From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id BLuMEzIB+GN0LwEAbAwnHQ (envelope-from ) for ; Fri, 24 Feb 2023 01:13:38 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id KHEEEjIB+GOnDAEAG6o9tA (envelope-from ) for ; Fri, 24 Feb 2023 01:13:38 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DB51E24BE0 for ; Fri, 24 Feb 2023 01:13:37 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pVLhy-00017o-QR; Thu, 23 Feb 2023 19:13:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVLhw-00017N-Ey for guix-patches@gnu.org; Thu, 23 Feb 2023 19:13:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pVLhv-000447-7P; Thu, 23 Feb 2023 19:13:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pVLhu-0008GS-JJ; Thu, 23 Feb 2023 19:13:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61744] [PATCH] services: base: Deprecate 'pam-limits-service' procedure. Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, guix-patches@gnu.org Resent-Date: Fri, 24 Feb 2023 00:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 61744 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61744@debbugs.gnu.org Cc: Bruno Victal , ludo@gnu.org X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: ludo@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.167719756131737 (code B ref -1); Fri, 24 Feb 2023 00:13:02 +0000 Received: (at submit) by debbugs.gnu.org; 24 Feb 2023 00:12:41 +0000 Received: from localhost ([127.0.0.1]:35613 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVLhY-0008Fp-CG for submit@debbugs.gnu.org; Thu, 23 Feb 2023 19:12:40 -0500 Received: from lists.gnu.org ([209.51.188.17]:55930) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVLhV-0008Fg-Kx for submit@debbugs.gnu.org; Thu, 23 Feb 2023 19:12:39 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVLhV-00014I-FJ for guix-patches@gnu.org; Thu, 23 Feb 2023 19:12:37 -0500 Received: from smtpm7.myservices.hosting ([185.26.105.208]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVLhS-0003zn-PO for guix-patches@gnu.org; Thu, 23 Feb 2023 19:12:36 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm7.myservices.hosting (Postfix) with ESMTP id 2986320D16 for ; Fri, 24 Feb 2023 01:12:27 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id CB64880097; Fri, 24 Feb 2023 01:12:27 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oO1jCdl9ITqi; Fri, 24 Feb 2023 01:12:27 +0100 (CET) Received: from guix-nuc.home.arpa (bl9-119-177.dsl.telepac.pt [85.242.119.177]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id D6BE780079; Fri, 24 Feb 2023 01:12:26 +0100 (CET) From: Bruno Victal Date: Fri, 24 Feb 2023 00:12:10 +0000 Message-Id: X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 tags: patch Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=185.26.105.208; envelope-from=mirai@makinata.eu; helo=smtpm7.myservices.hosting X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677197618; a=rsa-sha256; cv=none; b=iafRaTwA5bEx7QVK20H5LagaXrJXVWDkZdSWO8HcgPs4Mt0Cqoo3FAmkmRsOF3HB4NueT4 /19KO0qpQbxZAKT0jU+qckd4SYkTwYkiosbSITZ3ezVFentgjMxgIWxuoEsvW71kOVmkox dOzBIyd65cbTxRbElrmDlt5tlGnJaK57jte2Red7RUKM6PFW4fqJ7AKLKeKO60iK7fJvyb vff4LbITkrEO4ktvpLX/2PWInq9aHFEtq9lFnR7a6yrLFqs6cr2Z4rWin9MeL1SNi71Uuw 9CiySUvs7BlxDyTUtNbV2omOfFUXweOYhpeA1pR71aDpEDSgaxRsasplz9oBXg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1677197618; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=3t8xDQI3acOlwk9y3d4FE/L2ZVq51D0k19ZQDsqiA98=; b=BSy9CUemh9/uCbaK/Wb+pkhrYXy6OfcaaUxKiF1zwK2ZbZkHTzNRQlmJd8LB51enO7w3CL mXDhMm0e6TYdcIkpYR04AMD4EtXPH6ZqSRq7GL1IK/cgL/R36gf9vQlnd2nz2/Gp3sa5dZ Zb4GjGwwuGgPtR1lzMc7YEz+rEE4EVmb6t36Hbi7iX327FNvDkidDcEgcU7NxnwuOItkBh 5ZknJfxBC9eNMDl4b++b2Stv/cb+WtpM3mGvnsEllM3AsAf9ee5H6xZEHO5RLoebTJxNTe 4e11sNANtPuO9WDpweL4XEPwdCY82FJDVfPZvWT/I/aYfLBx6LwYLOvlpV/GFQ== X-Migadu-Spam-Score: -1.87 X-Spam-Score: -1.87 X-Migadu-Queue-Id: DB51E24BE0 X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-TUID: FHUKsiO7cXLB * doc/guix.texi (Base Services): Replace pam-limits-service with pam-limits-service-type. * gnu/packages/benchmark.scm (python-locust)[description]: Update index anchor to manual. * gnu/services/base.scm (pam-limits-service-type): Accept both lists and file-like objects for compatibility. (pam-limits-service): Deprecate procedure. --- Sending this one for review now since this service is a bit unusual compared to the other ones. doc/guix.texi | 18 ++++++++--------- gnu/packages/benchmark.scm | 2 +- gnu/services/base.scm | 41 +++++++++++++++++++++++++++----------- 3 files changed, 39 insertions(+), 22 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a7ef00f421..9127090d44 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18926,7 +18926,6 @@ Base Services @var{device} does not exist. @end deffn -@anchor{pam-limits-service} @cindex session limits @cindex ulimit @cindex priority @@ -18934,19 +18933,20 @@ Base Services @cindex jackd @cindex nofile @cindex open file descriptors -@deffn {Scheme Procedure} pam-limits-service [#:limits @code{'()}] - -Return a service that installs a configuration file for the +@anchor{pam-limits-service-type} +@defvar pam-limits-service-type +Type of the service that installs a configuration file for the @uref{http://linux-pam.org/Linux-PAM-html/sag-pam_limits.html, -@code{pam_limits} module}. The procedure optionally takes a list of -@code{pam-limits-entry} values, which can be used to specify +@code{pam_limits} module}. The value for this service type is +a list of @code{pam-limits-entry} values, which can be used to specify @code{ulimit} limits and @code{nice} priority limits to user sessions. +By default, the value is the empty list. The following limits definition sets two hard and soft limits for all login sessions of users in the @code{realtime} group: @lisp -(pam-limits-service +(service pam-limits-service-type (list (pam-limits-entry "@@realtime" 'both 'rtprio 99) (pam-limits-entry "@@realtime" 'both 'memlock 'unlimited))) @@ -18961,7 +18961,7 @@ Base Services descriptors that can be used: @lisp -(pam-limits-service +(service pam-limits-service-type (list (pam-limits-entry "*" 'both 'nofile 100000))) @end lisp @@ -18972,7 +18972,7 @@ Base Services else the users would be prevented from login in. For more information about the Pluggable Authentication Module (PAM) limits, refer to the @samp{pam_limits} man page from the @code{linux-pam} package. -@end deffn +@end defvar @defvar greetd-service-type @uref{https://git.sr.ht/~kennylevinsen/greetd, @code{greetd}} is a minimal and diff --git a/gnu/packages/benchmark.scm b/gnu/packages/benchmark.scm index 33e2466da9..fd8513f41d 100644 --- a/gnu/packages/benchmark.scm +++ b/gnu/packages/benchmark.scm @@ -458,7 +458,7 @@ (define-public python-locust Note: Locust will complain if the available open file descriptors limit for the user is too low. To raise such limit on a Guix System, refer to -@samp{info guix --index-search=pam-limits-service}.") +@samp{info guix --index-search=pam-limits-service-type}.") (license license:expat))) (define-public interbench diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 35b03a877b..5a2e0263e4 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -40,7 +40,7 @@ (define-module (gnu services base) #:use-module (guix store) #:use-module (guix deprecation) - #:autoload (guix diagnostics) (warning &fix-hint) + #:autoload (guix diagnostics) (warning report-error &fix-hint) #:autoload (guix i18n) (G_) #:use-module (guix combinators) #:use-module (gnu services) @@ -245,7 +245,7 @@ (define-module (gnu services base) kmscon-service-type pam-limits-service-type - pam-limits-service + pam-limits-service ; deprecated greetd-service-type greetd-configuration @@ -1570,17 +1570,13 @@ (define* (syslog-service #:optional (config (syslog-configuration))) (define pam-limits-service-type - (let ((security-limits - ;; Create /etc/security containing the provided "limits.conf" file. - (lambda (limits-file) - `(("security/limits.conf" - ,limits-file)))) - (pam-extension + (let ((pam-extension (lambda (pam) (let ((pam-limits (pam-entry (control "required") (module "pam_limits.so") - (arguments '("conf=/etc/security/limits.conf"))))) + (arguments + '("conf=/etc/security/limits.conf"))))) (if (member (pam-service-name pam) '("login" "greetd" "su" "slim" "gdm-password" "sddm" "sudo" "sshd")) @@ -1588,7 +1584,26 @@ (define pam-limits-service-type (inherit pam) (session (cons pam-limits (pam-service-session pam)))) - pam))))) + pam)))) + + ;; XXX: Using file-like objects is deprecated, use lists instead. + ;; This is to be reduced into the list? case when the deprecated + ;; code gets removed. + ;; Create /etc/security containing the provided "limits.conf" file. + (security-limits + (match-lambda + ((? file-like? obj) + (warning (G_ "Using file-like value for 'pam-limits-service-type' +is deprecated~%")) + obj) + ((? list? lst) + `(("security/limits.conf" + ,(plain-file "limits.conf" + (string-join (map pam-limits-entry->string lst) + "\n" 'suffix))))) + (_ (report-error + (G_ "invalid input for 'pam-limits-service-type'~%")))))) + (service-type (name 'limits) (extensions @@ -1598,9 +1613,11 @@ (define pam-limits-service-type (description "Install the specified resource usage limits by populating @file{/etc/security/limits.conf} and using the @code{pam_limits} -authentication module.")))) +authentication module.") + (default-value '())))) -(define* (pam-limits-service #:optional (limits '())) +(define-deprecated (pam-limits-service #:optional (limits '())) + pam-limits-service-type "Return a service that makes selected programs respect the list of pam-limits-entry specified in LIMITS via pam_limits.so." (service pam-limits-service-type base-commit: 5d10644371abd54d0edcd638691113f0a92de743 -- 2.39.1