From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id UtnKI1MYfmXfLwEAkFu2QA (envelope-from ) for ; Sat, 16 Dec 2023 22:36:19 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id YHlKHVMYfmXyzwAA62LTzQ (envelope-from ) for ; Sat, 16 Dec 2023 22:36:19 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1702762579; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=jTijGI9WePrKEuTvSefluNiJM0Y++ZVC10a1JaIVzxs=; b=edfofvvc6qH40trs7zmMgbcP6n5uOWK0m6Qs/mqj9DT9sfWj87zv4GjFAY7JnC/knVANgI subyT7WVkue9Xc1zV5kEXbcfm4S92kFmt9fCoRs3779XcRKzuW1tAEwrIj552OeVhg+at6 1g+DISOn/dr+KyUXYMRUONvvNo4lLZSMMFGs5DBDPFLcmO4M1LR74SCJDFYUSHxm4f1WFW cfpUEwYU5NG38FsIlDbauHmTZyzIqp2qR0itZbjz6a6PjRiizqerg1VeFMWmZ1T5iODKXj gSASC2n+kRLkZvAtgtEWkIID68hLvPUZrqX1dtA1Kjqbm947U5HDjWG8fbP1+Q== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1702762579; a=rsa-sha256; cv=none; b=c1D51ZX1EhRGetxHaehLflARmESl17rpWUSQOqELd5A2TiFF0ql6thdUVljmcrwQmB9twX iE55myjVFDpirNPglVT6iCJJd4tibJ6Mq2dvlw1DBpl1Feh4BidY6u7slmINpeNhxAL13d N97wSGoR4Y5rzFF3Xs9F0xc1G8HL8oYqgxvJhTwTkihTztH7hUyzNulHMHpIvwTwNydem+ k9hm7UfvfUUgSyYJY7W2mXRTpybJefXUSykhgVfHgyu0zUcQSOvqnLrH+pJNoKf2NX3jiZ +kwuIbv9LTpPUad46JDiYeuw6BeTOwalRlZV5o9M5qtsWQmglzrNzeFqK6fHPA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 01402422FB for ; Sat, 16 Dec 2023 22:36:19 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rEcKJ-0008WH-HS; Sat, 16 Dec 2023 16:36:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEcKH-0008W1-Is for guix-patches@gnu.org; Sat, 16 Dec 2023 16:36:01 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rEcKG-00026M-Ta for guix-patches@gnu.org; Sat, 16 Dec 2023 16:36:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rEcKH-0003rS-M6 for guix-patches@gnu.org; Sat, 16 Dec 2023 16:36:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67555] [PATCH 2/2] services: kerberos/heimdal.scm: New file, add Heimdal Kerberos services. Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 16 Dec 2023 21:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67555 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Felix Lechner Cc: 67555@debbugs.gnu.org Received: via spool by 67555-submit@debbugs.gnu.org id=B67555.170276253014790 (code B ref 67555); Sat, 16 Dec 2023 21:36:01 +0000 Received: (at 67555) by debbugs.gnu.org; 16 Dec 2023 21:35:30 +0000 Received: from localhost ([127.0.0.1]:56210 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEcJl-0003qU-PX for submit@debbugs.gnu.org; Sat, 16 Dec 2023 16:35:30 -0500 Received: from smtpmciv1.myservices.hosting ([185.26.107.237]:59950) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEcJj-0003qG-VX for 67555@debbugs.gnu.org; Sat, 16 Dec 2023 16:35:28 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv1.myservices.hosting (Postfix) with ESMTP id 9F46320DD5; Sat, 16 Dec 2023 22:35:25 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 03AF980095; Sat, 16 Dec 2023 22:35:19 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 9m4uibydGC79; Sat, 16 Dec 2023 22:35:18 +0100 (CET) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 1F25B80067; Sat, 16 Dec 2023 22:35:18 +0100 (CET) Message-ID: <938be86c-3269-4bb1-b6f9-6e4732d6515d@makinata.eu> Date: Sat, 16 Dec 2023 21:35:16 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US References: From: Bruno Victal In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------umd3y0PXrmVcrk3tcAbax0EE" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -8.26 X-Spam-Score: -8.26 X-Migadu-Queue-Id: 01402422FB X-Migadu-Scanner: mx11.migadu.com X-TUID: etjbkXPpPIjt This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------umd3y0PXrmVcrk3tcAbax0EE Content-Type: multipart/mixed; boundary="------------KJlNQjeFLQvWxQVWZCXsgg0u"; protected-headers="v1" From: Bruno Victal To: Felix Lechner Cc: 67555@debbugs.gnu.org Message-ID: <938be86c-3269-4bb1-b6f9-6e4732d6515d@makinata.eu> Subject: Re: [bug#67555] [PATCH 2/2] services: kerberos/heimdal.scm: New file, add Heimdal Kerberos services. References: In-Reply-To: --------------KJlNQjeFLQvWxQVWZCXsgg0u Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Felix, On 2023-12-01 00:45, Felix Lechner wrote: > + (ports > + (list-of-strings '()) > + "Ports to listen on.") I'd prefer to use a list of exact-integers. (*) Hint: you can use the procedures in (gnu services configuration) to define this predicate with (list-of exact-integer?). > + (disable-des? > + (boolean #f) > + "Disable all DES encryption types.")) I'd avoid the double negative here, i.e. by naming this enable-des?. Another note, how about defaulting to disabled DES support to discourage its use? > + (start #~(make-forkexec-constructor > + (list #$(file-append heimdal "/libexec/kdc") > + #$@(if (maybe-value-set? config-file) > + `(,(string-append "--config-file=3D" (mayb= e-value config-file))) > + '()) Simply do: `(,(string-append "--config-file=3D" config-file)) You don't need to use 'maybe-value' to extract the value if you've already tested it with 'maybe-value-set?'. > + #:log-file "/var/log/kdc-shepherd")) I'd make this configurable in . > + (ports > + (list-of-strings '()) > + "Ports to listen on.")) See (*). > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright =C2=A9 2017 Peter Mikkelsen = > +;;; Copyright =C2=A9 2022 Bruno Victal Copy-paste leftovers perhaps? =F0=9F=98=85 > new file mode 100644 > index 0000000000..b6424ace9e > --- /dev/null > +++ b/gnu/tests/heimdal-kdc.scm How about merging these tests under a single gnu/tests/krb-heimdal.scm instead of splitting them as gnu/tests/heimdal-kadmind.scm and gnu/tests/heimdal-kadmind.scm? If you're up for it I'd love to see one more test (might involve multiple VMs) that actually tests the kerberos integration. (i.e. performs an actual kerberos test) That way we could be at least sure that there's a working kerberos setup that we can use as a reference point for documentation/cookbooks. My 2=C2=A2! --=20 Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno. --------------KJlNQjeFLQvWxQVWZCXsgg0u-- --------------umd3y0PXrmVcrk3tcAbax0EE Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTAPCseV0HOaN0YFheobOGDL+spVQUCZX4YFQAKCRCobOGDL+sp Ve53AQDMdWlNobDOZXeKyST51kx6MVm4VGPNNtDPu32u6iB85wD9HluYuptT9gWG dsnqTrJqkps/ZBebVIT6c5LZunw5FwM= =HpSA -----END PGP SIGNATURE----- --------------umd3y0PXrmVcrk3tcAbax0EE--