From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [PATCH] gnu: Add kerberos service. Date: Fri, 18 Nov 2016 23:51:16 +0100 Message-ID: <87a8cw5rmj.fsf@gnu.org> References: <1478721522-312-1-git-send-email-jmd@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53389) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c7s0A-0006L4-NX for guix-devel@gnu.org; Fri, 18 Nov 2016 17:51:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c7s07-0005ws-F1 for guix-devel@gnu.org; Fri, 18 Nov 2016 17:51:22 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58390) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c7s07-0005wn-Bt for guix-devel@gnu.org; Fri, 18 Nov 2016 17:51:19 -0500 In-Reply-To: <1478721522-312-1-git-send-email-jmd@gnu.org> (John Darrington's message of "Wed, 9 Nov 2016 20:58:42 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: John Darrington Cc: guix-devel@gnu.org Hello! John Darrington skribis: > * gnu/services/kerberos.scm (krb5-realm, krb5-configuration, > krb5-service-type): New variables. Could you add documentation in guix.texi, along with an example of how to use it? I very strongly encourage you to write a system test for this as well. Essentially, it=E2=80=99s just about writing down in a file a test that you= =E2=80=99ve already run anyway. I=E2=80=99m happy to help if needed. The main ideas a= re described in . (I think this will become a requirement for future patches. :-)) > +(define-record-type* > + krb5-realm make-krb5-realm > + krb5-realm? > + (name krb5-realm-name) > + > + (admin-server krb5-realm-admin-server) > + (kdc krb5-realm-kdc) > + (auth-to-local krb5-realm-auth-to-local (default '())) > + (auth-to-local-names krb5-realm-auth-to-local-names (default '())) > + (http-anchors krb5-realm-http-anchors (default '())) > + (default-domain krb5-realm-default-domain (default #f)) > + (kpasswd-server krb5-realm-kpasswd-server (default #f)) > + (master-kdc krb5-realm-master-kdc (default #f)) > + (v4-instance-convert krb5-realm-v4-instance-convert (default '())) > + (v4-realm krb5-realm-v4-realm (default #f))) I find it helpful to add a one- or two-line comment above stating what this is, and margin comments next to the fields to give an idea of what their type is. Could you try something along these lines? > +(define-syntax guile->krb-cfg > + (syntax-rules () > + ((guile->krb-cfg accessor what) > + (string-map > + (lambda (c) (if (eq? c #\-) #\_ c)) > + (string-drop (symbol->string accessor) > + (string-length what)))))) > + > +(define-syntax cfg-opt-string > + (syntax-rules () > + ((cfg-opt-string accessor realm) > + (if (accessor realm) > + (format #f "\n\t~a =3D ~a" > + (guile->krb-cfg 'accessor "krb5-realm-") > + (accessor realm)) > + "")))) > + > + > +;; Generates one line of text per list item > +(define-syntax cfg-opt-list > + (syntax-rules () > + ((cfg-opt-list accessor realm) > + (if (not (null? (accessor realm))) > + (string-concatenate > + (map (lambda (item) > + (format #f "\n\t~a =3D ~a" > + (guile->krb-cfg 'accessor "krb5-realm-") > + item)) > + (accessor realm))) > + "")))) Would Andy=E2=80=99s =E2=80=98define-configuration=E2=80=99 (in mail.scm an= d cups.scm) be usable here, possibly with some adjustments? It has the advantage that configuration fields, their types, and their docstring all appear at the same place. I think we should consolidate it into a single API. If not, please mind the naming convention (info "(guix) Formatting Code"), and use =E2=80=98define-syntax-rule=E2=80=99 for macros with a sing= le pattern. Perhaps pass the whole file through M-x indent-region to fix inconsistencies. > +;; For explanation of these fields see man 5 krb5.conf > +(define-record-type* > + krb5-configuration make-krb5-configuration > + krb5-configuration? > + > + ;; [libdefaults] > + (allow-weak-crypto krb5-configuration-allow-weak-crypto (defa= ult #f)) > + (ap-req-checksum-type krb5-configuration-ap-req-checksum-type (d= efault #f)) > + (canonicalize krb5-configuration-canonicalize (default #= f)) > + (ccache-type krb5-configuration-ccache-type (default #f= )) > + (clockskew krb5-configuration-clockskew (default #f)) > + (default-ccache-name krb5-configuration-default-ccache-name (de= fault #f)) > + (default-client-keytab-name krb5-configuration-default-client-keytab-n= ame > + (de= fault #f)) > + (default-keytab-name krb5-configuration-default-keytab-name (de= fault #f)) > + (default-realm krb5-configuration-default-realm (default = #f)) > + (default-tgs-enctypes krb5-configuration-default-tgs-enctypes (d= efault #f)) > + (default-tkt-enctypes krb5-configuration-default-tkt-enctypes (d= efault #f)) > + (dns-canonicalize-hostname krb5-configuration-dns-canonicalize-hostna= me > + (default #t)) > + (dns-lookup-kdc krb5-configuration-dns-lookup-kdc > + (default #f)) > + (err-fmt krb5-configuration-err-fmt (default #f)) > + (extra-addresses krb5-configuration-extra-addresses > + (default #f)) > + (forwardable krb5-configuration-forwardable (default #t= )) > + (ignore-acceptor-hostname krb5-configuration-ignore-acceptor-hostname > + (default #f)) > + (k5login-authoritative krb5-configuration-k5login-authoritative (= default #t)) > + (k5login-directory krb5-configuration-k5login-directory (defa= ult #f)) > + (kcm-mach-service krb5-configuration-kcm-mach-service > + (default "org.h5l.kcm")) > + (kcm-socket krb5-configuration-kcm-socket > + (default "/var/run/.heim_org.h5l.kcm-soc= ket")) > + (kdc-default-options krb5-configuration-kdc-default-options > + (default #f)) > + (kdc-timesync krb5-configuration-kdc-timesync (default #= t)) > + (kdc-req-checksum-type krb5-configuration-kdc-req-checksum-type (= default #f)) > + (noaddresses krb5-configuration-noaddresses > + (default #f)) > + (permitted-enctypes krb5-configuration-permitted-enctypes > + (default #f)) > + (plugin-base-dir krb5-configuration-plugin-base-dir > + (default #f)) > + (preferred-preauth-types krb5-configuration-preferred-preauth-types > + (default #f)) > + (proxiable krb5-configuration-proxiable (default #f)) > + (rdns krb5-configuration-rdns (default #t)) > + (realm-try-domains krb5-configuration-realm-try-domains > + (default #f)) > + (renew-lifetime krb5-configuration-renew-lifetime > + (default #f)) > + (safe-checksum-type krb5-configuration-safe-checksum-type > + (default #f)) > + (ticket-lifetime krb5-configuration-ticket-lifetime > + (default #f)) > + (udp-preference-limit krb5-configuration-udp-preference-limit > + (default #f)) > + (verify-ap-req-nofail krb5-configuration-verify-ap-req-nofail > + (default #f)) > + > + ;;[realms] > + (realms krb5-configuration-realms) > + > + ;;[domain_realm] > + (domain-realm-map krb5-configuration-domain-realm-map (defau= lt '()))) Woow! :-) Please use full separate words; use question marks for Boolean fields. > +(define (krb5-etc-service config) > + (list `("krb5.conf" ,(krb5-configuration-file config)))) > + > + > +(define krb5-service-type > + (service-type (name 'krb5) > + (extensions > + (list (service-extension etc-service-type > + krb5-etc-service))))) So this service doesn=E2=80=99t do anything by itself. Perhaps it should a= lso create a Shepherd service for the Kerberos daemon, or something like that? Thank you! Ludo=E2=80=99.