRVe0+OCOCMXdDf/HlAyUnhB1g3kpcydX3IVCK+1aZ039aI+SW9I1gS1Vxj+KX0E nsxapNAkNxV8zMgJVHw51b/SnFr4ACFTIcqN94xGfgQLse09Y6AZZAMyHbAln2ROYAT2 tHCzBCqveOwO7/MMj56AuloTo9JG0ZglrJKmAXVI+Ay6U40aXFl5s62Qpqn6GnzzJ6M3 QOSQ== X-Gm-Message-State: AOJu0Yzamdom4rQhvzSY/QeDFqYUIgGTiz2rz4yanqvPZBd3Et3s0GWF A5I32TZLqZLMw2+n/RTrvEwAJ5xsiz1SbqJTd7ca5kbOn2DEpO2sMqa77g== X-Gm-Gg: ASbGncvjh4YVVsEq/6vxQk5sOSDZHww6MGD9brW8R7QcwOQkon8fSTm3lg5aX2R3bQN oJu1pVtr6y4IRv1QxPnGQ9SxlbijSasmkaFkBLkgKmxp3L9XI7jOngHzSURPbA7zgSPC1l034Rf uT0Hjf04x0TEuTLkEhoJW8oTZggibjV08ox9Li4v0dv1yU9Ghg4cpf14Fh8/fSaMXdWoRZrmvGz ZddKHGfqF+J6i9Ufsn6M4kD8tm9berV6gkcSV0Rn0MEHA2NcW4I54kpTl+mAZ1RB2qdM2e7w1jk nbM5EOQwDs8HZJLB+hcND8aaibNyOoMqBshdYa2gVMyL8GuItB1s5e1+MHcNDLlD X-Google-Smtp-Source: AGHT+IHM+0O0IoBJH+KzPT5sGt9df/tlnvLcv1kjebNmV8z7LSCMb9L+nqgqbALHdyjb4Ji4AXh20Q== X-Received: by 2002:a05:6a21:920d:b0:1f5:84c8:5d03 with SMTP id adf61e73a8af0-2009f5ba5c5mr33569383637.3.1743662633252; Wed, 02 Apr 2025 23:43:53 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-af9bc330489sm527711a12.32.2025.04.02.23.43.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Apr 2025 23:43:52 -0700 (PDT) From: Maxim Cournoyer To: 77396@debbugs.gnu.org Subject: [PATCH v2 2/2] services: Add ngircd-service-type. Date: Thu, 3 Apr 2025 15:43:25 +0900 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Debbugs-Cc: Maxim Cournoyer , Ludovic Courtès Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77396 Cc: Maxim Cournoyer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/messaging.scm (pascal-case, ngircd-serialize-string) (ngircd-serialize-boolean, ngircd-serialize-file-like) (ngircd-serialize-list-of-strings, ngircd-serialize-list-of-ports) (ngircd-serialize-number, ngircd-serialize-port) (string-or-number?, ngircd-serialize-string-or-number): New procedures. (ngircd-global, ngircd-limits, ngircd-options, ngircd-ssl) (ngircd-operator, ngircd-server, ngircd-channel) (ngircd-configuration): New configurations. (serialize-ngircd-global, serialize-ngircd-limits) (serialize-ngircd-options, serialize-ngircd-operator) (serialize-list-of-ngircd-operators, serialize-ngircd-server) (serialize-ngircd-channel, serialize-list-of-ngircd-channels) (serialize-ngircd-configuration): New procedures. (list-of-ngircd-operators?, list-of-ngircd-servers?) (list-of-ngircd-channels?): New predicates. (ngircd-generate-documentation): New procedure. (ngircd-user+group, ngircd-account, ngircd-wrapper): Likewise. (ngircd-shepherd-service): New shepherd service. (%ngircd-activation): New procedure. (ngircd-service-type): New service type. * gnu/tests/messaging.scm (%ngircd-os): New variable. (run-ngircd-test): New procedure. (%test-ngircd): New test. * doc/guix.texi (Messaging Services): Document it. Change-Id: I3ce9a7fd0b33afab22cf15942a1db0cf5b12bfdb --- doc/guix.texi | 413 +++++++++++++++++++++++ gnu/services/messaging.scm | 653 +++++++++++++++++++++++++++++++++++++ gnu/tests/messaging.scm | 123 +++++++ 3 files changed, 1189 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index f6d774fd13..b73f8d7b8a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -30351,6 +30351,419 @@ Messaging Services @end table @end deftp +@subsubheading ngIRCd service + +@cindex IRCd, Internet Relay Chat daemon +@cindex IRC daemon service +@cindex IRC server service +@cindex IRC (Internet Relay Chat) + +@url{https://ngircd.barton.de/, ngIRCd}, is a lightweight @acronym{IRCd, +Internet Relay Chat daemon}, which can be used to host your own IRC +server. + +@defvar ngircd-service-type +The service type for ngIRCd. Its value is a @code{ngircd-configuration} +object, documented below. + +A simple example configuration could look like: + +@lisp +(service ngircd-service-type + (ngircd-configuration + (channels + (list (ngircd-channel + (name "#fruits") + (topic "All things fruits -- veggies are off-topic")))) + (operators + (list (ngircd-operator + (name "mikan") + (password "tomatoes-are-fruits/carrots-are-not")))))) +@end lisp +@end defvar + +@c To regenerate the rest of this section documentation, use the +@c `ngircd-generate-documentation' procedure in +@c (gnu services messaging). +@c %start of fragment + +@deftp {Data Type} ngircd-configuration +Available @code{ngircd-configuration} fields are: + +@table @asis +@item @code{ngircd} (default: @code{ngircd}) (type: file-like) +The @code{ngircd} package to use. + +@item @code{debug?} (default: @code{#f}) (type: boolean) +Turn on debugging messages. + +@item @code{global} (type: ngircd-global) +A ngircd-global record object used to specify global options. + +@item @code{limits} (type: maybe-ngircd-limits) +The ngircd-limits record object used to specify limits options. + +@item @code{options} (type: maybe-ngircd-options) +The ngircd-options record object used to specify optional features and +configuration options. + +@item @code{ssl} (type: maybe-ngircd-ssl) +The ngircd-ssl record object used to specify the SSL-related options. + +@item @code{operators} (type: maybe-list-of-ngircd-operators) +A list of ngircd-operator record objects used to specify the operators. + +@item @code{servers} (type: maybe-list-of-ngircd-servers) +A list of ngircd-server record objects used to specify other remote +servers to connect to. + +@item @code{channels} (type: maybe-list-of-ngircd-channels) +A list of ngircd-channels record objects specifying pre-defined channels +to be created by the server when starting up. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-global +Available @code{ngircd-global} fields are: + +@table @asis +@item @code{name} (type: maybe-string) +Server name in the IRC network. This is an individual name of the IRC +server, it is not related to the DNS host name. It must be unique in +the IRC network and must contain at least one dot (@samp{.}) character. +When not set, ngIRCd tries to deduce a valid IRC server name from the +local host name. + +@item @code{admin-info-1} (type: maybe-string) +First administrator information. + +@item @code{admin-info-2} (type: maybe-string) +Second administrator information. + +@item @code{admin-email} (type: maybe-string) +Email to reach administrators. + +@item @code{help-file} (type: maybe-file-like) +File-like containing the ngIRCd help text. + +@item @code{info} (type: maybe-string) +Info text of the server. This will be shown by WHOIS and LINKS requests +for example. + +@item @code{listen} (default: @code{("::" "0.0.0.0")}) (type: list-of-strings) +A list of IP address on which the server should listen. By default it +listens on all configured IP addresses and interfaces. + +@item @code{motd-file} (type: file-like) +Text file with the @i{message of the day} (MOTD). This message will be +shown to all users connecting to the server. + +@item @code{motd-phrase} (type: maybe-string) +A simple phrase (<127 chars) to use if you don't want to use a MOTD +file. + +@item @code{network} (type: maybe-string) +The name of the IRC network to which this server belongs. This name is +optional, should only contain ASCII characters, and can't contain +spaces. It is only used to inform clients. + +@item @code{password} (type: maybe-string) +Global password or all users needed to connect to the server. By +default, no password is required. PAM must be disabled for this option +to have an effect. + +@item @code{pid-file} (type: maybe-string) +The file name where the PID of ngIRCd should be written after it starts. +By default, no PID file is created. + +@item @code{ports} (default: @code{(6667)}) (type: list-of-ports) +Port number(s) on which the server should listen for @emph{unencrypted} +connections. + +@item @code{server-uid} (default: @code{"ngircd"}) (type: string-or-number) +The user that the @command{ngircd} command should run as. + +@item @code{server-gid} (default: @code{"ngircd"}) (type: string-or-number) +The group that the @command{ngircd} command should run as. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-limits +Available @code{ngircd-limits} fields are: + +@table @asis +@item @code{connect-retry} (default: @code{60}) (type: maybe-number) +The number of seconds the server should wait before re-attempting to +establish a link to not yet (or no longer) connected servers. + +@item @code{max-connections} (default: @code{0}) (type: maybe-number) +Maximum number of simultaneous in- and outbound connections the server +is allowed to accept. There is no limit by default. + +@item @code{max-connections-ip} (default: @code{5}) (type: maybe-number) +Maximum number of simultaneous connections from a single IP address that +the server will accept. This configuration options lowers the risk of +denial of service attacks (DoS). Set to 0 to remove the limit. + +@item @code{max-joins} (default: @code{10}) (type: maybe-number) +Maximum number of channels a user can be member of. Set to 0 to remove +the limit. + +@item @code{max-list-size} (default: @code{100}) (type: maybe-number) +Maximum number of channels returned in response to a LIST command. + +@item @code{ping-timeout} (default: @code{120}) (type: maybe-number) +Number of seconds of inactivity after which the server will send a PING +to the peer to test whether it is alive or not. + +@item @code{pong-timeout} (default: @code{20}) (type: maybe-number) +If a client fails to answer a PING with a PONG within this amount of +seconds, it will be disconnected by the server. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-options +Available @code{ngircd-options} fields are: + +@table @asis +@item @code{allowed-channel-types} (default: @code{"#&+"}) (type: maybe-string) +List of allowed channel types (channel prefixes) for newly created +channels on the local server. By default, all supported channel types +are allowed. + +@item @code{allow-remote-oper?} (default: @code{#f}) (type: maybe-boolean) +If this option is active, IRC operators connected to remote servers are +allowed to control this local server using administrative commands, for +example like CONNECT, DIE, SQUIT, etc. + +@item @code{connect-ipv4?} (default: @code{#t}) (type: maybe-boolean) +Set to @code{#f} to prevent ngIRCd from connecting to other IRC servers +using the IPv4 protocol, allowed by default. + +@item @code{connect-ipv6?} (default: @code{#t}) (type: maybe-boolean) +Set to @code{#f} to prevent ngIRCd from connecting to other IRC servers +using the IPv6 protocol, allowed by default. + +@item @code{dns?} (default: @code{#t}) (type: maybe-boolean) +Set to @code{#f} to disable DNS lookups when clients connect. If you +configure the daemon to connect to other servers, ngIRCd may still +perform a DNS lookup if required. + +@item @code{more-privacy?} (default: @code{#f}) (type: maybe-boolean) +Set this to @code{#t} to have ngIRCd censor user idle time, logon time +as well as the PART/QUIT messages (that sometimes used to inform +everyone about which client software is being used). WHOWAS requests +are also silently ignored, and NAMES output doesn't list any clients for +non-members. This option is most useful when ngIRCd is being used +together with anonymizing software such as TOR or I2P and one does not +wish to make it too easy to collect statistics on the users. + +@item @code{notice-before-registration?} (default: @code{#f}) (type: maybe-boolean) +Normally ngIRCd doesn't send any messages to a client until it is +registered. Enable this option to let the daemon send @samp{NOTICE *} +messages to clients while connecting. + +@item @code{oper-can-use-mode?} (default: @code{#f}) (type: maybe-boolean) +Should IRC Operators be allowed to use the MODE command even if they are +not(!) channel-operators? + +@item @code{oper-chan-p-auto-op?} (default: @code{#t}) (type: maybe-boolean) +Should IRC Operators get AutoOp (+o) in persistent (+P) channels? + +@item @code{oper-server-mode?} (default: @code{#f}) (type: maybe-boolean) +If @code{open-can-use-mode?} is @code{#t}, this may lead the +compatibility problems with servers that run the ircd-irc2 software. +This option masks mode requests by non-chanops as if they were coming +from the server. Only enable this if you have ircd-irc2 servers in your +IRC network. + +@item @code{pam?} (default: @code{#f}) (type: boolean) +Set to @code{#t} to enable calls to the PAM library at runtime; all +users connecting without password are allowed to connect, all passwords +given will fail. Users identified without PAM are registered with a +tilde (@samp{~}) prepended to their user name. This defaults to +@code{#f} in Guix because the service runs as a unpriveleged user and +thus cannot authenticate other users via the @code{pam_unix} PAM module. + +@item @code{pam-is-optional?} (default: @code{#f}) (type: maybe-boolean) +Set to @code{#t} to make PAM authentication optional, causing clients +not sending a password to still be able to connect, but won't become +identified and keep the tilder (@samp{~}) character prepended to their +supplied user name. + +@item @code{require-auth-ping?} (default: @code{#f}) (type: maybe-boolean) +Set to @code{#t} to have ngIRCd send an authentication PING when a new +client connects, and register this client only after receiving the +corresponding PONG reply. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-ssl +Available @code{ngircd-ssl} fields are: + +@table @asis +@item @code{cert-file} (type: maybe-string) +SSL certificate file of the private server key. + +@item @code{key-file} (type: maybe-string) +File name of the SSL Server Key to be used for SSL connections, which is +required for SSL/TLS support. + +@item @code{ca-file} (default: @code{"/etc/ssl/certs/ca-certificates.crt"}) (type: maybe-string) +A file listing all the certificates of the trusted Certificate +Authorities. + +@item @code{ports} (type: maybe-list-of-ports) +Like the global configuration's @code{port} option, except that ngIRCd +will expect incoming connections to be SSL/TLS encrypted. Common port +numbers for SSL-encrypted IRC are 6669 and 6697. + +@item @code{cipher-list} (type: maybe-string) +The GnuTLS cipher suites allowed for SSL/TLS connections, a value such +as @code{"SECURE128:-VERS-SSL3.0"}. Refer to @samp{man 3 +gnutls_priority_init} for details. + +@item @code{dh-file} (type: maybe-file-like) +A file-like containing the Diffie-Hellman parameters, which can be +created with GnuTLS via @samp{certtool --generate-dh-params}. If this +file is not present, the Diffie-Hellman parameters will be computed on +startup, which may take some time. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-operator +Available @code{ngircd-operator} fields are: + +@table @asis +@item @code{name} (type: string) +ID of the operator (may be different of the nickname). + +@item @code{password} (type: string) +Password of the IRC operator. + +@item @code{mask} (type: maybe-string) +Mask that is to be checked before an /OPER for this account is accepted, +for example: @code{"nick!ident@@*.example.com"}. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-server +Available @code{ngircd-server} fields are: + +@table @asis +@item @code{name} (type: string) +IRC name of the remote server. + +@item @code{host} (type: string) +Internet host name (or IP address) of the peer. + +@item @code{my-password} (type: string) +Own password for this connection. This password has to be configured as +@code{peer-password} on the other server and must not have @samp{:} as +first character. + +@item @code{peer-password} (type: string) +Foreign password for this connection. This password has to be +configured as @code{my-password} on the other server. + +@item @code{bind} (type: maybe-string) +IP address to use as source IP for the outgoing connection. The default +is to let the operating system decide. + +@item @code{port} (type: maybe-port) +Port of the remote server to which ngIRCd should connect (active). If +no port is assigned to a configured server, the daemon only waits for +incoming connections (passive, which is the default). + +@item @code{group} (type: maybe-number) +Group of this server. + +@item @code{passive?} (default: @code{#f}) (type: maybe-boolean) +Set to @code{#t} to disable automatic connection even if the port value +is specified. + +@item @code{ssl-connect?} (default: @code{#f}) (type: maybe-boolean) +Connect to the remote server using TLS/SSL. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} ngircd-channel +Available @code{ngircd-channel} fields are: + +@table @asis +@item @code{name} (type: string) +Name of the channel, including channel prefix ("#" or "&"). + +@item @code{topic} (type: maybe-string) +Topic for this channel. + +@item @code{modes} (type: maybe-list-of-strings) +Initial channel modes, as used in MODE commands. Modifying lists (ban +list, invite list, exception list) is supported. If multiple MODE +strings are specified, they are evaluated in the order listed (left to +right). + +@item @code{key-file} (type: maybe-file-like) +Path and file name of a ngIRCd key file containing individual channel +keys for different users. Refer to @samp{man 5 ngircd.conf} for more +details. + +@end table + +@end deftp + + +@c %end of fragment + @subsubheading Quassel Service @cindex IRC (Internet Relay Chat) diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 9bfeabacf4..0072056869 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2017 Mathieu Othacehe ;;; Copyright © 2015, 2017-2020, 2022-2024 Ludovic Courtès ;;; Copyright © 2018 Pierre-Antoine Rouby +;;; Copyright © 2025 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -20,6 +21,7 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu services messaging) + #:use-module ((gnu home services utils) #:select (object->camel-case-string)) #:use-module (gnu packages admin) #:use-module (gnu packages base) #:use-module (gnu packages irc) @@ -38,7 +40,10 @@ (define-module (gnu services messaging) #:use-module (guix deprecation) #:use-module (guix least-authority) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) #:use-module (srfi srfi-35) + #:use-module (srfi srfi-71) + #:use-module (ice-9 format) #:use-module (ice-9 match) #:export (prosody-service-type prosody-configuration @@ -58,6 +63,32 @@ (define-module (gnu services messaging) bitlbee-configuration? bitlbee-service-type + + ngircd-configuration + ngircd-configuration? + + ngircd-global + ngircd-global? + + ngircd-limits + ngircd-limits? + + ngircd-options + ngircd-options? + + ngircd-ssl + ngircd-ssl? + + ngircd-operator + ngircd-operator? + + ngircd-server + ngircd-server? + + ngircd-channel + ngircd-channel? + ngircd-service-type + quassel-configuration quassel-service-type @@ -921,6 +952,628 @@ (define bitlbee-service-type "Run @url{http://bitlbee.org,BitlBee}, a daemon that acts as a gateway between IRC and chat networks."))) + +;;; +;;; ngIRCd. +;;; + +(define-maybe string + (prefix ngircd-)) + +(define-maybe file-like + (prefix ngircd-)) + +(define-maybe list-of-strings + (prefix ngircd-)) + +(define (port? x) + (and (number? x) + (and (>= x 0) (<= x 65535)))) + +(define list-of-ports? + (list-of port?)) + +(define-maybe port + (prefix ngircd-)) + +(define-maybe list-of-ports + (prefix ngircd-)) + +(define-maybe number + (prefix ngircd-)) + +(define-maybe boolean + (prefix ngircd-)) + +(define (pascal-case text) + (object->camel-case-string text 'upper)) + +(define (ngircd-serialize-string field value) + (format #f "~a = ~a~%" (pascal-case field) value)) + +(define (ngircd-serialize-boolean field value) + (let* ((field (symbol->string field)) + (name (if (string-suffix? "?" field) + (string-drop-right field 1) + field))) + (format #f "~a = ~:[false~;true~]~%" (pascal-case name) value))) + +(define (ngircd-serialize-file-like field value) + #~(format #f "~a = ~a~%" #$(pascal-case field) #$value)) + +(define (ngircd-serialize-list-of-strings field value) + (format #f "~a = ~{~a~^,~}~%" (pascal-case field) value)) + +(define ngircd-serialize-list-of-ports + ngircd-serialize-list-of-strings) + +(define ngircd-serialize-number ngircd-serialize-string) + +(define ngircd-serialize-port ngircd-serialize-number) + +(define (string-or-number? x) + (or (string? x) (number? x))) + +(define ngircd-serialize-string-or-number ngircd-serialize-string) + +(define-configuration ngircd-global ;[Global] + (name + maybe-string + "Server name in the IRC network. This is an individual name of the IRC +server, it is not related to the DNS host name. It must be unique in the IRC +network and must contain at least one dot (@samp{.}) character. When not set, +ngIRCd tries to deduce a valid IRC server name from the local host name.") + (admin-info-1 + maybe-string + "First administrator information.") + (admin-info-2 + maybe-string + "Second administrator information.") + (admin-email + maybe-string + "Email to reach administrators.") + (help-file + maybe-file-like + "File-like containing the ngIRCd help text.") + (info + maybe-string + "Info text of the server. This will be shown by WHOIS and LINKS requests +for example.") + (listen + (list-of-strings (list "::" "0.0.0.0")) + "A list of IP address on which the server should listen. By default it +listens on all configured IP addresses and interfaces.") + (motd-file + ;; Provide an empty default file to avoid a warning when running --conftest + ;; in the activation script. + (file-like (plain-file "ngircd.motd" "")) + "Text file with the @i{message of the day} (MOTD). This message will be +shown to all users connecting to the server.") + (motd-phrase + maybe-string + "A simple phrase (<127 chars) to use if you don't want to use a MOTD +file.") + (network + maybe-string + "The name of the IRC network to which this server belongs. This name is +optional, should only contain ASCII characters, and can't contain spaces. It +is only used to inform clients.") + (password + maybe-string + "Global password or all users needed to connect to the server. By default, +no password is required. PAM must be disabled for this option to have an +effect.") + (pid-file + maybe-string + "The file name where the PID of ngIRCd should be written after it starts. +By default, no PID file is created.") + (ports + (list-of-ports (list 6667)) + "Port number(s) on which the server should listen for @emph{unencrypted} +connections.") + (server-uid + (string-or-number "ngircd") + "The user that the @command{ngircd} command should run as.") + (server-gid + (string-or-number "ngircd") + "The group that the @command{ngircd} command should run as.") + (prefix ngircd-)) + +(define (serialize-ngircd-global _ config) + #~(string-append + "[Global]\n" + #$(serialize-configuration config ngircd-global-fields))) + +(define-configuration ngircd-limits ;[Limits] + (connect-retry + (maybe-number 60) + "The number of seconds the server should wait before re-attempting to +establish a link to not yet (or no longer) connected servers.") + (max-connections + (maybe-number 0) + "Maximum number of simultaneous in- and outbound connections the server is +allowed to accept. There is no limit by default.") + (max-connections-ip + (maybe-number 5) + "Maximum number of simultaneous connections from a single IP address that +the server will accept. This configuration options lowers the risk of denial +of service attacks (DoS). Set to 0 to remove the limit.") + (max-joins + (maybe-number 10) + "Maximum number of channels a user can be member of. Set to 0 to remove +the limit.") + (max-list-size + (maybe-number 100) + "Maximum number of channels returned in response to a LIST command.") + (ping-timeout + (maybe-number 120) + "Number of seconds of inactivity after which the server will send a PING to +the peer to test whether it is alive or not.") + (pong-timeout + (maybe-number 20) + "If a client fails to answer a PING with a PONG within this amount of +seconds, it will be disconnected by the server.") + (prefix ngircd-)) + +(define (serialize-ngircd-limits _ config) + #~(string-append + "\n[Limits]\n" + #$(serialize-configuration config ngircd-limits-fields))) + +(define-maybe ngircd-limits) + +(define-configuration ngircd-options ;[Options] + (allowed-channel-types + (maybe-string "#&+") + "List of allowed channel types (channel prefixes) for newly created +channels on the local server. By default, all supported channel types are +allowed.") + (allow-remote-oper? + (maybe-boolean #f) + "If this option is active, IRC operators connected to remote servers are +allowed to control this local server using administrative commands, for +example like CONNECT, DIE, SQUIT, etc.") + (connect-ipv4? + (maybe-boolean #t) + "Set to @code{#f} to prevent ngIRCd from connecting to other IRC servers +using the IPv4 protocol, allowed by default.") + (connect-ipv6? + (maybe-boolean #t) + "Set to @code{#f} to prevent ngIRCd from connecting to other IRC servers +using the IPv6 protocol, allowed by default.") + (dns? + (maybe-boolean #t) + "Set to @code{#f} to disable DNS lookups when clients connect. If you +configure the daemon to connect to other servers, ngIRCd may still perform a +DNS lookup if required.") + (more-privacy? + (maybe-boolean #f) + "Set this to @code{#t} to have ngIRCd censor user idle time, logon time as +well as the PART/QUIT messages (that sometimes used to inform everyone about +which client software is being used). WHOWAS requests are also silently +ignored, and NAMES output doesn't list any clients for non-members. This +option is most useful when ngIRCd is being used together with anonymizing +software such as TOR or I2P and one does not wish to make it too easy to +collect statistics on the users.") + (notice-before-registration? + (maybe-boolean #f) + "Normally ngIRCd doesn't send any messages to a client until it is +registered. Enable this option to let the daemon send @samp{NOTICE *} +messages to clients while connecting.") + (oper-can-use-mode? + (maybe-boolean #f) + "Should IRC Operators be allowed to use the MODE command even if they are +not(!) channel-operators?") + (oper-chan-p-auto-op? + (maybe-boolean #t) + "Should IRC Operators get AutoOp (+o) in persistent (+P) channels?") + (oper-server-mode? + (maybe-boolean #f) + "If @code{open-can-use-mode?} is @code{#t}, this may lead the compatibility +problems with servers that run the ircd-irc2 software. This option masks mode +requests by non-chanops as if they were coming from the server. Only enable +this if you have ircd-irc2 servers in your IRC network.") + (pam? + (boolean #f) + "Set to @code{#t} to enable calls to the PAM library at runtime; all users +connecting without password are allowed to connect, all passwords given will +fail. Users identified without PAM are registered with a tilde (@samp{~}) +prepended to their user name. This defaults to @code{#f} in Guix because the +service runs as a unpriveleged user and thus cannot authenticate other users +via the @code{pam_unix} PAM module.") + (pam-is-optional? + (maybe-boolean #f) + "Set to @code{#t} to make PAM authentication optional, causing clients not +sending a password to still be able to connect, but won't become identified +and keep the tilder (@samp{~}) character prepended to their supplied user +name.") + (require-auth-ping? + (maybe-boolean #f) + "Set to @code{#t} to have ngIRCd send an authentication PING when a new +client connects, and register this client only after receiving the +corresponding PONG reply.") + (prefix ngircd-)) + +(define (serialize-ngircd-options _ config) + #~(string-append + "\n[Options]\n" + #$(serialize-configuration config ngircd-options-fields))) + +(define-maybe ngircd-options) + +(define-configuration ngircd-ssl ;[SSL] + (cert-file + maybe-string + "SSL certificate file of the private server key.") + (key-file + maybe-string + "File name of the SSL Server Key to be used for SSL connections, which is +required for SSL/TLS support.") + (ca-file + (maybe-string "/etc/ssl/certs/ca-certificates.crt") + "A file listing all the certificates of the trusted Certificate +Authorities.") + (ports + maybe-list-of-ports + "Like the global configuration's @code{port} option, except that ngIRCd +will expect incoming connections to be SSL/TLS encrypted. Common port numbers +for SSL-encrypted IRC are 6669 and 6697.") + (cipher-list + maybe-string + "The GnuTLS cipher suites allowed for SSL/TLS connections, a value such as +@code{\"SECURE128:-VERS-SSL3.0\"}. Refer to @samp{man 3 gnutls_priority_init} +for details.") + (dh-file + maybe-file-like + "A file-like containing the Diffie-Hellman parameters, which can be created +with GnuTLS via @samp{certtool --generate-dh-params}. If this file is not +present, the Diffie-Hellman parameters will be computed on startup, which may +take some time.") + (prefix ngircd-)) + +(define (serialize-ngircd-ssl _ config) + #~(string-append + "\n[SSL]\n" + #$(serialize-configuration config ngircd-ssl-fields))) + +(define-maybe ngircd-ssl) + +(define-configuration ngircd-operator ;[Operator] + (name + string + "ID of the operator (may be different of the nickname).") + (password + string + "Password of the IRC operator.") + (mask + maybe-string + "Mask that is to be checked before an /OPER for this account is accepted, +for example: @code{\"nick!ident@@*.example.com\"}.") + (prefix ngircd-)) + +(define list-of-ngircd-operators? + (list-of ngircd-operator?)) + +(define (serialize-ngircd-operator _ operator) + #~(string-append + "\n[Operator]\n" + #$(serialize-configuration operator ngircd-operator-fields))) + +(define (serialize-list-of-ngircd-operators _ operators) + #~(string-append #$@(map (cut serialize-ngircd-operator #f <>) operators))) + +(define-maybe list-of-ngircd-operators) + +(define-configuration ngircd-server ;[Server] + (name + string + "IRC name of the remote server.") + (host + string + "Internet host name (or IP address) of the peer.") + (my-password + string + "Own password for this connection. This password has to be configured as +@code{peer-password} on the other server and must not have @samp{:} as first +character.") + (peer-password + string + "Foreign password for this connection. This password has to be configured +as @code{my-password} on the other server.") + (bind + maybe-string + "IP address to use as source IP for the outgoing connection. The default +is to let the operating system decide.") + (port + maybe-port + "Port of the remote server to which ngIRCd should connect (active). If no +port is assigned to a configured server, the daemon only waits for incoming +connections (passive, which is the default).") + (group + maybe-number + "Group of this server.") + (passive? + (maybe-boolean #f) + "Set to @code{#t} to disable automatic connection even if the port value is +specified.") + (ssl-connect? + (maybe-boolean #f) + "Connect to the remote server using TLS/SSL.") + (prefix ngircd-)) + +(define list-of-ngircd-servers? + (list-of ngircd-server?)) + +(define (serialize-ngircd-server _ server) + #~(string-append + "\n[Server]\n" + #$(serialize-configuration server ngircd-server-fields))) + +(define (serialize-list-of-ngircd-servers _ servers) + #~(string-append #$@(map (cut serialize-ngircd-server #f <>) servers))) + +(define-maybe list-of-ngircd-servers) + +(define-configuration ngircd-channel ;[Channel] + (name + string + "Name of the channel, including channel prefix (\"#\" or \"&\").") + (topic + maybe-string + "Topic for this channel.") + (modes + maybe-list-of-strings + "Initial channel modes, as used in MODE commands. Modifying lists (ban +list, invite list, exception list) is supported. If multiple MODE strings are +specified, they are evaluated in the order listed (left to right)." + (serializer (lambda (_ value) + ;; Special case: each mode string gets serialized to a + ;; separate option. + (format #f "~{Modes = ~a~%~}" value)))) + (key-file + maybe-file-like + "Path and file name of a ngIRCd key file containing individual channel keys +for different users. Refer to @samp{man 5 ngircd.conf} for more details.") + (prefix ngircd-)) + +(define list-of-ngircd-channels? + (list-of ngircd-channel?)) + +(define (serialize-ngircd-channel _ channel) + #~(string-append + "\n[Channel]\n" + #$(serialize-configuration channel ngircd-channel-fields))) + +(define (serialize-list-of-ngircd-channels _ channels) + #~(string-append #$@(map (cut serialize-ngircd-channel #f <>) channels))) + +(define-maybe list-of-ngircd-channels) + +(define-configuration ngircd-configuration + (ngircd + (file-like ngircd) + "The @code{ngircd} package to use.") + (debug? + (boolean #f) + "Turn on debugging messages." + (serializer empty-serializer)) + (global + ;; Always use a ngircd-global default to ensure the correct PidFile option + ;; is set, as it is required by the service. + (ngircd-global (ngircd-global)) + "A ngircd-global record object used to specify global options.") + (limits + maybe-ngircd-limits + "The ngircd-limits record object used to specify limits options.") + (options + maybe-ngircd-options + "The ngircd-options record object used to specify optional features and +configuration options.") + (ssl + maybe-ngircd-ssl + "The ngircd-ssl record object used to specify the SSL-related options.") + (operators + maybe-list-of-ngircd-operators + "A list of ngircd-operator record objects used to specify the operators.") + (servers + maybe-list-of-ngircd-servers + "A list of ngircd-server record objects used to specify other remote +servers to connect to.") + (channels + maybe-list-of-ngircd-channels + "A list of ngircd-channels record objects specifying pre-defined channels +to be created by the server when starting up.")) + +(define (ngircd-generate-documentation) + (configuration->documentation 'ngircd-configuration) + (configuration->documentation 'ngircd-global) + (configuration->documentation 'ngircd-limits) + (configuration->documentation 'ngircd-options) + (configuration->documentation 'ngircd-ssl) + (configuration->documentation 'ngircd-operator) + (configuration->documentation 'ngircd-server) + (configuration->documentation 'ngircd-channel)) + +(define (ngircd-user+group config) + "Return the Global->ServerUID and Global->ServerGID configuration options as +values." + (let* ((global (ngircd-configuration-global config)) + (user (ngircd-global-server-uid global)) + (group (ngircd-global-server-gid global))) + (values user group))) + +(define (ngircd-account config) + (let* ((user group (ngircd-user+group config)) + (group-name (if (string? group) + group + "ngircd")) + (user-name (if (string? user) + user + "ngircd")) + (gid (if (number? group) + group + #f)) + (uid (if (number? user) + user + #f))) + (list (user-group + (name group-name) + (id gid) + (system? #t)) + (user-account + (name user-name) + (uid uid) + (group group-name) + (system? #t) + (comment "Ngircd daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))))) + +(define (serialize-ngircd-configuration config) + "Return a file-like object corresponding to the serialized + record." + (mixed-text-file "ngircd.conf" + (serialize-configuration + config ngircd-configuration-fields))) + +(define (ngircd-wrapper config) + "Take CONFIG, a object, and provide a least-authority +wrapper for the 'ngircd' command." + (let* ((ngircd.conf (serialize-ngircd-configuration config)) + (user group (ngircd-user+group config)) + (global (ngircd-configuration-global config)) + (help-file (ngircd-global-help-file global)) + (motd-file (ngircd-global-motd-file global)) + (ssl (ngircd-configuration-ssl config)) + (ca-file (ngircd-ssl-ca-file ssl)) + (cert-file (ngircd-ssl-cert-file ssl)) + (key-file (ngircd-ssl-key-file ssl)) + (dh-file (ngircd-ssl-dh-file ssl)) + (channels (ngircd-configuration-channels config))) + (least-authority-wrapper + (file-append (ngircd-configuration-ngircd config) "/sbin/ngircd") + #:name "ngircd-pola-wrapper" + ;; Expose all needed files, such as all options corresponding to + ;; file-like objects and string file names. + #:mappings + (append + (list (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source ngircd.conf) + (target source))) + (if (maybe-value-set? help-file) + (list (file-system-mapping + (source help-file) + (target source))) + '()) + (if (maybe-value-set? motd-file) + (list (file-system-mapping + (source motd-file) + (target source))) + '()) + (if (maybe-value-set? ssl) + ;; When SSL is used, expose the specified keys and certificates. + (append + (if (maybe-value-set? ca-file) + (list (file-system-mapping + (source ca-file) + (target source))) + '()) + (if (maybe-value-set? cert-file) + (list (file-system-mapping + (source cert-file) + (target source))) + '()) + (if (maybe-value-set? key-file) + (list (file-system-mapping + (source key-file) + (target source))) + '()) + (if (maybe-value-set? dh-file) + (list (file-system-mapping + (source dh-file) + (target source))) + '())) + '()) + (if (maybe-value-set? channels) + (filter-map (lambda (channel) + (let ((key-file (ngircd-channel-key-file channel))) + (and (maybe-value-set? key-file) + key-file))) + channels) + '())) + #:user user + #:group group + ;; ngircd wants to look up users in /etc/passwd so run in the global user + ;; namespace. + #:namespaces (fold delq %namespaces '(net user))))) + +(define (ngircd-shepherd-service config) + (match-record config + (ngircd debug? global ssl) + (let* ((ngircd.conf (serialize-ngircd-configuration config)) + (ngircd (file-append ngircd "/sbin/ngircd")) + (addresses (ngircd-global-listen global)) + (ports* (ngircd-global-ports global)) + (ports (if (and (maybe-value-set? ssl) + (maybe-value-set? (ngircd-ssl-ports ssl))) + (append ports* (ngircd-ssl-ports ssl)) + ports*))) + (list (shepherd-service + (provision '(ngircd)) + (requirement '(user-processes networking syslogd)) + (modules (cons '(srfi srfi-1) %default-modules)) + (actions (list (shepherd-configuration-action ngircd.conf))) + (start #~(make-systemd-constructor + (append (list #$(ngircd-wrapper config) + "--nodaemon" "--syslog" + "--config" #$ngircd.conf) + (if #$debug? + '("--debug") + '())) + ;; Compute endpoints for each listen addresses/ports + ;; combinations. + (append-map + (lambda (port) + (map (lambda (addr) + (endpoint + (addrinfo:addr + (car (getaddrinfo + addr + (number->string port) + (logior AI_NUMERICHOST + AI_NUMERICSERV)))))) + (list #$@addresses))) + (list #$@ports)))) + (stop #~(make-systemd-destructor))))))) + +(define (ngircd-activation config) + (let* ((ngircd (file-append (ngircd-configuration-ngircd config))) + (ngircd.conf (serialize-ngircd-configuration config))) + ;; Ensure stdin is not a TTY to avoid pausing for a key during boot + ;; when a problem is detected. + #~(parameterize ((current-input-port (%make-void-port "r"))) + (system* #$(file-append ngircd "/sbin/ngircd") + "--configtest" "--config" #$ngircd.conf)))) + +(define ngircd-service-type + (service-type + (name 'ngircd) + (extensions + (list (service-extension shepherd-root-service-type + ngircd-shepherd-service) + (service-extension profile-service-type + (compose list ngircd-configuration-ngircd)) + (service-extension account-service-type + ngircd-account) + (service-extension activation-service-type + ngircd-activation))) + (description + "Run @url{https://ngircd.barton.de/, ngIRCd}, a lightweight @acronym{IRC, +Internet Relay Chat} daemon."))) + ;;; ;;; Quassel. diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm index 9eae3f6049..c0c1c4a5d6 100644 --- a/gnu/tests/messaging.scm +++ b/gnu/tests/messaging.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2017, 2018 Clément Lassieur ;;; Copyright © 2017-2018, 2021-2022 Ludovic Courtès ;;; Copyright © 2018 Efraim Flashner +;;; Copyright © 2025 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -23,14 +24,19 @@ (define-module (gnu tests messaging) #:use-module (gnu system) #:use-module (gnu system vm) #:use-module (gnu services) + #:use-module (gnu services base) #:use-module (gnu services messaging) #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (gnu packages irc) #:use-module (gnu packages messaging) + #:use-module (gnu packages screen) #:use-module (guix gexp) #:use-module (guix store) #:use-module (guix modules) #:export (%test-prosody %test-bitlbee + %test-ngircd %test-quassel)) (define (run-xmpp-test name xmpp-service pid-file create-account) @@ -217,6 +223,123 @@ (define %test-bitlbee (description "Connect to a BitlBee IRC server.") (value (run-bitlbee-test)))) + +;;; +;;; ngIRCd. +;;; + +(define %ngircd-os + (operating-system + (inherit %simple-os) + (packages (cons* ii screen %base-packages)) + (services + (cons* + (service dhcp-client-service-type) + ;; For ease of debugging. Run the vm with: + ;; '-nic user,model=virtio-net-pci,hostfwd=tcp::10022-:22' + (service openssh-service-type ;for ease of debugging + (openssh-configuration + (permit-root-login #t) + (allow-empty-passwords? #t))) + (service ngircd-service-type + (ngircd-configuration + (debug? #t) + (global + (ngircd-global + (server-uid 990) + (server-gid 990))) + ;; There is no need to serialize the following sections, which + ;; are all optional, but include them anyway to test the + ;; serializers. + (limits (ngircd-limits)) + (options (ngircd-options)) + (ssl (ngircd-ssl)) + (operators (list (ngircd-operator + (name "apteryx") + (password "1234")))) + (channels + (list (ngircd-channel + (name "#guix") + (topic "GNU Guix | https://guix.gnu.org")))))) + %base-services)))) + +(define (run-ngircd-test) + (define vm + (virtual-machine + (operating-system + (marionette-operating-system + %ngircd-os + #:imported-modules (source-module-closure + '((gnu build dbus-service) + (guix build utils) + (gnu services herd))))))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette (list #$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "ngircd") + + (test-assert "ngircd service runs" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (wait-for-service 'ngircd)) + marionette)) + + (test-assert "ngircd listens on TCP port 6667" + (wait-for-tcp-port 6667 marionette)) + + (test-assert "basic irc operations function as expected" + (marionette-eval + '(begin + (use-modules ((gnu build dbus-service) #:select (with-retries)) + (ice-9 textual-ports)) + + (define (write-command command) + (call-with-output-file "in" + (lambda (port) + (display (string-append command "\n") port)))) + + (define (grep-output text) + (with-retries 5 1 ;retry for 5 seconds + (string-contains (call-with-input-file "out" get-string-all) + text))) + + (unless (zero? (system "ii -s localhost -i /tmp &")) + (error "error connecting to irc server")) + + (with-retries 5 1 + (chdir "/tmp/localhost")) ;move to FIFO directory + + (write-command "/join #guix") + (grep-output "GNU Guix | https://guix.gnu.org") + + (write-command "/oper apteryx 1234") + (grep-output "+o")) + marionette)) + + (test-end)))) + + (gexp->derivation "ngircd-test" test)) + +(define %test-ngircd + (system-test + (name "ngircd") + (description "Connect to a ngircd IRC server.") + (value (run-ngircd-test)))) + + +;;; +;;; Quassel. +;;; + (define (run-quassel-test) (define os (marionette-operating-system -- 2.49.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 05:28:14 2025 Received: (at 77396) by debbugs.gnu.org; 3 Apr 2025 09:28:14 +0000 Received: from localhost ([127.0.0.1]:32851 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0Gru-0001dk-8B for submit@debbugs.gnu.org; Thu, 03 Apr 2025 05:28:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43954) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u0Grr-0001dS-56 for 77396@debbugs.gnu.org; Thu, 03 Apr 2025 05:28:11 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u0Grl-0000NC-Mz; Thu, 03 Apr 2025 05:28:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=yryyZTIQQAllJiv0v46KAvorKoOrmJUc6uEyVM1ITXM=; b=Tz7XNsOu5snEKUNs7D/D C1Mrquyu26SzboIzX3A8G0RXRmeVcd4l4yZPHHsz3LFLVExwg9IQ5de39Kw4aQwv8iX2wue+9X+nr AYlhG+RKEUD8ILA9oor9jtzmfa25WGkO6j/3VzigszaoavIlB+/HS8TarBoQXO0vyKqQ2zBfZk1MW HQQChJl0PgEoS2bjryJjgTwEYlw5+0sW2HoQF12oKkvtiueTR1Rq2w+uxBmmTeJ/PmdbjTQSrIJL/ LUCBuqwHrV7Q2KR+3qpFmEJ7H+xLYn0YZcu9io4VFZhwy2S5stXQwwCDp7Vv2IDq7v2eU0m9lHVfe /g3kif31uRxWmA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: [bug#77396] [PATCH] services: Add ngircd-service-type. In-Reply-To: <87mscx21l3.fsf@gmail.com> (Maxim Cournoyer's message of "Thu, 03 Apr 2025 15:36:40 +0900") References: <87bjtgdqkt.fsf@gnu.org> <87mscx21l3.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 14 Germinal an 233 de la =?utf-8?Q?R=C3=A9v?= =?utf-8?Q?olution=2C?= jour du =?utf-8?Q?H=C3=AAtre?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 03 Apr 2025 11:27:55 +0200 Message-ID: <87mscx7fxg.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77396 Cc: 77396@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Maxim Cournoyer skribis: > I've added a not-too-serious one: Perfect. :-) >> Please don=E2=80=99t export record type descriptors like >> since that makes it impossible to provide any guarantee (ABI, validity >> of fields, etc.). > > Since there would be so many fields to export, I was hoping to punt on > exporting all individual accessors, and at least let users be able to > use 'match-record', which requires the record type. Isn't match-record > intended to be used by users as well as service authors? Well, it=E2=80=99s a tradeoff; common practice is to err on the safe side by not exposing these low-level details. > I've read the link above, and I think it's probably safer to keep it, > since the interfaces that should be listened can be configured by the > user. Also, the 'contrib' systemd service uses 'After=3Dnetwork.target' > [0]. OK, sounds good. >> I=E2=80=99d use #:log-file and drop =E2=80=98--syslog=E2=80=99; I find i= t more convenient. > > Do you find it more convenient because of the new 'herd log service' > functionality when #:log-file is used? Otherwise I usually prefer > searching messages in a single place as opposed to various log files. The feature is =E2=80=98herd status service=E2=80=99, which shows recent me= ssages, and yes, that=E2=80=99s the main reason I find it more convenient. :-) But if you think otherwise, that=E2=80=99s fine too. > It's a bit weird to me that something as permanent as an IRC server > should be lazily started by socket activation, but it does support that, > and it simplifies things a bit, so I've made the switch, like so: You can use #:lazy-start? #f if you want to start it right away; it still helps with startup synchronization. >> But! if it=E2=80=99s about checking the configuration, I would do it in a >> derivation (instead of at activation time), similar to how this is done >> for mcron. > > Hm, I have looked at the mcron service and others, but haven't found it. > Could you please point me to the exact file/line? See =E2=80=98validated-file=E2=80=99 in mcron.scm. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 05:29:49 2025 Received: (at 77396) by debbugs.gnu.org; 3 Apr 2025 09:29:50 +0000 Received: from localhost ([127.0.0.1]:32856 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0GtN-0001gL-W4 for submit@debbugs.gnu.org; Thu, 03 Apr 2025 05:29:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41342) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u0GtL-0001g2-Vc for 77396@debbugs.gnu.org; Thu, 03 Apr 2025 05:29:44 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u0GtD-0000u5-79; Thu, 03 Apr 2025 05:29:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=vVm0F8O12IIeCrz/DDSpHJS+vUzgdBx4ttHZl6EHCP8=; b=iYvr9Knx6DIYAPPCEH4u D2tPlWoqfuDuEcx8vPov1iwwdzGiGXUqDvAiYJhU9qPhDqRESk8/fc5bjYaMONs7v5eLU81z5/MTp ROqxNP69sEF0OV1ZdgJAijowaka+RO1309I82YFXDsVfmDhIVjYqIPE777iP4OI0mtVrGNqKUqrAj w6fSSWfdgV5bJZAGVTLzZaVfvwNMLYsA/Uv3soLDC1MWrkajGUI0QoXqS15qvebYVP5F85gJRmAmT LRgxtArFVIimmTjsxTctNzV31G6KILBkSwrYN68ra7odlTq6Szx7QKM8KNcy6Xusc47dQ8n74u6/0 HvC/pnDdpwXj9g==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: [bug#77396] [PATCH v2 1/2] least-authority: Preserve systemd LISTEN_* environment variables. In-Reply-To: (Maxim Cournoyer's message of "Thu, 3 Apr 2025 15:43:24 +0900") References: X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 14 Germinal an 233 de la =?utf-8?Q?R=C3=A9v?= =?utf-8?Q?olution=2C?= jour du =?utf-8?Q?H=C3=AAtre?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 03 Apr 2025 11:29:28 +0200 Message-ID: <87iknl7fuv.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77396 Cc: Josselin Poiret , Simon Tournier , Mathieu Othacehe , Tobias Geerinckx-Rice , Christopher Baines , 77396@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxim Cournoyer skribis: > Otherwise, combining make-systemd-constructor with least-authority-wrapper > would not work correctly out of the box. > > * guix/least-authority.scm (%precious-variables): Rename to... > (%default-preserved-environment-variables): ... this, and export it. > Add "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES" environment variables. > (least-authority-wrapper): Adjust accordingly. > > Change-Id: Idd259b15463920965f530e1917d76bf97def3b7b [...] > -(define %precious-variables > +(define %default-preserved-environment-variables > ;; Environment variables preserved by the wrapper by default. > - '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER")) > + '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER" > + "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES")) ;for make-systemd-const= ructor I would not export this variable, but otherwise LGTM! Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 06:48:14 2025 Received: (at 77396) by debbugs.gnu.org; 3 Apr 2025 10:48:14 +0000 Received: from localhost ([127.0.0.1]:32977 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0I7K-0005Cd-BY for submit@debbugs.gnu.org; Thu, 03 Apr 2025 06:48:14 -0400 Received: from mail-pf1-x432.google.com ([2607:f8b0:4864:20::432]:57564) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u0I7H-0005CD-On for 77396@debbugs.gnu.org; Thu, 03 Apr 2025 06:48:12 -0400 Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-736c1cf75e4so552095b3a.2 for <77396@debbugs.gnu.org>; Thu, 03 Apr 2025 03:48:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743677285; x=1744282085; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4f2mUQHov8H1R8CwTlUkXMf/tkonBc+U6mbWVY6RzXg=; b=DVlZJ2UVXc8KIKJpWRt2EhDQCG0RLdk+Ye+/0QXEgYiiLHbHrjVBWWyRbzpXIP6F6V HLktvmplkGbMuDkJ8fODSYnRyY1ZJAa/g0elF29i9xD0q+laDjnVWb0BeqA4/chmBJuP 4bNuwwigr2OgaGaT/hlKLNogVxDCwcHQ65SV2rqr+cjjdqlRP7rgrTA5q+jUuid7sC13 i9c2EWU5m3btmzKwKRv3djj8vdabR9kVVR+hqLUB51qcxvfYGF1htTAPMSOyp8kuLQh4 kYv3QM/RbZfvXHjfrcOeXchoEgRyCw1b6Swix+wCHijJ/d4//ZPeHt8eSbeUBo17JPWC XYAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743677285; x=1744282085; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=4f2mUQHov8H1R8CwTlUkXMf/tkonBc+U6mbWVY6RzXg=; b=eiCz1yNAd9fC4Ys3GXbRVSyQdry9t8N3cPM5KRjrGPN5jjzNq8F4dhShNpkp2zuZAp IU+alOkrxMVv55VgLm4pbpF6zhC7zJ3hgHOFXAyjq9Gu215ls/KwUcqZxo4+oD4K8a8k naahSfFjLmRM64786uNug5q1kPc2Ef1VG5C/hNWzxPPAMSLpxkNOyL2HBU74TT02O/1j O/dvpgtBx3hkJ6+VjvAmE/16vpgY4lQp5iDsSbmW+Zdsao9UQkX5z2TKAPkT4ePb35++ A3EFmaSCihz+1SfRN3DVIz0QUfpxVo6tHcQhx1Y68LAF35EIXNvjv8kvbzeESRsTMSQp 13HQ== X-Forwarded-Encrypted: i=1; AJvYcCWGh/TKZgrVcWGu2O6tesRR1Z5eQkjgHHJGtdyKYu5azaD/MRlLJHblHuD3oYReLdKeRf+tRg==@debbugs.gnu.org X-Gm-Message-State: AOJu0YwhtxgngtBL5RcGEdDWQEW22YFCcrlfs9KRtSperzewoK7Yk7mD Z8hDVExtPKMWAATzt9vFh7cg1KFFIJWsUCLPvqiGAXfBVMPkcMe/0atYrQ== X-Gm-Gg: ASbGnctuJaHC+7nM4uGAWwy60MBZwZ+RrEEIbNMT4/jDXMgkEcR9j5uaV2yZDy6PqPe klmRE4uVqEuRZS9sZjQIhVnsvDBxxA/RInECPWrrICKbiVvxXazBLaDVud7zGlsEQcziL88Xqct 88DWmIPRKW+6dipFIk8UX90Kw+Z1CoAnc+ZIkcZayQCDHi7GovuqK886xWUQP8jiM1UYrj4ydS5 1yH3CaQDD22Z4WXIz0HmmcDPcCS+kMwijd6xiv33FU64QDgzbuSKkvl96CjF6EKJmnnuw64O04g DKXOsm4WZZOF1tBUGvJsrJzKJNfhGs9ZV6TviIPDSA0= X-Google-Smtp-Source: AGHT+IF4FXGhwIHqJ/DuDn/j0bFKz+pEDjOCBxkfUkyZesVVJRkIi3Q/siDIlZJLl3vt44jk4Qda+w== X-Received: by 2002:a05:6a00:9285:b0:736:4110:5579 with SMTP id d2e1a72fcca58-73980322513mr25601365b3a.2.1743677284879; Thu, 03 Apr 2025 03:48:04 -0700 (PDT) Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-af9bc32c999sm916434a12.19.2025.04.03.03.48.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Apr 2025 03:48:04 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#77396] [PATCH v2 1/2] least-authority: Preserve systemd LISTEN_* environment variables. In-Reply-To: <87iknl7fuv.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Thu, 03 Apr 2025 11:29:28 +0200") References: <87iknl7fuv.fsf@gnu.org> Date: Thu, 03 Apr 2025 19:47:46 +0900 Message-ID: <87o6xdzfl9.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77396 Cc: Josselin Poiret , Simon Tournier , Mathieu Othacehe , Tobias Geerinckx-Rice , Christopher Baines , 77396@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludovic, Ludovic Court=C3=A8s writes: > Maxim Cournoyer skribis: > >> Otherwise, combining make-systemd-constructor with least-authority-wrapp= er >> would not work correctly out of the box. >> >> * guix/least-authority.scm (%precious-variables): Rename to... >> (%default-preserved-environment-variables): ... this, and export it. >> Add "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES" environment variables. >> (least-authority-wrapper): Adjust accordingly. >> >> Change-Id: Idd259b15463920965f530e1917d76bf97def3b7b > > [...] > >> -(define %precious-variables >> +(define %default-preserved-environment-variables >> ;; Environment variables preserved by the wrapper by default. >> - '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER")) >> + '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER" >> + "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES")) ;for make-systemd-cons= tructor > > I would not export this variable, but otherwise LGTM! It aims to make extending the list easier. Otherwise one has to peek into the code, and copy the existing list to be consed to. Perhaps you mean that you don't think this should be extensible? And if something important is missing we can simply add it like I've done for the LISTEN_* variables here? --=20 Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 07 21:53:24 2025 Received: (at 77396-done) by debbugs.gnu.org; 8 Apr 2025 01:53:25 +0000 Received: from localhost ([127.0.0.1]:57769 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u1y9U-000858-57 for submit@debbugs.gnu.org; Mon, 07 Apr 2025 21:53:24 -0400 Received: from mail-qv1-xf30.google.com ([2607:f8b0:4864:20::f30]:53733) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u1y9R-00084m-4d for 77396-done@debbugs.gnu.org; Mon, 07 Apr 2025 21:53:21 -0400 Received: by mail-qv1-xf30.google.com with SMTP id 6a1803df08f44-6e8f8657f29so41536146d6.3 for <77396-done@debbugs.gnu.org>; Mon, 07 Apr 2025 18:53:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744077194; x=1744681994; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nSXcjlPkHEIgN2exIgXWvMKlKMn77Yxduu6mBy/Cg4E=; b=TZfaZVvRKB4X6nYlh/7CQ7IfDmTQQYVMf5QjYdJNan859vR1ZzVqqGfJZi4nFvv5a4 CFJ4qrZtbpyFizMzB8UYK7MSaFF6tX39nBXFawQFC/2yqM7OQuHj+dzd7etKwQfoNJp0 hJCGU83VKOJNL+dndLBjQkFyS9e4MgSktED4UaSB+O7BUrSAnFdHaFsIb2KNymEX4lp+ Mo9HM9zXv3C3mlkhFWWj+wGI5sm0ClmPUARs8G2ETf7gHrRIR4f+gJXXQkpO63Ds3BVp R/fC63GfbNrs58KbDTqv2BhuSE6FJVK3FFOhpIeKY9TAIRCKmQTZxHRHLfs0kXReO8yJ aV5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744077194; x=1744681994; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=nSXcjlPkHEIgN2exIgXWvMKlKMn77Yxduu6mBy/Cg4E=; b=JEy7h5qMLf4ZtXHXh2LDLmQ7lzAbZQNCahHd5rUOhlj65qafi665NVc7nBR0xR6eHw RDlaMuHfjXKt6UPPKc4Iv78gtYEpanUYBZr5dP4bn3ZaDvWennQ9XiCcH4XyrIbnTq/B 7mcJBRqiWe9+R5lNuDAxGZzrPh8O/qxNuKQbS7YsByi9j3hxjO+6pqUxlRX4yv4zD9B5 QsBEiZJbKKvgBrZXk1AQJN3gC64VTACVV8GouWbfJIxA/uyvC0u4Egmcwa5voKTfzLNz Os8fPwV2wvk9f44EhDWPcBYJMOxDuN4JVBO8vgX68CC1P4Rdkjamp++UPyXCqn2P7lhi 7qAw== X-Gm-Message-State: AOJu0YzF5vr0GAkZJbYveFKTZrOuZwpjLOpahUHd//VXuKF+GoSL1S8Y mP637HuZpxBp8+/gG2rfZYYxY6dhUEj0WpXyGHQX4/USDf14kjmLQDRiUd21 X-Gm-Gg: ASbGncsH+YMna64fZOE1/XzVmdxg/mbUuL1p4xfFNXZc6LIXI79DrdRpa/xZmNybJZG sm/xJeVTm6g62z5xXDEYdaiI6ijZ4TkYqCjhRFOdb/hKifyRmhGJbnOwsxxyc9qRf2MBr+/blWV L9r+h/7PacLkHSfDbMcMoz4gUeC8zdvDAxuz7pq7ZvaHxWPA1bc1+YsvW1YZoEpH63uAU8sYsLG doIHzOxgKbamAH8mtzLJAxdeSZhg47U061cT7q1WSE1IjWgE6595N+EDu4E+bOwHvSxoJF00/4S O+8e5FckpIz8EF8Fvp5/32Rl+/Vfd/JK+z0XoASfJrEmGvrjbndavFI9attdgAKCUA== X-Google-Smtp-Source: AGHT+IFoNdh2eoWpzXswY//WBvrvNOZQnHb76gMZRuN9E1KgQaVgzJUubgP3AxgNhWh5Oc4KGMJkPg== X-Received: by 2002:a05:6214:248b:b0:6d4:19a0:202 with SMTP id 6a1803df08f44-6f01e7aa95dmr233087896d6.33.1744077194413; Mon, 07 Apr 2025 18:53:14 -0700 (PDT) Received: from terra (vps-6234970c.vps.ovh.ca. [51.222.13.224]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6ef0f00ec8dsm67245426d6.28.2025.04.07.18.53.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Apr 2025 18:53:13 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#77396] [PATCH] services: Add ngircd-service-type. In-Reply-To: <87mscx7fxg.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Thu, 03 Apr 2025 11:27:55 +0200") References: <87bjtgdqkt.fsf@gnu.org> <87mscx21l3.fsf@gmail.com> <87mscx7fxg.fsf@gnu.org> Date: Tue, 08 Apr 2025 10:52:54 +0900 Message-ID: <87y0wbzafd.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77396-done Cc: 77396-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludovic, Ludovic Court=C3=A8s writes: [...] > >>> Please don=E2=80=99t export record type descriptors like >>> since that makes it impossible to provide any guarantee (ABI, validity >>> of fields, etc.). >> >> Since there would be so many fields to export, I was hoping to punt on >> exporting all individual accessors, and at least let users be able to >> use 'match-record', which requires the record type. Isn't match-record >> intended to be used by users as well as service authors? > > Well, it=E2=80=99s a tradeoff; common practice is to err on the safe side= by > not exposing these low-level details. OK. I've bitten the bullet and exported all the field accessors (no longer exporting the record types). [...] >>> I=E2=80=99d use #:log-file and drop =E2=80=98--syslog=E2=80=99; I find = it more convenient. >> >> Do you find it more convenient because of the new 'herd log service' >> functionality when #:log-file is used? Otherwise I usually prefer >> searching messages in a single place as opposed to various log files. > > The feature is =E2=80=98herd status service=E2=80=99, which shows recent = messages, and > yes, that=E2=80=99s the main reason I find it more convenient. :-) > But if you think otherwise, that=E2=80=99s fine too. I see! I've made it its own log file to ensure Shepherd can show the tail of the log in 'herd status ngircd', which seems useful. Here's the change, with the accessors exposed as well: --8<---------------cut here---------------start------------->8--- 1 file changed, 73 insertions(+), 13 deletions(-) gnu/services/messaging.scm | 86 +++++++++++++++++++++++++++++++++++++++++++= ++++++++++++++++++++++++++++++------------- modified gnu/services/messaging.scm @@ -63,31 +63,89 @@ (define-module (gnu services messaging) bitlbee-configuration? bitlbee-service-type =20 - + ngircd-service-type ngircd-configuration ngircd-configuration? - + ngircd-configuration-ngircd + ngircd-configuration-debug? + ngircd-configuration-global + ngircd-configuration-limits + ngircd-configuration-options + ngircd-configuration-ssl + ngircd-configuration-operators + ngircd-configuration-servers + ngircd-configuration-channels ngircd-global ngircd-global? - + ngircd-global-name + ngircd-global-admin-info-1 + ngircd-global-admin-info-2 + ngircd-global-admin-email + ngircd-global-help-file + ngircd-global-info + ngircd-global-listen + ngircd-global-motd-file + ngircd-global-motd-phrase + ngircd-global-network + ngircd-global-password + ngircd-global-pid-file + ngircd-global-ports + ngircd-global-server-uid + ngircd-global-server-gid ngircd-limits ngircd-limits? - + ngircd-limits-connect-retry + ngircd-limits-max-connections + ngircd-limits-max-connections-ip + ngircd-limits-max-joins + ngircd-limits-max-list-size + ngircd-limits-ping-timeout + ngircd-limits-pong-timeout ngircd-options ngircd-options? - + ngircd-options-allowed-channel-types + ngircd-options-allow-remote-oper? + ngircd-options-connect-ipv4? + ngircd-options-connect-ipv6? + ngircd-options-dns? + ngircd-options-more-privacy? + ngircd-options-notice-before-registration? + ngircd-options-oper-can-use-mode? + ngircd-options-oper-chan-p-auto-op? + ngircd-options-oper-server-mode? + ngircd-options-pam? + ngircd-options-pam-is-optional? + ngircd-options-require-auth-ping? ngircd-ssl ngircd-ssl? - + ngircd-ssl-cert-file + ngircd-ssl-key-file + ngircd-ssl-ca-file + ngircd-ssl-ports + ngircd-ssl-cipher-list + ngircd-ssl-dh-file ngircd-operator ngircd-operator? - + ngircd-operator-name + ngircd-operator-password + ngircd-operator-mask ngircd-server ngircd-server? - + ngircd-server-name + ngircd-server-host + ngircd-server-my-password + ngircd-server-peer-password + ngircd-server-bind + ngircd-server-port + ngircd-server-group + ngircd-server-passive? + ngircd-server-ssl-connect? ngircd-channel ngircd-channel? - ngircd-service-type + ngircd-channel-name + ngircd-channel-topic + ngircd-channel-modes + ngircd-channel-key-file =20 quassel-configuration quassel-service-type @@ -1458,8 +1516,9 @@ (define (ngircd-wrapper config) #:mappings (append (list (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) + (source "/var/log/ngircd.log") + (target source) + (writable? #t)) (file-system-mapping (source ngircd.conf) (target source))) @@ -1528,7 +1587,7 @@ (define (ngircd-shepherd-service config) (actions (list (shepherd-configuration-action ngircd.conf))) (start #~(make-systemd-constructor (append (list #$(ngircd-wrapper config) - "--nodaemon" "--syslog" + "--nodaemon" "--config" #$ngircd.conf) (if #$debug? '("--debug") @@ -1546,7 +1605,8 @@ (define (ngircd-shepherd-service config) (logior AI_NUMERICHOST AI_NUMERICSERV)))))) (list #$@addresses))) - (list #$@ports)))) + (list #$@ports)) + #:log-file "/var/log/ngircd.log")) (stop #~(make-systemd-destructor))))))) =20 (define (ngircd-activation config) --8<---------------cut here---------------end--------------->8--- [...] >>> But! if it=E2=80=99s about checking the configuration, I would do it in= a >>> derivation (instead of at activation time), similar to how this is done >>> for mcron. >> >> Hm, I have looked at the mcron service and others, but haven't found it. >> Could you please point me to the exact file/line? > > See =E2=80=98validated-file=E2=80=99 in mcron.scm. Thanks. Done like so: --8<---------------cut here---------------start------------->8--- 1 file changed, 18 insertions(+), 17 deletions(-) gnu/services/messaging.scm | 35 ++++++++++++++++++----------------- modified gnu/services/messaging.scm @@ -1102,8 +1102,8 @@ (define-configuration ngircd-global ;[Global] "A list of IP address on which the server should listen. By default it listens on all configured IP addresses and interfaces.") (motd-file - ;; Provide an empty default file to avoid a warning when running --conf= test - ;; in the activation script. + ;; Provide an empty default file to avoid a warning when running + ;; --configtest to validate the configuration file. (file-like (plain-file "ngircd.motd" "")) "Text file with the @i{message of the day} (MOTD). This message will be shown to all users connecting to the server.") @@ -1490,9 +1490,21 @@ (define (ngircd-account config) (define (serialize-ngircd-configuration config) "Return a file-like object corresponding to the serialized record." - (mixed-text-file "ngircd.conf" - (serialize-configuration - config ngircd-configuration-fields))) + (let ((ngircd (file-append (ngircd-configuration-ngircd config) + "/sbin/ngircd")) + (ngircd.conf (mixed-text-file "unvalidated-ngircd.conf" + (serialize-configuration + config ngircd-configuration-fields)= ))) + (computed-file + "ngircd.conf" + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + ;; Ensure stdin is not connected to a TTY source to avoid ngircd + ;; configtest blocking with a confirmation prompt. + (parameterize ((current-input-port (%make-void-port "r"))) + (invoke #+ngircd "--config" #$ngircd.conf "--configtest" )) + (copy-file #$ngircd.conf #$output)))))) =20 (define (ngircd-wrapper config) "Take CONFIG, a object, and provide a least-autho= rity @@ -1609,15 +1621,6 @@ (define (ngircd-shepherd-service config) #:log-file "/var/log/ngircd.log")) (stop #~(make-systemd-destructor))))))) =20 -(define (ngircd-activation config) - (let* ((ngircd (file-append (ngircd-configuration-ngircd config))) - (ngircd.conf (serialize-ngircd-configuration config))) - ;; Ensure stdin is not a TTY to avoid pausing for a key during boot - ;; when a problem is detected. - #~(parameterize ((current-input-port (%make-void-port "r"))) - (system* #$(file-append ngircd "/sbin/ngircd") - "--configtest" "--config" #$ngircd.conf)))) - (define ngircd-service-type (service-type (name 'ngircd) @@ -1627,9 +1630,7 @@ (define ngircd-service-type (service-extension profile-service-type (compose list ngircd-configuration-ngircd)) (service-extension account-service-type - ngircd-account) - (service-extension activation-service-type - ngircd-activation))) + ngircd-account))) (description "Run @url{https://ngircd.barton.de/, ngIRCd}, a lightweight @acronym{I= RC, Internet Relay Chat} daemon."))) [back] --8<---------------cut here---------------end--------------->8--- The improved test suite still passes; I've pushed it as commit c9524b5841. Thanks for the review! --=20 Maxim From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 08 05:49:47 2025 Received: (at 77396) by debbugs.gnu.org; 8 Apr 2025 09:49:47 +0000 Received: from localhost ([127.0.0.1]:59141 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u25aU-0002j4-Iu for submit@debbugs.gnu.org; Tue, 08 Apr 2025 05:49:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45774) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u25aS-0002iV-3E for 77396@debbugs.gnu.org; Tue, 08 Apr 2025 05:49:44 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u25aM-0001sO-Lc; Tue, 08 Apr 2025 05:49:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=hOm//T/C2OdAZ+rF2x4dSOu3phKn6ixtuDmNXLNQa/Q=; b=TFC48fmD8zmcb+gN0fRP qcLtn69R9PtOTK+lYoB6fS+rMGUkz7BFToltcdlw1qvNdiNI5ZHJXgATYcLoQ2kc+02ACQxyIK0zW 0nCgHBbtFRJOEiQGXGpADM7tZ8PNQx06kYjdUzfc5jb9sIVdcjQ4JKBVq7NMLROwJTJM5pymV8nBx bFqcS5NiCOu8py9OmCvczJAOlZJq882/RElw4DcTntKTi13S7MI9MzwaTUcBwqH8uFi5wXqVfb/v7 gzX35QRKwkrCrhRLxKg95QJR1B9KPFdmVhYeeO12hgLL5pTf6YCflrf6KZJJkUBS6K6/M4UfiZhhO xorqxmdkmZ8eVA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: [bug#77396] [PATCH v2 1/2] least-authority: Preserve systemd LISTEN_* environment variables. In-Reply-To: <87o6xdzfl9.fsf@gmail.com> (Maxim Cournoyer's message of "Thu, 03 Apr 2025 19:47:46 +0900") References: <87iknl7fuv.fsf@gnu.org> <87o6xdzfl9.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Nonidi 19 Germinal an 233 de la =?utf-8?Q?R=C3=A9vol?= =?utf-8?Q?ution=2C?= jour du Radis X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 08 Apr 2025 11:49:35 +0200 Message-ID: <87r0236l00.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77396 Cc: Josselin Poiret , Simon Tournier , Mathieu Othacehe , Tobias Geerinckx-Rice , Christopher Baines , 77396@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Maxim Cournoyer skribis: > Ludovic Court=C3=A8s writes: > >> Maxim Cournoyer skribis: >> >>> Otherwise, combining make-systemd-constructor with least-authority-wrap= per >>> would not work correctly out of the box. >>> >>> * guix/least-authority.scm (%precious-variables): Rename to... >>> (%default-preserved-environment-variables): ... this, and export it. >>> Add "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES" environment variables. >>> (least-authority-wrapper): Adjust accordingly. >>> >>> Change-Id: Idd259b15463920965f530e1917d76bf97def3b7b >> >> [...] >> >>> -(define %precious-variables >>> +(define %default-preserved-environment-variables >>> ;; Environment variables preserved by the wrapper by default. >>> - '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER"= )) >>> + '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER" >>> + "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES")) ;for make-systemd-con= structor >> >> I would not export this variable, but otherwise LGTM! > > It aims to make extending the list easier. Otherwise one has to peek > into the code, and copy the existing list to be consed to. Ah yes, that makes sense to me. Let=E2=80=99s export it then! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 13 21:20:04 2025 Received: (at 77396) by debbugs.gnu.org; 14 Apr 2025 01:20:05 +0000 Received: from localhost ([127.0.0.1]:44695 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u48UW-00084y-3A for submit@debbugs.gnu.org; Sun, 13 Apr 2025 21:20:04 -0400 Received: from mail-pl1-x62c.google.com ([2607:f8b0:4864:20::62c]:43508) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u48US-000841-Dp for 77396@debbugs.gnu.org; Sun, 13 Apr 2025 21:20:01 -0400 Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-227914acd20so37915635ad.1 for <77396@debbugs.gnu.org>; Sun, 13 Apr 2025 18:20:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744593594; x=1745198394; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ho25FX77YxXlsEV4EjjmtPOt9tNryrMJ9YSiHywNR8E=; b=kE6afUTcCnujTUYfsPHccD48OfV3ArJ22xDNcNRDLjxT2OuPvSjrH3VL5yvw10Iygh 7v5jqJYRFqDykuh8CW73F/K/nnOUpYdO3haifhYPRGrxopXHnJWwzp0zWOHr6gk3Ht7A 3/9RWW5aTYIF/mYsW1WZC13cix+hEJAmsm4x5dH+C6MLQI/7Sg5+NQUHFT3nm7qM2bM+ 1umMkamiNwJ0PMVhR8HzK7SQBrEGd5lNxfOzMjNIl1Tcd2mYciPU0P6bTECj9u0Slgdl wcuMWLAw80xYzjU59vBU5K4/4aiC3Uk0HIhckvIOEslLC+yMx16DLgRzu9ZN62hgeE8Y nF/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744593594; x=1745198394; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ho25FX77YxXlsEV4EjjmtPOt9tNryrMJ9YSiHywNR8E=; b=H4Ep2PckbYCGmtDy6ff5+WEXaWO0rC5kqI2nUs2YMsk8rvxGsf64lsa8Zq+ACHqZ4M gaLA6Fw0mmJyJstrPmysfiLFC+BwtEn5D0P6SQqi63fUmdZ7QAXhGp03ERSrfR2HxMAh L1+l6l8OiFajSsF4Y0RIawk6/MK629o6DxJiw0Ej4Dvo8ySsiNZWCRHZ4Dhjw7pBRSH5 tEF7YxBRXfTKtAP3r+i5RrLdRGgLK8uPO2iUtfkMbRbXLVJyLOe08jjg5jy69b/fvSuw 4+iSQ9gleHaNuOeDMR6FgnTityDNce4et1me8Z4xFSltGqtpfkGhe9pEkpDkyHAe+2ya JbIQ== X-Forwarded-Encrypted: i=1; AJvYcCXDpHHgcOgJ4VxwW8cFSdgdFd7LWCSMiCkNHW9u29VGKlxqI+LfKMfpa7GaxDVQVnLZ1ZI8ag==@debbugs.gnu.org X-Gm-Message-State: AOJu0YwiSAm6oywug7arSB5PjN1Pk6BqxFKzvhjwmBkBw7LrCZHIFulj UKsBEsJ0wLgvt5vfbtSHyLcC/LhKn0ORm7pNuRNAcOgBgmtWJMnhZmvzew== X-Gm-Gg: ASbGnctGQO4NTOagmEJPm4IYFipimf2CWKNsjNcQV6DUpgdpBIEmhLd76n+EALvjVaK vL3RWnztXPyKTCMeJEqfPNhWUyLKlX8pfk8B6DiSjHHCA8sbgfsM2UZqooPNW9RNRtnRSYjH/e8 XEGDaBiW7JmSWGltmygMxL2tEvJZJ9eKXN04Ryk/oj8Q5TKD2rNno9YVXQ1Rf69LWsowJ76+9Uj NdWsobXczGjx3H1saMRUyxuQKeliPO7/uKqCf+5kqYkZsnCX1TsxkNQCu2Wb5kVTzO5Oq4MuaXH DmgHCHxHsXvzPu+ErCoWc/zX/7j9AKuJZ3G4WpEHJ2QyJHe42Q== X-Google-Smtp-Source: AGHT+IFj4vu5/glY0ateSr+6mvqbez6m8QeDxJaDiUJWYcFWUihIitD3/hrUjqICSqs7a6Uy9Sp05A== X-Received: by 2002:a17:903:8cd:b0:224:3994:8a8c with SMTP id d9443c01a7336-22b69474cb3mr209878305ad.8.1744593593513; Sun, 13 Apr 2025 18:19:53 -0700 (PDT) Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22ac7b8af56sm88250015ad.66.2025.04.13.18.19.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Apr 2025 18:19:52 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#77396] [PATCH v2 1/2] least-authority: Preserve systemd LISTEN_* environment variables. In-Reply-To: <87r0236l00.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Tue, 08 Apr 2025 11:49:35 +0200") References: <87iknl7fuv.fsf@gnu.org> <87o6xdzfl9.fsf@gmail.com> <87r0236l00.fsf@gnu.org> Date: Mon, 14 Apr 2025 10:19:32 +0900 Message-ID: <87ecxvwndn.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77396 Cc: Josselin Poiret , Simon Tournier , Mathieu Othacehe , Tobias Geerinckx-Rice , Christopher Baines , 77396@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludovic, Ludovic Court=C3=A8s writes: [...] >>>> -(define %precious-variables >>>> +(define %default-preserved-environment-variables >>>> ;; Environment variables preserved by the wrapper by default. >>>> - '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER= ")) >>>> + '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER" >>>> + "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES")) ;for make-systemd-co= nstructor >>> >>> I would not export this variable, but otherwise LGTM! >> >> It aims to make extending the list easier. Otherwise one has to peek >> into the code, and copy the existing list to be consed to. > > Ah yes, that makes sense to me. Let=E2=80=99s export it then! I had already pushed this without exporting it. Let's revisit the next time we have a reason to extend the list. --=20 Thanks, Maxim From unknown Tue Jun 17 21:53:58 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 12 May 2025 11:24:20 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator