From: Bruno Victal <mirai@makinata.eu>
To: 61789@debbugs.gnu.org
Cc: Bruno Victal <mirai@makinata.eu>
Subject: [bug#61789] [PATCH 10/27] services: base: Deprecate 'pam-limits-service' procedure.
Date: Sat, 25 Feb 2023 18:57:56 +0000 [thread overview]
Message-ID: <dfe7a382916396d1de4f6f2e8eeccf548a8857f5.1677350249.git.mirai@makinata.eu> (raw)
In-Reply-To: <cover.1677350249.git.mirai@makinata.eu>
* doc/guix.texi (Base Services): Replace pam-limits-service with pam-limits-service-type.
* gnu/packages/benchmark.scm (python-locust)[description]: Update index anchor to manual.
* gnu/services/base.scm (pam-limits-service-type): Accept both lists and
file-like objects for compatibility.
(pam-limits-service): Deprecate procedure.
---
doc/guix.texi | 18 ++++++++---------
gnu/packages/benchmark.scm | 2 +-
gnu/services/base.scm | 41 +++++++++++++++++++++++++++-----------
3 files changed, 39 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index ec6f2d9c31..f9ca809e47 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18938,7 +18938,6 @@ Base Services
@end table
@end deftp
-@anchor{pam-limits-service}
@cindex session limits
@cindex ulimit
@cindex priority
@@ -18946,19 +18945,20 @@ Base Services
@cindex jackd
@cindex nofile
@cindex open file descriptors
-@deffn {Scheme Procedure} pam-limits-service [#:limits @code{'()}]
-
-Return a service that installs a configuration file for the
+@anchor{pam-limits-service-type}
+@defvar pam-limits-service-type
+Type of the service that installs a configuration file for the
@uref{http://linux-pam.org/Linux-PAM-html/sag-pam_limits.html,
-@code{pam_limits} module}. The procedure optionally takes a list of
-@code{pam-limits-entry} values, which can be used to specify
+@code{pam_limits} module}. The value for this service type is
+a list of @code{pam-limits-entry} values, which can be used to specify
@code{ulimit} limits and @code{nice} priority limits to user sessions.
+By default, the value is the empty list.
The following limits definition sets two hard and soft limits for all
login sessions of users in the @code{realtime} group:
@lisp
-(pam-limits-service
+(service pam-limits-service-type
(list
(pam-limits-entry "@@realtime" 'both 'rtprio 99)
(pam-limits-entry "@@realtime" 'both 'memlock 'unlimited)))
@@ -18973,7 +18973,7 @@ Base Services
descriptors that can be used:
@lisp
-(pam-limits-service
+(service pam-limits-service-type
(list
(pam-limits-entry "*" 'both 'nofile 100000)))
@end lisp
@@ -18984,7 +18984,7 @@ Base Services
else the users would be prevented from login in. For more information
about the Pluggable Authentication Module (PAM) limits, refer to the
@samp{pam_limits} man page from the @code{linux-pam} package.
-@end deffn
+@end defvar
@defvar greetd-service-type
@uref{https://git.sr.ht/~kennylevinsen/greetd, @code{greetd}} is a minimal and
diff --git a/gnu/packages/benchmark.scm b/gnu/packages/benchmark.scm
index 33e2466da9..fd8513f41d 100644
--- a/gnu/packages/benchmark.scm
+++ b/gnu/packages/benchmark.scm
@@ -458,7 +458,7 @@ (define-public python-locust
Note: Locust will complain if the available open file descriptors limit for
the user is too low. To raise such limit on a Guix System, refer to
-@samp{info guix --index-search=pam-limits-service}.")
+@samp{info guix --index-search=pam-limits-service-type}.")
(license license:expat)))
(define-public interbench
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 1423ab6767..bda38abae3 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -40,7 +40,7 @@
(define-module (gnu services base)
#:use-module (guix store)
#:use-module (guix deprecation)
- #:autoload (guix diagnostics) (warning &fix-hint)
+ #:autoload (guix diagnostics) (warning report-error &fix-hint)
#:autoload (guix i18n) (G_)
#:use-module (guix combinators)
#:use-module (gnu services)
@@ -246,7 +246,7 @@ (define-module (gnu services base)
kmscon-service-type
pam-limits-service-type
- pam-limits-service
+ pam-limits-service ; deprecated
greetd-service-type
greetd-configuration
@@ -1584,17 +1584,13 @@ (define-deprecated (syslog-service #:optional (config (syslog-configuration)))
(define pam-limits-service-type
- (let ((security-limits
- ;; Create /etc/security containing the provided "limits.conf" file.
- (lambda (limits-file)
- `(("security/limits.conf"
- ,limits-file))))
- (pam-extension
+ (let ((pam-extension
(lambda (pam)
(let ((pam-limits (pam-entry
(control "required")
(module "pam_limits.so")
- (arguments '("conf=/etc/security/limits.conf")))))
+ (arguments
+ '("conf=/etc/security/limits.conf")))))
(if (member (pam-service-name pam)
'("login" "greetd" "su" "slim" "gdm-password" "sddm"
"sudo" "sshd"))
@@ -1602,7 +1598,26 @@ (define pam-limits-service-type
(inherit pam)
(session (cons pam-limits
(pam-service-session pam))))
- pam)))))
+ pam))))
+
+ ;; XXX: Using file-like objects is deprecated, use lists instead.
+ ;; This is to be reduced into the list? case when the deprecated
+ ;; code gets removed.
+ ;; Create /etc/security containing the provided "limits.conf" file.
+ (security-limits
+ (match-lambda
+ ((? file-like? obj)
+ (warning (G_ "Using file-like value for 'pam-limits-service-type'
+is deprecated~%"))
+ obj)
+ ((? list? lst)
+ `(("security/limits.conf"
+ ,(plain-file "limits.conf"
+ (string-join (map pam-limits-entry->string lst)
+ "\n" 'suffix)))))
+ (_ (report-error
+ (G_ "invalid input for 'pam-limits-service-type'~%"))))))
+
(service-type
(name 'limits)
(extensions
@@ -1612,9 +1627,11 @@ (define pam-limits-service-type
(description
"Install the specified resource usage limits by populating
@file{/etc/security/limits.conf} and using the @code{pam_limits}
-authentication module."))))
+authentication module.")
+ (default-value '()))))
-(define* (pam-limits-service #:optional (limits '()))
+(define-deprecated (pam-limits-service #:optional (limits '()))
+ pam-limits-service-type
"Return a service that makes selected programs respect the list of
pam-limits-entry specified in LIMITS via pam_limits.so."
(service pam-limits-service-type
--
2.39.1
next prev parent reply other threads:[~2023-02-25 19:01 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-25 18:53 [bug#61789] [PATCH 00/27] Deprecate old-style services Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 01/27] services: base: Deprecate 'host-name-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 02/27] services: base: Deprecate 'login-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 03/27] services: base: Deprecate 'mingetty-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 04/27] services: base: Deprecate 'agetty-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 05/27] doc: kmscon-service-type: Use @defvar @-command Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 06/27] services: base: Deprecate 'nscd-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 07/27] services: base: Deprecate 'syslog-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 08/27] services: base: Deprecate 'udev-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 09/27] services: base: Deprecate 'rngd-service' procedure Bruno Victal
2023-02-25 18:57 ` Bruno Victal [this message]
2023-03-03 16:40 ` [bug#61789] [PATCH 00/27] Deprecate old-style services Ludovic Courtès
2023-02-25 18:57 ` [bug#61789] [PATCH 11/27] services: tor: Deprecate 'tor-hidden-service' procedure Bruno Victal
2023-03-03 16:43 ` [bug#61789] ‘tor-hidden-service’ deprecation Ludovic Courtès
2023-03-05 17:51 ` Bruno Victal
2023-03-06 16:05 ` Ludovic Courtès
2023-02-25 18:57 ` [bug#61789] [PATCH 12/27] services: ssh: Deprecate 'lsh-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 13/27] services: ssh: Deprecate 'dropbear-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 14/27] services: xorg: Deprecate 'screen-locker-service' procedure Bruno Victal
2023-03-03 16:45 ` [bug#61789] ‘screen-locker-service’ deprecation Ludovic Courtès
2023-03-06 14:36 ` Bruno Victal
2023-03-06 22:32 ` Ludovic Courtès
2023-02-25 18:58 ` [bug#61789] [PATCH 15/27] services: desktop: Deprecate 'elogind-service' procedure Bruno Victal
2023-03-03 16:48 ` [bug#61789] ‘elogind-configuration’ documentation needs love Ludovic Courtès
2023-02-25 18:58 ` [bug#61789] [PATCH 16/27] services: elogind-configuration: Do not ignore 'handle-hibernate-key' by default Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 17/27] services: desktop: Deprecate 'accountsservice-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 18/27] services: dbus: Deprecate 'polkit-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 19/27] services: desktop: Deprecate 'udisks-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 20/27] services: desktop: Deprecate 'geoclue-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 21/27] services: desktop: Deprecate 'bluetooth-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 22/27] services: mail: Deprecate 'dovecot-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 23/27] services: vpn: Deprecate 'openvpn-client-service' & 'openvpn-server-service' procedures Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 24/27] services: lirc: Deprecate 'lirc-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 25/27] services: spice: Deprecate 'spice-vdagent-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 26/27] services: dict: Deprecate 'dicod-service' procedure Bruno Victal
2023-03-03 16:52 ` [bug#61789] ‘dicod-service’ deprecation Ludovic Courtès
2023-02-25 18:58 ` [bug#61789] [PATCH 27/27] services: dbus: Deprecate 'dbus-service' procedure Bruno Victal
2023-03-03 17:09 ` [bug#61789] [PATCH 00/27] Deprecate old-style services Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dfe7a382916396d1de4f6f2e8eeccf548a8857f5.1677350249.git.mirai@makinata.eu \
--to=mirai@makinata.eu \
--cc=61789@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).