From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: [PATCH 2/2] services: Add tlsdate-service. Date: Wed, 07 Dec 2016 12:04:22 +0000 Message-ID: <87twagc5dl.fsf@we.make.ritual.n0.is> References: <877f7emdzn.fsf@we.make.ritual.n0.is> <20161205183101.5937-1-ng0@libertad.pw> <20161205183101.5937-3-ng0@libertad.pw> <87k2bctdg0.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36918) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cEb0A-000083-PP for guix-devel@gnu.org; Wed, 07 Dec 2016 07:07:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cEb08-0006w1-0k for guix-devel@gnu.org; Wed, 07 Dec 2016 07:07:10 -0500 Received: from aibo.runbox.com ([91.220.196.211]:51348) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cEb07-0006vb-J4 for guix-devel@gnu.org; Wed, 07 Dec 2016 07:07:07 -0500 Received: from [10.9.9.212] (helo=mailfront12.runbox.com) by bars.runbox.com with esmtp (Exim 4.71) (envelope-from ) id 1cEb05-0002JW-BO for guix-devel@gnu.org; Wed, 07 Dec 2016 13:07:05 +0100 Received: from orion1626.startdedicated.com ([85.25.44.141] helo=localhost) by mailfront12.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1cEaxa-0001jm-8A for guix-devel@gnu.org; Wed, 07 Dec 2016 13:04:31 +0100 In-Reply-To: <87k2bctdg0.fsf@gmail.com> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Chris Marusich writes: > Hi ng0! > > Neat, I never knew about tlsdate until now! > > ng0 writes: > >> * gnu/services/networking.scm (): New record type. >> (%tlsdate-accounts): New variables. >> (tlsdate-shepherd-service): New procedure. >> (tlsdate-service-type): New variable. >> * doc/guix.texi (Networking Services): Document it. >> --- >> doc/guix.texi | 32 +++++++++++++++++ >> gnu/services/networking.scm | 84 ++++++++++++++++++++++++++++++++++++++++++++- >> 2 files changed, 115 insertions(+), 1 deletion(-) >> >> diff --git a/doc/guix.texi b/doc/guix.texi >> index 4d7f96d90..f6efd040d 100644 >> --- a/doc/guix.texi >> +++ b/doc/guix.texi >> @@ -8594,6 +8594,38 @@ make an initial adjustment of more than 1,000 seconds. >> List of host names used as the default NTP servers. >> @end defvr >> >> +@cindex tlsdate >> +@deffn {Scheme Procedure} tlsdate-service [#:config (tlsdate-configuration)] >> + >> +Return a service that runs @command{tlsdate}, a simple TCP based time service. >> +The daemon will synchronize the system clock with a server of your >> +choice via TCP at boot. > > When you said TCP, did you mean TLS? It depends. I understand it as being different from ntp, but I think TLS would also be correct. > Are we running the daemon, or are we just running the tlsdate command > once at boot? The tlsdate command, but see further below. >> +The optional @var{config} argument should be a >> +@code{} object, by default it syncs the time with gnu.org. >> + >> +@end deffn >> + >> +@deftp {Data Type} tlsdate-configuration >> +Data type representing the configuration of tlsdate. >> + >> +@table @asis >> +@item @code{package} (default: @var{tlsdate}) >> +Package object of the tlsdate time service. >> + >> +@item @code{port} (default: @var{'()}) >> +Set the port of the remote hostname which should be used. >> + >> +@item @code{host} (default: @var{"gnu.org"}) >> +Set the remote hostname which will be queried. Defaults to @code{gnu.org}. > > I've briefly read about tlsdate. Looks like it's a hack to sync time > from a "trusted" source using TLS. Since this trust will vary by user, > wouldn't it be better to leave this field to the discretion of the user? The problem is, it defaults to google.com if we leave it blank. I think this can be patched in the config it comes with. But then again you could argue that so many people use google that not using google and differing from the default would make it obvious? I don't know much about tlsdate at the moment, but I'm sure Jacob had an opinion and reasons why google.com was picked. sidenote: For my live-system I'm in the process of porting another date/time application to Guix which eventually could serve as a base for a gnunet based time service at some point. The application I port uses hidden-services for getting the time, so it's not ideal in my use case which is why tlsdate comes before that (tor, potentially dangerous to people). > I think one could also argue that to be good Internet neighbors, we > should avoid putting a default hostname in here, to avoid spamming one > specific host by default with all the tlsdate traffic from this service. > >> +@item @code{extra-options} (default: @var{'()}) >> +Extra options will be passed to @code{tlsdate}, please run >> +@command{man tlsdate} for more information. >> + >> +@end table >> +@end deftp >> + >> @cindex Tor >> @deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}] >> Return a service to run the @uref{https://torproject.org, Tor} anonymous >> diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm >> index d672ecf68..52a899b8f 100644 >> --- a/gnu/services/networking.scm >> +++ b/gnu/services/networking.scm >> @@ -3,6 +3,7 @@ >> ;;; Copyright © 2015 Mark H Weaver >> ;;; Copyright © 2016 Efraim Flashner >> ;;; Copyright © 2016 John Darrington >> +;;; Copyright © 2016 ng0 >> ;;; >> ;;; This file is part of GNU Guix. >> ;;; >> @@ -66,7 +67,13 @@ >> wicd-service >> network-manager-service >> connman-service >> - wpa-supplicant-service-type)) >> + wpa-supplicant-service-type >> + >> + tlsdate-service >> + tlsdate-configuration >> + tlsdate-service-type >> + tlsdate-configuration? >> + tlsdate-configuration)) >> >> ;;; Commentary: >> ;;; >> @@ -360,6 +367,81 @@ make an initial adjustment of more than 1,000 seconds." >> >> >> ;;; >> +;;; tlsdate >> +;;; >> + >> +(define-record-type* >> + tlsdate-configuration make-tlsdate-configuration >> + tlsdate-configuration? >> + (package tlsdate-configuration-package >> + (default tlsdate)) >> + (host tlsdate-configuration-host >> + (default "gnu.org")) >> + (port tlsdate-configuration-port >> + (default #f)) >> + (extra-options tlsdate-configuration-extra-options >> + (default '()))) >> + >> +(define %tlsdate-accounts >> + (list (user-group (name "tlsdate") (system? #t)) >> + (user-account >> + (name "tlsdate") >> + (group "tlsdate") >> + (system? #t) >> + (comment "tlsdate daemon user") > > Is this really a daemon? It looks like we're just invoking a command > which runs once at boot, but perhaps I'm mistaken. No, you are correct. I wanted to check out how the reaction and feedback towards a one-time service at boot were, but I'll take the feedback at the bottom of this message and switch back to the tlsdated, which has some problems and isn't as easy as tlsdate. >> + (home-directory "/var/empty") >> + (shell (file-append shadow "/sbin/nologin"))))) >> + >> +(define tlsdate-shepherd-service >> + (match-lambda >> + (($ >> + package host port extra-options) >> + (let* ((tlsdate (file-append package "/bin/tlsdate")) >> + (command `(,tlsdate >> + "-l" ; leap >> + "-t" ; timewarp >> + ,@(if host >> + `(,(string-append >> + "-H" " " host)) >> + '()) >> + ,@(if port >> + `(,(string-append >> + "-p" " " (number->string port))) >> + '()) >> + ,@extra-options))) >> + (list (shepherd-service >> + ;;(provision '(tlsdate)) >> + (provision '(ntp)) >> + ;; tlsdate needs at least one network interface to be up, hence the >> + ;; dependency on 'loopback'. >> + (requirement '(user-processes loopback syslogd)) >> + >> + (start #~(make-forkexec-constructor '#$command > > Just so I'm clear here, you've written '#$command in the gexp here > because when command is expanded via ungexp (#$), it will be expanded > into a list, and you intend to pass that list literally to the > make-forkexec-constructor procedure (at the time the gexp is run), which > is why you used quote ('). Right? I can respond to that once I've read more into shepherd and gexp. Currently I just break until it's no longer broken, which obviously is not ideal but it's one way to learn. >> + #:user "tlsdate" >> + #:group "tlsdate")) >> + (stop #~(make-kill-destructor)) > > Does this "service" actually spawn a long-running process? If not, will > this destructor actually be used? If it IS used, will it send a signal > to a non-existent process (or worse, a process that happens to share the > same PID as the one we previously spawned)? Will Shepherd repeatedly > re-spawn the "service"? I'm still learning how Shepherd services work, > so if I'm missing something obvious, please let me know. Okay, this was written based on tlsdated and then rewritten but I left some parts unchanged. This explains the "respawn until shepherd switches tlsdate off" behavior. >> + (documentation "Run the tlsdate service."))))))) >> + >> +(define tlsdate-service-type >> + (service-type >> + (name 'tlsdate) >> + (extensions >> + (list (service-extension shepherd-root-service-type >> + tlsdate-shepherd-service) >> + (service-extension account-service-type >> + (const %tlsdate-accounts)))))) >> + >> +(define* (tlsdate-service #:key (config (tlsdate-configuration))) >> + "Return a service that runs @command{tlsdate}, a simple TCP based >> +time service. > > When you said TCP, did you mean TLS? Adding to what I replied the first time you asked this, let's be consistent and say just TLS. >> +The optional @var{config} argument should be a >> +@code{} object, by default it querries gnu.org >> +for time once at boot." >> + (service tlsdate-service-type config)) > > When I talked with davexunit on IRC about doing something with a > side-effect once at boot, he was not in support of the idea [1], and I > agree he was right about that. Maybe this tlsdate service is a little > different since it's happening once at EVERY boot instead of just the > very first one. However, if we're going to add a tlsdate service, > wouldn't it make sense to use tlsdated instead of invoking tlsdate once? > > Alternatively, if using tlsdated is difficult for some reason, is it > feasible to hold off on adding this service? It seems to me like you > could accomplish what you need by running tlsdate ad-hoc when you need > it, or perhaps by configuring your own mcron job to run it periodically > (see: (guix) Scheduled Job Execution). Again, I might be missing > something, so please let me know if that isn't a feasible alternative to > this service you're proposing. My intention is to provide a service which does get the time, regulary, but does not talk to the outside too much. If the delay for tlsdated is set (can be part of the daemon options) to something reasonable as default (for example 1 hour, for my purposes I can shift it then or just use an mcron job as you mentioned), I think this won't be an issue. I don't think that a time service which just runs once will be an issue, but I'd like to be proven wrong. Nothing bad happens when ntp is run and that's also started at first boot of first generation and continous to be started in every generation afterwards. I think what you were talking about (in the excerpt) is different to tlsdate. But as a conclusion to the reasons you listed and what I've written, I'll change this service back to tlsdated (and rename it to tlsdated). If our issue tracker would already be public I could link you to more specific reasons and discussion, but so far: just assume I'm building a system around/integrated into GuixSD which after core (phase one) targets piece by piece to eliminate the need to fetch information through the old internet and rather use gnunet for those tasks. That's not easy to achieve (not in a very short time), but this tlsdate is an intermediate solution. ** There's an related issue: Every service I currently work on absolutely requires network to be tested (well except `psyced` which can cope fine just locally), would the qemu be able to talk to outside if I created an network bridge? Or is there more to be added? I know I had this dicussion in the past but obviously it did not work for me as I'm still sitting on an 90% finished 'in theory it works' gnunet service for guix. ** > [1] See https://gnunet.org/bot/log/guix/2016-11-30#T1216852 (excerpt follows): > > [14:29:15] davexunit, I see. Cool. Also, is there a way to do something "one time at first boot" in a GuixSD system, I wonder? > [14:29:44] marusich: no > [14:29:52] that goes against everything GuixSD is about > [14:30:08] if the only the first generation of a system did some side-effect > [14:30:14] it would be hard to reproduce elsewhere > > -- > Chris -- ♥Ⓐ ng0 | ng0.chaosnet.org