From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 8C35JMsRvWGQFQEAgWs5BA (envelope-from ) for ; Fri, 17 Dec 2021 23:40:11 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id oLXFIMsRvWHBHQAA1q6Kng (envelope-from ) for ; Fri, 17 Dec 2021 22:40:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 42DC813AB3 for ; Fri, 17 Dec 2021 23:40:11 +0100 (CET) Received: from localhost ([::1]:49984 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1myLtZ-0005yY-US for larch@yhetil.org; Fri, 17 Dec 2021 17:40:09 -0500 Received: from eggs.gnu.org ([209.51.188.92]:41842) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1myLtS-0005y8-9K for guix-patches@gnu.org; Fri, 17 Dec 2021 17:40:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:57505) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1myLtS-0000rK-0k for guix-patches@gnu.org; Fri, 17 Dec 2021 17:40:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1myLtR-000303-PQ for guix-patches@gnu.org; Fri, 17 Dec 2021 17:40:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#52578] [PATCH] updating openldap and adding service definition References: In-Reply-To: Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 17 Dec 2021 22:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52578 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 52578@debbugs.gnu.org Received: via spool by 52578-submit@debbugs.gnu.org id=B52578.163978076411475 (code B ref 52578); Fri, 17 Dec 2021 22:40:01 +0000 Received: (at 52578) by debbugs.gnu.org; 17 Dec 2021 22:39:24 +0000 Received: from localhost ([127.0.0.1]:40818 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1myLsq-0002z1-9Q for submit@debbugs.gnu.org; Fri, 17 Dec 2021 17:39:24 -0500 Received: from baptiste.telenet-ops.be ([195.130.132.51]:49812) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1myLso-0002yr-KH for 52578@debbugs.gnu.org; Fri, 17 Dec 2021 17:39:23 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by baptiste.telenet-ops.be with bizsmtp id XafL2600F4UW6Th01afLyu; Fri, 17 Dec 2021 23:39:21 +0100 Message-ID: <48af7ae3214ca223d7b57c0fd5a72c13a9fcbd85.camel@telenet.be> From: Maxime Devos Date: Fri, 17 Dec 2021 22:39:20 +0000 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1639780761; bh=F+XcxPqmbXPjPBw1MvPHx7V7BFUp8qOVada1X2zhRl4=; h=Subject:From:To:Date; b=ECJ4rWDIfV0SSLizZt/IF+nlZcgrClMqTXLB9dWLhXR0gxiOZfhBEj6ZoG6AjekB6 0hgV7pHOAxKGq3N5ZXiCgla7SqT1dXzupdrDiOmDf6Y4WHH7EOvKAkAAD1VczCU3u5 OnLROaLu5MnI+U/ZtS1sV6SEXhRUGXY9V8VukCqZJ4giGW1u+9ZK2o6JxRIVgCVc8A 7tEKnVvCgDbrs8vW0WPvJz7pKdiCNGhK5uQMvBbvy5roj2VyZMbVfS9z7MD22gEefk qDZsKNTyc3TVAdmX+H/7AFjHB2YevXO14QDnmp6ezbfXEqGdbytL57KvEReAnInAu0 yBFP9xCCBuvrg== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1639780811; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=F+XcxPqmbXPjPBw1MvPHx7V7BFUp8qOVada1X2zhRl4=; b=k4Z6Ga6nn1WYGb1LmWZU+vdN6SpFymoqO7hu7pUoukmETVrhy3eXVukRD9Aq5g+afc9BYY ppVaxYVjzfkOtwyDYKicsrBnMT7h9pLOgmocn9KxMgm0MIRTvXpR2uDmy6+qq8WcLZqE1K z2aGeY6a0Z/G/Shkpt+z+qoPDKX/4lvlyZGutfE/EFIKL2e0nae2oygOItLkuSLNs+59eg Xa+xQ5EH4SOxd803w806qlspJCaf1O6v8ZIkYUyr+W69o9G7ggi0Doy3DeA4M+YB+9PKql 0xH38lh39D4RTioVyHcNPUYN0KDIS236fZj0Zzn5USwFoGI9Q7V720A2MI57zw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1639780811; a=rsa-sha256; cv=none; b=HfnHKPPcZERqLi9gWm7o08OVy294qFcmRWxd0WjDSLn1BRdRBnBHGl/AZu98CXxBy1Yhxn fK9OXVpdQHrCN295lzp9rpD4dIM/pvfs9E+qrIBT0yMFX++iQaibMCrGruREMjy+BWfc7s yJiL+fktWXMm9V7BqeeTppl/tk50k8aWTr+xuNB3GazJCIkni6apAxC+K48fc+SHSNevXM hoX1z+TWrIC9cX034dUt83scCKW2MbgPA61PQKvXnciGJcGdGTusFm8HA+6ucP1QV9vzpV iTS7N9KQ+8Y0GbVQOAob/6qH0niT3ThvfB5QoCv0E2XUkowaJf0cqeeXAPaZ3Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=ECJ4rWDI; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.80 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=ECJ4rWDI; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 42DC813AB3 X-Spam-Score: -2.80 X-Migadu-Scanner: scn0.migadu.com X-TUID: PAPN5OkR4TZ/ Hi, >+ "--disable-static" >+ "--enable-shared" >+ "--with-tls=openssl" >+ "--disable-static" A single "--disable-static" should be suficient. > + ,@(if (%current-target-system) > + '("--with-yielding_select=yes" "ac_cv_func_memcmp_working=yes") > + '() > + ) is this speculation on what's necessary for cross-compilation, or has it been determined these flags are necessary? >+ #:make-flags '("STRIP=") Why? >+ #:parallel-build? #t This is the default, no need to mention it. > + ,@(if (%current-target-system) > + '( > + (add-before 'make-depend 'fix-cross-gcc > + (lambda* (#:key target #:allow-other-keys) > + (setenv "CC" (string-append target "-gcc")) > + #t > + ) > + ) > + ) > + '() You can use ,(cc-for-target) here. Also, CC can be set in #:make-flags. > + (synopsis "Implementation of the Lightweight Directory Access Protocol") > + (description "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") That's a very terse description --- is it a server, a client application, programming APIs for communicating with a server, or all of these? Also, no need to mention it's free, everything in Guix is free. > +(define-public openldap-2.5.9 > + (package > + (inherit openldap) What's the reason for defining multiple versions of openldap? Usually, it is only necessary to keep the latest version of a package (with some rare exceptions). >+(define-module (gnu services openldap) A copyright + license header is missing, and this file needs to be added to Makefile.am (or local.mk, I'm not sure about the details). >+ #:use-module (gnu packages openldap) >+ #:use-module (gnu services) >+ #:use-module (gnu services shepherd) >+ #:use-module (guix) >+ #:use-module (guix records) >+ #:use-module (ice-9 match) >+ #: export ( This seems unlikely to compile, what's the space doing here? Something I'm missing here, is some documentation. As it is, this openldap service isn't documented anywhere, so nobody would figure out it even exists, unless they search in the source code. > + (shepherd-service [...]) As-is, this service would be run as root, which is very suboptimal from a security perspective. Consider running it as a separate user & group, and if feasible in a container (the latter is optional but would be great). > + (pid-file openldap-configuration-pid-file > + (default "/var/run/openldap/slapd.pid")) > + (log-file openldap-configuration-log-file > + (default "/var/log/slapd.log")) I don't see the point in making this customisable. Why would anyone want to change the log locations or location of the pid file? Unless there's some compelling reason otherwise, I'd prefer to keep complexity down by not making this configurable. > + (config-file openldap-configuration-config-file > + (default (file-append openldap "/etc/openldap/slapd.conf")) > + ) Allowing writing the configuration with configuration records would be preferred (with an 'extra-content'-style escape hatch, because it would probably be infeasible to support every single configuration option of openldap, but some basic options like ‘which network port to bind to’ should be configurable in Scheme). > + (requirement '(user-processes)) This service probably requires a network interface, so loopback might be required. Also, why is user-processes included? I know many services include it, but it doesn't appear to be documented anywhere when user- processes must be added to 'requirement'. >+ openldap-configuration >+ openldap-configuration? >+ openldap-shepherd-service >+ openldap-service-type >+ ) These parentheses are lonely, consider moving the parenthese to right after openldap-service-type, to keep the style consistent in Guix. Greetings, Maxime.