From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id sLSVN+QsaWX7dgAAG6o9tA:P1 (envelope-from ) for ; Fri, 01 Dec 2023 01:46:29 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id sLSVN+QsaWX7dgAAG6o9tA (envelope-from ) for ; Fri, 01 Dec 2023 01:46:29 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7B40F136AE for ; Fri, 1 Dec 2023 01:46:28 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=fwCQRG9D; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1701391588; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=jyzYNmziwY/8RqHRZLr065/5SQmMuyV8hGjRuP+UHgk=; b=R/uQGpyFRnW/SGUN+A14QuppiA9D1fbKY+wEPWjUx83JXiyLSfjmoCFCex3bX5jp7VHyYM PiH2Gg4l67WeL3y9HyUa5bXS01YJpKyTjv1pFM7rgt3DihbXmAVYNrvqA1jUFP1b5wRnhA 4QG+E2lu+hUagaTWN8hXlH2uyf4Lo0ikIt1w33RruH+A01t7LnYf+n0/3Sl1V3NnxmYU1C QYLe4zJsoEkrYigGzjOjnWZOoYrypPzwuhBUr72T1VV3JA36QMdyYDrPqoUCPAlRP5Cyrq T4Lt3JR6CUt7Om+WLnDUeNO5RQGnfe/tulJdhxm0Jp59/HglIuEmXl51qrTi6g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=fwCQRG9D; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1701391588; a=rsa-sha256; cv=none; b=ctmxrJNsQbCv7c9s7MwOg7QoF80LIUH365h39rqdDi0PgTXczF5jUZYXlFPn6LPKmfrTx9 kc4Dzv8ZpUNys5fIM+zRuPxV7ncACKR/JDzWej7yLwNh7K6Rn7Sc78Gip6UP5EaV8MVYRx 05SHHZg14TFDPIpptbOpJIPEvdwl0yVOXLUrIelzoTyoIUdCFUOxWmR8qf5egG/AgvCv4p 6TIhpJlttPwIvkv5FC/TpMQkfBOL4B/WQ/1/vIR0DySPR/d0bra+Qnw26i4EOgldnqlH3i ayx9gukFx2OBpctHQqqVplWAm2JF5IaW6JaPLnBAk8XxxVHxO7Wc6f/0hW7eHg== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r8rfI-0007bL-KC; Thu, 30 Nov 2023 19:45:56 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r8rfG-0007a3-CU for guix-patches@gnu.org; Thu, 30 Nov 2023 19:45:54 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r8rfG-0002g0-3y for guix-patches@gnu.org; Thu, 30 Nov 2023 19:45:54 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r8rfO-0008RU-GE for guix-patches@gnu.org; Thu, 30 Nov 2023 19:46:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67555] [PATCH 2/2] services: kerberos/heimdal.scm: New file, add Heimdal Kerberos services. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 01 Dec 2023 00:46:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67555 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67555@debbugs.gnu.org Cc: Felix Lechner Received: via spool by 67555-submit@debbugs.gnu.org id=B67555.170139155432431 (code B ref 67555); Fri, 01 Dec 2023 00:46:02 +0000 Received: (at 67555) by debbugs.gnu.org; 1 Dec 2023 00:45:54 +0000 Received: from localhost ([127.0.0.1]:54766 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r8rfE-0008Qz-Oj for submit@debbugs.gnu.org; Thu, 30 Nov 2023 19:45:53 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:60898) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r8rfB-0008QZ-Ac for 67555@debbugs.gnu.org; Thu, 30 Nov 2023 19:45:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=SkaMzPHE2H5J4MO NA6f9dRX0SqYi8nYFRri3EogMn2g=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=fwCQRG9DsXLBhyf+nboNKwq7M2pD3a2wCJG1skrQ bwmJlBkaO2YBqs22ujjPlPZDpg85en3LEltnwlNRUsc9y2m4wC5DXjAf91G1Fot7r6FBZc +GsbvoJosAhn7Hjuwmbrzqyfmz2FpbfL0QfDs4y7ud+em/CODvJUsbpBwsESc= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id ba5eea3d (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Fri, 1 Dec 2023 00:45:40 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 1fae17e7; Fri, 1 Dec 2023 00:45:39 +0000 (UTC) Date: Thu, 30 Nov 2023 16:45:12 -0800 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches From: Felix Lechner via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.64 X-Spam-Score: -6.64 X-Migadu-Queue-Id: 7B40F136AE X-Migadu-Scanner: mx12.migadu.com X-TUID: oYv95afwZZrk Includes detailed documentation and two system tests. Change-Id: I7b3a9da1340b559f1db8a8156581e73b918cfb78 --- doc/guix.texi | 101 +++++++++++++++- gnu/local.mk | 3 + gnu/services/kerberos.scm | 120 ++++++++++++++++++- gnu/services/kerberos/heimdal.scm | 189 ++++++++++++++++++++++++++++++ gnu/tests/heimdal-kadmind.scm | 71 +++++++++++ gnu/tests/heimdal-kdc.scm | 71 +++++++++++ 6 files changed, 551 insertions(+), 4 deletions(-) create mode 100644 gnu/services/kerberos/heimdal.scm create mode 100644 gnu/tests/heimdal-kadmind.scm create mode 100644 gnu/tests/heimdal-kdc.scm diff --git a/doc/guix.texi b/doc/guix.texi index a5119d2058..ecb85771ad 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -29979,7 +29979,8 @@ Kerberos Services Other implementations have not been tested. @defvar krb5-association-service-type -A service type for Kerberos 5 clients. +A service type for Kerberos 5 clients. This service type was previously +named @code{krb5-service-type}. @end defvar @noindent @@ -30037,6 +30038,8 @@ Kerberos Services @deftp {Data Type} krb5-association-configuration +This configuration record was previously named @code{krb5-configuration}. + @table @asis @item @code{allow-weak-crypto?} (default: @code{#f}) If this flag is @code{#t} then services which only offer encryption algorithms @@ -30059,6 +30062,102 @@ Kerberos Services @end deftp +@subsubheading Heimdal Key Distribution (Kdc) Service + +The @code{(gnu services kerberos heimdal)} module provides services +related to the @dfn{Heimdal} implementation for the authentication +protocol @dfn{Kerberos}. + +This service starts the @dfn{Kerberos Key Distribution Center} +server. The server will remain running. + +Kerberos client programs can obtain the location of this server from a +configuration file at @file{/etc/krb5.conf}. You may wish to create that +file separately via the @code{krb5-association-service-type}. + +@c %start of fragment +@deftp {Data Type} heimdal-kdc-configuration +Available @code{heimdal-kdc-configuration} fields are: + +@table @asis +@item @code{heimdal} (default: @code{heimdal}) (type: file-like) +The heimdal package to use. + +@item @code{config-file} (type: maybe-string) +Configuration file for Heimdal KDC server. + +@item @code{require-preauth?} (default: @code{#t}) (type: boolean) +Require pre-authentication in the initial AS-REQ for all principals. + +@item @code{max-request-size} (type: maybe-non-negative-integer) +Maximum size of requests the server is willing to handle. + +@item @code{enable-http?} (default: @code{#f}) (type: boolean) +Listen on port 80 and handle requests encapsulated in HTTP. + +@item @code{v4-realm} (type: maybe-string) +Realm for version 4 requests. + +@item @code{ports} (default: @code{()}) (type: list-of-strings) +Ports to listen on. + +@item @code{addresses} (default: @code{()}) (type: list-of-strings) +Addresses to listen on. + +@item @code{disable-des?} (default: @code{#f}) (type: boolean) +Disable all DES encryption types. + +@end table + +@end deftp +@c %end of fragment + + +@subsubheading Heimdal Admin (Kadmind) Service + +The @code{(gnu services kerberos heimdal)} module provides services +related to the @dfn{Heimdal} implementation for the authentication +protocol @dfn{Kerberos}. + +This service starts the @dfn{Kerberos Administration} server. The server +will remain running. + +Kerberos client programs can obtain the location of the server from a +configuration file at @file{/etc/krb5.conf}. You may wish to create that +file separately via the @code{krb5-association-service-type}. + +@c %start of fragment +@deftp {Data Type} heimdal-kadmind-configuration +Available @code{heimdal-kadmind-configuration} fields are: + +@table @asis +@item @code{heimdal} (default: @code{heimdal}) (type: file-like) +The heimdal package to use. + +@item @code{config-file} (type: maybe-string) +Configuration file for Heimdal Kadmind server. + +@item @code{key-file} (type: maybe-string) +Location of master key file. + +@item @code{keytab} (type: maybe-string) +Kerberos keytab to use. + +@item @code{realm} (type: maybe-string) +Kerberos realm to serve. + +@item @code{debug?} (default: @code{#f}) (type: boolean) +Enable debugging. + +@item @code{ports} (default: @code{()}) (type: list-of-strings) +Ports to listen on. + +@end table + +@end deftp +@c %end of fragment + + @subsubheading PAM krb5 Service @cindex pam-krb5 diff --git a/gnu/local.mk b/gnu/local.mk index a82372527e..64cda5b8b6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -695,6 +695,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/guix.scm \ %D%/services/hurd.scm \ %D%/services/kerberos.scm \ + %D%/services/kerberos/heimdal.scm \ %D%/services/ldap.scm \ %D%/services/lightdm.scm \ %D%/services/linux.scm \ @@ -790,6 +791,8 @@ GNU_SYSTEM_MODULES = \ %D%/tests/ganeti.scm \ %D%/tests/gdm.scm \ %D%/tests/guix.scm \ + %D%/tests/heimdal-kadmind.scm \ + %D%/tests/heimdal-kdc.scm \ %D%/tests/monitoring.scm \ %D%/tests/nfs.scm \ %D%/tests/image.scm \ diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index ec9b6c10b5..432f205904 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -421,9 +421,123 @@ (define krb5-association-service-type normally expect a configuration file in @file{/etc/krb5.conf}. This service generates such a file. It does not cause any daemon to be started."))) -(define-deprecated krb-configuration krb5-association-configuration) -(define-deprecated krb-configuration? krb5-association-configuration?) -(define-deprecated krb-service-type krb5-association-service-type) +(define-deprecated krb5-service-type krb5-association-service-type) + +(define-deprecated/public-alias + krb5-configuration + krb5-association-configuration) +(define-deprecated/public-alias + krb5-configuration? + krb5-association-configuration?) + +(define-deprecated/public-alias + krb5-configuration-allow-weak-crypto? + krb5-association-configuration-allow-weak-crypto?) +(define-deprecated/public-alias + krb5-configuration-ap-req-checksum-type + krb5-association-configuration-ap-req-checksum-type) +(define-deprecated/public-alias + krb5-configuration-canonicalize? + krb5-association-configuration-canonicalize?) +(define-deprecated/public-alias + krb5-configuration-ccache-type + krb5-association-configuration-ccache-type) +(define-deprecated/public-alias + krb5-configuration-clockskew + krb5-association-configuration-clockskew) +(define-deprecated/public-alias + krb5-configuration-default-ccache-name + krb5-association-configuration-default-ccache-name) +(define-deprecated/public-alias + krb5-configuration-default-client-keytab-name + krb5-association-configuration-default-client-keytab-name) +(define-deprecated/public-alias + krb5-configuration-default-keytab-name + krb5-association-configuration-default-keytab-name) +(define-deprecated/public-alias + krb5-configuration-default-realm + krb5-association-configuration-default-realm) +(define-deprecated/public-alias + krb5-configuration-default-tgs-enctypes + krb5-association-configuration-default-tgs-enctypes) +(define-deprecated/public-alias + krb5-configuration-default-tkt-enctypes + krb5-association-configuration-default-tkt-enctypes) +(define-deprecated/public-alias + krb5-configuration-dns-canonicalize-hostname? + krb5-association-configuration-dns-canonicalize-hostname?) +(define-deprecated/public-alias + krb5-configuration-dns-lookup-kdc? + krb5-association-configuration-dns-lookup-kdc?) +(define-deprecated/public-alias + krb5-configuration-err-fmt + krb5-association-configuration-err-fmt) +(define-deprecated/public-alias + krb5-configuration-forwardable? + krb5-association-configuration-forwardable?) +(define-deprecated/public-alias + krb5-configuration-ignore-acceptor-hostname? + krb5-association-configuration-ignore-acceptor-hostname?) +(define-deprecated/public-alias + krb5-configuration-k5login-authoritative? + krb5-association-configuration-k5login-authoritative?) +(define-deprecated/public-alias + krb5-configuration-k5login-directory + krb5-association-configuration-k5login-directory) +(define-deprecated/public-alias + krb5-configuration-kcm-mach-service + krb5-association-configuration-kcm-mach-service) +(define-deprecated/public-alias + krb5-configuration-kcm-socket + krb5-association-configuration-kcm-socket) +(define-deprecated/public-alias + krb5-configuration-kdc-default-options + krb5-association-configuration-kdc-default-options) +(define-deprecated/public-alias + krb5-configuration-kdc-timesync + krb5-association-configuration-kdc-timesync) +(define-deprecated/public-alias + krb5-configuration-kdc-req-checksum-type + krb5-association-configuration-kdc-req-checksum-type) +(define-deprecated/public-alias + krb5-configuration-noaddresses? + krb5-association-configuration-noaddresses?) +(define-deprecated/public-alias + krb5-configuration-permitted-enctypes + krb5-association-configuration-permitted-enctypes) +(define-deprecated/public-alias + krb5-configuration-plugin-base-dir + krb5-association-configuration-plugin-base-dir) +(define-deprecated/public-alias + krb5-configuration-preferred-preauth-types + krb5-association-configuration-preferred-preauth-types) +(define-deprecated/public-alias + krb5-configuration-proxiable? + krb5-association-configuration-proxiable?) +(define-deprecated/public-alias + krb5-configuration-rdns? + krb5-association-configuration-rdns?) +(define-deprecated/public-alias + krb5-configuration-realm-try-domains + krb5-association-configuration-realm-try-domains) +(define-deprecated/public-alias + krb5-configuration-renew-lifetime + krb5-association-configuration-renew-lifetime) +(define-deprecated/public-alias + krb5-configuration-safe-checksum-type + krb5-association-configuration-safe-checksum-type) +(define-deprecated/public-alias + krb5-configuration-ticket-lifetime + krb5-association-configuration-ticket-lifetime) +(define-deprecated/public-alias + krb5-configuration-udp-preference-limit + krb5-association-configuration-udp-preference-limit) +(define-deprecated/public-alias + krb5-configuration-verify-ap-rereq-nofail? + krb5-association-configuration-verify-ap-rereq-nofail?) +(define-deprecated/public-alias + krb5-configuration-realms + krb5-association-configuration-realms) diff --git a/gnu/services/kerberos/heimdal.scm b/gnu/services/kerberos/heimdal.scm new file mode 100644 index 0000000000..0dc17f6315 --- /dev/null +++ b/gnu/services/kerberos/heimdal.scm @@ -0,0 +1,189 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2023 Felix Lechner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services kerberos heimdal) + #:use-module (gnu packages kerberos) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (ice-9 match) + #:export (heimdal-kdc-configuration + heimdal-kdc-service-type + heimdal-kadmind-configuration + heimdal-kadmind-service-type)) + + +;;; +;;; Heimdal Kdc +;;; + +(define-maybe/no-serialization string) + +(define (non-negative-integer? val) + (and (exact-integer? val) (not (negative? val)))) + +(define-maybe/no-serialization non-negative-integer) + +(define-configuration/no-serialization heimdal-kdc-configuration + (heimdal + (file-like heimdal) + "The heimdal package to use.") + (config-file + maybe-string + "Configuration file for Heimdal KDC server.") + (require-preauth? + (boolean #t) + "Require pre-authentication in the initial AS-REQ for all principals.") + (max-request-size + maybe-non-negative-integer + "Maximum size of requests the server is willing to handle.") + (enable-http? + (boolean #f) + "Listen on port 80 and handle requests encapsulated in HTTP.") + (v4-realm + maybe-string + "Realm for version 4 requests.") + (ports + (list-of-strings '()) + "Ports to listen on.") + (addresses + (list-of-strings '()) + "Addresses to listen on.") + (disable-des? + (boolean #f) + "Disable all DES encryption types.")) + +(define (heimdal-kdc-shepherd-service config) + "Return a for Heimdal's kdc for CONFIG." + (match-record config + (heimdal config-file require-preauth? + max-request-size enable-http? + v4-realm ports addresses + disable-des?) + (shepherd-service + (documentation "Run the Heimdal Kerberos KDC daemon (heimdal-kdc).") + (provision '(heimdal-kdc)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append heimdal "/libexec/kdc") + #$@(if (maybe-value-set? config-file) + `(,(string-append "--config-file=" (maybe-value config-file))) + '()) + #$@(if require-preauth? '() '("--no-require-preauth")) + #$@(if (maybe-value-set? max-request-size) + `(,(string-append + "--max-request-size=" + (number->string (maybe-value max-request-size)))) + '()) + #$@(if enable-http? '("--enable-http") '()) + #$@(if (maybe-value-set? v4-realm) + `(,(string-append "--v4-realm=" (maybe-value v4-realm))) + '()) + ;; ports parameter is white-space separated + #$@(if (null? ports) + '() + `(,(string-append "--ports=" (string-join ports)))) + ;; addresses parameter is white-space separated + #$@(if (null? addresses) + '() + `(,(string-append "--addresses=" (string-join addresses)))) + #$@(if disable-des? '("--disable-des") '())) + #:log-file "/var/log/kdc-shepherd")) + (stop #~(make-kill-destructor))))) + +(define heimdal-kdc-service-type + (service-type + (name 'heimdal-kdc) + (description + "Run the Heimdal @command{kdc} daemon.") + (extensions + (list + (service-extension shepherd-root-service-type + (compose list heimdal-kdc-shepherd-service)))) + (default-value (heimdal-kdc-configuration)))) + + +;;; +;;; Heimdal Kadmind +;;; + +(define-configuration/no-serialization heimdal-kadmind-configuration + (heimdal + (file-like heimdal) + "The heimdal package to use.") + (config-file + maybe-string + "Configuration file for Heimdal Kadmind server.") + (key-file + maybe-string + "Location of master key file.") + (keytab + maybe-string + "Kerberos keytab to use.") + (realm + maybe-string + "Kerberos realm to serve.") + (debug? + (boolean #f) + "Enable debugging.") + (ports + (list-of-strings '()) + "Ports to listen on.")) + +(define (heimdal-kadmind-shepherd-service config) + "Return a for Heimdal's kadmind for CONFIG." + (match-record config + (heimdal config-file key-file keytab + realm debug? ports) + (shepherd-service + (documentation "Run the Heimdal Kerberos admin daemon (heimdal-kadmind).") + (provision '(heimdal-kadmind)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append heimdal "/libexec/kadmind") + #$@(if (maybe-value-set? config-file) + `(,(string-append "--config-file=" (maybe-value config-file))) + '()) + #$@(if (maybe-value-set? key-file) + `(,(string-append "--key-file=" (maybe-value key-file))) + '()) + #$@(if (maybe-value-set? keytab) + `(,(string-append "--keytab=" (maybe-value keytab))) + '()) + #$@(if (maybe-value-set? realm) + `(,(string-append "--realm=" (maybe-value realm))) + '()) + #$@(if debug? '("--debug") '()) + ;; ports parameter is white-space separated + #$@(if (null? ports) + '() + `(,(string-append "--ports=" (string-join ports))))))) + (stop #~(make-kill-destructor))))) + +(define heimdal-kadmind-service-type + (service-type + (name 'heimdal-kadmind) + (description + "Run the Heimdal @command{kadmind} daemon.") + (extensions + (list + (service-extension shepherd-root-service-type + (compose list heimdal-kadmind-shepherd-service)))) + (default-value (heimdal-kadmind-configuration)))) diff --git a/gnu/tests/heimdal-kadmind.scm b/gnu/tests/heimdal-kadmind.scm new file mode 100644 index 0000000000..b340017c69 --- /dev/null +++ b/gnu/tests/heimdal-kadmind.scm @@ -0,0 +1,71 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Peter Mikkelsen +;;; Copyright © 2022 Bruno Victal +;;; Copyright © 2023 Felix Lechner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests heimdal-kadmind) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services kerberos heimdal) + #:use-module (gnu services networking) + #:use-module (guix gexp) + #:export (%test-heimdal-kadmind)) + +(define %heimdal-kadmind-os + (simple-operating-system + (service dhcp-client-service-type) + (service heimdal-kadmind-service-type))) + +(define (run-heimdal-kadmind-test) + "Run tests in %heimdal-kadmind-os, which has heimdal-kadmind running." + (define os + (marionette-operating-system + %heimdal-kadmind-os + #:imported-modules '((gnu services herd)))) + + (define vm + (virtual-machine os)) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette)) + (define marionette + (make-marionette (list #$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "heimdal-kadmind") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'heimdal-kadmind)) + marionette)) + + (test-end)))) + (gexp->derivation "heimdal-kadmind-test" test)) + +(define %test-heimdal-kadmind + (system-test + (name "heimdal-kadmind") + (description "Test that the heimdal-kadmind runs when started.") + (value (run-heimdal-kadmind-test)))) diff --git a/gnu/tests/heimdal-kdc.scm b/gnu/tests/heimdal-kdc.scm new file mode 100644 index 0000000000..b6424ace9e --- /dev/null +++ b/gnu/tests/heimdal-kdc.scm @@ -0,0 +1,71 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Peter Mikkelsen +;;; Copyright © 2022 Bruno Victal +;;; Copyright © 2023 Felix Lechner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests heimdal-kdc) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services kerberos heimdal) + #:use-module (gnu services networking) + #:use-module (guix gexp) + #:export (%test-heimdal-kdc)) + +(define %heimdal-kdc-os + (simple-operating-system + (service dhcp-client-service-type) + (service heimdal-kdc-service-type))) + +(define (run-heimdal-kdc-test) + "Run tests in %heimdal-kdc-os, which has heimdal-kdc running." + (define os + (marionette-operating-system + %heimdal-kdc-os + #:imported-modules '((gnu services herd)))) + + (define vm + (virtual-machine os)) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette)) + (define marionette + (make-marionette (list #$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "heimdal-kdc") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'heimdal-kdc)) + marionette)) + + (test-end)))) + (gexp->derivation "heimdal-kdc-test" test)) + +(define %test-heimdal-kdc + (system-test + (name "heimdal-kdc") + (description "Test that the heimdal-kdc runs when started.") + (value (run-heimdal-kdc-test)))) -- 2.41.0