From: ludo@gnu.org (Ludovic Courtès)
To: Oleg Pykhalov <go.wigust@gmail.com>
Cc: 32141@debbugs.gnu.org
Subject: [bug#32141] [PATCH] services: Add ddclient service.
Date: Thu, 26 Jul 2018 10:51:30 +0200 [thread overview]
Message-ID: <87o9eu2xl1.fsf@gnu.org> (raw)
In-Reply-To: <87effrpynp.fsf@gmail.com> (Oleg Pykhalov's message of "Wed, 25 Jul 2018 10:22:50 +0300")
Hi Oleg,
Oleg Pykhalov <go.wigust@gmail.com> skribis:
> ludo@gnu.org (Ludovic Courtès) writes:
[...]
>>> +@subsubheading ddclient Service
>>> +
>>> +@cindex ddclient
>>> +@uref{https://sourceforge.net/projects/ddclient/, ddclient} is an address
>>> +updating utility for dynamic DNS services.
>>
>> It would be nice to expound a bit, like:
>>
>> The ddclient service described below runs the ddclient daemon, which
>> takes care of automatically updating DNS entries for service providers
>> such as DynDNS.com.
>
> OK. I improved little bit with “such as @uref{https://dyn.com/dns/,
> Dyn}.” if you don't mind.
Sure.
>> Does it run as root? If there’s no option to run it (mostly) as
>> non-root, perhaps it would make sense to try using
>> ‘make-forkexec-constructor/container’ here (as a separate patch.)
>>
>> WDYT?
>
> It did run as root. I've succeeded to run it with ‘ddclient’ user.
Awesome.
> Also, the generated ‘ddclient.conf’ which contains secrets is stored in
> the store. I probably should change the ‘ddclient-activation’ procedure
>
> (copy-file #$(plain-file "ddclient.conf" config-str) file)
>
> to a procedure which writes ‘config-str’ to the file without storing it
> somewhere else. WDYT?
The problem would be the same: the activation script would contain
‘config-str’, and it would live in the store.
In short we must not manipulate secrets in anything that goes through
the store. The only thing I can suggest is to leave it up to the
user to create a file containing the secret in an out-of-band fashion;
/etc is a good place for such things.
For example, they could create /etc/ddclient-secrets and then we would
somehow arrange to get that file read.
To do that there are two possibilities that come to mind:
1. If the config file syntax has an “include” directive, just include
/etc/ddclient-secrets unconditionally in the generated config file.
2. Write an activation snippet that concatenates the generated config
file with /etc/ddclient-secrets and stores that as
/etc/ddclient.conf (or something like that.)
Thoughts?
Ludo’.
next prev parent reply other threads:[~2018-07-26 8:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-13 14:58 [bug#32141] [PATCH] services: Add ddclient service Oleg Pykhalov
2018-07-19 9:40 ` Ludovic Courtès
2018-07-25 7:22 ` Oleg Pykhalov
2018-07-26 8:51 ` Ludovic Courtès [this message]
2018-08-01 17:27 ` Oleg Pykhalov
2018-08-27 11:22 ` Ludovic Courtès
2018-08-29 22:45 ` bug#32141: " Oleg Pykhalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o9eu2xl1.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=32141@debbugs.gnu.org \
--cc=go.wigust@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.