GNU bug report logs -
#77419
[PATCH] services: Add svcgssd-service-type.
Previous Next
To reply to this bug, email your comments to 77419 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#77419; Package
guix-patches.
(Mon, 31 Mar 2025 21:38:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Tomas Volf <~@wolfsden.cz>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 31 Mar 2025 21:38:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This service is required to get NFS with Kerberos support working. No
documentation is provided, since this module is under-documented as a whole.
It could use some work.
* gnu/services/nfs.scm (<svcgssd-configuration>): New record type.
(svcgssd-service-type): New service type.
(nfs-service-type): Extend the svcgssd-service-type.
Change-Id: I14d6b7757a8500569c677caca6cd0b528b032c62
---
gnu/services/nfs.scm | 80 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 78 insertions(+), 2 deletions(-)
diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index f5a1c6a44e..c9d10c9e5a 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,6 +20,7 @@
(define-module (gnu services nfs)
#:use-module (gnu)
+ #:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
#:use-module (gnu packages onc-rpc)
#:use-module (gnu packages linux)
@@ -45,6 +46,10 @@ (define-module (gnu services nfs)
gss-configuration
gss-configuration?
+ svcgssd-service-type
+ svcgssd-configuration
+ svcgssd-configuration?
+
nfs-service-type
nfs-configuration
nfs-configuration?))
@@ -189,6 +194,68 @@ (define gss-service-type
�
+(define-record-type* <svcgssd-configuration>
+ svcgssd-configuration make-svcgssd-configuration
+ svcgssd-configuration?
+ (verbosity svcgssd-configuration-verbosity
+ (default 0))
+ (verbosity-rpcsec-gss svcgssd-configuration-verbosity-rpcsec-gss
+ (default 0))
+ (verbosity-nfsidmap svcgssd-configuration-verbosity-nfsidmap
+ (default 0))
+ (principal svcgssd-configuration-principal
+ (default %unset-value))
+ (host-credentials? svcgssd-configuration-host-credentials?
+ (default #f))
+ (nfs-utils svcgssd-configuration-svcgssd
+ (default nfs-utils)))
+
+(define svcgssd-service-type
+ (let ((proc
+ (lambda (config)
+ (define svcgssd-command
+ (match-record config <svcgssd-configuration>
+ ( verbosity verbosity-rpcsec-gss verbosity-nfsidmap
+ principal host-credentials? nfs-utils)
+ #~(list
+ (string-append #$nfs-utils "/sbin/rpc.svcgssd") "-f"
+ #$@(map (const "-v") (iota verbosity))
+ #$@(map (const "-r") (iota verbosity-rpcsec-gss))
+ #$@(map (const "-i") (iota verbosity-nfsidmap))
+ #$@(if (maybe-value-set? principal)
+ `("-p" ,principal)
+ '())
+ #$@(if host-credentials?
+ '("-n")
+ '()))))
+
+ (shepherd-service
+ (documentation "Start the RPC SVCGSSD daemon.")
+ (requirement '(user-processes rpcbind-daemon rpc-pipefs))
+ (provision '(rpc-svcgssd))
+
+ (start #~(make-forkexec-constructor #$svcgssd-command))
+ (stop #~(make-kill-destructor))))))
+ (service-type
+ (name 'svcgssd)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list proc))))
+ ;; We use the extensions feature to allow other services to automatically
+ ;; configure and start this service. Only one value can be provided. We
+ ;; override it with the value returned by the extending service.
+ (compose identity)
+ (extend (lambda (config values)
+ (match values
+ ((first . rest) first)
+ (_ config))))
+ (default-value (svcgssd-configuration))
+ (description "Run the @dfn{global security system} (SVCGSSD) daemon,
+which provides strong security for protocols based on remote procedure
+calls (ONC RPC)."))))
+
+�
+
(define-record-type* <idmap-configuration>
idmap-configuration make-idmap-configuration
idmap-configuration?
@@ -282,7 +349,8 @@ (define-record-type* <nfs-configuration>
(default #f))
(pipefs-directory nfs-configuration-pipefs-directory
(default default-pipefs-directory))
- ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, or mountd.
+ ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, mountd or
+ ;; svcgssd.
(debug nfs-configuration-debug
(default '())))
@@ -448,6 +516,14 @@ (define nfs-service-type
(service-extension rpcbind-service-type
(lambda (config)
(rpcbind-configuration
- (rpcbind (nfs-configuration-rpcbind config)))))))
+ (rpcbind (nfs-configuration-rpcbind config)))))
+ (service-extension svcgssd-service-type
+ (lambda (config)
+ (svcgssd-configuration
+ (nfs-utils (nfs-configuration-nfs-utils config))
+ (verbosity
+ (if (member 'svcgssd
+ (nfs-configuration-debug config))
+ 10 0)))))))
(description
"Run all NFS daemons and refresh the list of exported file systems.")))
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#77419; Package
guix-patches.
(Wed, 23 Apr 2025 10:33:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 77419 <at> debbugs.gnu.org (full text, mbox):
Hi,
Tomas Volf <~@wolfsden.cz> writes:
> This service is required to get NFS with Kerberos support working. No
> documentation is provided, since this module is under-documented as a whole.
> It could use some work.
>
> * gnu/services/nfs.scm (<svcgssd-configuration>): New record type.
> (svcgssd-service-type): New service type.
> (nfs-service-type): Extend the svcgssd-service-type.
>
> Change-Id: I14d6b7757a8500569c677caca6cd0b528b032c62
The patch LGTM but documentation needs to be added under “Network File
System”; that section is not perfect (it lacks examples, for instance)
but it exists.
Could you send an updated patch?
Thanks,
Ludo’.
This bug report was last modified 31 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.