Package: guix-patches;
Reported by: Tomas Volf <~@wolfsden.cz>
Date: Mon, 31 Mar 2025 21:38:01 UTC
Severity: normal
Tags: patch
To reply to this bug, email your comments to 77419 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#77419; Package guix-patches.
(Mon, 31 Mar 2025 21:38:02 GMT) Full text and rfc822 format available.Tomas Volf <~@wolfsden.cz>:guix-patches <at> gnu.org.
(Mon, 31 Mar 2025 21:38:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Tomas Volf <~@wolfsden.cz> To: guix-patches <at> gnu.org Cc: Tomas Volf <~@wolfsden.cz> Subject: [PATCH] services: Add svcgssd-service-type. Date: Mon, 31 Mar 2025 23:37:11 +0200
This service is required to get NFS with Kerberos support working. No
documentation is provided, since this module is under-documented as a whole.
It could use some work.
* gnu/services/nfs.scm (<svcgssd-configuration>): New record type.
(svcgssd-service-type): New service type.
(nfs-service-type): Extend the svcgssd-service-type.
Change-Id: I14d6b7757a8500569c677caca6cd0b528b032c62
---
gnu/services/nfs.scm | 80 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 78 insertions(+), 2 deletions(-)
diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index f5a1c6a44e..c9d10c9e5a 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,6 +20,7 @@
(define-module (gnu services nfs)
#:use-module (gnu)
+ #:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
#:use-module (gnu packages onc-rpc)
#:use-module (gnu packages linux)
@@ -45,6 +46,10 @@ (define-module (gnu services nfs)
gss-configuration
gss-configuration?
+ svcgssd-service-type
+ svcgssd-configuration
+ svcgssd-configuration?
+
nfs-service-type
nfs-configuration
nfs-configuration?))
@@ -189,6 +194,68 @@ (define gss-service-type
+(define-record-type* <svcgssd-configuration>
+ svcgssd-configuration make-svcgssd-configuration
+ svcgssd-configuration?
+ (verbosity svcgssd-configuration-verbosity
+ (default 0))
+ (verbosity-rpcsec-gss svcgssd-configuration-verbosity-rpcsec-gss
+ (default 0))
+ (verbosity-nfsidmap svcgssd-configuration-verbosity-nfsidmap
+ (default 0))
+ (principal svcgssd-configuration-principal
+ (default %unset-value))
+ (host-credentials? svcgssd-configuration-host-credentials?
+ (default #f))
+ (nfs-utils svcgssd-configuration-svcgssd
+ (default nfs-utils)))
+
+(define svcgssd-service-type
+ (let ((proc
+ (lambda (config)
+ (define svcgssd-command
+ (match-record config <svcgssd-configuration>
+ ( verbosity verbosity-rpcsec-gss verbosity-nfsidmap
+ principal host-credentials? nfs-utils)
+ #~(list
+ (string-append #$nfs-utils "/sbin/rpc.svcgssd") "-f"
+ #$@(map (const "-v") (iota verbosity))
+ #$@(map (const "-r") (iota verbosity-rpcsec-gss))
+ #$@(map (const "-i") (iota verbosity-nfsidmap))
+ #$@(if (maybe-value-set? principal)
+ `("-p" ,principal)
+ '())
+ #$@(if host-credentials?
+ '("-n")
+ '()))))
+
+ (shepherd-service
+ (documentation "Start the RPC SVCGSSD daemon.")
+ (requirement '(user-processes rpcbind-daemon rpc-pipefs))
+ (provision '(rpc-svcgssd))
+
+ (start #~(make-forkexec-constructor #$svcgssd-command))
+ (stop #~(make-kill-destructor))))))
+ (service-type
+ (name 'svcgssd)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list proc))))
+ ;; We use the extensions feature to allow other services to automatically
+ ;; configure and start this service. Only one value can be provided. We
+ ;; override it with the value returned by the extending service.
+ (compose identity)
+ (extend (lambda (config values)
+ (match values
+ ((first . rest) first)
+ (_ config))))
+ (default-value (svcgssd-configuration))
+ (description "Run the @dfn{global security system} (SVCGSSD) daemon,
+which provides strong security for protocols based on remote procedure
+calls (ONC RPC)."))))
+
+
+
(define-record-type* <idmap-configuration>
idmap-configuration make-idmap-configuration
idmap-configuration?
@@ -282,7 +349,8 @@ (define-record-type* <nfs-configuration>
(default #f))
(pipefs-directory nfs-configuration-pipefs-directory
(default default-pipefs-directory))
- ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, or mountd.
+ ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, mountd or
+ ;; svcgssd.
(debug nfs-configuration-debug
(default '())))
@@ -448,6 +516,14 @@ (define nfs-service-type
(service-extension rpcbind-service-type
(lambda (config)
(rpcbind-configuration
- (rpcbind (nfs-configuration-rpcbind config)))))))
+ (rpcbind (nfs-configuration-rpcbind config)))))
+ (service-extension svcgssd-service-type
+ (lambda (config)
+ (svcgssd-configuration
+ (nfs-utils (nfs-configuration-nfs-utils config))
+ (verbosity
+ (if (member 'svcgssd
+ (nfs-configuration-debug config))
+ 10 0)))))))
(description
"Run all NFS daemons and refresh the list of exported file systems.")))
--
2.49.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.