Package: guix-patches;
Reported by: pinoaffe <at> airmail.cc
Date: Sun, 26 Apr 2020 20:17:01 UTC
Severity: normal
Tags: patch, wontfix
Done: Bruno Victal <mirai <at> makinata.eu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 40878 in the body.
You can then email your comments to 40878 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#40878; Package guix-patches.
(Sun, 26 Apr 2020 20:17:02 GMT) Full text and rfc822 format available.pinoaffe <at> airmail.cc:guix-patches <at> gnu.org.
(Sun, 26 Apr 2020 20:17:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: pinoaffe <at> airmail.cc To: guix-patches <at> gnu.org Subject: [PATCH] services: mpd: Allow authentication and permissions to be configured. Date: Sun, 26 Apr 2020 20:16:05 +0000
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 23 ++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 80 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..1693d938f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,12 +23271,35 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output
using pulseaudio.
+@item @code{default-permissions} (default: @code{'(read add control
admin)})
+The permissions a user that connected to the mpd server without a
password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra
permissions. By
+default this is an empty list.
+
@end table
@end deftp
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
@deftp {Data Type} mpd-output
Data type representing an @command{mpd} audio output.
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using
@code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
+@end table
+@end deftp
+
@table @asis
@item @code{name} (default: @code{"MPD"})
The name of the audio output.
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:
+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file
snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))
(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file
snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config)
"\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user
account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
--
2.26.2
guix-patches <at> gnu.org:bug#40878; Package guix-patches.
(Tue, 28 Apr 2020 11:31:02 GMT) Full text and rfc822 format available.Message #8 received at 40878 <at> debbugs.gnu.org (full text, mbox):
From: pinoaffe <pinoaffe <at> airmail.cc> To: 40878 <at> debbugs.gnu.org Subject: [PATCH (hopefully not garbled this time)] services: mpd: Allow authentication and permissions to be configured. Date: Tue, 28 Apr 2020 13:29:59 +0200
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 23 ++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 80 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..1693d938f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,12 +23271,35 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output using pulseaudio.
+@item @code{default-permissions} (default: @code{'(read add control admin)})
+The permissions a user that connected to the mpd server without a password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra permissions. By
+default this is an empty list.
+
@end table
@end deftp
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
@deftp {Data Type} mpd-output
Data type representing an @command{mpd} audio output.
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using @code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
+@end table
+@end deftp
+
@table @asis
@item @code{name} (default: @code{"MPD"})
The name of the audio output.
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:
+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))
(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config) "\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
--
2.26.2
guix-patches <at> gnu.org:bug#40878; Package guix-patches.
(Tue, 28 Apr 2020 15:01:02 GMT) Full text and rfc822 format available.Message #11 received at 40878 <at> debbugs.gnu.org (full text, mbox):
From: pinoaffe <pinoaffe <at> airmail.cc> To: 40878 <at> debbugs.gnu.org Subject: [PATCH v2] services: mpd: Allow authentication and permissions to be configured. Date: Tue, 28 Apr 2020 17:00:23 +0200
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 26 ++++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 83 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..6a5038fd37 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,6 +23271,32 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output using pulseaudio.
+@item @code{default-permissions} (default: @code{'(read add control admin)})
+The permissions a user that connected to the mpd server without a password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra permissions. By
+default this is an empty list.
+
+@end table
+@end deftp
+
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+Warning: due to limitations of the mpd configuration system, the generated mpd config
+(which is stored in the guix store and is readable to all users) will include a
+plaintext copy of the provided password(s).
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using @code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
@end table
@end deftp
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:
+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))
(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config) "\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
--
2.26.2
guix-patches <at> gnu.org:bug#40878; Package guix-patches.
(Thu, 30 Mar 2023 22:24:02 GMT) Full text and rfc822 format available.Message #14 received at 40878 <at> debbugs.gnu.org (full text, mbox):
From: Bruno Victal <mirai <at> makinata.eu> To: pinoaffe <at> airmail.cc Cc: 40878 <at> debbugs.gnu.org Subject: Re: [bug#40878] [PATCH] services: mpd: Allow authentication and permissions to be configured. Date: Thu, 30 Mar 2023 23:23:33 +0100
Hi,
On 2020-04-26 21:16, pinoaffe <at> airmail.cc wrote:
> * gnu/services/audio.scm (mpd-credential): New public variable.
> * gnu/services/audio.scm (mpd-configuration): Add credentials
> and permissions.
> ---
> doc/guix.texi | 23 ++++++++++++
> gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
> 2 files changed, 80 insertions(+), 22 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 6613a4af13..1693d938f1 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -23271,12 +23271,35 @@ an absolute path can be specified here.
> @item @code{outputs} (default: @code{"(list (mpd-output))"})
> The audio outputs that MPD can use. By default this is a single output using pulseaudio.
>
> +@item @code{default-permissions} (default: @code{'(read add control admin)})
> +The permissions a user that connected to the mpd server without a password should enjoy.
> +Should be a subset of @code{'(read add control admin)}.
> +
> +@item @code{credentials} (default: @code{'()})
> +The list of credentials one can use to sign in to mpd and gain extra permissions. By
> +default this is an empty list.
> +
> @end table
> @end deftp
>
> +@deftp {Data Type} mpd-credential
> +Data type representing an @command{mpd} password/permissions pair.
> +
> @deftp {Data Type} mpd-output
> Data type representing an @command{mpd} audio output.
>
> +@table @asis
> +@item @code{password} (default: @code{""})
> +The password used to authenticate. The password may not contain "@".
> +
> +@item @code{permissions} (default: @code{'()})
> +The permissions one gains after authenticating to the server using @code{password}.
> +This should be a subset of @code{'(read add control admin)}, as in
> +@code{default-permissions}.
> +
> +@end table
> +@end deftp
> +
> @table @asis
> @item @code{name} (default: @code{"MPD"})
> The name of the audio output.
> diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
> index 345d8225b2..9a6dc8db94 100644
> --- a/gnu/services/audio.scm
> +++ b/gnu/services/audio.scm
> @@ -26,6 +26,8 @@
> #:use-module (ice-9 match)
> #:export (mpd-output
> mpd-output?
> + mpd-credential
> + mpd-credential?
> mpd-configuration
> mpd-configuration?
> mpd-service-type))
> @@ -36,6 +38,16 @@
> ;;;
> ;;; Code:
>
> +(define-record-type* <mpd-credential>
> + mpd-credential make-mpd-credential
> + mpd-credential?
> + (password mpd-credential-password
> + ;; valid: any string that does not contain #\@
> + (default ""))
> + (permissions mpd-credential-permissions
> + ;; valid: any subset of read, add, control and admin
> + (default '())))
> +
> (define-record-type* <mpd-output>
> mpd-output make-mpd-output
> mpd-output?
> @@ -58,24 +70,41 @@
> (define-record-type* <mpd-configuration>
> mpd-configuration make-mpd-configuration
> mpd-configuration?
> - (user mpd-configuration-user
> - (default "mpd"))
> - (music-dir mpd-configuration-music-dir
> - (default "~/Music"))
> - (playlist-dir mpd-configuration-playlist-dir
> - (default "~/.mpd/playlists"))
> - (db-file mpd-configuration-db-file
> - (default "~/.mpd/tag_cache"))
> - (state-file mpd-configuration-state-file
> - (default "~/.mpd/state"))
> - (sticker-file mpd-configuration-sticker-file
> - (default "~/.mpd/sticker.sql"))
> - (port mpd-configuration-port
> - (default "6600"))
> - (address mpd-configuration-address
> - (default "any"))
> - (outputs mpd-configuration-outputs
> - (default (list (mpd-output)))))
> + (user mpd-configuration-user
> + (default "mpd"))
> + (music-dir mpd-configuration-music-dir
> + (default "~/Music"))
> + (playlist-dir mpd-configuration-playlist-dir
> + (default "~/.mpd/playlists"))
> + (db-file mpd-configuration-db-file
> + (default "~/.mpd/tag_cache"))
> + (state-file mpd-configuration-state-file
> + (default "~/.mpd/state"))
> + (sticker-file mpd-configuration-sticker-file
> + (default "~/.mpd/sticker.sql"))
> + (port mpd-configuration-port
> + (default "6600"))
> + (address mpd-configuration-address
> + (default "any"))
> + (credentials mpd-configuration-credentials
> + (default '()))
> + (default-permissions mpd-configuration-default-permissions
> + (default '(read add control admin)))
> + (outputs mpd-configuration-outputs
> + (default (list (mpd-output)))))
> +
> +(define (mpd-permissions->string permissions)
> + (string-join (map symbol->string
> + permissions)
> + ","))
> +
> +(define (mpd-credential->string credential)
> + "Convert the USER of type <mpd-credential> to a configuration file snippet."
> + (format #f
> + "password \"~a@~a\"\n"
> + (mpd-credential-password credential)
> + (mpd-permissions->string
> + (mpd-credential-permissions credential))))
>
> (define (mpd-output->string output)
> "Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
> @@ -110,8 +139,14 @@ audio_output {
> (apply
> mixed-text-file "mpd.conf"
> "pid_file \"" (mpd-file-name config "pid") "\"\n"
> + "default_permissions \""
> + (mpd-permissions->string
> + (mpd-configuration-default-permissions config))
> + "\"\n"
> (append (map mpd-output->string
> (mpd-configuration-outputs config))
> + (map mpd-credential->string
> + (mpd-configuration-credentials config))
> (map (match-lambda
> ((config-name config-val)
> (string-append config-name " \"" (config-val config) "\"\n")))
> @@ -143,10 +178,10 @@ audio_output {
> #:environment-variables
> ;; Required to detect PulseAudio when run under a user account.
> '(#$(string-append
> - "XDG_RUNTIME_DIR=/run/user/"
> - (number->string
> - (passwd:uid
> - (getpwnam (mpd-configuration-user config))))))
> + "XDG_RUNTIME_DIR=/run/user/"
> + (number->string
> + (passwd:uid
> + (getpwnam (mpd-configuration-user config))))))
> #:log-file #$(mpd-file-name config "log")))
> (stop #~(make-kill-destructor))))
>
I know it's rather late to reply to this patch, yet I believe it's worth stating:
1. mpd-service-type has gone through extensive refactoring, which makes this patch no longer apply.
2. This kind of change poses a problem, your credentials will get stored under /gnu/store, which is
world readable. Hardly the place you want to use to store secrets like credential data.
As such, the best course of action is to use a "include …" directive, which you can via the 'extra-options'
field, and point it at a file containing the credentials (which you have to provision manually).
Cheers,
Bruno
Bruno Victal <mirai <at> makinata.eu>
to control <at> debbugs.gnu.org.
(Thu, 30 Mar 2023 22:27:02 GMT) Full text and rfc822 format available.Bruno Victal <mirai <at> makinata.eu>
to control <at> debbugs.gnu.org.
(Thu, 30 Mar 2023 22:27:02 GMT) Full text and rfc822 format available.Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Fri, 28 Apr 2023 11:24:16 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.