From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id wKeTHQ0Kk1+feAAA0tVLHw (envelope-from ) for ; Fri, 23 Oct 2020 16:51:25 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id MHOOGQ0Kk1+PBgAAB5/wlQ (envelope-from ) for ; Fri, 23 Oct 2020 16:51:25 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 29B74940215 for ; Fri, 23 Oct 2020 16:51:24 +0000 (UTC) Received: from localhost ([::1]:56510 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kW0Hh-0000dU-Ol for larch@yhetil.org; Fri, 23 Oct 2020 12:51:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51388) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW05m-0001wC-K8 for guix-patches@gnu.org; Fri, 23 Oct 2020 12:39:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:46543) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kW05l-0002Xp-KQ for guix-patches@gnu.org; Fri, 23 Oct 2020 12:39:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kW05l-0007Nu-IM for guix-patches@gnu.org; Fri, 23 Oct 2020 12:39:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43921] [PATCH v3 2/2] Add User Service example. Resent-From: Jan Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 23 Oct 2020 16:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43921 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 43921@debbugs.gnu.org, Efraim Flashner Received: via spool by 43921-submit@debbugs.gnu.org id=B43921.160347108628315 (code B ref 43921); Fri, 23 Oct 2020 16:39:01 +0000 Received: (at 43921) by debbugs.gnu.org; 23 Oct 2020 16:38:06 +0000 Received: from localhost ([127.0.0.1]:58088 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kW04m-0007MA-DQ for submit@debbugs.gnu.org; Fri, 23 Oct 2020 12:38:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50920) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kW04j-0007Lv-7R for 43921@debbugs.gnu.org; Fri, 23 Oct 2020 12:37:59 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:53786) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kW04d-0002MK-Hw; Fri, 23 Oct 2020 12:37:51 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=48898 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kW04c-0000ay-QO; Fri, 23 Oct 2020 12:37:51 -0400 From: Jan Nieuwenhuizen References: <874kn1rtgn.fsf@gnu.org> <20201012051536.1609-1-janneke@gnu.org> <87h7qlnk5s.fsf@gnu.org> Date: Fri, 23 Oct 2020 18:37:47 +0200 In-Reply-To: <87h7qlnk5s.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Fri, 23 Oct 2020 15:31:27 +0200") Message-ID: <87a6wcyk2s.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -0.01 X-TUID: XYlwKFERhbxJ --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: Hello, > "Jan (janneke) Nieuwenhuizen" skribis: > >> * modules/shepherd/support.scm: Export %user-cache-dir, %user-config-dir, >> %user-runtime-dir. >> * doc/shepherd.texi (User Service examples): Use them in new subsection = with >> example. >> >> Co-authored-by: Efraim Flashner > > Good idea! > >> +@menu >> +* User Service examples:: >> +@end menu >> + >> +@node User Service examples >> +@subsection User Service examples > > The subsection looks lonely. :-) How about making it a section, at the > same level as =E2=80=9CService Examples=E2=80=9D? Sure. > Also, since =E2=80=9Cuser services=E2=80=9D are no different than =E2=80= =9Cnon-user=E2=80=9D services, > perhaps the focus should be on using the Shepherd as an unprivileged > user. Thus, I=E2=80=99d suggest calling the section =E2=80=9CManaging Us= er Services=E2=80=9D, > or =E2=80=9CRunning the Shepherd as a User=E2=80=9D, which do not imply t= hat =E2=80=9Cuser > services=E2=80=9D are a new concept. > > WDYT? Yes, nice. I changed the opening to The Shepherd can be used to manage services for an unprivileged user. First, you may want to ensure it is up and running every time you log in. One way to accomplish that is by adding the following lines to @file{~/.bash_profile} (@pxref{Bash Startup Files,,, bash, The GNU Bash Reference Manual}): >> +For starters, use a toplevel @code{$XDG_CONFIG_HOME/shepherd/init.scm} >> +that looks like this: > > Maybe: =E2=80=9C=E2=80=A6 we suggest the following top-level > @file{$XDG_CONFIG_HOME/shepherd/init.scm} file, which will automatically > load individual service definitions from > @file{~/.config/shepherd/init.d}:=E2=80=9D Nice. >> +Then, individual user services can be put in >> +@code{$XDG_CONFIG_HOME/shepherd/init.d/}, e.g., for ssh-agent > > @command{ssh-agent} and period. :-) >> +@lisp [..] >> + #:start (let ((socket-dir (string-append %user-runtime-dir "/ssh-ag= ent"))) >> + (unless (file-exists? socket-dir) >> + (mkdir-p socket-dir) >> + (chmod socket-dir #o700)) >> + (make-forkexec-constructor >> + `("ssh-agent" "-D" "-a" ,(string-append socket-dir "/soc= ket")) >> + #:log-file (string-append %user-cache-dir "/ssh-agent.lo= g"))) > > This is misleading because the code to create the socket directory runs > from the top-level, i.e., when shepherd starts. Oops; that's probably $HOME for me, because it worked... > I=E2=80=99d write: > > #:start (lambda () > ;; make socket dir > (fork+exec-command =E2=80=A6 #:log-file =E2=80=A6)) Great; changed that too. > (BTW, I use =E2=80=98gnupg-agent=E2=80=99, which I think is pretty nice b= ecause it=E2=80=99s > integrated with pinentry and all. Interesting...makes me wonder: maybe we could ship init.scm together with a couple of popular user service descriptions like ssh-agent.scm, znc.scm, ...gpg-agent.scm (?) in an examples directory? That would make it even easier for people to migrate away from the old > I run it as: > eval `gpg-agent --daemon --enable-ssh-support` > > =E2=80=A6 from ~/.xsession.) It would have helped me to move away from my `eval ssh-agent` thingy ;-) New version attached (included 0001 patch for completeness but which can probably be merged into / obsoleted by #43920). Greetings, Janneke --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=v3-0001-Use-XDG_CACHE_HOME-shepherd-for-unprivileged-user.patch Content-Transfer-Encoding: quoted-printable >From f0deaa24ad57d2db921bf1b092350988c50558a7 Mon Sep 17 00:00:00 2001 From: "Jan (janneke) Nieuwenhuizen" Date: Sun, 11 Oct 2020 10:54:26 +0200 Subject: [PATCH v3 1/2] Use XDG_CACHE_HOME/shepherd for unprivileged users' log directory. Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=3DUTF-8 * modules/shepherd/support.scm (%user-cache-dir): New variable. (user-default-log-file): Use it. * doc/shepherd.texi (Invoking shepherd): Document it. --- doc/shepherd.texi | 4 +++- modules/shepherd/support.scm | 11 +++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/doc/shepherd.texi b/doc/shepherd.texi index 696477e..7c9a739 100644 --- a/doc/shepherd.texi +++ b/doc/shepherd.texi @@ -417,7 +417,9 @@ permissions are not as expected. Log output into @var{file}. =20 For unprivileged users, the default log file is -@file{$XDG_CONFIG_HOME/shepherd/shepherd.log}. +@file{$XDG_CACHE_HOME/shepherd/shepherd.log}. If the +@code{XDG_CACHE_HOME} environment variable is not defined, +@code{$HOME/.cache/shepherd/shepherd.log} is used instead. =20 @cindex syslog When running as root, the default behavior is to connect to diff --git a/modules/shepherd/support.scm b/modules/shepherd/support.scm index cdb7b35..fe64a05 100644 --- a/modules/shepherd/support.scm +++ b/modules/shepherd/support.scm @@ -4,6 +4,7 @@ ;; Copyright (C) 2002, 2003 Wolfgang J=C3=A4hrling ;; Copyright (C) 2016 Mathieu Lirzin ;; Copyright (C) 2018 Danny Milosavljevic +;; Copyright (C) 2020 Jan (janneke) Nieuwenhuizen ;; ;; This file is part of the GNU Shepherd. ;; @@ -265,6 +266,12 @@ There is NO WARRANTY, to the extent permitted by law."= ))) (false-if-exception (passwd:dir (getpwuid (getuid)))) "/")) =20 +(define %user-cache-dir + ;; Default cache directory if shepherd is run as a normal user. + (string-append (or (getenv "XDG_CACHE_HOME") + (string-append user-homedir "/.cache")) + "/shepherd")) + (define %user-config-dir ;; Default config directory if shepherd is run as a normal user. (string-append (or (getenv "XDG_CONFIG_HOME") @@ -302,8 +309,8 @@ TARGET should be a string representing a filepath + nam= e." ;; Logging. (define (user-default-log-file) "Return the file name of the user's default log file." - (mkdir-p %user-config-dir #o700) - (string-append %user-config-dir "/shepherd.log")) + (mkdir-p %user-cache-dir #o700) + (string-append %user-cache-dir "/shepherd.log")) =20 (define default-logfile-date-format ;; 'strftime' format string to prefix each entry in the log. --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=v3-0002-doc-Add-Managing-User-Services.patch Content-Transfer-Encoding: quoted-printable >From ae64ec3bfa7a0e4e877f06161f2d6aacb5804960 Mon Sep 17 00:00:00 2001 From: "Jan (janneke) Nieuwenhuizen" Date: Sun, 11 Oct 2020 10:59:04 +0200 Subject: [PATCH v3 2/2] doc: Add "Managing User Services". MIME-Version: 1.0 Content-Type: text/plain; charset=3DUTF-8 Content-Transfer-Encoding: 8bit Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=3DUTF-8 * modules/shepherd/support.scm: Export %user-cache-dir, %user-config-dir, %user-runtime-dir. * doc/shepherd.texi (Managing User Services): Use them in new section with example. Co-authored-by: Efraim Flashner Co-authored-by: Ludovic Court=C3=A8s --- doc/shepherd.texi | 81 ++++++++++++++++++++++++++++++++++-- modules/shepherd/support.scm | 4 ++ 2 files changed, 81 insertions(+), 4 deletions(-) diff --git a/doc/shepherd.texi b/doc/shepherd.texi index 7c9a739..ea3edf0 100644 --- a/doc/shepherd.texi +++ b/doc/shepherd.texi @@ -13,6 +13,7 @@ Copyright @copyright{} @value{OLD-YEARS} Wolfgang J@"ahrl= ing@* Copyright @copyright{} @value{NEW-YEARS} Ludovic Court=C3=A8s@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 Oleg Pykhalov +Copyright @copyright{} 2020 Jan (janneke) Nieuwenhuizen@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -146,10 +147,11 @@ configuration file. When it is started with superuse= r privileges, it tries to use @code{/etc/shepherd.scm}. When started as normal user, it looks for a file called @code{$XDG_CONFIG_HOME/shepherd/init.scm}. If the @code{XDG_CONFIG_HOME} environment variable is not defined, -@code{$HOME/.config/shepherd/init.scm} is used instead. With the option -@code{--config} (or, for short, @code{-c}), you can specify where to -look instead. So if you want to start @command{shepherd} with an -alternative file, use one of the following commands: +@code{$HOME/.config/shepherd/init.scm} is used instead (@pxref{Managing +User Services }). With the option @code{--config} (or, for short, +@code{-c}), you can specify where to look instead. So if you want to +start @command{shepherd} with an alternative file, use one of the +following commands: =20 @example shepherd --config=3D/etc/shepherd.scm.old @@ -591,6 +593,7 @@ defined in the @code{(shepherd service)} module. * Service De- and Constructors:: Commonly used ways of starting and stopping services. * Service Examples:: Examples that show how services are used. +* Managing User Services:: Running the Shepherd as a user. * The root and unknown services:: Special services in the Shepherd. @end menu =20 @@ -1025,6 +1028,76 @@ also specifies some more initial values for the slot= s: (restart (...))))) @end lisp =20 +@node Managing User Services +@section Managing User Services + +The Shepherd can be used to manage services for an unprivileged user. +First, you may want to ensure it is up and running every time you log +in. One way to accomplish that is by adding the following lines to +@file{~/.bash_profile} (@pxref{Bash Startup Files,,, bash, The GNU Bash +Reference Manual}): + +@verbatim +if [[ ! -S ${XDG_RUNTIME_DIR-$HOME/.cache}/shepherd/socket ]]; then + shepherd +fi +@end verbatim + +Then, we suggest the following top-level +@file{$XDG_CONFIG_HOME/shepherd/init.scm} file, which will automatically +load individual service definitions from +@file{~/.config/shepherd/init.d}: + +@lisp +(use-modules (shepherd service) + ((ice-9 ftw) #:select (scandir))) + +;; Load all the files in the directory 'init.d' with a suffix '.scm'. +(for-each + (lambda (file) + (load (string-append "init.d/" file))) + (scandir (string-append (dirname (current-filename)) "/init.d") + (lambda (file) + (string-suffix? ".scm" file)))) + +;; Send shepherd into the background +(action 'shepherd 'daemonize) +@end lisp + +Then, individual user services can be put in +@code{$XDG_CONFIG_HOME/shepherd/init.d/}, e.g., for @command{ssh-agent}. + +@lisp +;;; Commentary: +;;; +;;; Add to your ~/.bash_profile: +;;; +;;; SSH_AUTH_SOCK=3D$@{XDG_RUNTIME_DIR-$HOME/.cache@}/ssh-agent/socket +;;; export SSH_AUTH_SOCK +;;; +;;; Code: + +(use-modules (shepherd support)) + +(define ssh-agent + (make + #:provides '(ssh-agent) + #:docstring "Run `ssh-agent'" + #:start (lambda () + (let ((socket-dir (string-append %user-runtime-dir "/ssh-age= nt"))) + (unless (file-exists? socket-dir) + (mkdir-p socket-dir) + (chmod socket-dir #o700)) + (fork+exec-command + `("ssh-agent" "-D" "-a" ,(string-append socket-dir "/sock= et")) + #:log-file (string-append %user-cache-dir "/ssh-agent.log= ")))) + #:stop (make-kill-destructor) + #:respawn? #t)) + +(register-services ssh-agent) +(start ssh-agent) +@end lisp + @c @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ =20 @node The root and unknown services diff --git a/modules/shepherd/support.scm b/modules/shepherd/support.scm index fe64a05..bf34ada 100644 --- a/modules/shepherd/support.scm +++ b/modules/shepherd/support.scm @@ -61,6 +61,10 @@ persistency persistency-state-file =20 + %user-cache-dir + %user-config-dir + %user-runtime-dir + verify-dir)) =20 (define-syntax-rule (if-2.0 subsequent alternate) --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-=--