GNU bug report logs - #27155
[PATCH 0/2] Support service extensions on the "final" service values

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Severity: important; Reported by: Ludovic Courtès <ludo@HIDDEN>; Keywords: patch; dated Tue, 30 May 2017 22:00:02 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 27155 <at> debbugs.gnu.org:


Received: (at 27155) by debbugs.gnu.org; 1 Jun 2017 11:24:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 01 07:24:51 2017
Received: from localhost ([127.0.0.1]:48606 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dGODj-00063C-Bg
	for submit <at> debbugs.gnu.org; Thu, 01 Jun 2017 07:24:51 -0400
Received: from eggs.gnu.org ([208.118.235.92]:46774)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dGODi-00062z-3q
 for 27155 <at> debbugs.gnu.org; Thu, 01 Jun 2017 07:24:50 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dGODZ-00048m-Pp
 for 27155 <at> debbugs.gnu.org; Thu, 01 Jun 2017 07:24:45 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53467)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dGODZ-00048i-Md; Thu, 01 Jun 2017 07:24:41 -0400
Received: from [193.50.110.69] (port=42310 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dGODZ-0007xN-2d; Thu, 01 Jun 2017 07:24:41 -0400
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Alex Kost <alezost@HIDDEN>
Subject: Re: bug#27155: [PATCH 0/2] Support service extensions on the "final"
 service values
References: <20170530215850.7522-1-ludo@HIDDEN> <8760ggrpxm.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 13 Prairial an 225 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Thu, 01 Jun 2017 13:24:38 +0200
In-Reply-To: <8760ggrpxm.fsf@HIDDEN> (Alex Kost's message of "Thu, 01 Jun
 2017 12:57:09 +0300")
Message-ID: <871sr43q89.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 27155
Cc: 27155 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Hi Alex,

Alex Kost <alezost@HIDDEN> skribis:

> This is great!  Just what I wanted, and thanks for this example!  Based
> on it, I made the following service:
>
>   (define replace-etc/profile-type
>     (let ((replace
>            (lambda (file entries)
>              (cons `("profile" ,file)
>                    (map (match-lambda
>                           ((name . rest)
>                            (cons (if (string=3D name "profile")
>                                      (string-append "original-profile")
>                                      name)
>                                  rest)))
>                         entries)))))
>       (service-type
>        (name 'replace-etc/profile)
>        (extensions (list (service-extension etc-service-type
>                                             (const '())
>                                             replace))))))
>
>   (service replace-etc/profile-type (local-file ".../my-system-profile"))
>
> So now I can use my own "/etc/profile", moreover I can look at the
> "/etc/original-profile" anytime.  I already use a system with this
> service and I enjoy it, thanks a lot!

Awesome, I=E2=80=99m glad you like it!  It was long overdue.

Thanks for taking the time to test!

Ludo=E2=80=99.




Information forwarded to guix-patches@HIDDEN:
bug#27155; Package guix-patches. Full text available.

Message received at 27155 <at> debbugs.gnu.org:


Received: (at 27155) by debbugs.gnu.org; 1 Jun 2017 09:57:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 01 05:57:19 2017
Received: from localhost ([127.0.0.1]:48453 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dGMr1-0003s3-MN
	for submit <at> debbugs.gnu.org; Thu, 01 Jun 2017 05:57:19 -0400
Received: from mail-lf0-f50.google.com ([209.85.215.50]:33969)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <alezost@HIDDEN>) id 1dGMqz-0003ro-Td
 for 27155 <at> debbugs.gnu.org; Thu, 01 Jun 2017 05:57:18 -0400
Received: by mail-lf0-f50.google.com with SMTP id 99so23406010lfu.1
 for <27155 <at> debbugs.gnu.org>; Thu, 01 Jun 2017 02:57:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:message-id:user-agent
 :mime-version:content-transfer-encoding;
 bh=oy3dGzxzxZZsMS1BL4xalpItj1i4M5dtuizfYqWuixM=;
 b=hhyKOcinljTN4iKJDdlIzGoKlUBpvPLD2269/ly3wh5LVyBcAnKjo0NX+D3Am02EgP
 I1rSVRQKYPv896kVjB3fJUsCHq8CTFIa1vOaLMOvERwIgZC2UmE2rW3zVfWGuVKgKnzl
 jtwcl8WTKWdugdX4q2d50tSYXDCXnDOX4NLVSCN6cRV4Di9YM9VoB3vFxAv1P2BxqXaQ
 3W6uZsebfoPsMkMmQp9BNMUGFT24tTkTIb2JPsVeXCsm7vU7ZFjS1Taj8DTb0qSXJ7Sh
 DUt/xyOJbN5kT6HnYbuR06v+bCTKkb1TRp78wEOA+wcfR69D2HeSHhYlYj7Dcs71S1fY
 yB9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=oy3dGzxzxZZsMS1BL4xalpItj1i4M5dtuizfYqWuixM=;
 b=fQu0WkoL1UNo/mKJvtA9tniHltnIyPepnYoHxVdfb1wlFJ4/hPQxow6IUmK94qySP5
 SlTGMw0DJ8gLIe9TrI4tmHQu0WBqL78xcQaZnGb8ZMBE695Ok4b0q/DLtfnpkYXj+tJK
 XBoq9nWMvCbtSKdyW++TuUxpPPrH9lElTn4TkUnwk5oan7ArsRj57whiySrTDr4sBfEs
 NVp86CgNl2Krm0zH8OiZW86aGSAA4ZyheKm+5h+GXdh0vUXQKslLKfr7e7mYgBHB1BFE
 j333RkMy0GJj12eUpDovG0WfOK2YGH33Ta9RYBiOnnlZ8LKUTsu87AQpsWVpugp/YgeE
 LV7Q==
X-Gm-Message-State: AODbwcBUlQU1FFpbc+Urb4HHhVGSNSzJAeIgd39VqsVRF2bFi1AAoQBo
 9InHyX0qonTBzThm
X-Received: by 10.46.69.8 with SMTP id s8mr241360lja.55.1496311031621;
 Thu, 01 Jun 2017 02:57:11 -0700 (PDT)
Received: from leviafan ([217.107.194.134])
 by smtp.gmail.com with ESMTPSA id v30sm4205842ljd.9.2017.06.01.02.57.10
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 01 Jun 2017 02:57:10 -0700 (PDT)
From: Alex Kost <alezost@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: bug#27155: [PATCH 0/2] Support service extensions on the "final"
 service values
References: <20170530215850.7522-1-ludo@HIDDEN>
Date: Thu, 01 Jun 2017 12:57:09 +0300
Message-ID: <8760ggrpxm.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 27155
Cc: 27155 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.5 (/)

Ludovic Court=C3=A8s (2017-05-30 23:58 +0200) wrote:

> Hello!
>
> This patch adds support for service extensions that modify the
> "final" values of a service.  This is meant to implement cross-cutting
> concerns as well as system-wide customization as discussed with Alex
> long ago:
>
>   https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00623.html
>   https://lists.gnu.org/archive/html/guix-devel/2016-09/msg01505.html
>
> To summarize, a "finalization extension" (for lack of a better name)
> gets the final value of a service and returns a new value for that
> service.  This is in contrast with a "normal" extension which can only
> contribute to the value of a target service, and not inspect the value
> of that target service.
>
> For example, for the /etc service, a "normal" extension can only add
> entries for /etc.  A "finalization" extension can instead inspect and
> change all the /etc entries.  IOW, it is a sort of a "sudo" for service
> extensions; it's also quite inelegant compared to the "normal" extension
> mechanism, but it's certainly useful.

Definitely!

> A use case is given in the second patch: we change all the PAM services
> to use pam_elogind.so or pam_limits.so.  Likewise, the 'rename-etc-files'
> service below shows how to rename all the files in /etc (for illustration
> purposes only :-)):
>
>   (define rename-etc-files
>     (let ((rename (lambda (prefix entries)
> 		    (map (match-lambda
> 			   ((name . rest)
> 			    (cons (string-append prefix name)
> 				  rest)))
> 			 entries))))
>       (service-type
>        (name 'rename-etc-files)
>        (extensions (list (service-extension etc-service-type
> 					    (const '())
> 					    rename))))))
>
>
>   (operating-system
>     ;; ...
>     (services (cons* (service rename-etc-files "foo-")
>                      ...)))
>
> I think this should fulfill the need that Alex had expressed, which is
> to not only be able to add files to /etc, but also to have the ability
> to inspect and modify what goes to /etc.

This is great!  Just what I wanted, and thanks for this example!  Based
on it, I made the following service:

  (define replace-etc/profile-type
    (let ((replace
           (lambda (file entries)
             (cons `("profile" ,file)
                   (map (match-lambda
                          ((name . rest)
                           (cons (if (string=3D name "profile")
                                     (string-append "original-profile")
                                     name)
                                 rest)))
                        entries)))))
      (service-type
       (name 'replace-etc/profile)
       (extensions (list (service-extension etc-service-type
                                            (const '())
                                            replace))))))

  (service replace-etc/profile-type (local-file ".../my-system-profile"))

So now I can use my own "/etc/profile", moreover I can look at the
"/etc/original-profile" anytime.  I already use a system with this
service and I enjoy it, thanks a lot!

> The first patch currently lacks doc.  I'll work on it if there's consensus
> on the approach.

I agree with this approach!

--=20
Alex




Information forwarded to guix-patches@HIDDEN:
bug#27155; Package guix-patches. Full text available.
Severity set to 'important' from 'normal' Request was from ludo@HIDDEN (Ludovic Courtès) to control <at> debbugs.gnu.org. Full text available.

Message received at 27155 <at> debbugs.gnu.org:


Received: (at 27155) by debbugs.gnu.org; 30 May 2017 22:05:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 30 18:05:47 2017
Received: from localhost ([127.0.0.1]:45895 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFpGp-0002Bk-AV
	for submit <at> debbugs.gnu.org; Tue, 30 May 2017 18:05:47 -0400
Received: from eggs.gnu.org ([208.118.235.92]:49164)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dFpGn-0002BR-Iu
 for 27155 <at> debbugs.gnu.org; Tue, 30 May 2017 18:05:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFpGh-0001bH-39
 for 27155 <at> debbugs.gnu.org; Tue, 30 May 2017 18:05:36 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56339)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dFpGb-0001as-1p; Tue, 30 May 2017 18:05:29 -0400
Received: from reverse-83.fdn.fr ([80.67.176.83]:60370 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dFpGa-0000ZU-9H; Tue, 30 May 2017 18:05:28 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 27155 <at> debbugs.gnu.org
Subject: [PATCH 2/2] system: pam: Remove custom API to transform PAM services.
Date: Wed, 31 May 2017 00:05:09 +0200
Message-Id: <20170530220509.8254-2-ludo@HIDDEN>
X-Mailer: git-send-email 2.13.0
In-Reply-To: <20170530220509.8254-1-ludo@HIDDEN>
References: <20170530220509.8254-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 27155
Cc: Alex Kost <alezost@HIDDEN>,
 =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

This specific way to extend 'pam-root-service-type' has been subsumed by
the "finalization extensions" of services.

* gnu/system/pam.scm (<pam-configuration>): Remove.
(/etc-entry): Adjust accordingly.
(extend-configuration): Remove.
(pam-root-service-type)[extend]: Set to 'append'.
(pam-root-service): Remove #:transform parameter.  Adjust 'service'
form.
* gnu/services/desktop.scm (pam-extension-procedure): Rename to...
(elogind-pam-extension): ... this.  Expect the complete list of
services and map over it.
(elogind-service-type): Change PAM-ROOT-SERVICE-TYPE extension to refer
to 'elogind-pam-extension'.
* gnu/services/base.scm (limits-pam-extension): New procedure.
(pam-limits-service-type): Remove 'pam-extension' procedure.  Adjust
PAM-ROOT-SERVICE-TYPE extension accordingly.
---
 gnu/services/base.scm    | 33 ++++++++++++++++++---------------
 gnu/services/desktop.scm | 23 ++++++++++++-----------
 gnu/system/pam.scm       | 44 ++++++++------------------------------------
 3 files changed, 38 insertions(+), 62 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 7cd9a34ca..d36f5c410 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1239,6 +1239,21 @@ information on the configuration file syntax."
   (service syslog-service-type config))
 
 
+(define (limits-pam-extension limits-file pam-services)
+  "Modify some of PAM-SERVICES to use 'pam_limits.so'."
+  (map (lambda (pam)
+         (let ((pam-limits (pam-entry
+                            (control "required")
+                            (module "pam_limits.so")
+                            (arguments '("conf=/etc/security/limits.conf")))))
+           (if (member (pam-service-name pam) '("login" "su" "slim"))
+               (pam-service
+                (inherit pam)
+                (session (cons pam-limits
+                               (pam-service-session pam))))
+               pam)))
+       pam-services))
+
 (define pam-limits-service-type
   (let ((security-limits
          ;; Create /etc/security containing the provided "limits.conf" file.
@@ -1250,26 +1265,14 @@ information on the configuration file syntax."
                     (mkdir #$output)
                     (stat #$limits-file)
                     (symlink #$limits-file
-                             (string-append #$output "/limits.conf"))))))))
-        (pam-extension
-         (lambda (pam)
-           (let ((pam-limits (pam-entry
-                              (control "required")
-                              (module "pam_limits.so")
-                              (arguments '("conf=/etc/security/limits.conf")))))
-             (if (member (pam-service-name pam)
-                         '("login" "su" "slim"))
-                 (pam-service
-                  (inherit pam)
-                  (session (cons pam-limits
-                                 (pam-service-session pam))))
-                 pam)))))
+                             (string-append #$output "/limits.conf")))))))))
     (service-type
      (name 'limits)
      (extensions
       (list (service-extension etc-service-type security-limits)
             (service-extension pam-root-service-type
-                               (lambda _ (list pam-extension))))))))
+                               (const '())
+                               limits-pam-extension))))))
 
 (define* (pam-limits-service #:optional (limits '()))
   "Return a service that makes selected programs respect the list of
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 36049587d..6495bc94c 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@HIDDEN>
 ;;; Copyright © 2015 Andy Wingo <wingo@HIDDEN>
 ;;; Copyright © 2015 Mark H Weaver <mhw@HIDDEN>
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@HIDDEN>
@@ -637,21 +637,21 @@ include the @command{udisksctl} command, part of UDisks, and GNOME Disks."
                               "ELOGIND_CONF_FILE"
                               (elogind-configuration-file config))))
 
-(define (pam-extension-procedure config)
-  "Return an extension for PAM-ROOT-SERVICE-TYPE that ensures that all the PAM
-services use 'pam_elogind.so', a module that allows elogind to keep track of
-logged-in users (run 'loginctl' to see elogind's world view of users and
-seats.)"
+(define (elogind-pam-extension config pam-services)
+  "Change PAM-SERVICES so that each of them uses 'pam_elogind.so', a module
+that allows elogind to keep track of logged-in users (run 'loginctl' to see
+elogind's world view of users and seats), and return that."
   (define pam-elogind
     (pam-entry
      (control "required")
      (module (file-append (elogind-package config)
                           "/lib/security/pam_elogind.so"))))
 
-  (list (lambda (pam)
-          (pam-service
-           (inherit pam)
-           (session (cons pam-elogind (pam-service-session pam)))))))
+  (map (lambda (pam)
+         (pam-service
+          (inherit pam)
+          (session (cons pam-elogind (pam-service-session pam)))))
+       pam-services))
 
 (define elogind-service-type
   (service-type (name 'elogind)
@@ -669,7 +669,8 @@ seats.)"
 
                        ;; Extend PAM with pam_elogind.so.
                        (service-extension pam-root-service-type
-                                          pam-extension-procedure)
+                                          (const '())
+                                          elogind-pam-extension)
 
                        ;; We need /run/user, /run/systemd, etc.
                        (service-extension file-system-service-type
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index eedf93394..b1bfab7ba 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -281,50 +281,22 @@ authenticate to run COMMAND."
 ;;; PAM root service.
 ;;;
 
-;; Overall PAM configuration: a list of services, plus a procedure that takes
-;; one <pam-service> and returns a <pam-service>.  The procedure is used to
-;; implement cross-cutting concerns such as the use of the 'elogind.so'
-;; session module that keeps track of logged-in users.
-(define-record-type* <pam-configuration>
-  pam-configuration make-pam-configuration? pam-configuration?
-  (services  pam-configuration-services)          ;list of <pam-service>
-  (transform pam-configuration-transform))        ;procedure
-
-(define (/etc-entry config)
+(define (/etc-entry services)
   "Return the /etc/pam.d entry corresponding to CONFIG."
-  (match config
-    (($ <pam-configuration> services transform)
-     (let ((services (map transform services)))
-       `(("pam.d" ,(pam-services->directory services)))))))
-
-(define (extend-configuration initial extensions)
-  "Extend INITIAL with NEW."
-  (let-values (((services procs)
-                (partition pam-service? extensions)))
-    (pam-configuration
-     (services (append (pam-configuration-services initial)
-                       services))
-     (transform (apply compose
-                       (pam-configuration-transform initial)
-                       procs)))))
+  `(("pam.d" ,(pam-services->directory services))))
 
 (define pam-root-service-type
   (service-type (name 'pam)
                 (extensions (list (service-extension etc-service-type
                                                      /etc-entry)))
 
-                ;; Arguments include <pam-service> as well as procedures.
+                ;; Arguments are <pam-service> objects.
                 (compose concatenate)
-                (extend extend-configuration)))
+                (extend append)))
 
-(define* (pam-root-service base #:key (transform identity))
+(define* (pam-root-service base)
   "The \"root\" PAM service, which collects <pam-service> instance and turns
-them into a /etc/pam.d directory, including the <pam-service> listed in BASE.
-TRANSFORM is a procedure that takes a <pam-service> and returns a
-<pam-service>.  It can be used to implement cross-cutting concerns that affect
-all the PAM services."
-  (service pam-root-service-type
-           (pam-configuration (services base)
-                              (transform transform))))
+them into a /etc/pam.d directory, including the <pam-service> listed in BASE."
+  (service pam-root-service-type base))
 
 
-- 
2.13.0





Information forwarded to guix-patches@HIDDEN:
bug#27155; Package guix-patches. Full text available.

Message received at 27155 <at> debbugs.gnu.org:


Received: (at 27155) by debbugs.gnu.org; 30 May 2017 22:05:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 30 18:05:43 2017
Received: from localhost ([127.0.0.1]:45893 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFpGo-0002Bi-W0
	for submit <at> debbugs.gnu.org; Tue, 30 May 2017 18:05:43 -0400
Received: from eggs.gnu.org ([208.118.235.92]:49163)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dFpGn-0002BQ-GR
 for 27155 <at> debbugs.gnu.org; Tue, 30 May 2017 18:05:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFpGh-0001bM-4t
 for 27155 <at> debbugs.gnu.org; Tue, 30 May 2017 18:05:36 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56338)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dFpGZ-0001ah-OH; Tue, 30 May 2017 18:05:27 -0400
Received: from reverse-83.fdn.fr ([80.67.176.83]:60370 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dFpGY-0000ZU-UO; Tue, 30 May 2017 18:05:27 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 27155 <at> debbugs.gnu.org
Subject: [PATCH 1/2] DRAFT services: Extensions can specify a "finalization"
 procedure.
Date: Wed, 31 May 2017 00:05:08 +0200
Message-Id: <20170530220509.8254-1-ludo@HIDDEN>
X-Mailer: git-send-email 2.13.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 27155
Cc: Alex Kost <alezost@HIDDEN>,
 =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

TODO: Add doc

* gnu/services.scm (<service-extension>)[finalize]: New field.
Rename 'service-extension' to '%service-extension'.
(right-identity): New procedure.
(service-extension): New macro.
(fold-services)[apply-finalization, compose*]: New procedures.
Honor finalizations.
* tests/services.scm ("fold-services with finalizations"): New test.
---
 gnu/services.scm   | 52 ++++++++++++++++++++++++++++++++++++++++++----------
 tests/services.scm | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 76 insertions(+), 10 deletions(-)

diff --git a/gnu/services.scm b/gnu/services.scm
index 5c314748d..4ebce753b 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -119,10 +119,24 @@
 ;;; Code:
 
 (define-record-type <service-extension>
-  (service-extension target compute)
+  (%service-extension target compute finalize)
   service-extension?
-  (target  service-extension-target)              ;<service-type>
-  (compute service-extension-compute))            ;params -> params
+  (target   service-extension-target)              ;<service-type>
+  (compute  service-extension-compute)             ;value -> extension value
+  (finalize service-extension-finalize))           ;self other -> other
+
+(define (right-identity a b) b)
+
+(define-syntax service-extension
+  (syntax-rules ()
+    "Instantiate an extension of services of type TARGET.  COMPUTE takes the
+value of the source service and returns the extension value of the target.
+Optionally, FINALIZE takes the value of the source service and the final value
+of the target, and returns a new value for the target."
+    ((_ target compute)
+     (%service-extension target compute right-identity))
+    ((_ target compute finalize)
+     (%service-extension target compute finalize))))
 
 (define &no-default-value
   ;; Value used to denote service types that have no associated default value.
@@ -664,6 +678,21 @@ TARGET-TYPE; return the root service adjusted accordingly."
         (($ <service-extension> _ compute)
          (compute (service-value service))))))
 
+  (define (apply-finalization target)
+    (lambda (service)
+      (match (find (matching-extension target)
+                   (service-type-extensions (service-kind service)))
+        (($ <service-extension> _ _ finalize)
+         (lambda (final)
+           (finalize (service-value service) final))))))
+
+  (define (compose* procs)
+    (match procs
+      (()
+       identity)
+      (_
+       (apply compose procs))))
+
   (match (filter (lambda (service)
                    (eq? (service-kind service) target-type))
                  services)
@@ -671,15 +700,18 @@ TARGET-TYPE; return the root service adjusted accordingly."
      (let loop ((sink sink))
        (let* ((dependents (map loop (dependents sink)))
               (extensions (map (apply-extension sink) dependents))
+              ;; We distinguish COMPOSE and EXTEND because PARAMS typically
+              ;; has a different type than the elements of EXTENSIONS.
               (extend     (service-type-extend (service-kind sink)))
               (compose    (service-type-compose (service-kind sink)))
-              (params     (service-value sink)))
-         ;; We distinguish COMPOSE and EXTEND because PARAMS typically has a
-         ;; different type than the elements of EXTENSIONS.
-         (if extend
-             (service (service-kind sink)
-                      (extend params (compose extensions)))
-             sink))))
+              (value      (if extend
+                              (extend (service-value sink)
+                                      (compose extensions))
+                              (service-value sink)))
+              (kind       (service-kind sink))
+              (finalizations (map (apply-finalization sink)
+                                  dependents)))
+         (service kind ((compose* finalizations) value)))))
     (()
      (raise
       (condition (&missing-target-service-error
diff --git a/tests/services.scm b/tests/services.scm
index 8484ee982..bb42e352a 100644
--- a/tests/services.scm
+++ b/tests/services.scm
@@ -88,6 +88,40 @@
     (and (eq? (service-kind r) t1)
          (service-value r))))
 
+(test-equal "fold-services with finalizations"
+  '(final 600 (initial-value 5 4 3 2 1 xyz 600))
+
+  ;; Similar to the one above, but this time with "finalization" extensions
+  ;; that modify the final result of compose/extend.
+  (let* ((t1 (service-type (name 't1) (extensions '())
+                           (compose concatenate)
+                           (extend cons)))
+         (t2 (service-type (name 't2)
+                           (extensions
+                            (list (service-extension t1
+                                                     (cut list 'xyz <>)
+                                                     (lambda (t2 t1)
+                                                       `(final ,t2 ,t1)))))
+                           (compose (cut reduce + 0 <>))
+                           (extend *)))
+         (t3 (service-type (name 't3)
+                           (extensions
+                            (list (service-extension t2 identity)
+                                  (service-extension t1 list)))))
+         (t4 (service-type (name 't4)
+                           (extensions
+                            (list (service-extension t2 (const 0)
+                                                     *)))))
+         (r  (fold-services (cons* (service t1 'initial-value)
+                                   (service t2 4)
+                                   (service t4 10)
+                                   (map (lambda (x)
+                                          (service t3 x))
+                                        (iota 5 1)))
+                            #:target-type t1)))
+    (and (eq? (service-kind r) t1)
+         (service-value r))))
+
 (test-assert "fold-services, ambiguity"
   (let* ((t1 (service-type (name 't1) (extensions '())
                            (compose concatenate)
-- 
2.13.0





Information forwarded to guix-patches@HIDDEN:
bug#27155; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 30 May 2017 21:59:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 30 17:59:40 2017
Received: from localhost ([127.0.0.1]:45867 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dFpAy-00021I-2I
	for submit <at> debbugs.gnu.org; Tue, 30 May 2017 17:59:40 -0400
Received: from eggs.gnu.org ([208.118.235.92]:47558)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1dFpAw-00020w-Pj
 for submit <at> debbugs.gnu.org; Tue, 30 May 2017 17:59:39 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFpAq-0008Jp-Jz
 for submit <at> debbugs.gnu.org; Tue, 30 May 2017 17:59:33 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:40615)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <ludo@HIDDEN>) id 1dFpAq-0008Jh-Hx
 for submit <at> debbugs.gnu.org; Tue, 30 May 2017 17:59:32 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38518)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFpAp-0001QN-1n
 for guix-patches@HIDDEN; Tue, 30 May 2017 17:59:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1dFpAo-0008JD-5H
 for guix-patches@HIDDEN; Tue, 30 May 2017 17:59:31 -0400
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56223)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1dFpAh-0008Hp-P6; Tue, 30 May 2017 17:59:23 -0400
Received: from reverse-83.fdn.fr ([80.67.176.83]:60352 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1dFpAh-0006Nk-0e; Tue, 30 May 2017 17:59:23 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/2] Support service extensions on the "final" service values
Date: Tue, 30 May 2017 23:58:50 +0200
Message-Id: <20170530215850.7522-1-ludo@HIDDEN>
X-Mailer: git-send-email 2.13.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
Cc: Alex Kost <alezost@HIDDEN>,
 =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Hello!

This patch adds support for service extensions that modify the
"final" values of a service.  This is meant to implement cross-cutting
concerns as well as system-wide customization as discussed with Alex
long ago:

  https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00623.html
  https://lists.gnu.org/archive/html/guix-devel/2016-09/msg01505.html

To summarize, a "finalization extension" (for lack of a better name)
gets the final value of a service and returns a new value for that
service.  This is in contrast with a "normal" extension which can only
contribute to the value of a target service, and not inspect the value
of that target service.

For example, for the /etc service, a "normal" extension can only add
entries for /etc.  A "finalization" extension can instead inspect and
change all the /etc entries.  IOW, it is a sort of a "sudo" for service
extensions; it's also quite inelegant compared to the "normal" extension
mechanism, but it's certainly useful.

A use case is given in the second patch: we change all the PAM services
to use pam_elogind.so or pam_limits.so.  Likewise, the 'rename-etc-files'
service below shows how to rename all the files in /etc (for illustration
purposes only :-)):

  (define rename-etc-files
    (let ((rename (lambda (prefix entries)
		    (map (match-lambda
			   ((name . rest)
			    (cons (string-append prefix name)
				  rest)))
			 entries))))
      (service-type
       (name 'rename-etc-files)
       (extensions (list (service-extension etc-service-type
					    (const '())
					    rename))))))


  (operating-system
    ;; ...
    (services (cons* (service rename-etc-files "foo-")
                     ...)))

I think this should fulfill the need that Alex had expressed, which is
to not only be able to add files to /etc, but also to have the ability
to inspect and modify what goes to /etc.

The first patch currently lacks doc.  I'll work on it if there's consensus
on the approach.

Feedback welcome!

Ludo'.

Ludovic Courtès (2):
  DRAFT services: Extensions can specify a "finalization" procedure.
  system: pam: Remove custom API to transform PAM services.

 gnu/services.scm         | 52 ++++++++++++++++++++++++++++++++++++++----------
 gnu/services/base.scm    | 33 ++++++++++++++++--------------
 gnu/services/desktop.scm | 23 +++++++++++----------
 gnu/system/pam.scm       | 44 ++++++++--------------------------------
 tests/services.scm       | 34 +++++++++++++++++++++++++++++++
 5 files changed, 114 insertions(+), 72 deletions(-)

-- 
2.13.0





Acknowledgement sent to Ludovic Courtès <ludo@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#27155; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Thu, 1 Jun 2017 11:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.