From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id cNZ9E/jEWGRECAAASxT56A (envelope-from ) for ; Mon, 08 May 2023 11:46:32 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id GPsfE/jEWGS5HwEAauVa8A (envelope-from ) for ; Mon, 08 May 2023 11:46:32 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CF360135BE for ; Mon, 8 May 2023 11:46:31 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pvxRm-0005HS-4X; Mon, 08 May 2023 05:46:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pvxRS-0005G7-Dn for guix-patches@gnu.org; Mon, 08 May 2023 05:46:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pvxRS-00089J-4u for guix-patches@gnu.org; Mon, 08 May 2023 05:46:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pvxRR-0003pt-Vz for guix-patches@gnu.org; Mon, 08 May 2023 05:46:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63314] [PATCH 0/2] Add PAM shepherd requirements Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 08 May 2023 09:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63314 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Josselin Poiret Cc: 63314@debbugs.gnu.org Received: via spool by 63314-submit@debbugs.gnu.org id=B63314.168353911614667 (code B ref 63314); Mon, 08 May 2023 09:46:01 +0000 Received: (at 63314) by debbugs.gnu.org; 8 May 2023 09:45:16 +0000 Received: from localhost ([127.0.0.1]:39180 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pvxQh-0003oT-P8 for submit@debbugs.gnu.org; Mon, 08 May 2023 05:45:16 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39384) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pvxQg-0003oG-87 for 63314@debbugs.gnu.org; Mon, 08 May 2023 05:45:14 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pvxQa-0007uN-So; Mon, 08 May 2023 05:45:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=dAWVHQpzHCDjsYPCmyUDBh052nmRJVqeD9JFmNzIVVI=; b=FzEdSm4t5skt6r0bskGq jWlASEX+0c+5EfFlvvf19XpA5zU8rRCaePNqQNU3LyRunpdGuUr09OFIzLaWP5Sx1J70+lCV9jVXS PRIDQOjhU+11tPT6n1pcxjfQ0ZVTLdlL5ym5xFkWulbo8jgf7BTcPPqRSd2OAqSZvR9Jj5kPrtiTf QkxY4PIIwLL94PNrfVcWJUZtQf4+7gDmeStIDlzEYAkgVPKnkfKpSgFdvAREDfAvZsHigvnLoSq64 frcLrbCUnBk284tWh6/mgdss1cC6pWNCDNBvEU894de3/sglifVic55DHEGNLJEm31R1MfuhYxr0G LZlGGEwfBeCO9g==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pvxQa-0008Tt-FI; Mon, 08 May 2023 05:45:08 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: Date: Mon, 08 May 2023 11:45:05 +0200 In-Reply-To: (Josselin Poiret's message of "Fri, 5 May 2023 19:51:48 +0200") Message-ID: <87r0rrdun2.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Seal: i=1; s=key1; d=yhetil.org; t=1683539192; a=rsa-sha256; cv=none; b=KYpBBf/loZAqrDG560ciRJkw2T9hAFqwCbaLsPgrSHqFKpL4HuSHyzXeJXMSN8v6A2M3XX TS5nNaWCa672dxj6FfdVp+Z1DLvo7Zba3Ww/x+51UIgJIG4WHtaVrrMoR7tew+2qH+GFgn v37nrxMNLfVotso56/hainxeKsSSBkp++B2otYDoafjuIfzrq2hzEhHquAL/3ZW5mBZxDk pj5ooh4b1ey9VbKUfEZk49Ep6dnQUNZuyIE11817VhboR1O67vD52iwSpp88BIC+8ZJosY FSeYU2cDuZZMEw0vfR/YnUEDswDDH1cnP4X4RZCnyJidiOnrtjSU+1/5wmYgCQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=FzEdSm4t; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1683539192; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=dAWVHQpzHCDjsYPCmyUDBh052nmRJVqeD9JFmNzIVVI=; b=pmZ4JO2lFAcAGoo0xbxodfIwiuhtL45GVZvVADxiccR4kmwkEu6RR39Rxbpmy0nJUTIHWP ngsBJkStqg2Ko5QU4O1KsCLub+MJXMKRGWi4mfGGqgBp8JluuFrbi1F6tVSg2zPtgWKKbr SryKqVNZ85wtziq7HZltrMR5A/3smbG0giPGmMzVJ0oPT7/KQtqD4/hq5gu7vfY0c/02oV S6AlGiYXrB5A5RYU5nCz2lyz8kNV+q8Z99gOn82Ecr3WJSXf9IziMagyLEYfCp890f2luD S5hXed48Vkw+dFwmszVPXle9xOc6KEQPg4we7C90IvC/7fyusUljDTrT2U3zfg== X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=FzEdSm4t; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.59 X-Spam-Score: -2.59 X-Migadu-Queue-Id: CF360135BE X-TUID: qYm9Swu2vKth Hello! Josselin Poiret skribis: > From: Josselin Poiret > > * gnu/system/pam.scm (): New record type. > (pam-shepherd-service): Add Shepherd synchronization point. > > * gnu/services/mail.scm (dovecot-shepherd-service) > * gnu/services/lightdm.scm (lightdm-shepherd-service) > * gnu/services/mail.scm (opensmtpd-shepherd-service) > * gnu/services/sddm.scm (sddm-shepherd-service) > * gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service) > * gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service) > * gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement. > > * gnu/system/pam.scm (/etc-entry, extend-configuration, > pam-root-service-type, pam-root-service) > * gnu/services/authentication.scm (pam-ldap-pam-service) > * gnu/services/base.scm (pam-limits-service-type) > (greetd-pam-service) > * gnu/services/desktop.scm (pam-gnome-keyring) > * gnu/services/kerberos.scm (pam-krb5-pam-service) > * gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to pam-extend= ers. The approach looks reasonable to me, well done! > +;; A PAM transformer consists of a procedure acting on each PAM entry, w= ith an > +;; additional list of shepherd-requirements that the meta PAM sheherd se= rvice > +;; will rely on. > +(define-record-type* > + pam-extender make-pam-extender pam-extender? > + (transformer pam-extender-transformer) > + (shepherd-requirements pam-extender-shepherd-requirements > + (default '()))) I would call it (similar to ). There=E2=80=99s a typo in the comment (=E2=80=9Csheherd=E2=80=9D); s/rely o= n/depend on/. > ;; Overall PAM configuration: a list of services, plus a procedure that = takes > ;; one and returns a . The procedure is used= to > ;; implement cross-cutting concerns such as the use of the 'elogind.so' > ;; session module that keeps track of logged-in users. > (define-record-type* > - pam-configuration make-pam-configuration? pam-configuration? > + pam-configuration make-pam-configuration pam-configuration? > (services pam-configuration-services) ;list of > - (transform pam-configuration-transform)) ;procedure > + (extenders pam-configuration-extenders)) ;list of Instead of storing extensions, we should keep the full configuration here (similar to ). That is, remove =E2=80=98extenders=E2=80=99 and instead add =E2=80=98shepherd-requirements= =E2=80=99. > +(define (pam-shepherd-service config) > + (define requirements > + (match config > + (($ services extenders) > + (concatenate (map pam-extender-shepherd-requirements extenders)))= )) Rather: (append-map =E2=80=A6) Also please add a docstring. > (define (extend-configuration initial extensions) > "Extend INITIAL with NEW." > - (let-values (((services procs) > + (let-values (((services extenders) > (partition pam-service? extensions))) > (pam-configuration > (services (append (pam-configuration-services initial) > services)) > - (transform (apply compose > - (pam-configuration-transform initial) > - procs))))) > + (extenders (append (pam-configuration-extenders initial) > + extenders))))) This would need to be adjusted accordingly. Also, we need to preserve backward compatibility, so we should first do something like: (let ((extensions (map (lambda (extension) (if (pam-extension? extension) extension (begin (warn-about-deprecation =E2=80=A6) (pam-extension (transformer extension))))) extensions))) =E2=80=A6)=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20 Ludo=E2=80=99.