From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47900) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eJbqD-0003LV-1Z for guix-patches@gnu.org; Tue, 28 Nov 2017 04:06:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eJbq6-0002VU-Bq for guix-patches@gnu.org; Tue, 28 Nov 2017 04:06:09 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:53011) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eJbq6-0002V7-7w for guix-patches@gnu.org; Tue, 28 Nov 2017 04:06:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eJbq5-00052M-VK for guix-patches@gnu.org; Tue, 28 Nov 2017 04:06:02 -0500 Subject: [bug#29483] [PATCH] services: Add openntpd service. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47473) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eJbp8-0002KU-Jv for guix-patches@gnu.org; Tue, 28 Nov 2017 04:05:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eJbox-0001xe-9D for guix-patches@gnu.org; Tue, 28 Nov 2017 04:05:01 -0500 Received: from flashner.co.il ([178.62.234.194]:41267) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eJbow-0001xD-Uv for guix-patches@gnu.org; Tue, 28 Nov 2017 04:04:51 -0500 From: Efraim Flashner Date: Tue, 28 Nov 2017 11:04:43 +0200 Message-Id: <20171128090443.15544-1-efraim@flashner.co.il> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 29483@debbugs.gnu.org Cc: Efraim Flashner * gnu/packages/ntp.scm (openntpd)[arguments]: Add 'configure-flags to set openntpd daemon's user and protected path. Add a custom phase to not try to create said directory at install time. * gnu/services/networking.scm (): New record type= . (openntpd-shepherd-service, openntpd-service-activation): New procedures. (openntpd-service-type): New variable. * doc/guix.texi (Networking Services): Add openntpd documentation. --- doc/guix.texi | 11 ++++++ gnu/packages/ntp.scm | 12 ++++++ gnu/services/networking.scm | 92 +++++++++++++++++++++++++++++++++++++++= +++++- 3 files changed, 114 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 2a6825682..f0a7dd958 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10498,6 +10498,17 @@ make an initial adjustment of more than 1,000 se= conds. List of host names used as the default NTP servers. @end defvr =20 +@cindex Openntpd +@deffn {Scheme Procedure} openntpd-service [#:openntpd @var{openntpd}] @ + [#:servers @var{%ntp-servers}] @ + [#:allow-large-adjustment? #f] +Return a service that runs the daemon from @var{openntpd}, the +@uref{http://www.openntpd.org, OpenNTPD package}. The daemon will +keep the system clock synchronized with that of @var{servers}. +@var{allow-large-adjustment?} determines whether @command{ntpd} is allow= ed to +make an initial adjustment of more than 180 seconds." +@end deffn + @cindex inetd @deffn {Scheme variable} inetd-service-type This service runs the @command{inetd} (@pxref{inetd invocation,,, diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm index d270f513d..619b9f998 100644 --- a/gnu/packages/ntp.scm +++ b/gnu/packages/ntp.scm @@ -107,6 +107,18 @@ computers over a network.") (base32 "0fn12i4kzsi0zkr4qp3dp9bycmirnfapajqvdfx02zhr4hanj0kv"))= )) (build-system gnu-build-system) + (arguments + '(#:configure-flags '("--with-privsep-user=3Dntpd" + "--with-privsep-path=3D/var/lib/openntpd" + "--localstatedir=3D/var/lib/openntpd") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'modify-install-locations + (lambda _ + ;; Don't try to create /var/lib/openntpd/run or /var/lib/op= enntpd/db + (substitute* "src/Makefile.in" + (("DESTDIR\\)\\$\\(localstatedir") "TMPDIR")) + #t))))) (inputs `(("libressl" ,libressl))) ; enable TLS time constraints. See ntpd.= conf(5). (home-page "http://www.openntpd.org/") diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index b0c23aafc..82762738f 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2013, 2014, 2015, 2016, 2017 Ludovic Court=C3=A8s <= ludo@gnu.org> ;;; Copyright =C2=A9 2015 Mark H Weaver -;;; Copyright =C2=A9 2016 Efraim Flashner +;;; Copyright =C2=A9 2016, 2017 Efraim Flashner ;;; Copyright =C2=A9 2016 John Darrington ;;; Copyright =C2=A9 2017 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2017 Thomas Danckaert @@ -62,6 +62,11 @@ ntp-service ntp-service-type =20 + openntpd-configuration + openntpd-configuration? + openntpd-service + openntpd-service-type + inetd-configuration inetd-entry inetd-service-type @@ -447,6 +452,91 @@ make an initial adjustment of more than 1,000 second= s." (allow-large-adjustment? allow-large-adjustment?)))) =20 +(define-record-type* + openntpd-configuration make-openntpd-configuration + openntpd-configuration? + (openntpd openntpd-configuration-openntpd + (default openntpd)) + (servers openntpd-configuration-servers) + (allow-large-adjustment? openntpd-allow-large-adjustment? + (default #f))) ; upstream default + +(define openntpd-shepherd-service + (match-lambda + (($ openntpd servers allow-large-adjustment= ?) + (let () + (define config + (string-append (string-join (map (cut string-append "server " <= >) + servers) + "\n") + " +# Only listen on localhost +listen on 127.0.0.1 +listen on ::1 + +# Query the 'Date' from trusted HTTPS servers via TLS. +constraint from www.gnu.org\n")) + + (define ntpd.conf + (plain-file "ntpd.conf" config)) + + (list (shepherd-service + (provision '(openntpd)) + (documentation "Run the Network Time Protocol (NTP) daemon= .") + (requirement '(user-processes networking)) + (start #~(make-forkexec-constructor + (list (string-append #$openntpd "/sbin/ntpd") + "-f" #$ntpd.conf + #$@(if allow-large-adjustment? + '("-s") + '())))) + (stop #~(make-kill-destructor)))))))) + +(define (openntpd-service-activation config) + "Return the activation gexp for CONFIG." + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (define %user + (getpw "ntpd")) + + (let ((directory "/var/lib/openntpd")) + (mkdir-p directory) + ;; and for the socket + (mkdir-p (string-append directory "/db")) + (mkdir-p (string-append directory "/run")) + (chown directory (passwd:uid %user) (passwd:gid %user)) + (chmod directory #o755))))) + +(define openntpd-service-type + (service-type (name 'openntpd) + (extensions + (list (service-extension shepherd-root-service-type + openntpd-shepherd-service) + (service-extension account-service-type + (const %ntp-accounts)) + (service-extension activation-service-type + openntpd-service-activation))) + (description + "Run the @command{ntpd}, the Network Time Protocol (NTP= ) +daemon of the @uref{http://www.ntp.org, Network Time Foundation}, as +implemented by OpenNTPD. The daemon will keep the system clock synchron= ized +with that of the given servers."))) + +(define* (openntpd-service #:key (openntpd openntpd) + (servers %ntp-servers) + allow-large-adjustment?) + "Return a service that runs the daemon from @var{openntpd}, the +@uref{http://www.openntpd.org, OpenNTPD package}. The daemon will +keep the system clock synchronized with that of @var{servers}. +@var{allow-large-adjustment?} determines whether @command{ntpd} is allow= ed to +make an initial adjustment of more than 180 seconds." + (service openntpd-service-type + (openntpd-configuration (openntpd openntpd) + (servers servers) + (allow-large-adjustment? + allow-large-adjustment?)))) + =0C ;;; ;;; Inetd. --=20 2.15.0