GNU bug report logs - #49578
[PATCH] Add bolt

Message received at 49578 <at> debbugs.gnu.org:

Received: (at 49578) by debbugs.gnu.org; 18 Sep 2021 11:21:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Sep 18 07:21:50 2021
Received: from localhost ([127.0.0.1]:33721 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mRYPm-0002G2-3V
	for submit <at> debbugs.gnu.org; Sat, 18 Sep 2021 07:21:50 -0400
Received: from mail-40134.protonmail.ch ([185.70.40.134]:24888)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <phodina@HIDDEN>) id 1mRYPi-0002Fn-Oo
 for 49578 <at> debbugs.gnu.org; Sat, 18 Sep 2021 07:21:48 -0400
Date: Sat, 18 Sep 2021 11:21:34 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1631964096;
 bh=oE0vEhHG58+QeC/+X28zaw2nVFzLSeU+kI4vldvyXfg=;
 h=Date:To:From:Cc:Reply-To:Subject:From;
 b=rx6r3negT5aaYkv/0uDSVtzkf2NSXuzKECUK3tkHQ381JCYTNEQa0VZ0E1xPDOkjS
 +nM+1JF04NBgFAdGJgZ8LHu6qFWlfoa9sgq5RvNZHxqYFY/QWVzWD/9R4Enk1t9SFI
 j3ZN2AYdb2lBF96vkI8rYx8GER6aSKrUbFADUJQc=
To: Sarah Morgensen <iskarian@HIDDEN>
From: phodina <phodina@HIDDEN>
Subject: [PATCH v3 2/2] services: Add a service for bolt.
Message-ID: <7hJPvaldH4Bh7rtXByW9GPmxh-s8a1TCz9icV0mkcF6MLy5zRWlgrcruWWbl2KcenTOrIsL89cDh36eBRLrjKa6y53p8a8weWTQpSenjCHE=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 49578
Cc: 49578 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: phodina <phodina@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

    * gnu/services/linux.scm (bolt-service-type)
    (bolt-shepherd-service, bolt-dbus-service)
    (bolt-configuration, bolt-configuration?): New procedures.

diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm
index 2eb02ac5a3..dc26f285bf 100644
--- a/gnu/services/linux.scm
+++ b/gnu/services/linux.scm
@@ -4,6 +4,7 @@
 ;;; Copyright =C2=A9 2020 Efraim Flashner <efraim@HIDDEN>
 ;;; Copyright =C2=A9 2021 raid5atemyhomework <raid5atemyhomework@protonmai=
l.com>
 ;;; Copyright =C2=A9 2021 B. Wilson <elaexuotee@HIDDEN>
+;;; Copyright =C2=A9 2021 Petr Hodina <phodina@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,7 +25,9 @@
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (guix modules)
+  #:use-module (gnu system shadow)
   #:use-module (gnu services)
+  #:use-module (gnu services dbus)
   #:use-module (gnu services base)
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages linux)
@@ -33,7 +36,11 @@
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
-  #:export (earlyoom-configuration
+  #:export (bolt-configuration
+            bolt-configuration?
+            bolt-service-type
+
+            earlyoom-configuration
             earlyoom-configuration?
             earlyoom-configuration-earlyoom
             earlyoom-configuration-minimum-available-memory
@@ -61,6 +68,76 @@
             zram-device-configuration-priority
             zram-device-service-type))

+

+;;;
+;;; Thunderbolt daemon.
+;;;
+
+(define-record-type* <bolt-configuration>
+  bolt-configuration make-bolt-configuration bolt-configuration?
+  (package bolt-configuration-package ; package
+           (default bolt)))
+
+(define bolt-shepherd-service
+  (match-lambda
+    (($ <bolt-configuration> package)
+     (with-imported-modules (source-module-closure
+                             '((gnu build shepherd)))
+       (shepherd-service
+        (documentation "Thunderbolt daemon")
+        (provision '(thunderbolt))
+        (requirement '(networking))
+        (modules '((gnu build shepherd)))
+        (start #~(make-forkexec-constructor/container
+                  (list #$(file-append package "/libexec/boltd"))
+=09=09  ))
+        (stop #~(make-kill-destructor)))))))
+
+(define %bolt-activation
+  #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p "/var/lib/boltd")))
+
+(define (bolt-dbus-service config)
+  (list (wrapped-dbus-service (bolt-configuration-bolt config)
+=09=09=09      "libexec/boltd"
+=09=09=09      `(("BOLT_CONF_FILE_NAME"
+=09=09=09=09 '("share/dbus-1/interfaces/org.freedesktop.bolt.xml"))))))
+
+(define %bolt-accounts
+ (list (user-group (name "boltd") (system? #t))
+       (user-account
+=09 (name "boltd")
+=09 (group "boltd")
+=09 (system? #t)
+=09 (comment "Boltd daemon user")
+=09 (home-directory "/var/empty")
+=09 (shell "/run/current-system/profile/sbin/nologin"))))
+
+(define bolt-udev-rule
+  (match-lambda
+    (($ <bolt-configuration> package)
+  (file->udev-rule "90-bolt.rules" (file-append package "/lib/udev/rules.d=
/90-bolt.rules")))))
+
+(define bolt-service-type
+  (service-type
+   (name 'boltd)
+   (description
+    "Thunderbolt daemon")
+   (extensions
+    (list (service-extension udev-service-type
+=09=09=09     (compose list bolt-udev-rule))
+=09  (service-extension activation-service-type
+=09=09=09     (const %bolt-activation))
+=09  (service-extension dbus-root-service-type
+=09  (compose list bolt-configuration-package))
+=09;=09=09     bolt-dbus-service)
+=09  (service-extension account-service-type
+=09=09=09     (const %bolt-accounts))
+          (service-extension shepherd-root-service-type
+                             (compose list bolt-shepherd-service))))
+   (default-value (bolt-configuration))))
+


 ;;;
 ;;; Early OOM daemon.
--
2.32.0

Message received at 49578 <at> debbugs.gnu.org:

Received: (at 49578) by debbugs.gnu.org; 18 Sep 2021 11:20:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Sep 18 07:20:56 2021
Received: from localhost ([127.0.0.1]:33717 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mRYOt-0002ED-Lg
	for submit <at> debbugs.gnu.org; Sat, 18 Sep 2021 07:20:55 -0400
Received: from mail-40131.protonmail.ch ([185.70.40.131]:48156)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <phodina@HIDDEN>) id 1mRYOr-0002Dy-Eh
 for 49578 <at> debbugs.gnu.org; Sat, 18 Sep 2021 07:20:54 -0400
Date: Sat, 18 Sep 2021 11:20:38 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1631964042;
 bh=FH0szmAH2G3rc73F72xakI7yO4JGE6NvN7XvVcvm3zs=;
 h=Date:To:From:Cc:Reply-To:Subject:From;
 b=Je8qgKbsriqYNboHQcceMAVBxFzBvn4g0p/Xi3R1twPzFik6JSxAKFKAP4XFy01lq
 2Ns1Sd5pliyy3112/aR48gQ8Ptl/CLlaNsLy7dvqokcjHZxKa3Us3Mt8QDiQy8Q3Y+
 gS/IxRpYhdElD6heTv+ydbAPAr2urKLXrSE0WrMw=
To: Sarah Morgensen <iskarian@HIDDEN>
From: phodina <phodina@HIDDEN>
Subject: [PATCH v3 1/2] gnu: Add bolt.
Message-ID: <IpWOs4rfABoT7fYcMUB85zS3FRn8ZwpMv_PQzYRjT6aj14ZdfbW8KLgQB9oOJFHKni5PmV5CSNs4h9qbDCpG3DgqGF2btkjbIRCabQV24Zo=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 49578
Cc: 49578 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: phodina <phodina@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/linux.scm: (bolt): New variable.

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 46c9f817a8..3ec896bba6 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -121,6 +121,7 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pciutils)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages polkit)
   #:use-module (gnu packages popt)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
@@ -2655,6 +2656,56 @@ IPv6 packet filter.
 Both commands are targeted at system administrators.")
     (license license:gpl2+)))

+(define-public bolt
+  (package
+    (name "bolt")
+    (version "0.9.1")
+    (source (origin
+              (method git-fetch)
+              (uri
+               (git-reference
+                (url "https://gitlab.freedesktop.org/bolt/bolt")
+                (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+    (build-system meson-build-system)
+    (arguments
+     `(#:configure-flags (list "--localstatedir=3D/var")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'replace-directories
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "meson.build"
+               (("udev.get_pkgconfig_variable..udevdir..")
+                (string-append "'" (assoc-ref %outputs "out") "/lib/udev'"=
)))
+             (substitute* "meson.build"
+               ((".*scripts/meson-install.sh.*") ""))))
+         (add-before 'install 'no-polkit-magic
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Meson =E2=80=98magically=E2=80=99 invokes pkexec, which fa=
ils (not setuid).
+             (setenv "PKEXEC_UID" "something"))))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("glib:bin" ,glib "bin")
+       ("asciidoc" ,asciidoc)
+       ("umockdev" ,umockdev)))
+    (inputs
+     `(("eudev" ,eudev)
+       ("dbus" ,dbus)
+       ("polkit" ,polkit)))
+    (synopsis "Userspace system daemon for Thunderbolt")
+    (description "Userspace daemon @code{boltd} exposes devices via D-Bus =
to clients.
+It stores database of previously authorized devices and depending
+on the policy set for the individual devices, automatically authorize newl=
y
+connected devices without user interaction.  It also adapts its behaivour =
when
+iommu support is detected.
+Command line utility 'boltctl' can be used to manage thundebolt devices.
+It can list devices, monitor changes and initiate authorization of device.=
")
+    (home-page "https://gitlab.freedesktop.org/bolt/bolt")
+    (license license:gpl2+)))
+
 (define-public jitterentropy-rngd
   (package
     (name "jitterentropy-rngd")
--
2.32.0

Message received at 49578 <at> debbugs.gnu.org:

Received: (at 49578) by debbugs.gnu.org; 22 Jul 2021 20:02:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jul 22 16:02:11 2021
Received: from localhost ([127.0.0.1]:41691 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1m6etW-000294-Va
	for submit <at> debbugs.gnu.org; Thu, 22 Jul 2021 16:02:11 -0400
Received: from out1.migadu.com ([91.121.223.63]:43195)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <iskarian@HIDDEN>) id 1m6etT-00025k-S1
 for 49578 <at> debbugs.gnu.org; Thu, 22 Jul 2021 16:02:09 -0400
X-Report-Abuse: Please report any abuse attempt to abuse@HIDDEN and
 include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mgsn.dev; s=key1;
 t=1626984126;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=hgKubk9hZTGkxqU4T65hVjmWoR4hE+bbLm3+K69ecY4=;
 b=j/0VieFRwnWuEsUCPqwG09TBP3uDzqEQWASRJVm/1OBcLu2XWfuw5L4L2Z3lZCM7ZGqYLK
 q9x7oppfr/X5Ln6PLD8cbjUeVkW3pxWc2C2cfKjIGsRUJriRFWPTHxu7hFyhu6Qorj0+s6
 728esRyRK7QEC/LgfO5jhUJ9rH3jneA=
From: Sarah Morgensen <iskarian@HIDDEN>
To: phodina <phodina@HIDDEN>
Subject: Re: bug#49578: [PATCH] Add bolt
References: <M1akxhPbhdsagfKtQNdUvQ_gr7_am4nX--PrR6Q_xlyvSCkuUoDtFRURxw8xHioONjC36RuHVt-wy18yvV-EeegHIEOUos87NROWijau444=@protonmail.com>
 <86o8avrua2.fsf@HIDDEN>
 <1aJRSz6qFjmFhYY0CBesLTTG0pCFP3k4W0lONoiRV7XP6fDy07As2nMW1DicJXJws8O3IXC-qZLar49bOBNy1FD_I3kNTHUqNRUcNMMtXRo=@protonmail.com>
 <hLPvIp8Fqu0eBUVfaBG6dhJJdV3oS0fHf_nVr-sCJZ2iUd1-oHiCvVx6kw42JIupQa187HFlrCeCYh-ZdSzE-UOa1NmhZBgZBMUoDwL1R1Q=@protonmail.com>
Date: Thu, 22 Jul 2021 13:02:02 -0700
In-Reply-To: <hLPvIp8Fqu0eBUVfaBG6dhJJdV3oS0fHf_nVr-sCJZ2iUd1-oHiCvVx6kw42JIupQa187HFlrCeCYh-ZdSzE-UOa1NmhZBgZBMUoDwL1R1Q=@protonmail.com>
 (phodina@HIDDEN's message of "Thu, 22 Jul 2021 11:36:53 +0000")
Message-ID: <86bl6urubp.fsf_-_@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Migadu-Flow: FLOW_OUT
X-Migadu-Auth-User: iskarian@HIDDEN
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 49578
Cc: 49578 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi,

phodina <phodina@HIDDEN> writes:

> Also would you have recommendation on how to create a service for the daemon boltd?
>
> Currently it's a good step to have it packaged, but without a running service it's little bit pointless.
>
> There is probably something similar that I can check, learn how the services work and modify it for the thunderbolt case.

I'm assuming you mean a service to run on Guix System, yes?

There is a section in the manual on this

  https://guix.gnu.org/manual/en/html_node/Defining-Services.html

which has a couple examples. You'll probably want to make a shepherd
service (shepherd is Guix System's services manager). You can also read
the code for existing services in gnu/services/*.scm. I'm not very
familiar with services so unfortunately I can't point you at any similar
ones. Best of luck!

--
Sarah

Message received at 49578 <at> debbugs.gnu.org:

Received: (at 49578) by debbugs.gnu.org; 22 Jul 2021 11:37:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jul 22 07:37:03 2021
Received: from localhost ([127.0.0.1]:39485 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1m6X0h-0008Bu-C4
	for submit <at> debbugs.gnu.org; Thu, 22 Jul 2021 07:37:03 -0400
Received: from mail-40131.protonmail.ch ([185.70.40.131]:28029)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <phodina@HIDDEN>) id 1m6X0e-0008BP-TX
 for 49578 <at> debbugs.gnu.org; Thu, 22 Jul 2021 07:37:02 -0400
Date: Thu, 22 Jul 2021 11:36:53 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1626953814;
 bh=LtJr1ed0kzI1VuhS1JqdzTewfhRbAPBIGpTidh7IOfA=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=RlsqYLYkjTaY8SooNqfci0LYVGohLs39oP12+9shyFB4rJDKPmFQqJse9XBBufufz
 yn7KXOwGdNIopJdOp76FKskH+XWO1F619h2F8FvftXj9KW6hqb+b1h4Zii6N2BU2wL
 YndgA09YiNci3Y2NPt/kPpees39Isr7c12rJ/e10=
To: Sarah Morgensen <iskarian@HIDDEN>
From: phodina <phodina@HIDDEN>
Subject: Re: bug#49578: [PATCH] Add bolt
Message-ID: <hLPvIp8Fqu0eBUVfaBG6dhJJdV3oS0fHf_nVr-sCJZ2iUd1-oHiCvVx6kw42JIupQa187HFlrCeCYh-ZdSzE-UOa1NmhZBgZBMUoDwL1R1Q=@protonmail.com>
In-Reply-To: <1aJRSz6qFjmFhYY0CBesLTTG0pCFP3k4W0lONoiRV7XP6fDy07As2nMW1DicJXJws8O3IXC-qZLar49bOBNy1FD_I3kNTHUqNRUcNMMtXRo=@protonmail.com>
References: <M1akxhPbhdsagfKtQNdUvQ_gr7_am4nX--PrR6Q_xlyvSCkuUoDtFRURxw8xHioONjC36RuHVt-wy18yvV-EeegHIEOUos87NROWijau444=@protonmail.com>
 <86o8avrua2.fsf@HIDDEN>
 <1aJRSz6qFjmFhYY0CBesLTTG0pCFP3k4W0lONoiRV7XP6fDy07As2nMW1DicJXJws8O3IXC-qZLar49bOBNy1FD_I3kNTHUqNRUcNMMtXRo=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 49578
Cc: 49578 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: phodina <phodina@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Also would you have recommendation on how to create a service for the daemo=
n boltd?

Currently it's a good step to have it packaged, but without a running servi=
ce it's little bit pointless.

There is probably something similar that I can check, learn how the service=
s work and modify it for the thunderbolt case.

Message received at 49578 <at> debbugs.gnu.org:

Received: (at 49578) by debbugs.gnu.org; 22 Jul 2021 11:32:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jul 22 07:32:34 2021
Received: from localhost ([127.0.0.1]:39481 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1m6WwL-00080F-Gr
	for submit <at> debbugs.gnu.org; Thu, 22 Jul 2021 07:32:33 -0400
Received: from mail-4322.protonmail.ch ([185.70.43.22]:27275)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <phodina@HIDDEN>) id 1m6WwI-0007tL-8s
 for 49578 <at> debbugs.gnu.org; Thu, 22 Jul 2021 07:32:31 -0400
Date: Thu, 22 Jul 2021 11:32:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1626953543;
 bh=79lS7ih1IP9M+bwy3uQEfq1yntflwCSPX/2dPHD3n9U=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=VR1UcVovEZfjfl6XG5asyN0xSS5RXzcR64YmfRDVGHQFufKQ/7tZitfZrCPZwkxYh
 CAtyt9vNVdLB0R1A1Edpt4CFYNTlqTRsSdx64UtmzzHRKbgZ6NhzTWPY/v2B1W19P+
 2cy0VQ7g2SKs9l2FnVRdkNfBVvvKhVpox29TxYOc=
To: Sarah Morgensen <iskarian@HIDDEN>
From: phodina <phodina@HIDDEN>
Subject: Re: bug#49578: [PATCH] Add bolt
Message-ID: <1aJRSz6qFjmFhYY0CBesLTTG0pCFP3k4W0lONoiRV7XP6fDy07As2nMW1DicJXJws8O3IXC-qZLar49bOBNy1FD_I3kNTHUqNRUcNMMtXRo=@protonmail.com>
In-Reply-To: <86o8avrua2.fsf@HIDDEN>
References: <M1akxhPbhdsagfKtQNdUvQ_gr7_am4nX--PrR6Q_xlyvSCkuUoDtFRURxw8xHioONjC36RuHVt-wy18yvV-EeegHIEOUos87NROWijau444=@protonmail.com>
 <86o8avrua2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 49578
Cc: 49578 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: phodina <phodina@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Sarah,

Thanks for the suggestions. Fixes:

- polkit in alphabethical order
- line wraping
- /var dir location
- removed #t in phases
- simplified udev rules install
- more useful synopsis

---
index 41902e7785..6050871264 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -119,6 +119,7 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pciutils)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages polkit)
   #:use-module (gnu packages popt)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
@@ -2479,6 +2480,59 @@ IPv6 packet filter.
 Both commands are targeted at system administrators.")
     (license license:gpl2+)))

+(define-public bolt
+  (package
+    (name "bolt")
+    (version "0.9.1")
+    (source (origin
+              (method git-fetch)
+              (uri
+               (git-reference
+                (url "https://gitlab.freedesktop.org/bolt/bolt")
+                (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+    (build-system meson-build-system)
+    (arguments
+     `(#:configure-flags (list "--localstatedir=3D/var")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'replace-directories
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "meson.build"
+               (("udev.get_pkgconfig_variable..udevdir..")
+                (string-append "'" (assoc-ref %outputs "out") "/lib/udev'"=
)))
+=09     (substitute* "meson.build"
+               ((".*scripts/meson-install.sh.*") ""))
+=09       ))
+         (add-before 'install 'no-polkit-magic
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Meson =E2=80=98magically=E2=80=99 invokes pkexec, which fa=
ils (not setuid).
+             (setenv "PKEXEC_UID" "something")
+             )))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("dbus" ,dbus)
+       ("asciidoc" ,asciidoc)
+       ("umockdev" ,umockdev)))
+    (inputs
+     `(("glib:bin" ,glib "bin")
+      ("eudev" ,eudev)
+      ("polkit" ,polkit)))
+    (synopsis "Userspace system daemon to enable security levels
+for Thunderbolt=E2=84=A2 on GNU/Linux=C2=AE.")
+    (description "Userspace daemon 'boltd' exposes devices via D-Bus to cl=
ients.
+It stores database of previously authorized devices and depending
+on the policy set for the individual devices, auomatically authorize newly
+connected devices without user interaction. It also adapts its behaivour w=
hen
+iommu support is detected.
+Command line utility 'boltctl' can be used to manage thundebolt devices. I=
t can
+list devices, monitor changes and initiate authorization of device.")
+    (home-page "https://gitlab.freedesktop.org/bolt/bolt")
+    (license license:gpl2+)))
+
 (define-public jitterentropy-rngd
   (package
     (name "jitterentropy-rngd")
--
2.31.1

Message received at 49578 <at> debbugs.gnu.org:

Received: (at 49578) by debbugs.gnu.org; 22 Jul 2021 01:50:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jul 21 21:50:53 2021
Received: from localhost ([127.0.0.1]:39085 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1m6NrQ-0007aN-QB
	for submit <at> debbugs.gnu.org; Wed, 21 Jul 2021 21:50:53 -0400
Received: from out2.migadu.com ([188.165.223.204]:35944)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <iskarian@HIDDEN>) id 1m6NrO-0007aD-5w
 for 49578 <at> debbugs.gnu.org; Wed, 21 Jul 2021 21:50:51 -0400
X-Report-Abuse: Please report any abuse attempt to abuse@HIDDEN and
 include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mgsn.dev; s=key1;
 t=1626918647;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=V+6l2A+/xzk7nIF19fPwY8V5Tkd9pXf/d6rJd2habXI=;
 b=JHyEOujFNhovZ7r0k8XcRmWC/Lh/AfOP6liueYmle1duG7mtP3xlsh4KKHJnD5u1gC26zk
 2g2jxnwRnRpqj9t1hdRjc+w33GjpNJ8VD8RE4Gc/YmrNii59E1E3vjlY2f8ElECyspbV7i
 C8H/RsT9LcE/VOSNXvPDpNueC004qpU=
From: Sarah Morgensen <iskarian@HIDDEN>
To: phodina <phodina@HIDDEN>
Subject: Re: bug#49578: [PATCH] Add bolt
References: <M1akxhPbhdsagfKtQNdUvQ_gr7_am4nX--PrR6Q_xlyvSCkuUoDtFRURxw8xHioONjC36RuHVt-wy18yvV-EeegHIEOUos87NROWijau444=@protonmail.com>
Date: Wed, 21 Jul 2021 18:50:45 -0700
In-Reply-To: <M1akxhPbhdsagfKtQNdUvQ_gr7_am4nX--PrR6Q_xlyvSCkuUoDtFRURxw8xHioONjC36RuHVt-wy18yvV-EeegHIEOUos87NROWijau444=@protonmail.com>
 (phodina@HIDDEN's message of "Thu, 15 Jul 2021 16:46:01 +0000")
Message-ID: <86o8avrua2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Migadu-Flow: FLOW_OUT
X-Migadu-Auth-User: iskarian@HIDDEN
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 49578
Cc: 49578 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

Thanks for the patch. It's always good to see new contributors around
here! I have a few suggestions for your patch.

phodina <phodina@HIDDEN> writes:

> ---
> index 4b57bc1f24..d07ee33a7e 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -123,6 +123,7 @@
>    #:use-module (gnu packages pulseaudio)
>    #:use-module (gnu packages python)
>    #:use-module (gnu packages python-xyz)
> +  #:use-module (gnu packages polkit)
>    #:use-module (gnu packages readline)
>    #:use-module (gnu packages rrdtool)
>    #:use-module (gnu packages samba)
> @@ -2479,6 +2480,52 @@ IPv6 packet filter.
>  Both commands are targeted at system administrators.")
>      (license license:gpl2+)))
>
> +(define-public bolt
> +  (package
> +    (name "bolt")
> +    (version "0.9.1")
> +    (source (origin
> +              (method git-fetch)
> +              (uri
> +               (git-reference
> +                (url "https://gitlab.freedesktop.org/bolt/bolt")
> +                (commit version)))
> +              (sha256
> +               (base32
> +                "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))=
))
> +    (build-system meson-build-system)
> +    (arguments
> +     `(#:configure-flags (list (string-append "--localstatedir=3D" (asso=
c-ref %outputs "out") "/var"))

Are you sure this shouldn't be "--localstatedir=3D/var"? As it is, it
refers to the read-only directory /gnu/store/...-bolt-0.9.1/var.

> +       #:phases
> +       (modify-phases %standard-phases
> +         (add-after 'unpack 'fix-udev-rules-directory
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (let ((out (assoc-ref outputs "out")))
> +               (mkdir-p (string-append out "/lib/udev/rules.d"))
                   ^ I think this is not necessary...

> +               (substitute* "meson.build"
> +                 (("udev.get_pkgconfig_variable..udevdir..")
> +                  (string-append "'" out "/lib'")))#t)))
                   ...with this change:      ^ /lib/udev

> +         (add-before 'install 'no-polkit-magic
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             ;; Meson =E2=80=98magically=E2=80=99 invokes pkexec, which =
fails (not setuid).
> +             (setenv "PKEXEC_UID" "something")
> +             #t)))))
                ^ Phases no longer need to end with #t, so you can omit thi=
s.

> +    (native-inputs `(("pkg-config" ,pkg-config) ("dbus" ,dbus) ("asciido=
c" ,asciidoc) ("umockdev" ,umockdev)))

Please wrap lines at 80 characters, and in the special case of package
inputs like here, each input should get its own line, like:

  (native-inputs
   `(("pkg-config" ,pkg-config)
     ("dbus" ,dbus)
     ("asciidoc" ,asciidoc)
     ("umockdev" ,umockdev)))

> +    (inputs `(("glib:bin" ,glib "bin") ("eudev" ,eudev) ("polkit" ,polki=
t)))
> +    (synopsis "Userspace system daemon to enable security levels for Thu=
nderbolt=E2=84=A2
> +on GNU/Linux=C2=AE.")
> +    (description "Thunderbolt=E2=84=A2 is the brand name of a hardware i=
nterface developed by
> +Intel=C2=AE that allows the connection of external peripherals to a
> +computer.
> +Devices connected via Thunderbolt can be DMA masters and thus read
> +system memory without interference of the operating system (or even
> +the CPU). Version 3 of the interface introduced 5 different security
> +levels, in order to mitigate the aforementioned security risk that
> +connected devices pose to the system. The security level is set by the
> +system firmware.")
> +    (home-page "https://gitlab.freedesktop.org/bolt/bolt")
> +    (license license:gpl2+)))
> +
>  (define-public jitterentropy-rngd
>    (package
>      (name "jitterentropy-rngd")
> --
> 2.31.1

--
Sarah

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 15 Jul 2021 16:46:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jul 15 12:46:13 2021
Received: from localhost ([127.0.0.1]:49573 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1m44V2-00051A-T9
	for submit <at> debbugs.gnu.org; Thu, 15 Jul 2021 12:46:13 -0400
Received: from lists.gnu.org ([209.51.188.17]:55806)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <phodina@HIDDEN>) id 1m44V0-000512-Dy
 for submit <at> debbugs.gnu.org; Thu, 15 Jul 2021 12:46:11 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55322)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <phodina@HIDDEN>)
 id 1m44Uz-00006x-Rn
 for guix-patches@HIDDEN; Thu, 15 Jul 2021 12:46:10 -0400
Received: from mail-4316.protonmail.ch ([185.70.43.16]:38147)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <phodina@HIDDEN>)
 id 1m44Ux-0005aW-77
 for guix-patches@HIDDEN; Thu, 15 Jul 2021 12:46:09 -0400
Date: Thu, 15 Jul 2021 16:46:01 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1626367563;
 bh=VPlR1mh65XfbwPZ/EUEAYwEUbyjgYfBe4wZ25pB1MD0=;
 h=Date:To:From:Reply-To:Subject:From;
 b=KYylTmXxkmncIluOWLIuqNKTouV4TfFwo04vADoo6JZgN2SvTi0jNNgqybTzhOpwE
 YVHZjI/carLdnh5+gdscTEFznS7K/PstpeHmVZP+Gl/V/+KvGI3Zu2ojvbaJ9YBUNZ
 EY/HWdi1vhlK7LhxUDlgGldkNs/l61Y+tzVvHc18=
To: "guix-patches@HIDDEN" <guix-patches@HIDDEN>
From: phodina <phodina@HIDDEN>
Subject: [PATCH] Add bolt
Message-ID: <M1akxhPbhdsagfKtQNdUvQ_gr7_am4nX--PrR6Q_xlyvSCkuUoDtFRURxw8xHioONjC36RuHVt-wy18yvV-EeegHIEOUos87NROWijau444=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
Received-SPF: pass client-ip=185.70.43.16; envelope-from=phodina@HIDDEN;
 helo=mail-4316.protonmail.ch
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.6 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: phodina <phodina@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

---
index 4b57bc1f24..d07ee33a7e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -123,6 +123,7 @@
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages polkit)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages rrdtool)
   #:use-module (gnu packages samba)
@@ -2479,6 +2480,52 @@ IPv6 packet filter.
 Both commands are targeted at system administrators.")
     (license license:gpl2+)))

+(define-public bolt
+  (package
+    (name "bolt")
+    (version "0.9.1")
+    (source (origin
+              (method git-fetch)
+              (uri
+               (git-reference
+                (url "https://gitlab.freedesktop.org/bolt/bolt")
+                (commit version)))
+              (sha256
+               (base32
+                "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+    (build-system meson-build-system)
+    (arguments
+     `(#:configure-flags (list (string-append "--localstatedir=3D" (assoc-=
ref %outputs "out") "/var"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-udev-rules-directory
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (mkdir-p (string-append out "/lib/udev/rules.d"))
+               (substitute* "meson.build"
+                 (("udev.get_pkgconfig_variable..udevdir..")
+                  (string-append "'" out "/lib'")))#t)))
+         (add-before 'install 'no-polkit-magic
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Meson =E2=80=98magically=E2=80=99 invokes pkexec, which fa=
ils (not setuid).
+             (setenv "PKEXEC_UID" "something")
+             #t)))))
+    (native-inputs `(("pkg-config" ,pkg-config) ("dbus" ,dbus) ("asciidoc"=
 ,asciidoc) ("umockdev" ,umockdev)))
+    (inputs `(("glib:bin" ,glib "bin") ("eudev" ,eudev) ("polkit" ,polkit)=
))
+    (synopsis "Userspace system daemon to enable security levels for Thund=
erbolt=E2=84=A2
+on GNU/Linux=C2=AE.")
+    (description "Thunderbolt=E2=84=A2 is the brand name of a hardware int=
erface developed by
+Intel=C2=AE that allows the connection of external peripherals to a
+computer.
+Devices connected via Thunderbolt can be DMA masters and thus read
+system memory without interference of the operating system (or even
+the CPU). Version 3 of the interface introduced 5 different security
+levels, in order to mitigate the aforementioned security risk that
+connected devices pose to the system. The security level is set by the
+system firmware.")
+    (home-page "https://gitlab.freedesktop.org/bolt/bolt")
+    (license license:gpl2+)))
+
 (define-public jitterentropy-rngd
   (package
     (name "jitterentropy-rngd")
--
2.31.1