GNU bug report logs -
#77419
[PATCH] services: Add svcgssd-service-type.
Previous Next
To reply to this bug, email your comments to 77419 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#77419; Package
guix-patches.
(Mon, 31 Mar 2025 21:38:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Tomas Volf <~@wolfsden.cz>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 31 Mar 2025 21:38:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This service is required to get NFS with Kerberos support working. No
documentation is provided, since this module is under-documented as a whole.
It could use some work.
* gnu/services/nfs.scm (<svcgssd-configuration>): New record type.
(svcgssd-service-type): New service type.
(nfs-service-type): Extend the svcgssd-service-type.
Change-Id: I14d6b7757a8500569c677caca6cd0b528b032c62
---
gnu/services/nfs.scm | 80 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 78 insertions(+), 2 deletions(-)
diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index f5a1c6a44e..c9d10c9e5a 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,6 +20,7 @@
(define-module (gnu services nfs)
#:use-module (gnu)
+ #:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
#:use-module (gnu packages onc-rpc)
#:use-module (gnu packages linux)
@@ -45,6 +46,10 @@ (define-module (gnu services nfs)
gss-configuration
gss-configuration?
+ svcgssd-service-type
+ svcgssd-configuration
+ svcgssd-configuration?
+
nfs-service-type
nfs-configuration
nfs-configuration?))
@@ -189,6 +194,68 @@ (define gss-service-type
�
+(define-record-type* <svcgssd-configuration>
+ svcgssd-configuration make-svcgssd-configuration
+ svcgssd-configuration?
+ (verbosity svcgssd-configuration-verbosity
+ (default 0))
+ (verbosity-rpcsec-gss svcgssd-configuration-verbosity-rpcsec-gss
+ (default 0))
+ (verbosity-nfsidmap svcgssd-configuration-verbosity-nfsidmap
+ (default 0))
+ (principal svcgssd-configuration-principal
+ (default %unset-value))
+ (host-credentials? svcgssd-configuration-host-credentials?
+ (default #f))
+ (nfs-utils svcgssd-configuration-svcgssd
+ (default nfs-utils)))
+
+(define svcgssd-service-type
+ (let ((proc
+ (lambda (config)
+ (define svcgssd-command
+ (match-record config <svcgssd-configuration>
+ ( verbosity verbosity-rpcsec-gss verbosity-nfsidmap
+ principal host-credentials? nfs-utils)
+ #~(list
+ (string-append #$nfs-utils "/sbin/rpc.svcgssd") "-f"
+ #$@(map (const "-v") (iota verbosity))
+ #$@(map (const "-r") (iota verbosity-rpcsec-gss))
+ #$@(map (const "-i") (iota verbosity-nfsidmap))
+ #$@(if (maybe-value-set? principal)
+ `("-p" ,principal)
+ '())
+ #$@(if host-credentials?
+ '("-n")
+ '()))))
+
+ (shepherd-service
+ (documentation "Start the RPC SVCGSSD daemon.")
+ (requirement '(user-processes rpcbind-daemon rpc-pipefs))
+ (provision '(rpc-svcgssd))
+
+ (start #~(make-forkexec-constructor #$svcgssd-command))
+ (stop #~(make-kill-destructor))))))
+ (service-type
+ (name 'svcgssd)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list proc))))
+ ;; We use the extensions feature to allow other services to automatically
+ ;; configure and start this service. Only one value can be provided. We
+ ;; override it with the value returned by the extending service.
+ (compose identity)
+ (extend (lambda (config values)
+ (match values
+ ((first . rest) first)
+ (_ config))))
+ (default-value (svcgssd-configuration))
+ (description "Run the @dfn{global security system} (SVCGSSD) daemon,
+which provides strong security for protocols based on remote procedure
+calls (ONC RPC)."))))
+
+�
+
(define-record-type* <idmap-configuration>
idmap-configuration make-idmap-configuration
idmap-configuration?
@@ -282,7 +349,8 @@ (define-record-type* <nfs-configuration>
(default #f))
(pipefs-directory nfs-configuration-pipefs-directory
(default default-pipefs-directory))
- ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, or mountd.
+ ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, mountd or
+ ;; svcgssd.
(debug nfs-configuration-debug
(default '())))
@@ -448,6 +516,14 @@ (define nfs-service-type
(service-extension rpcbind-service-type
(lambda (config)
(rpcbind-configuration
- (rpcbind (nfs-configuration-rpcbind config)))))))
+ (rpcbind (nfs-configuration-rpcbind config)))))
+ (service-extension svcgssd-service-type
+ (lambda (config)
+ (svcgssd-configuration
+ (nfs-utils (nfs-configuration-nfs-utils config))
+ (verbosity
+ (if (member 'svcgssd
+ (nfs-configuration-debug config))
+ 10 0)))))))
(description
"Run all NFS daemons and refresh the list of exported file systems.")))
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#77419; Package
guix-patches.
(Wed, 23 Apr 2025 10:33:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 77419 <at> debbugs.gnu.org (full text, mbox):
Hi,
Tomas Volf <~@wolfsden.cz> writes:
> This service is required to get NFS with Kerberos support working. No
> documentation is provided, since this module is under-documented as a whole.
> It could use some work.
>
> * gnu/services/nfs.scm (<svcgssd-configuration>): New record type.
> (svcgssd-service-type): New service type.
> (nfs-service-type): Extend the svcgssd-service-type.
>
> Change-Id: I14d6b7757a8500569c677caca6cd0b528b032c62
The patch LGTM but documentation needs to be added under “Network File
System”; that section is not perfect (it lacks examples, for instance)
but it exists.
Could you send an updated patch?
Thanks,
Ludo’.
This bug report was last modified 6 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.