From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id ALpeAMhrKGQ7tQAASxT56A (envelope-from ) for ; Sat, 01 Apr 2023 19:37:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id AKnkOsdrKGSYyQAAG6o9tA (envelope-from ) for ; Sat, 01 Apr 2023 19:37:11 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8F3E11234F for ; Sat, 1 Apr 2023 19:37:11 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pif9z-0002zm-Rw; Sat, 01 Apr 2023 13:37:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pif9y-0002zd-Hu for guix-patches@gnu.org; Sat, 01 Apr 2023 13:37:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pif9x-0006k1-QN for guix-patches@gnu.org; Sat, 01 Apr 2023 13:37:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pif9x-00010k-Lg for guix-patches@gnu.org; Sat, 01 Apr 2023 13:37:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#62465] [PATCH v4 1/3] services: mcron: Add 'shepherd-requirement' field. References: <47e924fd42f74fc2800dc64399f7a069ad463515.1679854500.git.mirai@makinata.eu> In-Reply-To: <47e924fd42f74fc2800dc64399f7a069ad463515.1679854500.git.mirai@makinata.eu> Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 01 Apr 2023 17:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62465 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 62465@debbugs.gnu.org Cc: Bruno Victal , maxim.cournoyer@gmail.com Received: via spool by 62465-submit@debbugs.gnu.org id=B62465.16803705703823 (code B ref 62465); Sat, 01 Apr 2023 17:37:01 +0000 Received: (at 62465) by debbugs.gnu.org; 1 Apr 2023 17:36:10 +0000 Received: from localhost ([127.0.0.1]:38540 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pif98-0000zb-H5 for submit@debbugs.gnu.org; Sat, 01 Apr 2023 13:36:10 -0400 Received: from smtpmciv3.myservices.hosting ([185.26.107.239]:39432) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pif96-0000zS-05 for 62465@debbugs.gnu.org; Sat, 01 Apr 2023 13:36:10 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv3.myservices.hosting (Postfix) with ESMTP id A4BE220861; Sat, 1 Apr 2023 19:36:06 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 52DF380098; Sat, 1 Apr 2023 19:36:06 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id u-OpSAsE2Kpd; Sat, 1 Apr 2023 19:36:05 +0200 (CEST) Received: from guix-nuc.home.arpa (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 9EF1B80097; Sat, 1 Apr 2023 19:36:05 +0200 (CEST) From: Bruno Victal Date: Sat, 1 Apr 2023 18:35:53 +0100 Message-Id: X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1680370631; a=rsa-sha256; cv=none; b=NjyoKMgYXwMWqujXOvHIyppAu71yXNjm/e9A7VrtwJiWtTRSkGTYV+pq5LoB/glDNcYY2o cI/HmvNrhb3E3gawGiH4fvH2scdjOLbrjlnbjb9/BRKYtKM6NisePUEcZWeG+oUC1TLdGZ 26IFVIXef3JeYfuB5xVz7H32O3ZFohb5b4ZPYAdUHfg6udA/qJiGDWqXyXc2OBTgZAkEYY JUiZrZe8UA8kcJ9G89LHadnaPj2s4ok1nkImQ2WRxLt4ir5zaqW3OcHb1D6Pb9tU/rDq8t yCufb1HwS/7kyAZsxA0jTzg/6variuACdkQ/xckb2ymjuRUNx9zuxOky7e/YXw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1680370631; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=D6Kr3vC8ZpuY74T705W7tWO+qKPxzuvkiTLiT6WDtJk=; b=Bir3vmQqD0kpADKokTSOWrvsrTCCtUGfQM7PZz6i0+22aysGr3WwqtZEbE0zqet6yh92XN j+magtMZoxPzlMC2EEKaRbp755x+ub/La3b/cL4nzx7W+Qwxu4d3wbNpXz+rY+0Ksog2y1 +sLCB8A/ptKY86BkiRCAciN2fiovsGONniT9kheA6tIvt5/0FfHTT7uh+PdUyZjcL67otB ViKxGJudPMiAHce5qLnFU00K8jlhaUmO5QwIKbLvKAV1/S6bKpFyG1A8A25KCE67hzyQqz iHYjXdL6TQQrdPCRFpMzpHIParKvfRuUqTo0Cfqb0bTImc8xiLrkB07o+soUHg== Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -3.53 X-Spam-Score: -3.53 X-Migadu-Queue-Id: 8F3E11234F X-TUID: 3etjCo2qamH2 * gnu/services/mcron.scm (mcron-configuration)[shepherd-requirement]: New field. (list-of-symbols?): New predicate. (mcron-shepherd-services): Add support for additional shepherd requirements. * doc/guix.texi (Scheduled Job Execution): Update it. --- Notable changes since v3: * Implemented adjustable user, group and supplementary groups for mcron service. These are especially useful when configuring multiple instances. This also aligns with upstream recommendation to run multiple mcron instances with lesser privileged accounts. Quoting mcron commit 0fe4d2cc9544d24ecc3e74a2d92433e01b9e25c6: > I don't believe that anyone should be running system-wide cron processes these > days (the attack surface is rather large), but should use separate per-user or > per-service mcron daemon processes. Tested with 'make check-system TESTS=mcron'. doc/guix.texi | 4 ++++ gnu/services/mcron.scm | 13 +++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a58ea8f9ec..56aa86118a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19379,6 +19379,10 @@ Scheduled Job Execution @item @code{mcron} (default: @code{mcron}) (type: file-like) The mcron package to use. +@item @code{shepherd-requirement} (default: @code{()}) (type: list-of-symbols) +This is a list of symbols naming Shepherd services that this service +will depend on. + @item @code{jobs} (default: @code{()}) (type: list-of-gexps) This is a list of gexps (@pxref{G-Expressions}), where each gexp corresponds to an mcron job specification (@pxref{Syntax, mcron job diff --git a/gnu/services/mcron.scm b/gnu/services/mcron.scm index 2ef5980e09..99eb0edd60 100644 --- a/gnu/services/mcron.scm +++ b/gnu/services/mcron.scm @@ -32,6 +32,7 @@ (define-module (gnu services mcron) #:export (mcron-configuration mcron-configuration? mcron-configuration-mcron + mcron-configuration-shepherd-requirement mcron-configuration-jobs mcron-configuration-log? mcron-configuration-log-file @@ -58,6 +59,9 @@ (define-module (gnu services mcron) (define list-of-gexps? (list-of gexp?)) +(define list-of-symbols? + (list-of symbol?)) + (define-maybe/no-serialization string) (define-configuration/no-serialization mcron-configuration @@ -65,6 +69,11 @@ (define-configuration/no-serialization mcron-configuration (file-like mcron) "The mcron package to use.") + (shepherd-requirement + (list-of-symbols '()) + "This is a list of symbols naming Shepherd services that this service +will depend on.") + (jobs (list-of-gexps '()) "This is a list of gexps (@pxref{G-Expressions}), where each gexp @@ -158,13 +167,13 @@ (define (shepherd-schedule-action mcron files) (define (mcron-shepherd-services config) (match-record config - (mcron jobs log? log-file log-format date-format) + (mcron shepherd-requirement jobs log? log-file log-format date-format) (if (eq? jobs '()) '() ;nothing to do (let ((files (job-files mcron jobs))) (list (shepherd-service (provision '(mcron)) - (requirement '(user-processes)) + (requirement `(user-processes ,@shepherd-requirement)) (modules `((srfi srfi-1) (srfi srfi-26) (ice-9 popen) ;for the 'schedule' action -- 2.39.1