GNU bug report logs - #77419
[PATCH] services: Add svcgssd-service-type.

Previous Next

Package: guix-patches;

Reported by: Tomas Volf <~@wolfsden.cz>

Date: Mon, 31 Mar 2025 21:38:01 UTC

Severity: normal

Tags: patch

To reply to this bug, email your comments to 77419 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to guix-patches <at> gnu.org:
bug#77419; Package guix-patches. (Mon, 31 Mar 2025 21:38:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tomas Volf <~@wolfsden.cz>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 31 Mar 2025 21:38:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <~@wolfsden.cz>
To: guix-patches <at> gnu.org
Cc: Tomas Volf <~@wolfsden.cz>
Subject: [PATCH] services: Add svcgssd-service-type.
Date: Mon, 31 Mar 2025 23:37:11 +0200
This service is required to get NFS with Kerberos support working.  No
documentation is provided, since this module is under-documented as a whole.
It could use some work.

* gnu/services/nfs.scm (<svcgssd-configuration>): New record type.
(svcgssd-service-type): New service type.
(nfs-service-type): Extend the svcgssd-service-type.

Change-Id: I14d6b7757a8500569c677caca6cd0b528b032c62
---
 gnu/services/nfs.scm | 80 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 78 insertions(+), 2 deletions(-)

diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index f5a1c6a44e..c9d10c9e5a 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,6 +20,7 @@
 
 (define-module (gnu services nfs)
   #:use-module (gnu)
+  #:use-module (gnu services configuration)
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages onc-rpc)
   #:use-module (gnu packages linux)
@@ -45,6 +46,10 @@ (define-module (gnu services nfs)
             gss-configuration
             gss-configuration?
 
+            svcgssd-service-type
+            svcgssd-configuration
+            svcgssd-configuration?
+
             nfs-service-type
             nfs-configuration
             nfs-configuration?))
@@ -189,6 +194,68 @@ (define gss-service-type
 
 
 
+(define-record-type* <svcgssd-configuration>
+  svcgssd-configuration make-svcgssd-configuration
+  svcgssd-configuration?
+  (verbosity            svcgssd-configuration-verbosity
+                        (default 0))
+  (verbosity-rpcsec-gss svcgssd-configuration-verbosity-rpcsec-gss
+                        (default 0))
+  (verbosity-nfsidmap   svcgssd-configuration-verbosity-nfsidmap
+                        (default 0))
+  (principal            svcgssd-configuration-principal
+                        (default %unset-value))
+  (host-credentials?    svcgssd-configuration-host-credentials?
+                        (default #f))
+  (nfs-utils            svcgssd-configuration-svcgssd
+                        (default nfs-utils)))
+
+(define svcgssd-service-type
+  (let ((proc
+         (lambda (config)
+           (define svcgssd-command
+             (match-record config <svcgssd-configuration>
+                           ( verbosity verbosity-rpcsec-gss verbosity-nfsidmap
+                             principal host-credentials? nfs-utils)
+               #~(list
+                  (string-append #$nfs-utils "/sbin/rpc.svcgssd") "-f"
+                  #$@(map (const "-v") (iota verbosity))
+                  #$@(map (const "-r") (iota verbosity-rpcsec-gss))
+                  #$@(map (const "-i") (iota verbosity-nfsidmap))
+                  #$@(if (maybe-value-set? principal)
+                         `("-p" ,principal)
+                         '())
+                  #$@(if host-credentials?
+                         '("-n")
+                         '()))))
+
+           (shepherd-service
+            (documentation "Start the RPC SVCGSSD daemon.")
+            (requirement '(user-processes rpcbind-daemon rpc-pipefs))
+            (provision '(rpc-svcgssd))
+
+            (start #~(make-forkexec-constructor #$svcgssd-command))
+            (stop #~(make-kill-destructor))))))
+    (service-type
+     (name 'svcgssd)
+     (extensions
+      (list (service-extension shepherd-root-service-type
+                               (compose list proc))))
+     ;; We use the extensions feature to allow other services to automatically
+     ;; configure and start this service.  Only one value can be provided.  We
+     ;; override it with the value returned by the extending service.
+     (compose identity)
+     (extend (lambda (config values)
+               (match values
+                 ((first . rest) first)
+                 (_ config))))
+     (default-value (svcgssd-configuration))
+     (description "Run the @dfn{global security system} (SVCGSSD) daemon,
+which provides strong security for protocols based on remote procedure
+calls (ONC RPC)."))))
+
+
+
 (define-record-type* <idmap-configuration>
   idmap-configuration make-idmap-configuration
   idmap-configuration?
@@ -282,7 +349,8 @@ (define-record-type* <nfs-configuration>
                        (default #f))
   (pipefs-directory    nfs-configuration-pipefs-directory
                        (default default-pipefs-directory))
-  ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, or mountd.
+  ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, mountd or
+  ;; svcgssd.
   (debug               nfs-configuration-debug
                        (default '())))
 
@@ -448,6 +516,14 @@ (define nfs-service-type
      (service-extension rpcbind-service-type
                         (lambda (config)
                           (rpcbind-configuration
-                           (rpcbind (nfs-configuration-rpcbind config)))))))
+                           (rpcbind (nfs-configuration-rpcbind config)))))
+     (service-extension svcgssd-service-type
+                        (lambda (config)
+                          (svcgssd-configuration
+                           (nfs-utils (nfs-configuration-nfs-utils config))
+                           (verbosity
+                            (if (member 'svcgssd
+                                        (nfs-configuration-debug config))
+                                10 0)))))))
    (description
     "Run all NFS daemons and refresh the list of exported file systems.")))
-- 
2.49.0





This bug report was last modified 8 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.