[PATCH 1/3] gnu: connman: Use localstatedir outside of store.

[PATCH 1/3] gnu: connman: Use localstatedir outside of store.

[Tomáš Čech]

* gnu/packages/connman.scm (connman): Use localstatedir outside of store.
---
 gnu/packages/connman.scm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm
index cd0f6a9..7af20c9 100644
--- a/gnu/packages/connman.scm
+++ b/gnu/packages/connman.scm
@@ -55,6 +55,9 @@
              "--enable-vpnc"
              "--enable-pptp"
              "--enable-l2tp"
+             ;; location for daemon state files and internal configuration
+             ;; needs to be writeable
+             "--localstatedir=/var"
              (string-append
               "--with-dbusconfdir=" (assoc-ref %outputs "out") "/etc")
              (string-append
-- 
2.10.2

[PATCH 2/3] services: Add wpa-supplicant-service.

[Tomáš Čech]

* gnu/services/networking.scm (wpa-supplicant-service): New procedure.
(wpa-supplicant-service-type): New variable.
(wpa-supplicant-shepherd-service): New procedure.
* doc/guix.texi (Networking Services): Document it.
---
 doc/guix.texi               |  8 ++++++++
 gnu/services/networking.scm | 36 +++++++++++++++++++++++++++++++++++-
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 89a7a58..bdf0bce 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -8301,6 +8301,14 @@ several the @command{connmanctl} command to interact with the daemon and
 configure networking."
 @end deffn
 
+@cindex WPA Supplicant
+@deffn {Scheme Procedure} wpa-supplicant-service @
+       [#:wpa-supplicant @var{wpa-supplicant}]
+Return a service that runs @url{https://w1.fi/wpa_supplicant/,WPA
+supplicant}, an authentication daemon required to authenticate against
+encrypted WiFi or ethernet networks.
+@end deffn
+
 @deffn {Scheme Procedure} ntp-service [#:ntp @var{ntp}] @
   [#:servers @var{%ntp-servers}] @
   [#:allow-large-adjustment? #f]
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index df609da..05ee339 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -64,7 +64,8 @@
 
             wicd-service
             network-manager-service
-            connman-service))
+            connman-service
+            wpa-supplicant-service))
 
 ;;; Commentary:
 ;;;
@@ -740,4 +741,37 @@ several the @command{connmanctl} command to interact with the daemon and
 configure networking."
   (service connman-service-type connman))
 
+
+\f
+;;;
+;;; WPA supplicant
+;;;
+
+
+(define (wpa-supplicant-shepherd-service wpa-supplicant)
+  "Return a shepherd service for wpa_supplicant"
+  (list (shepherd-service
+         (documentation "Run WPA supplicant with dbus interface")
+         (provision '(wpa-supplicant))
+         (requirement '(user-processes dbus-system loopback))
+         (start #~(make-forkexec-constructor
+                   (list (string-append #$wpa-supplicant
+                                        "/sbin/wpa_supplicant")
+                         "-u" "-B")))
+         (stop #~(make-kill-destructor)))))
+
+(define wpa-supplicant-service-type
+  (service-type (name 'wpa-supplicant)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          wpa-supplicant-shepherd-service)
+                       (service-extension dbus-root-service-type list)
+                       (service-extension profile-service-type list)))))
+
+(define* (wpa-supplicant-service #:key (wpa-supplicant wpa-supplicant))
+  "Return a service that runs @url{https://w1.fi/wpa_supplicant/,WPA
+supplicant}, an authentication daemon required to authenticate against
+encrypted WiFi or ethernet networks."
+  (service wpa-supplicant-service-type wpa-supplicant))
+
 ;;; networking.scm ends here
-- 
2.10.2

[PATCH 3/3] services: Require wpa-supplicant-service for connman-service.

[Tomáš Čech]

* gnu/services/networking.scm (connman-shepherd-service): Add
  wpa-supplicant among list of requirements.
---
 gnu/services/networking.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 05ee339..0462f81 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -714,7 +714,7 @@ that attempting to keep active network connectivity when available."
   (list (shepherd-service
          (documentation "Run Connman")
          (provision '(networking))
-         (requirement '(user-processes dbus-system loopback))
+         (requirement '(user-processes dbus-system loopback wpa-supplicant))
          (start #~(make-forkexec-constructor
                    (list (string-append #$connman
                                         "/sbin/connmand")
-- 
2.10.2

Re: [PATCH 1/3] gnu: connman: Use localstatedir outside of store.

[Ludovic Courtès]

Tomáš Čech <sleep_walker@gnu.org> skribis:

> * gnu/packages/connman.scm (connman): Use localstatedir outside of store.

OK!

Re: [PATCH 2/3] services: Add wpa-supplicant-service.

[Ludovic Courtès]

Tomáš Čech <sleep_walker@gnu.org> skribis:

> * gnu/services/networking.scm (wpa-supplicant-service): New procedure.
> (wpa-supplicant-service-type): New variable.
> (wpa-supplicant-shepherd-service): New procedure.
> * doc/guix.texi (Networking Services): Document it.

Could you remove the ‘wpa-supplicant-service’ procedure and simply
expose and document ‘wpa-supplicant-service-type’?  So users would
write:

  (service wpa-supplicant-service-type wpa-supplicant)

instead of:

  (wpa-supplicant-service)

I’m trying to incrementally get us to do that for all services, because
I think it’s a bit clearer (one immediately sees what type of
configuration value is used.)

> +@cindex WPA Supplicant
> +@deffn {Scheme Procedure} wpa-supplicant-service @
> +       [#:wpa-supplicant @var{wpa-supplicant}]
> +Return a service that runs @url{https://w1.fi/wpa_supplicant/,WPA
> +supplicant}, an authentication daemon required to authenticate against
> +encrypted WiFi or ethernet networks.

Could you also mention that wpa_supplicant is started to listen on a
D-Bus interface?

> +         (requirement '(user-processes dbus-system loopback))
> +         (start #~(make-forkexec-constructor
> +                   (list (string-append #$wpa-supplicant
> +                                        "/sbin/wpa_supplicant")
> +                         "-u" "-B")))

I think it would be more reliable to use
“-P/var/run/wpa_supplicant.pid”, and thus

  #:pid-file "/var/run/wpa_supplicant.pid"

OK with changes along these lines, thanks!

Ludo’.

Re: [PATCH 3/3] services: Require wpa-supplicant-service for connman-service.

[Ludovic Courtès]

Tomáš Čech <sleep_walker@gnu.org> skribis:

> * gnu/services/networking.scm (connman-shepherd-service): Add
>   wpa-supplicant among list of requirements.

OK!

So does Connman work as expected now?  I guess it was all broken before?

Thanks,
Ludo’.

Re: [PATCH 1/3] gnu: connman: Use localstatedir outside of store.

[Efraim Flashner]

[-- Attachment #1: Type: text/plain, Size: 1217 bytes --]

On Wed, Nov 09, 2016 at 10:22:43PM +0100, Tomáš Čech wrote:
> * gnu/packages/connman.scm (connman): Use localstatedir outside of store.
> ---
>  gnu/packages/connman.scm | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm
> index cd0f6a9..7af20c9 100644
> --- a/gnu/packages/connman.scm
> +++ b/gnu/packages/connman.scm
> @@ -55,6 +55,9 @@
>               "--enable-vpnc"
>               "--enable-pptp"
>               "--enable-l2tp"
> +             ;; location for daemon state files and internal configuration
> +             ;; needs to be writeable
> +             "--localstatedir=/var"
>               (string-append
>                "--with-dbusconfdir=" (assoc-ref %outputs "out") "/etc")
>               (string-append
> -- 
> 2.10.2
> 
> 

Thanks for working on this! I always had a plan to come back to the
connman service and make sure that it really worked well but I just
hadn't had a chance to.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [PATCH 1/3] gnu: connman: Use localstatedir outside of store.

[Hartmut Goebel]

Am 10.11.2016 um 08:55 schrieb Efraim Flashner:
> > +             ;; location for daemon state files and internal configuration
> > +             ;; needs to be writeable

I wonder if this shouldn't be the default for gnu-build-system?


-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: [PATCH 1/3] gnu: connman: Use localstatedir outside of store.

[Ludovic Courtès]

Hartmut Goebel <h.goebel@crazy-compilers.com> skribis:

> Am 10.11.2016 um 08:55 schrieb Efraim Flashner:
>> > +             ;; location for daemon state files and internal configuration
>> > +             ;; needs to be writeable
>
> I wonder if this shouldn't be the default for gnu-build-system?

It is tempting, yes.

However, I suspect a number of packages would gratuitously fail upon
‘make install’ simply because they’d do “mkdir /var” for no good reason.

Would be worth trying.

Ludo’.

Re: [PATCH 2/3] services: Add wpa-supplicant-service.

[Tomáš Čech]

I thought I sent reply already but I probably did not thanks to
connection problems ;-)

On Wed, 09 Nov 2016 23:32:52 +0100,
Ludovic Courtès wrote:
> 
> Tomáš Čech <sleep_walker@gnu.org> skribis:
> 
> > * gnu/services/networking.scm (wpa-supplicant-service): New procedure.
> > (wpa-supplicant-service-type): New variable.
> > (wpa-supplicant-shepherd-service): New procedure.
> > * doc/guix.texi (Networking Services): Document it.
> 
> Could you remove the ‘wpa-supplicant-service’ procedure and simply
> expose and document ‘wpa-supplicant-service-type’?  So users would
> write:
> 
>   (service wpa-supplicant-service-type wpa-supplicant)
> 
> instead of:
> 
>   (wpa-supplicant-service)
> 
> I’m trying to incrementally get us to do that for all services, because
> I think it’s a bit clearer (one immediately sees what type of
> configuration value is used.)

I can't say whether it is clearer or not from language or design
perspective, but after the change I had to have a look on your mail to
see how it is done properly so it is less user friendly. Nevertheless
done.

> 
> > +@cindex WPA Supplicant
> > +@deffn {Scheme Procedure} wpa-supplicant-service @
> > +       [#:wpa-supplicant @var{wpa-supplicant}]
> > +Return a service that runs @url{https://w1.fi/wpa_supplicant/,WPA
> > +supplicant}, an authentication daemon required to authenticate against
> > +encrypted WiFi or ethernet networks.
> 
> Could you also mention that wpa_supplicant is started to listen on a
> D-Bus interface?

Done.

> > +         (requirement '(user-processes dbus-system loopback))
> > +         (start #~(make-forkexec-constructor
> > +                   (list (string-append #$wpa-supplicant
> > +                                        "/sbin/wpa_supplicant")
> > +                         "-u" "-B")))
> 
> I think it would be more reliable to use
> “-P/var/run/wpa_supplicant.pid”, and thus
> 
>   #:pid-file "/var/run/wpa_supplicant.pid"
> 
> OK with changes along these lines, thanks!

Good idea!



> OK!

> So does Connman work as expected now?  I guess it was all broken before?

It works better with WiFi after this change but it is still far from perfect.

1] it still can be controlled only by root (it requires D-Bus policy
   to be installed properly and I need to figure out where and how)
2] connman-vpnd is not started - I'll probably make another service for that
3] there needs to be created some configuration mechanism for features
   like enabling/disabling dns proxy (which is IMHO killer feature of
   connman) or ignoring network devices
4] connman is harder to configure without other clients so I'm working
   on connman-json-client (curses) and connman-ui (GTK3)

Best regards,

S_W

Re: [PATCH 2/3] services: Add wpa-supplicant-service.

[Ludovic Courtès]

Hi!

Tomáš Čech <sleep_walker@gnu.org> skribis:

>> So does Connman work as expected now?  I guess it was all broken before?
>
> It works better with WiFi after this change but it is still far from perfect.
>
> 1] it still can be controlled only by root (it requires D-Bus policy
>    to be installed properly and I need to figure out where and how)
> 2] connman-vpnd is not started - I'll probably make another service for that
> 3] there needs to be created some configuration mechanism for features
>    like enabling/disabling dns proxy (which is IMHO killer feature of
>    connman) or ignoring network devices
> 4] connman is harder to configure without other clients so I'm working
>    on connman-json-client (curses) and connman-ui (GTK3)

OK, it seems that these can be addressed.

I think you forgot to post or commit the new wpa-supplicant-service
patch though, didn’t you?  :-)

Cheers,
Ludo’.