* [PATCH] services: lsh: Add "graceful" handling of daemonic option. [not found] <CAJ41eewmqwPhQXZRJXdJuHGA=sSRJG7dK86sWfCgusb+AXBNxg@mail.gmail.com> @ 2014-12-04 22:24 ` Deck Pickard 2014-12-06 14:28 ` Ludovic Courtès 2015-02-08 20:56 ` Ludovic Courtès 0 siblings, 2 replies; 4+ messages in thread From: Deck Pickard @ 2014-12-04 22:24 UTC (permalink / raw) To: guix-devel [-- Attachment #1.1: Type: text/plain, Size: 248 bytes --] #~(#$@ looks freaky, but if this is what it takes... Tried couple of other "figures", this one appears to generate right dmd.conf, though I haven't had yet a chance to reboot. Drp, -- (or ((,\ (x) `(,x x)) '(,\ (x) `(,x x))) (smth (that 'like))) [-- Attachment #1.2: Type: text/html, Size: 311 bytes --] [-- Attachment #2: 0001-services-lsh-Add-graceful-handling-of-daemonic-optio.patch --] [-- Type: application/octet-stream, Size: 6129 bytes --] From 1fef935d6292016c04b9234eedb5dcaf006dc152 Mon Sep 17 00:00:00 2001 From: nebuli <nebu@kipple> Date: Wed, 3 Dec 2014 22:51:48 +0100 Subject: [PATCH] services: lsh: Add graceful handling of daemonic option. * doc/guix.texi: Mention use case. * gnu/services/ssh.scm (lsh-service): New #:keys (daemonic?, pid-file?, pid-file). Build new lshd-command and expand service-requirement field. --- doc/guix.texi | 7 +++++- gnu/services/ssh.scm | 63 ++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 50 insertions(+), 20 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index e804d79..63f070f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4224,7 +4224,7 @@ configuration file. Furthermore, @code{(gnu services ssh)} provides the following service. @deffn {Monadic Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @ - [#:interfaces '()] [#:port-number 22] @ + [#:daemonic? #f] [#:interfaces '()] [#:port-number 22] @ [#:allow-empty-passwords? #f] [#:root-login? #f] @ [#:syslog-output? #t] [#:x11-forwarding? #t] @ [#:tcp/ip-forwarding? #t] [#:password-authentication? #t] @ @@ -4233,6 +4233,11 @@ Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number @var{host-key} must designate a file containing the host key, and readable only by root. +When @var{daemonic?} is true, @command{lshd} will detach from the +controlling terminal and log its output to syslogd, unless one sets +@var{syslog-output?} to false. Obviously, it also makes lsh-service +depend on existence of syslogd service. + When @var{initialize?} is true, automatically create the seed and host key upon service activation if they do not exist yet. This may take long and require interaction. diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 2b52c77..6659301 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -72,12 +72,15 @@ (define* (lsh-service #:key (lsh lsh) + (daemonic? #f) (host-key "/etc/lsh/host-key") (interfaces '()) (port-number 22) (allow-empty-passwords? #f) (root-login? #f) (syslog-output? #t) + (pid-file? #f) + (pid-file "/var/run/lshd.pid") (x11-forwarding? #t) (tcp/ip-forwarding? #t) (password-authentication? #t) @@ -87,6 +90,11 @@ @var{host-key} must designate a file containing the host key, and readable only by root. +When @var{daemonic?} is true, @command{lshd} will detach from the +controlling terminal and log its output to syslogd, unless one sets +@var{syslog-output?} to false. Obviously, it also makes lsh-service +depend on existence of syslogd service. + When @var{initialize?} is true, automatically create the seed and host key upon service activation if they do not exist yet. This may take long and require interaction. @@ -106,30 +114,47 @@ root. The other options should be self-descriptive." (define lsh-command - (cons* #~(string-append #$lsh "/sbin/lshd") - #~(string-append "--host-key=" #$host-key) - #~(string-append "--password-helper=" #$lsh "/sbin/lsh-pam-checkpw") - #~(string-append "--subsystems=sftp=" #$lsh "/sbin/sftp-server") - "-p" (number->string port-number) - (if password-authentication? "--password" "--no-password") - (if public-key-authentication? - "--publickey" "--no-publickey") - (if root-login? - "--root-login" "--no-root-login") - (if x11-forwarding? - "--x11-forward" "--no-x11-forward") - (if tcp/ip-forwarding? - "--tcpip-forward" "--no-tcpip-forward") - (if (null? interfaces) - '() - (list (string-append "--interfaces=" - (string-join interfaces ",")))))) + (append + (cons #~(string-append #$lsh "/sbin/lshd") + (if daemonic? + (let ((syslog (if syslog-output? '() + (list "--no-syslog")))) + (cons "--daemonic" + (if pid-file? + (cons #~(string-append "--pid-file=" #$pid-file) + syslog) + (cons "--no-pid-file" + syslog)))) + ;; will it force pid-file creation... seems it should. + (if pid-file? (list #~(string-append "--pid-file=" #$pid-file)) + '()))) + (cons* #~(string-append "--host-key=" #$host-key) + #~(string-append "--password-helper=" #$lsh "/sbin/lsh-pam-checkpw") + #~(string-append "--subsystems=sftp=" #$lsh "/sbin/sftp-server") + "-p" (number->string port-number) + (if password-authentication? "--password" "--no-password") + (if public-key-authentication? + "--publickey" "--no-publickey") + (if root-login? + "--root-login" "--no-root-login") + (if x11-forwarding? + "--x11-forward" "--no-x11-forward") + (if tcp/ip-forwarding? + "--tcpip-forward" "--no-tcpip-forward") + (if (null? interfaces) + '() + (list (string-append "--interfaces=" + (string-join interfaces ","))))))) + (define requires + (if (and daemonic? syslog-output?) + '(networking syslogd) + '(networking))) (with-monad %store-monad (return (service (documentation "GNU lsh SSH server") (provision '(ssh-daemon)) - (requirement '(networking)) + (requirement #~(#$@requires)) (start #~(make-forkexec-constructor (list #$@lsh-command))) (stop #~(make-kill-destructor)) (pam-services -- 2.1.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] services: lsh: Add "graceful" handling of daemonic option. 2014-12-04 22:24 ` [PATCH] services: lsh: Add "graceful" handling of daemonic option Deck Pickard @ 2014-12-06 14:28 ` Ludovic Courtès 2014-12-06 22:29 ` Deck Pickard 2015-02-08 20:56 ` Ludovic Courtès 1 sibling, 1 reply; 4+ messages in thread From: Ludovic Courtès @ 2014-12-06 14:28 UTC (permalink / raw) To: Deck Pickard; +Cc: guix-devel Deck Pickard <deck.r.pickard@gmail.com> skribis: > From 1fef935d6292016c04b9234eedb5dcaf006dc152 Mon Sep 17 00:00:00 2001 > From: nebuli <nebu@kipple> > Date: Wed, 3 Dec 2014 22:51:48 +0100 > Subject: [PATCH] services: lsh: Add graceful handling of daemonic option. > > * doc/guix.texi: Mention use case. > * gnu/services/ssh.scm (lsh-service): New #:keys (daemonic?, pid-file?, > pid-file). Build new lshd-command and expand service-requirement > field. Nice! > (define* (lsh-service #:key > (lsh lsh) > + (daemonic? #f) > (host-key "/etc/lsh/host-key") > (interfaces '()) > (port-number 22) > (allow-empty-passwords? #f) > (root-login? #f) > (syslog-output? #t) > + (pid-file? #f) > + (pid-file "/var/run/lshd.pid") > (x11-forwarding? #t) > (tcp/ip-forwarding? #t) > (password-authentication? #t) I would be tempted to not expose #:daemonic?, #:pid-file? and #:syslog-output?, and instead always use --daemonic --pid-file=... In particular, when using --daemonic, having the PID file is required, otherwise dmd won’t know what the PID of this process is, and thus will be unable to control it. For that reason, #:pid-file? must not be exposed. WDYT? > + (define requires > + (if (and daemonic? syslog-output?) > + '(networking syslogd) > + '(networking))) If we agree on the above, that would become '(networking syslogd) unconditionally. > (return (service > (documentation "GNU lsh SSH server") > (provision '(ssh-daemon)) > - (requirement '(networking)) > + (requirement #~(#$@requires)) This is strictly equivalent to: (requirement `(,@requires)) or simply: (requirement requires) :-) G-expressions are only needed when capturing references to /gnu/store items, packages, etc. Thanks, Ludo’. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] services: lsh: Add "graceful" handling of daemonic option. 2014-12-06 14:28 ` Ludovic Courtès @ 2014-12-06 22:29 ` Deck Pickard 0 siblings, 0 replies; 4+ messages in thread From: Deck Pickard @ 2014-12-06 22:29 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 3682 bytes --] On 6 Dec 2014 15:28, "Ludovic Courtès" <ludo@gnu.org> wrote: > > Deck Pickard <deck.r.pickard@gmail.com> skribis: > > > From 1fef935d6292016c04b9234eedb5dcaf006dc152 Mon Sep 17 00:00:00 2001 > > From: nebuli <nebu@kipple> > > Date: Wed, 3 Dec 2014 22:51:48 +0100 > > Subject: [PATCH] services: lsh: Add graceful handling of daemonic option. > > > > * doc/guix.texi: Mention use case. > > * gnu/services/ssh.scm (lsh-service): New #:keys (daemonic?, pid-file?, > > pid-file). Build new lshd-command and expand service-requirement > > field. > > Nice! > > > (define* (lsh-service #:key > > (lsh lsh) > > + (daemonic? #f) > > (host-key "/etc/lsh/host-key") > > (interfaces '()) > > (port-number 22) > > (allow-empty-passwords? #f) > > (root-login? #f) > > (syslog-output? #t) > > + (pid-file? #f) > > + (pid-file "/var/run/lshd.pid") > > (x11-forwarding? #t) > > (tcp/ip-forwarding? #t) > > (password-authentication? #t) > > I would be tempted to not expose #:daemonic?, #:pid-file? and > #:syslog-output?, and instead always use --daemonic --pid-file=... > > In particular, when using --daemonic, having the PID file is required, > otherwise dmd won’t know what the PID of this process is, and thus will > be unable to control it. For that reason, #:pid-file? must not be > exposed. > > WDYT? I implemented this because, from what I gather, lshd will write to syslog only in '--daemonic' mode, otherwise it spams the controlling terminal on which dmd is running. And I wanted lsh to use syslog! As it is now, dmd captures the right PID from the "make-fork" constructor alone, while having no idea of pid files; I went as far as to write dmd service (and 'deco sideloding' it), which printed out both PIDs, they were eqv... There might still remain a use case with daemonic? equal to false for someone out there, even for simple reason of lack of functioning syslog (as well as a use case of choosing not to log at all), shrug... Change default to (daemonic? #t) and adjust the docs? Your call... I did not mention pid file related keys in the docs, because it would be only useful to someone who had to bother to look at actual lsh-service signature, like someone who did need pid file for some strange purpose... > > > + (define requires > > + (if (and daemonic? syslog-output?) > > + '(networking syslogd) > > + '(networking))) > > If we agree on the above, that would become '(networking syslogd) > unconditionally. > No, as I explained; one thing is having a chosen set of defaults, another removing flexibility... lsh and/or dmd behaviour could change or someone could like to rewrite lsh service definition. > > (return (service > > (documentation "GNU lsh SSH server") > > (provision '(ssh-daemon)) > > - (requirement '(networking)) > > + (requirement #~(#$@requires)) > > This is strictly equivalent to: > > (requirement `(,@requires)) > > or simply: > > (requirement requires) > > :-) > > G-expressions are only needed when capturing references to /gnu/store > items, packages, etc. > > Thanks, > Ludo’. Roger, still groking my way around, at least it doesn't matter apart from couple useless macro expansions. Drp, -- (or ((,\ (x) `(,x x)) '(,\ (x) `(,x x))) (smth (that 'like))) [-- Attachment #2: Type: text/html, Size: 4804 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] services: lsh: Add "graceful" handling of daemonic option. 2014-12-04 22:24 ` [PATCH] services: lsh: Add "graceful" handling of daemonic option Deck Pickard 2014-12-06 14:28 ` Ludovic Courtès @ 2015-02-08 20:56 ` Ludovic Courtès 1 sibling, 0 replies; 4+ messages in thread From: Ludovic Courtès @ 2015-02-08 20:56 UTC (permalink / raw) To: Deck Pickard; +Cc: guix-devel Hi! Deck Pickard <deck.r.pickard@gmail.com> skribis: > From 1fef935d6292016c04b9234eedb5dcaf006dc152 Mon Sep 17 00:00:00 2001 > From: nebuli <nebu@kipple> > Date: Wed, 3 Dec 2014 22:51:48 +0100 > Subject: [PATCH] services: lsh: Add graceful handling of daemonic option. > > * doc/guix.texi: Mention use case. > * gnu/services/ssh.scm (lsh-service): New #:keys (daemonic?, pid-file?, > pid-file). Build new lshd-command and expand service-requirement > field. This patch had fallen through the cracks, sorry about that. I’ve applied it with minor changes: I changed #:daemonic? to default to #t, I added #:pid-file? to the documentation, and simplified the syntax for the ‘requirements’ field as discussed. I ended up leaving all the options, as you intended, so that users can choose whether or not to use daemonic mode. Thank you! Ludo’. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-02-08 20:56 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <CAJ41eewmqwPhQXZRJXdJuHGA=sSRJG7dK86sWfCgusb+AXBNxg@mail.gmail.com> 2014-12-04 22:24 ` [PATCH] services: lsh: Add "graceful" handling of daemonic option Deck Pickard 2014-12-06 14:28 ` Ludovic Courtès 2014-12-06 22:29 ` Deck Pickard 2015-02-08 20:56 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).