From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id qHdsHpmB22ZJ1QAAe85BDQ:P1 (envelope-from ) for ; Fri, 06 Sep 2024 22:26:33 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id qHdsHpmB22ZJ1QAAe85BDQ (envelope-from ) for ; Sat, 07 Sep 2024 00:26:33 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=YJM2cpha; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=ejvGqFDV; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1725661593; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=1USGWrM6QUbwDryDuoBTFQBnCJsX8KniB+P/JUjS6YM=; b=UNPZ51qAJMTGkN4p2UPr1Ve22NGAyYjpPEWEshC/6shI/P5QcbhXp2SivT7SkUGTyWVWK5 dpifSAqYDElaMpgaOL7X+R5DrH5zmSfsC+z0he9+N4uiryVO97Iu3GvUWANaUbx0xPRcXh Q5pF5IEagfbtGT4Fi/nRMGXlCU46lO7WyYU55wtkTFl0vCA0eMK8uLkC4f9tg/UGYJD7kr fKLkafVK9Jedx0iL7hR5Re3/lMCG1BhFfEp+b2Y5Yi5O2tYzOqgPIvgGTFFz9AEdYAqVVD H5ERx2jmdS+fUsTQ9uFK8tcOGw/yGTI9kgww5hGUaB5g4g0MHDwVcwQ2hJpG1A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1725661593; a=rsa-sha256; cv=none; b=PRif/XcQ47h7UpO030XR6S7zmYJWKbOxs4xAC/6RcOqjzxkFvdPNDDtXcte0Fdh8M1iYPo QnWK20vCyTKXjM93V7cwIfL6mSlYfHroPXDvZNr/nbc9CTVqIfKcsDMfPTp8IzxjplJkUN pnjrgq3HRu1dOBf03TtOJJtIgjVADs2U53NrlYMp4gCmzyz5Byw6xbE6nlNRtZcD++TSMj 5no/bIyJ8zSZT4YJn80R6uUAQsOCU9u8p/U2512LIlFTpJLv1CP8Hr7U5TWGuDCuHmrEDd 1fEfyh/+xelhhcsB9+XN9DzVGgqT1wIezYihU+1kJAG5yf/cRRhuZTkIf18Sxg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=YJM2cpha; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=ejvGqFDV; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1230D76B1A for ; Sat, 07 Sep 2024 00:26:32 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smhP4-0007A7-7h; Fri, 06 Sep 2024 18:26:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smhP1-00079M-Ik for guix-patches@gnu.org; Fri, 06 Sep 2024 18:26:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1smhP1-00035I-46 for guix-patches@gnu.org; Fri, 06 Sep 2024 18:26:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=1USGWrM6QUbwDryDuoBTFQBnCJsX8KniB+P/JUjS6YM=; b=YJM2cphaiElUgNKMoIKPrNdQm+Q3n+UqNenGBUHPX/VF64q4RxVK+TOx6UleFWytkPcDTlPdBi48c1nmhbCsGt09xolwDEfNBMlave7kJ1kG+E6IPUOogFU6QG6FJv2C8ZjL8kNaKZoyGI0DKQ9dNB/8G1Ntpuq2CFBSIzComhIjHpmOMD2+a2ooDWG7TktnaQtZ1J2R6hGPrXn9M53tPLpXqn/HFkm4AyPDrCpPChROHyi07QgcNIKNrUSkaFY6KPb8dU++HOpLastWgI2Xt+h+FhS/ZoyNkSgeOjrvU1BNpXR5OfLxRk031+SqQbCRvhBfwBvWqvUSfoSSm8Mldg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1smhP1-0004G2-0g for guix-patches@gnu.org; Fri, 06 Sep 2024 18:26:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#72398] [PATCH v5] services: Add readymedia-service-type. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 06 Sep 2024 22:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72398 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Fabio Natali Cc: arunisaac@systemreboot.net, Maxim Cournoyer , Florian Pelz , mirai@makinata.eu, 72398@debbugs.gnu.org, Matthew Trzcinski Received: via spool by 72398-submit@debbugs.gnu.org id=B72398.172566151816292 (code B ref 72398); Fri, 06 Sep 2024 22:26:02 +0000 Received: (at 72398) by debbugs.gnu.org; 6 Sep 2024 22:25:18 +0000 Received: from localhost ([127.0.0.1]:54343 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1smhOH-0004Ei-M9 for submit@debbugs.gnu.org; Fri, 06 Sep 2024 18:25:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43426) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1smhGT-0003jB-T2 for 72398@debbugs.gnu.org; Fri, 06 Sep 2024 18:17:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smhGK-0002Dh-QR; Fri, 06 Sep 2024 18:17:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=1USGWrM6QUbwDryDuoBTFQBnCJsX8KniB+P/JUjS6YM=; b=ejvGqFDVd93K+fj4berd CgNBny3egFKSh66sg+mlzZC7g/O8yHjn/pA7A35c7mRvBeY4sId+x0D8b5L+NX0uujV4oH4NYCrd4 wjDok+oCcF3LVGa7HNwx39vGwjPMyZ9cX/M2Fy0P6IL5DNKs0j2wbyY581C9DL/gHdwPvjdWbceHe bSfNlVJ2NIhvM1x3+mWURuSreG4iqeAx6jOGKkMf2+C5J1yehpoZIV4uuUQRAdY/ottiUFi2LqxTi nLxaoG2I8XvDPLPDPekao9pYFOTmqfx7K6pXmrPp5UOWNPshtL9xRi+KOoxP4yiGhOsWgXUdJtiJJ 0JGfqmQBcIbVoQ==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: (Fabio Natali's message of "Mon, 26 Aug 2024 11:11:36 +0100") References: <5c35d80d-610f-4521-875b-34dabdc7717f@makinata.eu> Date: Sat, 07 Sep 2024 00:17:02 +0200 Message-ID: <874j6swhpd.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -4.59 X-Spam-Score: -4.59 X-Migadu-Queue-Id: 1230D76B1A X-Migadu-Scanner: mx11.migadu.com X-TUID: 9GnipFu4j0am Hello, Fabio Natali skribis: > * doc/guix.texi: Add documentation. > * gnu/local.mk: Add mention of new files. This is really minor, but please mention the place where this is added, like: * doc/guix.texi (Section Name): New node. > On a Guix system tests can be run with this command: > > make check-system TESTS=3D"readymedia-service" I get two failures: --8<---------------cut here---------------start------------->8--- PASS: ReadyMedia user exists PASS: ReadyMedia group exists PASS: cache directory exists PASS: cache directory has correct ownership PASS: cache directory has expected permissions /gnu/store/3z061ii32vr6klh3y8p9b43zq6lwibja-readymedia-service-test-builder= :1: FAIL cache file exists /gnu/store/3z061ii32vr6klh3y8p9b43zq6lwibja-readymedia-service-test-builder= :1: FAIL cache file has expected permissions PASS: cache file is non-empty PASS: log directory exists PASS: log directory has correct ownership PASS: log directory has expected permissions PASS: log file exists PASS: log file has expected permissions PASS: log file is non-empty PASS: ReadyMedia service is running PASS: ReadyMedia service is listening for connections # of expected passes 14 # of unexpected failures 2 --8<---------------cut here---------------end--------------->8--- This might have to do with activation, see below. > +The @code{(gnu services upnp)} module offers services related to the > +DLNA and UPnP-VA networking protocols. For now, it provides the I would add a few words about what DLNA and UPnP-VA allow users to do, and perhaps what they mean. > +@code{readymedia-service-type} is a Guix service that wraps around > +ReadyMedia's @code{minidlnad}. For increased security, the service > +makes use of @code{least-authority-wrapper} which limits the resources > +that the daemon has access to. The daemon runs as the > +@code{readymedia} unprivileged user, which is a member of the > +@code{readymedia} group. I would omit everything that follows =E2=80=9CFor increased security=E2=80= =9D since it=E2=80=99s largely an implementation detail (a nice one though!) and could get out of sync over time. > + (list (shepherd-service > + (documentation "Run the ReadyMedia/MiniDLNA daemon.") > + (provision '(readymedia)) > + (requirement '(networking user-processes)) > + (start > + #~(begin > + (use-modules (gnu build activation)) > + (let* ((user (getpw #$%readymedia-user-account)) > + (dirs (list > + #$cache-directory > + #$log-directory > + #$@(map (lambda (e) > + (readymedia-media-directory-path= e)) > + media-directories))) > + (init-directory (lambda (d) > + (unless (file-exists? d) > + (mkdir-p/perms d user #o755))= ))) > + (for-each init-directory dirs)) > + (make-forkexec-constructor > + ;; "-S" is to daemonise minidlnad. > + (list #$readymedia "-f" #$minidlna-conf "-S") > + #:log-file #$%readymedia-log-file > + #:user #$%readymedia-user-account > + #:group #$%readymedia-user-group))) This is problematic because the code above =E2=80=98make-forkexec-construct= or=E2=80=99 is effectively executed as soon as shepherd reads the config file, which may be too early or undesirable. If you intended it to run when the service is started, you=E2=80=99ll have = to structure it like this: (start #~(lambda () ;; create directories etc. (fork+exec-command (list #$readymedia =E2=80=A6) =E2=80=A6))) Also, use the =E2=80=98modules=E2=80=99 field instead of =E2=80=98use-modul= es=E2=80=99 right in the middle. But! While I agree in principle with what Bruno wrote about the shortcomings of activation snippets, I would stick to an activation snippet here to create directories etc. The change Bruno proposes should be treated separately and systematically across all the services, not just one of them. > +(define %test-readymedia-service Just =E2=80=98%test-readymedia=E2=80=99=E2=80=A6 > + (system-test > + (name "readymedia-service") =E2=80=A6 and =E2=80=9Creadymedia=E2=80=9D, for consistency with other test= s. Thanks, Ludo=E2=80=99.