From mboxrd@z Thu Jan  1 00:00:00 1970
From: ng0 <ng0@libertad.pw>
Subject: Re: [PATCH] gnu: services: Add gnunet-service.
Date: Wed, 21 Dec 2016 14:57:55 +0000
Message-ID: <8737hhfhxo.fsf@wasp.i-did-not-set--mail-host-address--so-tickle-me>
References: <20161219193029.10513-1-ng0@libertad.pw>
	<20161219193029.10513-2-ng0@libertad.pw> <878tr9odfm.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59793)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ng0@libertad.pw>) id 1cJiLe-00086g-9v
	for guix-devel@gnu.org; Wed, 21 Dec 2016 09:58:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ng0@libertad.pw>) id 1cJiLd-0008IQ-Es
	for guix-devel@gnu.org; Wed, 21 Dec 2016 09:58:30 -0500
In-Reply-To: <878tr9odfm.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org

Ludovic Courtès <ludo@gnu.org> writes:

> ng0 <ng0@libertad.pw> skribis:
>
>> +@cindex GNUnet
>> +@cindex gnunet
>> +@subsubheading GNUnet Service
>> +
>> +@deffn {Scheme Variable} gnunet-service-type
>> +This is the type of the @uref{https://gnunet.org, GNUnet}
>
> Since GNUnet is supposed to be available to unprivileged users via
> ‘gnunet-arm’, perhaps you could clarify a bit what this does and what
> the tradeoffs are?

I can document this in the next preview I send to the
list. Running gnunet via system service is the correct way to run
it, this way multiple unix users can have their own ego (gnunet
term) etc. You will no longer use gnunet-arm, you just use the
gnunet subsystems directly.

>
> [...]
>
>> +        (user-account
>> +         (name "gnunet")
>> +         (group "gnunet")
>> +         (system? #t)
>> +         (comment "GNUnet system user")
>> +         (home-directory "/var/empty")
>> +         (shell #~(string-append #$shadow "/sbin/nologin")))))
>
> Prefer (file-append shadow "/sbin/nologin").

Ok.

>> +(define gnunet-activation
>> +  (match-lambda
>> +    (($ <gnunet-configuration> package config-file)
>> +     (let ((gnunet
>> +            (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
>> +       #~(begin
>> +           (use-modules (guix build utils))
>> +           (define %user (getpw "gnunet"))
>> +           (mkdir-p "/var/lib/gnunet/")
>> +           (chown "/var/lib/gnunet" (passwd:uid %user) (passwd:gid %user))
>> +           (chmod "/var/lib/gnunet/" #o600)
>> +           (mkdir-p "/var/lib/gnunet/.local/share/gnunet")
>> +           (mkdir-p "/var/lib/gnunet/.cache/gnunet")
>> +           (mkdir-p "/var/lib/gnunet/.config/gnunet")
>> +           (chmod "/var/lib/gnunet/.config/gnunet" #o600)
>> +           (chmod "/var/lib/gnunet/.cache/gnunet" #o600)
>> +           (chmod "/var/lib/gnunet/.local/share/gnunet" #o600))))))
>
> The .local, .share, and .config sub-directories here look fishy.  I’d
> suggest reporting that as a bug upstream.  :-)

I'm discussing it right now, to figure out if this was fixed
later or if this is still relevant to report, and if it was fixed
later if it can be backported.

> The rest LGTM!
>
> Thanks,
> Ludo’.
>

Thanks for this first review.
-- 
♥Ⓐ  ng0  | PGP keys and more: https://n0is.noblogs.org/
         |                    http://ng0.chaosnet.org