GNU bug report logs - #77419
[PATCH] services: Add svcgssd-service-type.

Previous Next

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <~@wolfsden.cz>
To: guix-patches <at> gnu.org
Cc: Tomas Volf <~@wolfsden.cz>
Subject: [PATCH] services: Add svcgssd-service-type.
Date: Mon, 31 Mar 2025 23:37:11 +0200

This service is required to get NFS with Kerberos support working.  No
documentation is provided, since this module is under-documented as a whole.
It could use some work.

* gnu/services/nfs.scm (<svcgssd-configuration>): New record type.
(svcgssd-service-type): New service type.
(nfs-service-type): Extend the svcgssd-service-type.

Change-Id: I14d6b7757a8500569c677caca6cd0b528b032c62
---
 gnu/services/nfs.scm | 80 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 78 insertions(+), 2 deletions(-)

diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index f5a1c6a44e..c9d10c9e5a 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,6 +20,7 @@
 
 (define-module (gnu services nfs)
   #:use-module (gnu)
+  #:use-module (gnu services configuration)
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages onc-rpc)
   #:use-module (gnu packages linux)
@@ -45,6 +46,10 @@ (define-module (gnu services nfs)
             gss-configuration
             gss-configuration?
 
+            svcgssd-service-type
+            svcgssd-configuration
+            svcgssd-configuration?
+
             nfs-service-type
             nfs-configuration
             nfs-configuration?))
@@ -189,6 +194,68 @@ (define gss-service-type
 
 
 
+(define-record-type* <svcgssd-configuration>
+  svcgssd-configuration make-svcgssd-configuration
+  svcgssd-configuration?
+  (verbosity            svcgssd-configuration-verbosity
+                        (default 0))
+  (verbosity-rpcsec-gss svcgssd-configuration-verbosity-rpcsec-gss
+                        (default 0))
+  (verbosity-nfsidmap   svcgssd-configuration-verbosity-nfsidmap
+                        (default 0))
+  (principal            svcgssd-configuration-principal
+                        (default %unset-value))
+  (host-credentials?    svcgssd-configuration-host-credentials?
+                        (default #f))
+  (nfs-utils            svcgssd-configuration-svcgssd
+                        (default nfs-utils)))
+
+(define svcgssd-service-type
+  (let ((proc
+         (lambda (config)
+           (define svcgssd-command
+             (match-record config <svcgssd-configuration>
+                           ( verbosity verbosity-rpcsec-gss verbosity-nfsidmap
+                             principal host-credentials? nfs-utils)
+               #~(list
+                  (string-append #$nfs-utils "/sbin/rpc.svcgssd") "-f"
+                  #$@(map (const "-v") (iota verbosity))
+                  #$@(map (const "-r") (iota verbosity-rpcsec-gss))
+                  #$@(map (const "-i") (iota verbosity-nfsidmap))
+                  #$@(if (maybe-value-set? principal)
+                         `("-p" ,principal)
+                         '())
+                  #$@(if host-credentials?
+                         '("-n")
+                         '()))))
+
+           (shepherd-service
+            (documentation "Start the RPC SVCGSSD daemon.")
+            (requirement '(user-processes rpcbind-daemon rpc-pipefs))
+            (provision '(rpc-svcgssd))
+
+            (start #~(make-forkexec-constructor #$svcgssd-command))
+            (stop #~(make-kill-destructor))))))
+    (service-type
+     (name 'svcgssd)
+     (extensions
+      (list (service-extension shepherd-root-service-type
+                               (compose list proc))))
+     ;; We use the extensions feature to allow other services to automatically
+     ;; configure and start this service.  Only one value can be provided.  We
+     ;; override it with the value returned by the extending service.
+     (compose identity)
+     (extend (lambda (config values)
+               (match values
+                 ((first . rest) first)
+                 (_ config))))
+     (default-value (svcgssd-configuration))
+     (description "Run the @dfn{global security system} (SVCGSSD) daemon,
+which provides strong security for protocols based on remote procedure
+calls (ONC RPC)."))))
+
+
+
 (define-record-type* <idmap-configuration>
   idmap-configuration make-idmap-configuration
   idmap-configuration?
@@ -282,7 +349,8 @@ (define-record-type* <nfs-configuration>
                        (default #f))
   (pipefs-directory    nfs-configuration-pipefs-directory
                        (default default-pipefs-directory))
-  ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, or mountd.
+  ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, mountd or
+  ;; svcgssd.
   (debug               nfs-configuration-debug
                        (default '())))
 
@@ -448,6 +516,14 @@ (define nfs-service-type
      (service-extension rpcbind-service-type
                         (lambda (config)
                           (rpcbind-configuration
-                           (rpcbind (nfs-configuration-rpcbind config)))))))
+                           (rpcbind (nfs-configuration-rpcbind config)))))
+     (service-extension svcgssd-service-type
+                        (lambda (config)
+                          (svcgssd-configuration
+                           (nfs-utils (nfs-configuration-nfs-utils config))
+                           (verbosity
+                            (if (member 'svcgssd
+                                        (nfs-configuration-debug config))
+                                10 0)))))))
    (description
     "Run all NFS daemons and refresh the list of exported file systems.")))
-- 
2.49.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.