From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: [PATCH] gnu: services: Add gnunet-service.
Date: Wed, 21 Dec 2016 10:10:21 +0100
Message-ID: <878tr9odfm.fsf@gnu.org>
References: <20161219193029.10513-1-ng0@libertad.pw>
	<20161219193029.10513-2-ng0@libertad.pw>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51954)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cJcuu-0004LB-60
	for guix-devel@gnu.org; Wed, 21 Dec 2016 04:10:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cJcut-0003Om-4N
	for guix-devel@gnu.org; Wed, 21 Dec 2016 04:10:32 -0500
In-Reply-To: <20161219193029.10513-2-ng0@libertad.pw> (ng0@libertad.pw's
	message of "Mon, 19 Dec 2016 19:30:29 +0000")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: ng0 <ng0@libertad.pw>
Cc: guix-devel@gnu.org, ng0 <ng0@we.make.ritual.n0.is>

ng0 <ng0@libertad.pw> skribis:

> +@cindex GNUnet
> +@cindex gnunet
> +@subsubheading GNUnet Service
> +
> +@deffn {Scheme Variable} gnunet-service-type
> +This is the type of the @uref{https://gnunet.org, GNUnet}

Since GNUnet is supposed to be available to unprivileged users via
=E2=80=98gnunet-arm=E2=80=99, perhaps you could clarify a bit what this doe=
s and what
the tradeoffs are?


[...]

> +        (user-account
> +         (name "gnunet")
> +         (group "gnunet")
> +         (system? #t)
> +         (comment "GNUnet system user")
> +         (home-directory "/var/empty")
> +         (shell #~(string-append #$shadow "/sbin/nologin")))))

Prefer (file-append shadow "/sbin/nologin").

> +(define gnunet-activation
> +  (match-lambda
> +    (($ <gnunet-configuration> package config-file)
> +     (let ((gnunet
> +            (file-append package "/lib/gnunet/libexec/gnunet-service-arm=
")))
> +       #~(begin
> +           (use-modules (guix build utils))
> +           (define %user (getpw "gnunet"))
> +           (mkdir-p "/var/lib/gnunet/")
> +           (chown "/var/lib/gnunet" (passwd:uid %user) (passwd:gid %user=
))
> +           (chmod "/var/lib/gnunet/" #o600)
> +           (mkdir-p "/var/lib/gnunet/.local/share/gnunet")
> +           (mkdir-p "/var/lib/gnunet/.cache/gnunet")
> +           (mkdir-p "/var/lib/gnunet/.config/gnunet")
> +           (chmod "/var/lib/gnunet/.config/gnunet" #o600)
> +           (chmod "/var/lib/gnunet/.cache/gnunet" #o600)
> +           (chmod "/var/lib/gnunet/.local/share/gnunet" #o600))))))

The .local, .share, and .config sub-directories here look fishy.  I=E2=80=
=99d
suggest reporting that as a bug upstream.  :-)

The rest LGTM!

Thanks,
Ludo=E2=80=99.