From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id cGUKEeXK7mU3ogAAe85BDQ:P1 (envelope-from ) for ; Mon, 11 Mar 2024 10:12:05 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id cGUKEeXK7mU3ogAAe85BDQ (envelope-from ) for ; Mon, 11 Mar 2024 10:12:05 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=soeren-tempel.net header.s=opensmtpd header.b=BFyoS+2g; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=soeren-tempel.net (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1710148325; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=JZI8Z5a6trxCN+6osVnsjosoxadhxj2rElKUdN+IgFw=; b=uD9qKoXhWLzqRocZeMfzU8Gi56XvuyRbrzw6Y+i3pJq5anSk9EX+OZNJZvQjTJA2to5XRl F8o5CYrgbXqO/kWL8Z1WeGQ0T2B+DHtA6aROCQu5leqgceqXEQDKge+XlY0x5p9CQsqaDd ViuG9pxFLmEGXIQ2GCBlnEUkGIQjPuJLYqv6YHFHW0Kiu4E9jb04i1AQSLHpSU3cwWyrty 8PxPi0099pbqVbMKnBV09327Vrs56YeRtcExAKvxNsbQNeSI/Xh6QZ+7hz5vA/zOZFVCSx NmZug98HW+st0J8Lz4YuAJHK4yGcHf7O+u+TLCNIfXuFcF7TLSPIHJ68u2AYBQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=soeren-tempel.net header.s=opensmtpd header.b=BFyoS+2g; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=soeren-tempel.net (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710148325; a=rsa-sha256; cv=none; b=uKoCaHBg0upbeHTdUGodagcMaX0gMbxkpf2PdiThcRxrrpT510UUutDuFqQwTNYlg91Zuf 0ohozPYyiKVdC1UidlSF2eiV36MIzVZh0in7mco8rkxr7v2+3/+WRQNXqRhXSQ3trj3H6s spCuDZayIX1sXfNRiZqJx89NOHq0ZeDPxwWBGikMtozTi36fhu/fcven72MfCQq9VCILqx KdzWmALqHb+/PzC58l9X4uaJaB13dl6+4Y0J+HGbaUeZnouGAjNa9T1Je+dCChsXmmxFRe qBd/DSXlFJBVItqogRdbK4gI95jCKP12nAlWtxMKlqejtEnR9ZhEO8LI0Dogtg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 24F2F42AC1 for ; Mon, 11 Mar 2024 10:12:05 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rjbh9-0001mZ-4B; Mon, 11 Mar 2024 05:11:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rjbgv-0001lZ-N5 for guix-patches@gnu.org; Mon, 11 Mar 2024 05:11:30 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rjbgu-00049t-Kf for guix-patches@gnu.org; Mon, 11 Mar 2024 05:11:29 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rjbhS-0007gw-Ac for guix-patches@gnu.org; Mon, 11 Mar 2024 05:12:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#68675] [PATCH v3 2/2] services: dhcp: Support the dhcpcd implementation. Resent-From: =?UTF-8?Q?S=C3=B6ren?= Tempel Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 11 Mar 2024 09:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68675 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 68675@debbugs.gnu.org Received: via spool by 68675-submit@debbugs.gnu.org id=B68675.171014826829480 (code B ref 68675); Mon, 11 Mar 2024 09:12:02 +0000 Received: (at 68675) by debbugs.gnu.org; 11 Mar 2024 09:11:08 +0000 Received: from localhost ([127.0.0.1]:38729 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rjbga-0007fP-72 for submit@debbugs.gnu.org; Mon, 11 Mar 2024 05:11:08 -0400 Received: from magnesium.8pit.net ([45.76.88.171]:18876) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rjbgX-0007fC-JL for 68675@debbugs.gnu.org; Mon, 11 Mar 2024 05:11:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=opensmtpd; bh=JZI8Z5a6 trxCN+6osVnsjosoxadhxj2rElKUdN+IgFw=; h=in-reply-to:references:from: subject:cc:to:date; d=soeren-tempel.net; b=BFyoS+2gtikqivTZEm4O0SUG07n NDTLGEmfd7XrPGGEgJk6AitTsb9+85+cAVUrBMANTLOmKtJj6HpcNHZF5JFUX0ykQZxK41 M1VR2yo2D08KosU5g7hH18EJp+YlxtwOwYtmw1NRX9ukoszoJLwtRJVs28vn3oc+lWrSJL jgKQ= Received: from localhost (dynamic-2a02-3102-49da-001b-64ba-7ea6-b5d2-00d0.310.pool.telefonica.de [2a02:3102:49da:1b:64ba:7ea6:b5d2:d0]) by magnesium.8pit.net (OpenSMTPD) with ESMTPSA id c4749531 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:YES); Mon, 11 Mar 2024 10:10:30 +0100 (CET) Date: Mon, 11 Mar 2024 10:10:24 +0100 From: =?UTF-8?Q?S=C3=B6ren?= Tempel References: <5c6f714f4802ec17bc247e701bcee82d54733005.1707828643.git.soeren@soeren-tempel.net> <87plwgfgyo.fsf@gnu.org> In-Reply-To: <87plwgfgyo.fsf@gnu.org> Message-Id: <36K6QAPI5E9CA.21QTTSML4N08U@8pit.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -5.18 X-Spam-Score: -5.18 X-Migadu-Queue-Id: 24F2F42AC1 X-Migadu-Scanner: mx13.migadu.com X-TUID: R/DeBWxVLBb/ Hi, Ludovic Court=C3=A8s wrote: > Apologies for the late reply. No worries, I understand that you have a lot of other things to do :) > I would very much like to avoid the =E2=80=98open-input-pipe=E2=80=99 dan= ce here. Maybe > there=E2=80=99s a way to ask it to not fork, in which case we don=E2=80=99= t need to wait > for a PID file? When using a PID file, AFAIK the only thing we can do is replicate the C code that I referenced in my prior email for determining the PID file name [1]. Is there a specific reason why you want to avoid using open-input-pipe? > What do others do? I guess it=E2=80=99s not possible to have a systemd .= service > file given those PID file semantics, is it? systemd and other service supervisor do not rely on PID files for services supervision as they are inherently racy. Therefore, as mentioned in my prior email, I also think it would be preferable to not use a PID file for supervising either dhclient or dhcpcd. I only ended up using a PID file here as dhclient already used one and I wanted to keep the service changes as minimal as possible to ensure a swift review since I believe this to be a security-critical issue (see Guix issue #68619). > Two notes: I would find it clearer to call =E2=80=98fork+exec-command= =E2=80=99 above > instead of constructing =E2=80=98exec-config=E2=80=99. >=20 > Ideally, we=E2=80=99d use: >=20 > (start #~(if (file-exists? (string-append #$package "/bin/dhclient")) > (make-forkexec-constructor =E2=80=A6) ;ISC version, with= #:pid-file > (make-forkexec-constructor =E2=80=A6))) ;dhcpcd, maybe wit= hout #:pid-file If we separate the dhclient and the dhcpcd code like this, then it may be worthwhile to have entirely separated services instead of combining them both in a single service. This would also ease providing a configuration for these services. > Maybe that is too naive, but at least we should get as close as possible > to that, for instance by avoiding direct calls to =E2=80=98fork+exec-comm= and=E2=80=99 + > =E2=80=98waitpid=E2=80=99 + =E2=80=98read-pid-file=E2=80=99 as much as po= ssible. Ideally, I would not want to refactor existing service code as much in this patchset. As mentioned above, I believe Guix using dhclient by default (which has been EOL for 2 years) has security implications. Therefore, I would want to migrate dhcp-client-service-type away from dhclient to dhcpcd as soon as possible. As part of this migration, I would strongly suggest a deprecation and removal of dhclient support from dhcp-client-service-type. As soon as dhclient support is removed, refactorings of dhcp-client-service-type can be conducted. Including a removal of PID files for supervision, instead supervising dhcpcd by spawning it as non-double-forking child process [2]. Greetings S=C3=B6ren [1]: https://github.com/NetworkConfiguration/dhcpcd/blob/v10.0.6/src/dhcpcd= .c#L2144 [2]: https://github.com/nmeum/guix-channel/blob/b1b80697a9d35ca015ce56ccf30= 31f91f2bf554f/src/nmeum/services/networking.scm#L209-L211