* Re: [PATCH 2/2] services: Add 'dropbear-service'. (David Craven)
@ 2016-07-05 10:56 David Craven
2016-07-11 8:38 ` Services and hardware/kernel requirements Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: David Craven @ 2016-07-05 10:56 UTC (permalink / raw)
To: guix-devel
To test this in a vm don't forget to replace `-net user` with `-net
user,hostfwd=tcp::10022-:22` in `gnu/system/vm.scm`.
I'm currently also working on a spice service. I'm thinking it would
be nice to be able to specify qemu flags in services, then adding
`(rngd-service)` would include the `-device virtio-rng-pci` and
`(spice-vdagent-service)` the spice specific flags. I'm not sure yet
how this would work exactly. Or if a `(hardware-configuration)` would
be a better which we could at some point pass to the kernel package to
build a custom kernel with only the required modules.
On Mon, Jul 4, 2016 at 10:56 PM, <guix-devel-request@gnu.org> wrote:
> Send Guix-devel mailing list submissions to
> guix-devel@gnu.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.gnu.org/mailman/listinfo/guix-devel
> or, via email, send a message with subject or body 'help' to
> guix-devel-request@gnu.org
>
> You can reach the person managing the list at
> guix-devel-owner@gnu.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Guix-devel digest..."
>
>
> Today's Topics:
>
> 1. Re: [PATCH] gnu: Add scrollkeeper. (Leo Famulari)
> 2. Re: [PATCH] gnu: Add scrollkeeper. (Roel Janssen)
> 3. [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh) (David Craven)
> 4. [PATCH 2/2] services: Add 'dropbear-service'. (David Craven)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 4 Jul 2016 15:25:09 -0400
> From: Leo Famulari <leo@famulari.name>
> To: Roel Janssen <roel@gnu.org>
> Cc: guix-devel <guix-devel@gnu.org>
> Subject: Re: [PATCH] gnu: Add scrollkeeper.
> Message-ID: <20160704192509.GA5226@jasmine>
> Content-Type: text/plain; charset=us-ascii
>
> On Mon, Jul 04, 2016 at 10:04:58AM +0200, Roel Janssen wrote:
>> Dear Guix,
>>
>> As you may know, I am trying to package GParted. It uses Scrollkeeper
>> for its help function, so I'd like to add it to the distribution
>> already.
>
> Thank you for continuing with this!!
>
>> If it's fine with you, I will continue to push this to the repository.
>> As always, thank you for your time.
>
>> * gnu/packages/documentation.scm (scrollkeeper): New variable.
>
> You forgot to add yourself to the list of authors of documentation.scm.
> Otherwise, it looks good to me.
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 04 Jul 2016 21:37:59 +0200
> From: Roel Janssen <roel@gnu.org>
> To: Leo Famulari <leo@famulari.name>
> Cc: guix-devel <guix-devel@gnu.org>
> Subject: Re: [PATCH] gnu: Add scrollkeeper.
> Message-ID: <87k2h142js.fsf@gnu.org>
> Content-Type: text/plain
>
>
> Leo Famulari writes:
>
>> On Mon, Jul 04, 2016 at 10:04:58AM +0200, Roel Janssen wrote:
>>> Dear Guix,
>>>
>>> As you may know, I am trying to package GParted. It uses Scrollkeeper
>>> for its help function, so I'd like to add it to the distribution
>>> already.
>>
>> Thank you for continuing with this!!
>>
>>> If it's fine with you, I will continue to push this to the repository.
>>> As always, thank you for your time.
>>
>>> * gnu/packages/documentation.scm (scrollkeeper): New variable.
>>
>> You forgot to add yourself to the list of authors of documentation.scm.
>> Otherwise, it looks good to me.
>
> Thank you for your quick reply, and for noticing this. :)
> I applied it with my copyright line added to it.
>
> Thanks!
>
> Kind regards,
> Roel Janssen
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 4 Jul 2016 22:56:15 +0200
> From: David Craven <david@craven.ch>
> To: guix-devel@gnu.org
> Cc: David Craven <david@craven.ch>
> Subject: [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh)
> Message-ID: <20160704205616.11599-1-david@craven.ch>
> Content-Type: text/plain; charset=UTF-8
>
> * gnu/packages/lsh.scm: Remove. Move 'lsh and liboop' to...
> * gnu/packages/ssh.scm (liboop, lsh): ... here. New variables.
> * gnu/services/ssh.scm: Adjust accordingly.
> ---
> gnu/packages/lsh.scm | 159 ---------------------------------------------------
> gnu/packages/ssh.scm | 157 ++++++++++++++++++++++++++++++++++++++++++++++----
> gnu/services/ssh.scm | 2 +-
> 3 files changed, 146 insertions(+), 172 deletions(-)
> delete mode 100644 gnu/packages/lsh.scm
>
> diff --git a/gnu/packages/lsh.scm b/gnu/packages/lsh.scm
> deleted file mode 100644
> index 2ea1591..0000000
> --- a/gnu/packages/lsh.scm
> +++ /dev/null
> @@ -1,159 +0,0 @@
> -;;; GNU Guix --- Functional package management for GNU
> -;;; Copyright ? 2012, 2013, 2014, 2015, 2016 Ludovic Court?s <ludo@gnu.org>
> -;;;
> -;;; This file is part of GNU Guix.
> -;;;
> -;;; GNU Guix is free software; you can redistribute it and/or modify it
> -;;; under the terms of the GNU General Public License as published by
> -;;; the Free Software Foundation; either version 3 of the License, or (at
> -;;; your option) any later version.
> -;;;
> -;;; GNU Guix is distributed in the hope that it will be useful, but
> -;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> -;;; GNU General Public License for more details.
> -;;;
> -;;; You should have received a copy of the GNU General Public License
> -;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
> -
> -(define-module (gnu packages lsh)
> - #:use-module ((guix licenses) #:prefix license:)
> - #:use-module (guix packages)
> - #:use-module (guix download)
> - #:use-module (guix build-system gnu)
> - #:use-module (gnu packages)
> - #:use-module (gnu packages m4)
> - #:use-module (gnu packages linux)
> - #:use-module (gnu packages nettle)
> - #:use-module (gnu packages compression)
> - #:use-module (gnu packages multiprecision)
> - #:use-module (gnu packages readline)
> - #:use-module (gnu packages gperf)
> - #:use-module (gnu packages guile)
> - #:use-module (gnu packages xorg))
> -
> -(define-public liboop
> - (package
> - (name "liboop")
> - (version "1.0")
> - (source
> - (origin
> - (method url-fetch)
> - (uri (string-append "http://download.ofb.net/liboop/liboop-"
> - version ".tar.gz"))
> - (sha256
> - (base32
> - "0z6rlalhvfca64jpvksppc9bdhs7jwhiw4y35g5ibvh91xp3rn1l"))
> - (patches (search-patches "liboop-mips64-deplibs-fix.patch"))))
> - (build-system gnu-build-system)
> - (home-page "http://www.lysator.liu.se/liboop/")
> - (synopsis "Event loop library")
> - (description "Liboop is a low-level event loop management library for
> -POSIX-based operating systems. It supports the development of modular,
> -multiplexed applications which may respond to events from several sources. It
> -replaces the \"select() loop\" and allows the registration of event handlers
> -for file and network I/O, timers and signals. Since processes use these
> -mechanisms for almost all external communication, liboop can be used as the
> -basis for almost any application.")
> - (license license:lgpl2.1+)))
> -
> -(define-public lsh
> - (package
> - (name "lsh")
> - (version "2.1")
> - (source (origin
> - (method url-fetch)
> - (uri (string-append "mirror://gnu/lsh/lsh-"
> - version ".tar.gz"))
> - (sha256
> - (base32
> - "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb"))
> - (modules '((guix build utils)))
> - (snippet
> - '(begin
> - (substitute* "src/testsuite/functions.sh"
> - (("localhost")
> - ;; Avoid host name lookups since they don't work in
> - ;; chroot builds.
> - "127.0.0.1")
> - (("set -e")
> - ;; Make tests more verbose.
> - "set -e\nset -x"))
> -
> - (substitute* (find-files "src/testsuite" "-test$")
> - (("localhost") "127.0.0.1"))
> -
> - (substitute* "src/testsuite/login-auth-test"
> - (("/bin/cat") "cat"))))))
> - (build-system gnu-build-system)
> - (native-inputs
> - `(("m4" ,m4)
> - ("guile" ,guile-2.0)
> - ("gperf" ,gperf)
> - ("psmisc" ,psmisc))) ; for `killall'
> - (inputs
> - `(("nettle" ,nettle-2)
> - ("linux-pam" ,linux-pam)
> -
> - ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in
> - ;; Readline 6.3.
> - ("readline" ,readline-6.2)
> -
> - ("liboop" ,liboop)
> - ("zlib" ,zlib)
> - ("gmp" ,gmp)
> -
> - ;; The server (lshd) invokes xauth when X11 forwarding is requested.
> - ;; This adds 24 MiB (or 27%) to the closure of lsh.
> - ("xauth" ,xauth)))
> - (arguments
> - '(;; Skip the `configure' test that checks whether /dev/ptmx &
> - ;; co. work as expected, because it relies on impurities (for
> - ;; instance, /dev/pts may be unavailable in chroots.)
> - #:configure-flags '("lsh_cv_sys_unix98_ptys=yes")
> -
> - ;; FIXME: Tests won't run in a chroot, presumably because
> - ;; /etc/profile is missing, and thus clients get an empty $PATH
> - ;; and nothing works.
> - #:tests? #f
> -
> - #:phases
> - (modify-phases %standard-phases
> - (add-before 'configure 'pre-configure
> - (lambda* (#:key inputs #:allow-other-keys)
> - (let* ((nettle (assoc-ref inputs "nettle"))
> - (sexp-conv (string-append nettle "/bin/sexp-conv")))
> - ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
> - ;; by default.
> - (substitute* "src/environ.h.in"
> - (("^#define PATH_SEXP_CONV.*")
> - (string-append "#define PATH_SEXP_CONV \""
> - sexp-conv "\"\n")))
> -
> - ;; Same for the 'lsh-authorize' script.
> - (substitute* "src/lsh-authorize"
> - (("=sexp-conv")
> - (string-append "=" sexp-conv)))
> -
> - ;; Tell lshd where 'xauth' lives. Another option would be to
> - ;; hardcode "/run/current-system/profile/bin/xauth", thereby
> - ;; reducing the closure size, but that wouldn't work on foreign
> - ;; distros.
> - (with-fluids ((%default-port-encoding "ISO-8859-1"))
> - (substitute* "src/server_x11.c"
> - (("define XAUTH_PROGRAM.*")
> - (string-append "define XAUTH_PROGRAM \""
> - (assoc-ref inputs "xauth")
> - "/bin/xauth\"\n")))))
> -
> - ;; Tests rely on $USER being set.
> - (setenv "USER" "guix"))))))
> - (home-page "http://www.lysator.liu.se/~nisse/lsh/")
> - (synopsis "GNU implementation of the Secure Shell (ssh) protocols")
> - (description
> - "GNU lsh is a free implementation of the SSH version 2 protocol. It is
> -used to create a secure line of communication between two computers,
> -providing shell access to the server system from the client. It provides
> -both the server daemon and the client application, as well as tools for
> -manipulating key files.")
> - (license license:gpl2+)))
> diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
> index b8f107b..f764ab9 100644
> --- a/gnu/packages/ssh.scm
> +++ b/gnu/packages/ssh.scm
> @@ -20,27 +20,34 @@
> ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
>
> (define-module (gnu packages ssh)
> - #:use-module ((guix licenses) #:prefix license:)
> + #:use-module (gnu packages)
> + #:use-module (gnu packages autotools)
> + #:use-module (gnu packages base)
> + #:autoload (gnu packages boost) (boost)
> #:use-module (gnu packages compression)
> + #:use-module (gnu packages elf)
> #:use-module (gnu packages gnupg)
> + #:use-module (gnu packages gperf)
> #:use-module (gnu packages groff)
> - #:use-module (gnu packages elf)
> #:use-module (gnu packages guile)
> - #:use-module (gnu packages pkg-config)
> - #:use-module (gnu packages autotools)
> - #:use-module (gnu packages texinfo)
> - #:use-module (gnu packages perl)
> + #:use-module (gnu packages linux)
> + #:use-module (gnu packages m4)
> + #:use-module (gnu packages multiprecision)
> #:use-module (gnu packages ncurses)
> + #:use-module (gnu packages nettle)
> + #:use-module (gnu packages perl)
> + #:use-module (gnu packages pkg-config)
> #:autoload (gnu packages protobuf) (protobuf)
> - #:autoload (gnu packages boost) (boost)
> - #:use-module (gnu packages base)
> + #:use-module (gnu packages readline)
> + #:use-module (gnu packages texinfo)
> #:use-module (gnu packages tls)
> - #:use-module (gnu packages)
> - #:use-module (guix packages)
> + #:use-module (gnu packages xorg)
> + #:use-module (guix build-system cmake)
> + #:use-module (guix build-system gnu)
> #:use-module (guix download)
> #:use-module (guix git-download)
> - #:use-module (guix build-system gnu)
> - #:use-module (guix build-system cmake))
> + #:use-module ((guix licenses) #:prefix license:)
> + #:use-module (guix packages))
>
> (define-public libssh
> (package
> @@ -355,3 +362,129 @@ client. It runs on a variety of POSIX-based platforms. Dropbear is
> particularly useful for embedded systems, such as wireless routers.")
> (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html")
> (license (license:x11-style "" "See file LICENSE."))))
> +
> +(define-public liboop
> + (package
> + (name "liboop")
> + (version "1.0")
> + (source
> + (origin
> + (method url-fetch)
> + (uri (string-append "http://download.ofb.net/liboop/liboop-"
> + version ".tar.gz"))
> + (sha256
> + (base32
> + "0z6rlalhvfca64jpvksppc9bdhs7jwhiw4y35g5ibvh91xp3rn1l"))
> + (patches (search-patches "liboop-mips64-deplibs-fix.patch"))))
> + (build-system gnu-build-system)
> + (home-page "http://www.lysator.liu.se/liboop/")
> + (synopsis "Event loop library")
> + (description "Liboop is a low-level event loop management library for
> +POSIX-based operating systems. It supports the development of modular,
> +multiplexed applications which may respond to events from several sources. It
> +replaces the \"select() loop\" and allows the registration of event handlers
> +for file and network I/O, timers and signals. Since processes use these
> +mechanisms for almost all external communication, liboop can be used as the
> +basis for almost any application.")
> + (license license:lgpl2.1+)))
> +
> +(define-public lsh
> + (package
> + (name "lsh")
> + (version "2.1")
> + (source (origin
> + (method url-fetch)
> + (uri (string-append "mirror://gnu/lsh/lsh-"
> + version ".tar.gz"))
> + (sha256
> + (base32
> + "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb"))
> + (modules '((guix build utils)))
> + (snippet
> + '(begin
> + (substitute* "src/testsuite/functions.sh"
> + (("localhost")
> + ;; Avoid host name lookups since they don't work in
> + ;; chroot builds.
> + "127.0.0.1")
> + (("set -e")
> + ;; Make tests more verbose.
> + "set -e\nset -x"))
> +
> + (substitute* (find-files "src/testsuite" "-test$")
> + (("localhost") "127.0.0.1"))
> +
> + (substitute* "src/testsuite/login-auth-test"
> + (("/bin/cat") "cat"))))))
> + (build-system gnu-build-system)
> + (native-inputs
> + `(("m4" ,m4)
> + ("guile" ,guile-2.0)
> + ("gperf" ,gperf)
> + ("psmisc" ,psmisc))) ; for `killall'
> + (inputs
> + `(("nettle" ,nettle-2)
> + ("linux-pam" ,linux-pam)
> +
> + ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in
> + ;; Readline 6.3.
> + ("readline" ,readline-6.2)
> +
> + ("liboop" ,liboop)
> + ("zlib" ,zlib)
> + ("gmp" ,gmp)
> +
> + ;; The server (lshd) invokes xauth when X11 forwarding is requested.
> + ;; This adds 24 MiB (or 27%) to the closure of lsh.
> + ("xauth" ,xauth)))
> + (arguments
> + '(;; Skip the `configure' test that checks whether /dev/ptmx &
> + ;; co. work as expected, because it relies on impurities (for
> + ;; instance, /dev/pts may be unavailable in chroots.)
> + #:configure-flags '("lsh_cv_sys_unix98_ptys=yes")
> +
> + ;; FIXME: Tests won't run in a chroot, presumably because
> + ;; /etc/profile is missing, and thus clients get an empty $PATH
> + ;; and nothing works.
> + #:tests? #f
> +
> + #:phases
> + (modify-phases %standard-phases
> + (add-before 'configure 'pre-configure
> + (lambda* (#:key inputs #:allow-other-keys)
> + (let* ((nettle (assoc-ref inputs "nettle"))
> + (sexp-conv (string-append nettle "/bin/sexp-conv")))
> + ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
> + ;; by default.
> + (substitute* "src/environ.h.in"
> + (("^#define PATH_SEXP_CONV.*")
> + (string-append "#define PATH_SEXP_CONV \""
> + sexp-conv "\"\n")))
> +
> + ;; Same for the 'lsh-authorize' script.
> + (substitute* "src/lsh-authorize"
> + (("=sexp-conv")
> + (string-append "=" sexp-conv)))
> +
> + ;; Tell lshd where 'xauth' lives. Another option would be to
> + ;; hardcode "/run/current-system/profile/bin/xauth", thereby
> + ;; reducing the closure size, but that wouldn't work on foreign
> + ;; distros.
> + (with-fluids ((%default-port-encoding "ISO-8859-1"))
> + (substitute* "src/server_x11.c"
> + (("define XAUTH_PROGRAM.*")
> + (string-append "define XAUTH_PROGRAM \""
> + (assoc-ref inputs "xauth")
> + "/bin/xauth\"\n")))))
> +
> + ;; Tests rely on $USER being set.
> + (setenv "USER" "guix"))))))
> + (home-page "http://www.lysator.liu.se/~nisse/lsh/")
> + (synopsis "GNU implementation of the Secure Shell (ssh) protocols")
> + (description
> + "GNU lsh is a free implementation of the SSH version 2 protocol. It is
> +used to create a secure line of communication between two computers,
> +providing shell access to the server system from the client. It provides
> +both the server daemon and the client application, as well as tools for
> +manipulating key files.")
> + (license license:gpl2+)))
> diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
> index 33e1951..1eb9382 100644
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -22,7 +22,7 @@
> #:use-module (gnu services)
> #:use-module (gnu services shepherd)
> #:use-module (gnu system pam)
> - #:use-module (gnu packages lsh)
> + #:use-module (gnu packages ssh)
> #:use-module (srfi srfi-26)
> #:export (lsh-service))
>
> --
> 2.9.0
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 4 Jul 2016 22:56:16 +0200
> From: David Craven <david@craven.ch>
> To: guix-devel@gnu.org
> Cc: David Craven <david@craven.ch>
> Subject: [PATCH 2/2] services: Add 'dropbear-service'.
> Message-ID: <20160704205616.11599-2-david@craven.ch>
>
> * gnu/services/ssh.scm (dropbear-service, ...): New variables.
> * doc/guix.texi: New node.
> ---
> doc/guix.texi | 25 ++++++++++++-
> gnu/services/ssh.scm | 104 +++++++++++++++++++++++++++++++++++++++++++++++++--
> 2 files changed, 124 insertions(+), 5 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 62c0d34..377004f 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -7695,7 +7695,7 @@ In addition, @var{extra-settings} specifies a string to append to the
> configuration file.
> @end deffn
>
> -Furthermore, @code{(gnu services ssh)} provides the following service.
> +Furthermore, @code{(gnu services ssh)} provides the following services.
>
> @deffn {Scheme Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
> [#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @
> @@ -7733,6 +7733,29 @@ root.
> The other options should be self-descriptive.
> @end deffn
>
> +@deffn {Scheme Procedure} dropbear-service [#:host-key "/etc/dropbear/dropbear_ecdsa_host-key"] @
> + [#:port-number 22] [#:allow-empty-passwords? #f] @
> + [#:root-login? #f] [#:password-authentication? #t] @
> + [#:syslog-output? #t] [#:initialize? #t]
> +Run the @command{dropbear} program from @var{dropbear} to listen on port @var{port-number}.
> +@var{host-key} must designate a file containing the host key, and readable
> +only by root.
> +
> +By default dropbear logs its output to syslogd, unless one sets
> +@var{syslog-output?} to false. This also makes dropbear-service depend
> +on existence of syslogd service.
> +
> +When @var{initialize?} is true, @command{dropbear} automatically generates the
> +host key upon service activation if it does not exist yet.
> +When @var{initialize?} is false, it is up to create a key pair with the private
> +key stored in file @var{host-key}. For more information consult the
> +@command{dropbearkey} man pages.
> +
> +@var{allow-empty-passwords?} specifies whether to accept log-ins with empty
> +passwords, and @var{root-login?} specifies whether to accept log-ins as
> +root.
> +@end deffn
> +
> @defvr {Scheme Variable} %facebook-host-aliases
> This variable contains a string for use in @file{/etc/hosts}
> (@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each
> diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
> index 1eb9382..13a5df1 100644
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -17,14 +17,15 @@
> ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
>
> (define-module (gnu services ssh)
> - #:use-module (guix gexp)
> - #:use-module (guix records)
> + #:use-module (gnu packages ssh)
> #:use-module (gnu services)
> #:use-module (gnu services shepherd)
> #:use-module (gnu system pam)
> - #:use-module (gnu packages ssh)
> + #:use-module (guix gexp)
> + #:use-module (guix records)
> #:use-module (srfi srfi-26)
> - #:export (lsh-service))
> + #:export (dropbear-service
> + lsh-service))
>
> ;;; Commentary:
> ;;;
> @@ -235,4 +236,99 @@ The other options should be self-descriptive."
> public-key-authentication?)
> (initialize? initialize?))))
>
> +;;;
> +;;; Dropbear ssh server
> +;;;
> +
> +(define-record-type* <dropbear-configuration>
> + dropbear-configuration make-dropbear-configuration
> + dropbear-configuration?
> + (dropbear dropbear-configuration-dropbear
> + (default dropbear))
> + (host-key dropbear-configuration-host-key)
> + (port-number dropbear-configuration-port-number)
> + (syslog-output? dropbear-configuration-syslog-output?)
> + (pid-file dropbear-configuration-pid-file)
> + (root-login? dropbear-configuration-root-login?)
> + (allow-empty-passwords? dropbear-configuration-allow-empty-passwords?)
> + (password-authentication? dropbear-configuration-password-authentication?)
> + (initialize? dropbear-configuration-initialize?))
> +
> +(define (dropbear-initialization dropbear host-key)
> + "Return the gexp to initialize the dropbear service for HOST-KEY."
> + #~(begin
> + (unless (file-exists? #$host-key)
> + (mkdir-p (dirname #$host-key))
> + (format #t "creating SSH host key '~a'...~%" #$host-key)
> + (system* (string-append #$dropbear "/bin/dropbearkey")
> + "-t" "ecdsa" "-f" #$host-key))))
> +
> +(define (dropbear-activation config)
> + "Return the activation gexp for CONFIG."
> + #~(begin
> + #$(if (dropbear-configuration-initialize? config)
> + (dropbear-initialization
> + (dropbear-configuration-dropbear config)
> + (dropbear-configuration-host-key config))
> + #t)))
> +
> +(define (dropbear-shepherd-service config)
> + "Return a <shepherd-service> for dropbear with CONFIG."
> + (define dropbear (dropbear-configuration-dropbear config))
> +
> + (define dropbear-command
> + (append
> + (list
> + #~(string-append #$dropbear "/sbin/dropbear") "-F"
> + "-p" (number->string (dropbear-configuration-port-number config))
> + "-P" (dropbear-configuration-pid-file config)
> + "-r" (dropbear-configuration-host-key config))
> + (if (dropbear-configuration-syslog-output? config) '() '("-E"))
> + (if (dropbear-configuration-root-login? config) '() '("-w"))
> + (if (dropbear-configuration-password-authentication? config) '() '("-s" "-g"))
> + (if (dropbear-configuration-allow-empty-passwords? config) '("-B") '())))
> +
> + (define requires
> + (if (dropbear-configuration-syslog-output? config)
> + '(networking syslogd)
> + '(networking)))
> +
> + (list (shepherd-service
> + (documentation "Dropbear ssh server")
> + (requirement requires)
> + (provision '(ssh-daemon))
> + (start #~(make-forkexec-constructor #$@dropbear-command))
> + (stop #~(make-kill-destructor)))))
> +
> +(define dropbear-service-type
> + (service-type (name 'dropbear)
> + (extensions
> + (list (service-extension shepherd-root-service-type
> + dropbear-shepherd-service)
> + (service-extension activation-service-type
> + dropbear-activation)))))
> +
> +(define* (dropbear-service #:key
> + (dropbear dropbear)
> + (host-key "/etc/dropbear/dropbear_ecdsa_host_key")
> + (port-number 22)
> + (allow-empty-passwords? #f)
> + (root-login? #f)
> + (syslog-output? #t)
> + (pid-file "/var/run/dropbear.pid")
> + (password-authentication? #t)
> + (initialize? #t))
> + "Run the @command{dropbear} daemon from @var{dropbear} to start a ssh server."
> + (service dropbear-service-type
> + (dropbear-configuration
> + (dropbear dropbear)
> + (host-key host-key)
> + (port-number port-number)
> + (allow-empty-passwords? allow-empty-passwords?)
> + (root-login? root-login?)
> + (syslog-output? syslog-output?)
> + (pid-file pid-file)
> + (password-authentication? password-authentication?)
> + (initialize? initialize?))))
> +
> ;;; ssh.scm ends here
> --
> 2.9.0
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Guix-devel mailing list
> Guix-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/guix-devel
>
>
> ------------------------------
>
> End of Guix-devel Digest, Vol 37, Issue 26
> ******************************************
^ permalink raw reply [flat|nested] 2+ messages in thread
* Services and hardware/kernel requirements
2016-07-05 10:56 [PATCH 2/2] services: Add 'dropbear-service'. (David Craven) David Craven
@ 2016-07-11 8:38 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2016-07-11 8:38 UTC (permalink / raw)
To: David Craven; +Cc: guix-devel
Hello,
David Craven <david@craven.ch> skribis:
> I'm currently also working on a spice service. I'm thinking it would
> be nice to be able to specify qemu flags in services, then adding
> `(rngd-service)` would include the `-device virtio-rng-pci` and
> `(spice-vdagent-service)` the spice specific flags. I'm not sure yet
> how this would work exactly. Or if a `(hardware-configuration)` would
> be a better which we could at some point pass to the kernel package to
> build a custom kernel with only the required modules.
I don’t think services should be aware of QEMU.
However, maybe we could add a ‘hardware-service-type’, which services
could extend to express hardware requirements. Somehow, it would
arrange to fail as early as possible (build time or run time) if the
requirements could not be met.
Likewise for kernel features like virtio-rng.
Thoughts?
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-07-11 8:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-05 10:56 [PATCH 2/2] services: Add 'dropbear-service'. (David Craven) David Craven
2016-07-11 8:38 ` Services and hardware/kernel requirements Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).