From: "Ludovic Courtès" <ludo@gnu.org>
To: Josselin Poiret <dev@jpoiret.xyz>
Cc: 63314@debbugs.gnu.org
Subject: [bug#63314] [PATCH 0/2] Add PAM shepherd requirements
Date: Mon, 08 May 2023 11:45:05 +0200 [thread overview]
Message-ID: <87r0rrdun2.fsf_-_@gnu.org> (raw)
In-Reply-To: <fb06ebf7854abae20bd61a6066cfea4eaaec1522.1683308811.git.dev@jpoiret.xyz> (Josselin Poiret's message of "Fri, 5 May 2023 19:51:48 +0200")
Hello!
Josselin Poiret <dev@jpoiret.xyz> skribis:
> From: Josselin Poiret <dev@jpoiret.xyz>
>
> * gnu/system/pam.scm (<pam-extender>): New record type.
> (pam-shepherd-service): Add Shepherd synchronization point.
>
> * gnu/services/mail.scm (dovecot-shepherd-service)
> * gnu/services/lightdm.scm (lightdm-shepherd-service)
> * gnu/services/mail.scm (opensmtpd-shepherd-service)
> * gnu/services/sddm.scm (sddm-shepherd-service)
> * gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service)
> * gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service)
> * gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement.
>
> * gnu/system/pam.scm (/etc-entry, extend-configuration,
> pam-root-service-type, pam-root-service)
> * gnu/services/authentication.scm (pam-ldap-pam-service)
> * gnu/services/base.scm (pam-limits-service-type)
> (greetd-pam-service)
> * gnu/services/desktop.scm (pam-gnome-keyring)
> * gnu/services/kerberos.scm (pam-krb5-pam-service)
> * gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to pam-extenders.
The approach looks reasonable to me, well done!
> +;; A PAM transformer consists of a procedure acting on each PAM entry, with an
> +;; additional list of shepherd-requirements that the meta PAM sheherd service
> +;; will rely on.
> +(define-record-type* <pam-extender>
> + pam-extender make-pam-extender pam-extender?
> + (transformer pam-extender-transformer)
> + (shepherd-requirements pam-extender-shepherd-requirements
> + (default '())))
I would call it <pam-extension> (similar to <home-bash-extension>).
There’s a typo in the comment (“sheherd”); s/rely on/depend on/.
> ;; Overall PAM configuration: a list of services, plus a procedure that takes
> ;; one <pam-service> and returns a <pam-service>. The procedure is used to
> ;; implement cross-cutting concerns such as the use of the 'elogind.so'
> ;; session module that keeps track of logged-in users.
> (define-record-type* <pam-configuration>
> - pam-configuration make-pam-configuration? pam-configuration?
> + pam-configuration make-pam-configuration pam-configuration?
> (services pam-configuration-services) ;list of <pam-service>
> - (transform pam-configuration-transform)) ;procedure
> + (extenders pam-configuration-extenders)) ;list of <pam-extender>
Instead of storing extensions, we should keep the full configuration
here (similar to <home-bash-configuration>). That is, remove
‘extenders’ and instead add ‘shepherd-requirements’.
> +(define (pam-shepherd-service config)
> + (define requirements
> + (match config
> + (($ <pam-configuration> services extenders)
> + (concatenate (map pam-extender-shepherd-requirements extenders)))))
Rather: (append-map …)
Also please add a docstring.
> (define (extend-configuration initial extensions)
> "Extend INITIAL with NEW."
> - (let-values (((services procs)
> + (let-values (((services extenders)
> (partition pam-service? extensions)))
> (pam-configuration
> (services (append (pam-configuration-services initial)
> services))
> - (transform (apply compose
> - (pam-configuration-transform initial)
> - procs)))))
> + (extenders (append (pam-configuration-extenders initial)
> + extenders)))))
This would need to be adjusted accordingly.
Also, we need to preserve backward compatibility, so we should first do
something like:
(let ((extensions (map (lambda (extension)
(if (pam-extension? extension)
extension
(begin
(warn-about-deprecation …)
(pam-extension (transformer extension)))))
extensions)))
…)
Ludo’.
next prev parent reply other threads:[~2023-05-08 9:46 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-05 17:50 [bug#63314] [PATCH 0/2] Add PAM shepherd requirements Josselin Poiret via Guix-patches via
2023-05-05 17:51 ` [bug#63314] [PATCH 1/2] system: pam: Let PAM extenders add " Josselin Poiret via Guix-patches via
2023-05-08 9:45 ` Ludovic Courtès [this message]
2023-05-09 16:45 ` [bug#63314] [PATCH v2 0/2] Add PAM " Josselin Poiret via Guix-patches via
2023-05-09 16:45 ` [bug#63314] [PATCH v2 1/2] system: pam: Let PAM extensions add " Josselin Poiret via Guix-patches via
2023-05-11 11:15 ` Ludovic Courtès
2023-05-09 16:45 ` [bug#63314] [PATCH v2 2/2] services: elogind: Add elogind as a shepherd PAM requirement Josselin Poiret via Guix-patches via
2023-05-11 11:16 ` bug#63314: " Ludovic Courtès
2023-05-05 17:51 ` [bug#63314] [PATCH " Josselin Poiret via Guix-patches via
2023-05-08 9:46 ` [bug#63314] [PATCH 0/2] Add PAM shepherd requirements Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r0rrdun2.fsf_-_@gnu.org \
--to=ludo@gnu.org \
--cc=63314@debbugs.gnu.org \
--cc=dev@jpoiret.xyz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.