We are pleased to announce the GNU Shepherd version 0.9.2. This is a bug-fix release, representing 27 commits by 2 people over 4 months. • About The GNU Daemon Shepherd or GNU Shepherd is a service manager written in Guile that looks after the herd of system services. It provides dependency-based management for system services: daemons such as ‘sshd’, programs such as Xorg, as well as user-provided actions. The GNU Shepherd may also be used by unprivileged users to manage per-user daemons—e.g., tor, privoxy, mcron, etc. It is written in Guile Scheme, and is configured and extended using Guile. The GNU Shepherd is developed jointly with the GNU Guix project; it is used as the init system of Guix, GNU’s advanced GNU/Linux distribution. https://www.gnu.org/software/shepherd/ • Download Here are the compressed sources and a GPG detached signature[*]: https://ftp.gnu.org/gnu/shepherd/shepherd-0.9.2.tar.gz https://ftp.gnu.org/gnu/shepherd/shepherd-0.9.2.tar.gz.sig Use a mirror for higher download bandwidth: https://ftpmirror.gnu.org/shepherd/shepherd-0.9.2.tar.gz https://ftpmirror.gnu.org/shepherd/shepherd-0.9.2.tar.gz.sig Here are the SHA1 and SHA256 checksums: b8861f58596f0938375d1a13ab4142f6dca50340 shepherd-0.9.2.tar.gz e192bbaac3d38e3a1fcb5624c0a925758abfd0b43bac4c88b6770df8fcf08b55 shepherd-0.9.2.tar.gz [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify shepherd-0.9.2.tar.gz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.openpgp.org \ --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 and rerun the 'gpg --verify' command. This release was bootstrapped with the following tools: Autoconf 2.71 Automake 1.16.5 Makeinfo 6.7 Help2man 1.48.5 • Changes since version 0.9.1 (excerpt from the NEWS file) ** File descriptors used internally are now all marked as close-on-exec Previously, services started indirectly with ‘exec-command’ (which is usually the case) would not inherit any file descriptor from shepherd because ‘exec-command’ would explicitly close all of them. However, services started with ‘make-system-constructor’ and processes created by some other means, such as calling ‘system*’, would inherit some of those descriptors, giving them more authority than intended. The change here consists in marking all internally-used file descriptors as “close-on-exec” (O_CLOEXEC), a feature that’s been available on GNU/Linux and GNU/Hurd for years but that so far wasn’t used consistently in shepherd. This is now fixed. As a side-effect, the file-descriptor-closing loop in ‘exec-command’ is now gone. ** Client connections with ‘herd’ are non-blocking Previously, a misbehaving client could send an incomplete command (s-expression), causing shepherd to hang while waiting for completion. (Note that said client is required to run with the same UID as shepherd, so this was not a security issue.) ** Directory of log file is created if it doesn’t exist When a service constructor is passed ‘#:log-file "/var/log/foo/bar.log"’, shepherd now created /var/log/foo if it doesn’t exist; previously it would fail gracelessly. Please report bugs to bug-guix@gnu.org. Join guix-devel@gnu.org for discussions. Ludovic, on behalf of the Shepherd herd. [[End of PGP Signed Part]]