We are pleased to announce the GNU Shepherd version 0.10.3, a bug-fix release of the new 0.10.x series, representing 51 commits over 6 months. The 0.10.x series is a major overhaul towards 1.0, addressing shortcomings and providing new features that help comprehend system state. • About The GNU Shepherd is a service manager written in Guile that looks after the herd of daemons running on the system. It can be used as an “init” system (PID 1) and also by unprivileged users to manage per-user daemons—e.g., tor, privoxy, mcron. It supports several daemon startup mechanisms, including inetd and systemd-style socket activation. The GNU Shepherd is configured in Guile Scheme and can be extended in the same language. It builds on a simple memory-safe and callback-free programming model. The GNU Shepherd is developed jointly with the GNU Guix project; it is used as the init system of Guix, GNU’s advanced GNU/Linux distribution. https://www.gnu.org/software/shepherd/ • Download Here are the compressed sources and a GPG detached signature: https://ftp.gnu.org/gnu/shepherd/shepherd-0.10.3.tar.gz https://ftp.gnu.org/gnu/shepherd/shepherd-0.10.3.tar.gz.sig Use a mirror for higher download bandwidth: https://ftpmirror.gnu.org/shepherd/shepherd-0.10.3.tar.gz https://ftpmirror.gnu.org/shepherd/shepherd-0.10.3.tar.gz.sig Here are the SHA1 and SHA256 checksums: aac0f3f11245fca5b13119dc8e25d366fc53df23 shepherd-0.10.3.tar.gz jsb+vrAwu1LoTGI/ECnKccLCElFRVhxZFF2qbjuFr+8 shepherd-0.10.3.tar.gz The SHA256 checksum is base64 encoded, instead of the hexadecimal encoding that most checksum tools default to. Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify shepherd-0.10.3.tar.gz.sig The signature should match the fingerprint of the following key: pub rsa4096 2014-08-11 [SC] 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 uid [ unknown] Ludovic Courtès uid [ unknown] Ludovic Courtès uid [ unknown] Ludovic Courtès (Inria) If that command fails because you don't have the required public key, or that public key has expired, try the following commands to retrieve or refresh it, and then rerun the 'gpg --verify' command. gpg --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 As a last resort to find the key, you can try the official GNU keyring: wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg gpg --keyring gnu-keyring.gpg --verify shepherd-0.10.3.tar.gz.sig This release was bootstrapped with the following tools: Autoconf 2.71 Automake 1.16.5 Makeinfo 7.0.3 Help2man 1.49.2 • Changes since version 0.10.2 (excerpt from the NEWS file) ** Fix a bug that could lead shepherd to hang after loading replacements () After loading replacements with ‘herd load’ or ‘guix system reconfigure’, shepherd could eventually hang. Specifically, the replaced service would no longer respond to messages, so it would be impossible to start it, to stop it, or to unload it. This is now fixed. ** Fix ownership and permissions on Unix-domain sockets () When using an AF_UNIX endpoint with systemd- and inetd-style services, the socket file itself would remain owned by root (when shepherd is running as root) with permissions 755. This is now fixed, with ownership set according to #:socket-owner and #:socket-group of the endpoint, and permissions on the socket set to 666. Likewise, #:socket-directory-permissions was previously ignored when the socket’s directory already existed prior to creating the endpoint, potentially leading to unexpectedly wide access to the socket. This is now fixed. ** New #:respawn-delay parameter to ‘service’ () This specifies a delay before a service is respawned. Its default value is given by ‘default-respawn-delay’ and defaults to 100ms. Until now, services were respawned immediately. ** Non-blocking ‘sleep’ replacement provided Until now, user code could call (@ (guile) sleep), the core Guile binding for ‘sleep’, instead of ‘sleep’ as provided by (fibers). The former would have caused ‘shepherd’ to actually sleep for that time, instead of performing other on-going tasks. ‘sleep’ is now replaced by (@ (fibers) sleep) to avoid that. ** Ensure termination of services that failed to produce a PID file When a service started with the #:pid-file argument of ‘make-forkexec-constructor’ or similar would fail to produce its PID file, the process that was spawned would be sent SIGTERM. Now, it is additionally sent SIGKILL after ‘default-process-termination-grace-period’ has expired, as is the case when using ‘make-kill-destructor’. ** Do not accidentally wait for Linux kernel thread completion () In cases a PID file contained a bogus PID or one that’s only valid in a separate PID namespace, shepherd could end up waiting for the termination of what’s actually a Linux kernel thread, such as PID 2 (“kthreadd”). This situation is now recognized and avoided. ** Fix portability issues to GNU/Hurd Previous versions in the 0.10.x and 0.9.x series did not work on GNU/Hurd. This is now fixed, although some features are still implemented in a suboptimal way. ** Fix cross-compilation to non-Linux operating systems Since 0.10.2, when cross-compiling to systems such as GNU/Hurd, the value of ‘SFD_CLOEXEC’ and ‘SFD_NONBLOCK’ in (shepherd system) would be left undefined, leading to a type error when starting shepherd. This is now fixed. ** Updated translations: de, ro, sr, sv, uk This release is fully translated to German, Romanian, Swedish, and Ukrainian; partial translations are available for a dozen of languages. To help make the Shepherd speak your language, check out the Translation Project: https://translationproject.org/domain/shepherd.html Please report bugs to bug-guix@gnu.org. Join guix-devel@gnu.org for discussions. Ludovic, on behalf of the Shepherd herd.