From: Bruno Victal <mirai@makinata.eu>
To: 61789@debbugs.gnu.org
Cc: Bruno Victal <mirai@makinata.eu>
Subject: [bug#61789] [PATCH 12/27] services: ssh: Deprecate 'lsh-service' procedure.
Date: Sat, 25 Feb 2023 18:57:58 +0000 [thread overview]
Message-ID: <2f88379eaa173fea422efe9a60175d73bbc4123e.1677350249.git.mirai@makinata.eu> (raw)
In-Reply-To: <cover.1677350249.git.mirai@makinata.eu>
* doc/guix.texi (Networking Services): Remove mention of lsh-service.
Document lsh-service-type and lsh-service-configuration.
* gnu/services/ssh.scm (<lsh-configuration>): Set default values based
on the now deprecated 'lsh-service' procedure.
(lsh-service-type): Set default value.
(lsh-service): Deprecate procedure.
---
doc/guix.texi | 98 +++++++++++++++++++++++++++++---------------
gnu/services/ssh.scm | 68 ++++++++++++++++++------------
2 files changed, 106 insertions(+), 60 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index eeb2efa488..50ac49e65f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20740,41 +20740,71 @@ Networking Services
@cindex SSH
@cindex SSH server
-@deffn {Scheme Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
- [#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @
- [#:allow-empty-passwords? #f] [#:root-login? #f] @
- [#:syslog-output? #t] [#:x11-forwarding? #t] @
- [#:tcp/ip-forwarding? #t] [#:password-authentication? #t] @
- [#:public-key-authentication? #t] [#:initialize? #t]
-Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
-@var{host-key} must designate a file containing the host key, and readable
-only by root.
-
-When @var{daemonic?} is true, @command{lshd} will detach from the
-controlling terminal and log its output to syslogd, unless one sets
-@var{syslog-output?} to false. Obviously, it also makes lsh-service
-depend on existence of syslogd service. When @var{pid-file?} is true,
-@command{lshd} writes its PID to the file called @var{pid-file}.
-
-When @var{initialize?} is true, automatically create the seed and host key
-upon service activation if they do not exist yet. This may take long and
-require interaction.
-
-When @var{initialize?} is false, it is up to the user to initialize the
-randomness generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
-a key pair with the private key stored in file @var{host-key} (@pxref{lshd
-basics,,, lsh, LSH Manual}).
-
-When @var{interfaces} is empty, lshd listens for connections on all the
-network interfaces; otherwise, @var{interfaces} must be a list of host names
-or addresses.
-
-@var{allow-empty-passwords?} specifies whether to accept log-ins with empty
-passwords, and @var{root-login?} specifies whether to accept log-ins as
-root.
+@defvar lsh-service-type
+Type of the service that runs the GNU@tie{}lsh secure shell (SSH)
+daemon, @command{lshd}. The value for this service is a
+@code{<lsh-configuration>} object.
+@end defvar
-The other options should be self-descriptive.
-@end deffn
+@deftp {Data Type} lsh-configuration
+Data type representing the configuration of @command{lshd}.
+
+@table @asis
+@item @code{lsh} (default: @code{lsh}) (type: file-like)
+The package object of the GNU@tie{}lsh secure shell (SSH) daemon.
+
+@item @code{daemonic?} (default: @code{#t}) (type: boolean)
+Whether to detach from the controlling terminal.
+
+@item @code{host-key} (default: @code{"/etc/lsh/host-key"}) (type: string)
+File containing the @dfn{host key}. This file must be readable by
+root only.
+
+@item @code{interfaces} (default: @code{()}) (type: list)
+List of host names or addresses that @command{lshd} will listen on.
+If empty, @command{lshd} listens for connections on all the network
+interfaces.
+
+@item @code{port-number} (default: @code{22}) (type: integer)
+Port to listen on.
+
+@item @code{allow-empty-passwords?} (default: @code{#f}) (type: boolean)
+Whether to accept log-ins with empty passwords.
+
+@item @code{root-login?} (default: @code{#f}) (type: boolean)
+Whether to accept log-ins as root.
+
+@item @code{syslog-output?} (default: @code{#t}) (type: boolean)
+Whether to log @command{lshd} standard output to syslogd.
+This will make the service depend on the existence of a syslogd service.
+
+@item @code{pid-file?} (default: @code{#f}) (type: boolean)
+When @code{#t}, @command{lshd} writes its PID to the file specified in
+@var{pid-file}.
+
+@item @code{pid-file} (default: @code{"/var/run/lshd.pid"}) (type: string)
+File that @command{lshd} will write its PID to.
+
+@item @code{x11-forwarding?} (default: @code{#t}) (type: boolean)
+Whether to enable X11 forwarding.
+
+@item @code{tcp/ip-forwarding?} (default: @code{#t}) (type: boolean)
+Whether to enable TCP/IP forwarding.
+
+@item @code{password-authentication?} (default: @code{#t}) (type: boolean)
+Whether to accept log-ins using password authentication.
+
+@item @code{public-key-authentication?} (default: @code{#t}) (type: boolean)
+Whether to accept log-ins using public key authentication.
+
+@item @code{initialize?} (default: @code{#t}) (type: boolean)
+When @code{#f}, it is up to the user to initialize the randomness
+generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
+a key pair with the private key stored in file @var{host-key}
+(@pxref{lshd basics,,, lsh, LSH Manual}).
+
+@end table
+@end deftp
@cindex SSH
@cindex SSH server
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 7b038e6ac6..3baa55731d 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -42,7 +42,7 @@ (define-module (gnu services ssh)
#:use-module (ice-9 vlist)
#:export (lsh-configuration
lsh-configuration?
- lsh-service
+ lsh-service ; deprecated
lsh-service-type
openssh-configuration
@@ -74,20 +74,34 @@ (define-record-type* <lsh-configuration>
lsh-configuration?
(lsh lsh-configuration-lsh
(default lsh))
- (daemonic? lsh-configuration-daemonic?)
- (host-key lsh-configuration-host-key)
- (interfaces lsh-configuration-interfaces)
- (port-number lsh-configuration-port-number)
- (allow-empty-passwords? lsh-configuration-allow-empty-passwords?)
- (root-login? lsh-configuration-root-login?)
- (syslog-output? lsh-configuration-syslog-output?)
- (pid-file? lsh-configuration-pid-file?)
- (pid-file lsh-configuration-pid-file)
- (x11-forwarding? lsh-configuration-x11-forwarding?)
- (tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?)
- (password-authentication? lsh-configuration-password-authentication?)
- (public-key-authentication? lsh-configuration-public-key-authentication?)
- (initialize? lsh-configuration-initialize?))
+ (daemonic? lsh-configuration-daemonic?
+ (default #t))
+ (host-key lsh-configuration-host-key
+ (default "/etc/lsh/host-key"))
+ (interfaces lsh-configuration-interfaces
+ (default '()))
+ (port-number lsh-configuration-port-number
+ (default 22))
+ (allow-empty-passwords? lsh-configuration-allow-empty-passwords?
+ (default #f))
+ (root-login? lsh-configuration-root-login?
+ (default #f))
+ (syslog-output? lsh-configuration-syslog-output?
+ (default #t))
+ (pid-file? lsh-configuration-pid-file?
+ (default #f))
+ (pid-file lsh-configuration-pid-file
+ (default "/var/run/lshd.pid"))
+ (x11-forwarding? lsh-configuration-x11-forwarding?
+ (default #t))
+ (tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?
+ (default #t))
+ (password-authentication? lsh-configuration-password-authentication?
+ (default #t))
+ (public-key-authentication? lsh-configuration-public-key-authentication?
+ (default #t))
+ (initialize? lsh-configuration-initialize?
+ (default #t)))
(define %yarrow-seed
"/var/spool/lsh/yarrow-seed-file")
@@ -203,19 +217,20 @@ (define (lsh-pam-services config)
(lsh-configuration-allow-empty-passwords? config))))
(define lsh-service-type
- (service-type (name 'lsh)
- (description
- "Run the GNU@tie{}lsh secure shell (SSH) daemon,
+ (service-type
+ (name 'lsh)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ lsh-shepherd-service)
+ (service-extension pam-root-service-type
+ lsh-pam-services)
+ (service-extension activation-service-type
+ lsh-activation)))
+ (description "Run the GNU@tie{}lsh secure shell (SSH) daemon,
@command{lshd}.")
- (extensions
- (list (service-extension shepherd-root-service-type
- lsh-shepherd-service)
- (service-extension pam-root-service-type
- lsh-pam-services)
- (service-extension activation-service-type
- lsh-activation)))))
+ (default-value (lsh-configuration))))
-(define* (lsh-service #:key
+(define-deprecated (lsh-service #:key
(lsh lsh)
(daemonic? #t)
(host-key "/etc/lsh/host-key")
@@ -231,6 +246,7 @@ (define* (lsh-service #:key
(password-authentication? #t)
(public-key-authentication? #t)
(initialize? #t))
+ lsh-service-type
"Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
@var{host-key} must designate a file containing the host key, and readable
only by root.
--
2.39.1
next prev parent reply other threads:[~2023-02-25 18:59 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-25 18:53 [bug#61789] [PATCH 00/27] Deprecate old-style services Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 01/27] services: base: Deprecate 'host-name-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 02/27] services: base: Deprecate 'login-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 03/27] services: base: Deprecate 'mingetty-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 04/27] services: base: Deprecate 'agetty-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 05/27] doc: kmscon-service-type: Use @defvar @-command Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 06/27] services: base: Deprecate 'nscd-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 07/27] services: base: Deprecate 'syslog-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 08/27] services: base: Deprecate 'udev-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 09/27] services: base: Deprecate 'rngd-service' procedure Bruno Victal
2023-02-25 18:57 ` [bug#61789] [PATCH 10/27] services: base: Deprecate 'pam-limits-service' procedure Bruno Victal
2023-03-03 16:40 ` [bug#61789] [PATCH 00/27] Deprecate old-style services Ludovic Courtès
2023-02-25 18:57 ` [bug#61789] [PATCH 11/27] services: tor: Deprecate 'tor-hidden-service' procedure Bruno Victal
2023-03-03 16:43 ` [bug#61789] ‘tor-hidden-service’ deprecation Ludovic Courtès
2023-03-05 17:51 ` Bruno Victal
2023-03-06 16:05 ` Ludovic Courtès
2023-02-25 18:57 ` Bruno Victal [this message]
2023-02-25 18:57 ` [bug#61789] [PATCH 13/27] services: ssh: Deprecate 'dropbear-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 14/27] services: xorg: Deprecate 'screen-locker-service' procedure Bruno Victal
2023-03-03 16:45 ` [bug#61789] ‘screen-locker-service’ deprecation Ludovic Courtès
2023-03-06 14:36 ` Bruno Victal
2023-03-06 22:32 ` Ludovic Courtès
2023-02-25 18:58 ` [bug#61789] [PATCH 15/27] services: desktop: Deprecate 'elogind-service' procedure Bruno Victal
2023-03-03 16:48 ` [bug#61789] ‘elogind-configuration’ documentation needs love Ludovic Courtès
2023-02-25 18:58 ` [bug#61789] [PATCH 16/27] services: elogind-configuration: Do not ignore 'handle-hibernate-key' by default Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 17/27] services: desktop: Deprecate 'accountsservice-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 18/27] services: dbus: Deprecate 'polkit-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 19/27] services: desktop: Deprecate 'udisks-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 20/27] services: desktop: Deprecate 'geoclue-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 21/27] services: desktop: Deprecate 'bluetooth-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 22/27] services: mail: Deprecate 'dovecot-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 23/27] services: vpn: Deprecate 'openvpn-client-service' & 'openvpn-server-service' procedures Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 24/27] services: lirc: Deprecate 'lirc-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 25/27] services: spice: Deprecate 'spice-vdagent-service' procedure Bruno Victal
2023-02-25 18:58 ` [bug#61789] [PATCH 26/27] services: dict: Deprecate 'dicod-service' procedure Bruno Victal
2023-03-03 16:52 ` [bug#61789] ‘dicod-service’ deprecation Ludovic Courtès
2023-02-25 18:58 ` [bug#61789] [PATCH 27/27] services: dbus: Deprecate 'dbus-service' procedure Bruno Victal
2023-03-03 17:09 ` [bug#61789] [PATCH 00/27] Deprecate old-style services Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2f88379eaa173fea422efe9a60175d73bbc4123e.1677350249.git.mirai@makinata.eu \
--to=mirai@makinata.eu \
--cc=61789@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.