From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43052)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fuFbq-0003gp-Qe
	for guix-patches@gnu.org; Mon, 27 Aug 2018 07:23:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fuFbp-0001gI-Ur
	for guix-patches@gnu.org; Mon, 27 Aug 2018 07:23:02 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:56826)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1fuFbp-0001fQ-Pb
	for guix-patches@gnu.org; Mon, 27 Aug 2018 07:23:01 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fuFbp-0006CK-LV
	for guix-patches@gnu.org; Mon, 27 Aug 2018 07:23:01 -0400
Subject: [bug#32141] [PATCH] services: Add ddclient service.
Resent-Message-ID: <handler.32141.B32141.153536897823815@debbugs.gnu.org>
From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
References: <20180713145854.12250-1-go.wigust@gmail.com>
	<87lga7wokr.fsf@gnu.org> <87effrpynp.fsf@gmail.com>
	<87o9eu2xl1.fsf@gnu.org> <874lgengj9.fsf@gmail.com>
Date: Mon, 27 Aug 2018 13:22:45 +0200
In-Reply-To: <874lgengj9.fsf@gmail.com> (Oleg Pykhalov's message of "Wed, 01
	Aug 2018 20:27:38 +0300")
Message-ID: <87zhx8awai.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Oleg Pykhalov <go.wigust@gmail.com>
Cc: 32141@debbugs.gnu.org

Hi Oleg,

Sorry for the delay, I had forgotten about this patch.  (Feel free to
ping when that happens!)

Oleg Pykhalov <go.wigust@gmail.com> skribis:

> I applied all your suggestions and updated the documentation.  The patch
> is attached below.  I run a ddclient service from this patch currently.

Neat.

> ludo@gnu.org (Ludovic Court=C3=A8s) writes:

[...]

>> In short we must not manipulate secrets in anything that goes through
>> the store.  The only thing I can suggest is to leave it up to the
>> user to create a file containing the secret in an out-of-band fashion;
>> /etc is a good place for such things.
>>
>> For example, they could create /etc/ddclient-secrets and then we would
>> somehow arrange to get that file read.
>>
>> To do that there are two possibilities that come to mind:
>>
>>   1. If the config file syntax has an =E2=80=9Cinclude=E2=80=9D directiv=
e, just include
>>      /etc/ddclient-secrets unconditionally in the generated config file.
>>
>>   2. Write an activation snippet that concatenates the generated config
>>      file with /etc/ddclient-secrets and stores that as
>>      /etc/ddclient.conf (or something like that.)
>>
>> Thoughts?
>
> Could we use =E2=80=98/etc/ddclient=E2=80=99 directory for secrets file, =
because
> ddclient program use this directory by default?

Sure.

> From 3f47ae60ecb2e8780c451e93976b5c83135d8420 Mon Sep 17 00:00:00 2001
> From: Oleg Pykhalov <go.wigust@gmail.com>
> Date: Fri, 13 Jul 2018 11:49:13 +0300
> Subject: [PATCH] services: Add ddclient service.
>
> * gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): N=
ew
> variables.
> (uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
> serialize-string, serialize-list, serialize-extra-options,
> ddclient-activation, ddclient-shepherd-service,
> generate-ddclient-documentation): New procedures.
> * doc/guix.texi (DNS Services): Document it.

[...]

> +By default, the @code{secret-file} in @code{ddclient-configuration} is
> +pointing to @file{/etc/ddclient/secrets.conf} file, which will be append=
ed to
> +@file{/etc/ddclient/ddclient.conf} and should be created in advance.  See
> +samples inside @file{/share/ddclient} directory of @code{ddclient} packa=
ge.

I propose slightly different wording, to make it clear that users are
expected to provide the secret file:

  The following example show instantiates the service with its default
  configuration:

  @example
  (service ddclient-service-type)
  @end example

  Note that ddclient needs to access credentials that are stored in a
  @dfn{secret file}, by default @file{/etc/ddclient/secrets} (see
  @code{secret-file} below.)  You are expected to create this file
  manually, in an ``out-of-band'' fashion (you @emph{could} make this
  file part of the service configuration, for instance by using
  @code{plain-file}, but it will be world-readable @i{via}
  @file{/gnu/store}.)  See the examples in the @file{share/ddclient}
  directory of the @code{ddclient} package.

WDYT?

> +@deftypevr {@code{ddclient-configuration} parameter} string secret-file
> +Secret file which will be appended to ddclient.conf file.
                                         ^
@file{ddclient.conf}

Maybe add:

  This file contains credentials for use by ddclient.  You are expected
  to create it manually.

> +Defaults to @samp{"/etc/ddclient/secrets.conf"}.

OK with changes along these lines.

Thank you!

Ludo=E2=80=99.