* [bug#40878] [PATCH] services: mpd: Allow authentication and permissions to be configured.
@ 2020-04-26 20:16 pinoaffe
2020-04-28 11:29 ` [bug#40878] [PATCH (hopefully not garbled this time)] " pinoaffe
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: pinoaffe @ 2020-04-26 20:16 UTC (permalink / raw)
To: 40878
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 23 ++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 80 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..1693d938f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,12 +23271,35 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output
using pulseaudio.
+@item @code{default-permissions} (default: @code{'(read add control
admin)})
+The permissions a user that connected to the mpd server without a
password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra
permissions. By
+default this is an empty list.
+
@end table
@end deftp
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
@deftp {Data Type} mpd-output
Data type representing an @command{mpd} audio output.
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using
@code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
+@end table
+@end deftp
+
@table @asis
@item @code{name} (default: @code{"MPD"})
The name of the audio output.
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:
+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file
snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))
(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file
snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config)
"\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user
account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
--
2.26.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [bug#40878] [PATCH (hopefully not garbled this time)] services: mpd: Allow authentication and permissions to be configured.
2020-04-26 20:16 [bug#40878] [PATCH] services: mpd: Allow authentication and permissions to be configured pinoaffe
@ 2020-04-28 11:29 ` pinoaffe
2020-04-28 15:00 ` [bug#40878] [PATCH v2] " pinoaffe
2023-03-30 22:23 ` [bug#40878] [PATCH] " Bruno Victal
2 siblings, 0 replies; 4+ messages in thread
From: pinoaffe @ 2020-04-28 11:29 UTC (permalink / raw)
To: 40878
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 23 ++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 80 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..1693d938f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,12 +23271,35 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output using pulseaudio.
+@item @code{default-permissions} (default: @code{'(read add control admin)})
+The permissions a user that connected to the mpd server without a password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra permissions. By
+default this is an empty list.
+
@end table
@end deftp
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
@deftp {Data Type} mpd-output
Data type representing an @command{mpd} audio output.
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using @code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
+@end table
+@end deftp
+
@table @asis
@item @code{name} (default: @code{"MPD"})
The name of the audio output.
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:
+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))
(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config) "\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
--
2.26.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [bug#40878] [PATCH v2] services: mpd: Allow authentication and permissions to be configured.
2020-04-26 20:16 [bug#40878] [PATCH] services: mpd: Allow authentication and permissions to be configured pinoaffe
2020-04-28 11:29 ` [bug#40878] [PATCH (hopefully not garbled this time)] " pinoaffe
@ 2020-04-28 15:00 ` pinoaffe
2023-03-30 22:23 ` [bug#40878] [PATCH] " Bruno Victal
2 siblings, 0 replies; 4+ messages in thread
From: pinoaffe @ 2020-04-28 15:00 UTC (permalink / raw)
To: 40878
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 26 ++++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 83 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..6a5038fd37 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,6 +23271,32 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output using pulseaudio.
+@item @code{default-permissions} (default: @code{'(read add control admin)})
+The permissions a user that connected to the mpd server without a password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra permissions. By
+default this is an empty list.
+
+@end table
+@end deftp
+
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+Warning: due to limitations of the mpd configuration system, the generated mpd config
+(which is stored in the guix store and is readable to all users) will include a
+plaintext copy of the provided password(s).
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using @code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
@end table
@end deftp
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:
+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))
(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config) "\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
--
2.26.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [bug#40878] [PATCH] services: mpd: Allow authentication and permissions to be configured.
2020-04-26 20:16 [bug#40878] [PATCH] services: mpd: Allow authentication and permissions to be configured pinoaffe
2020-04-28 11:29 ` [bug#40878] [PATCH (hopefully not garbled this time)] " pinoaffe
2020-04-28 15:00 ` [bug#40878] [PATCH v2] " pinoaffe
@ 2023-03-30 22:23 ` Bruno Victal
2 siblings, 0 replies; 4+ messages in thread
From: Bruno Victal @ 2023-03-30 22:23 UTC (permalink / raw)
To: pinoaffe; +Cc: 40878
Hi,
On 2020-04-26 21:16, pinoaffe@airmail.cc wrote:
> * gnu/services/audio.scm (mpd-credential): New public variable.
> * gnu/services/audio.scm (mpd-configuration): Add credentials
> and permissions.
> ---
> doc/guix.texi | 23 ++++++++++++
> gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
> 2 files changed, 80 insertions(+), 22 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 6613a4af13..1693d938f1 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -23271,12 +23271,35 @@ an absolute path can be specified here.
> @item @code{outputs} (default: @code{"(list (mpd-output))"})
> The audio outputs that MPD can use. By default this is a single output using pulseaudio.
>
> +@item @code{default-permissions} (default: @code{'(read add control admin)})
> +The permissions a user that connected to the mpd server without a password should enjoy.
> +Should be a subset of @code{'(read add control admin)}.
> +
> +@item @code{credentials} (default: @code{'()})
> +The list of credentials one can use to sign in to mpd and gain extra permissions. By
> +default this is an empty list.
> +
> @end table
> @end deftp
>
> +@deftp {Data Type} mpd-credential
> +Data type representing an @command{mpd} password/permissions pair.
> +
> @deftp {Data Type} mpd-output
> Data type representing an @command{mpd} audio output.
>
> +@table @asis
> +@item @code{password} (default: @code{""})
> +The password used to authenticate. The password may not contain "@".
> +
> +@item @code{permissions} (default: @code{'()})
> +The permissions one gains after authenticating to the server using @code{password}.
> +This should be a subset of @code{'(read add control admin)}, as in
> +@code{default-permissions}.
> +
> +@end table
> +@end deftp
> +
> @table @asis
> @item @code{name} (default: @code{"MPD"})
> The name of the audio output.
> diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
> index 345d8225b2..9a6dc8db94 100644
> --- a/gnu/services/audio.scm
> +++ b/gnu/services/audio.scm
> @@ -26,6 +26,8 @@
> #:use-module (ice-9 match)
> #:export (mpd-output
> mpd-output?
> + mpd-credential
> + mpd-credential?
> mpd-configuration
> mpd-configuration?
> mpd-service-type))
> @@ -36,6 +38,16 @@
> ;;;
> ;;; Code:
>
> +(define-record-type* <mpd-credential>
> + mpd-credential make-mpd-credential
> + mpd-credential?
> + (password mpd-credential-password
> + ;; valid: any string that does not contain #\@
> + (default ""))
> + (permissions mpd-credential-permissions
> + ;; valid: any subset of read, add, control and admin
> + (default '())))
> +
> (define-record-type* <mpd-output>
> mpd-output make-mpd-output
> mpd-output?
> @@ -58,24 +70,41 @@
> (define-record-type* <mpd-configuration>
> mpd-configuration make-mpd-configuration
> mpd-configuration?
> - (user mpd-configuration-user
> - (default "mpd"))
> - (music-dir mpd-configuration-music-dir
> - (default "~/Music"))
> - (playlist-dir mpd-configuration-playlist-dir
> - (default "~/.mpd/playlists"))
> - (db-file mpd-configuration-db-file
> - (default "~/.mpd/tag_cache"))
> - (state-file mpd-configuration-state-file
> - (default "~/.mpd/state"))
> - (sticker-file mpd-configuration-sticker-file
> - (default "~/.mpd/sticker.sql"))
> - (port mpd-configuration-port
> - (default "6600"))
> - (address mpd-configuration-address
> - (default "any"))
> - (outputs mpd-configuration-outputs
> - (default (list (mpd-output)))))
> + (user mpd-configuration-user
> + (default "mpd"))
> + (music-dir mpd-configuration-music-dir
> + (default "~/Music"))
> + (playlist-dir mpd-configuration-playlist-dir
> + (default "~/.mpd/playlists"))
> + (db-file mpd-configuration-db-file
> + (default "~/.mpd/tag_cache"))
> + (state-file mpd-configuration-state-file
> + (default "~/.mpd/state"))
> + (sticker-file mpd-configuration-sticker-file
> + (default "~/.mpd/sticker.sql"))
> + (port mpd-configuration-port
> + (default "6600"))
> + (address mpd-configuration-address
> + (default "any"))
> + (credentials mpd-configuration-credentials
> + (default '()))
> + (default-permissions mpd-configuration-default-permissions
> + (default '(read add control admin)))
> + (outputs mpd-configuration-outputs
> + (default (list (mpd-output)))))
> +
> +(define (mpd-permissions->string permissions)
> + (string-join (map symbol->string
> + permissions)
> + ","))
> +
> +(define (mpd-credential->string credential)
> + "Convert the USER of type <mpd-credential> to a configuration file snippet."
> + (format #f
> + "password \"~a@~a\"\n"
> + (mpd-credential-password credential)
> + (mpd-permissions->string
> + (mpd-credential-permissions credential))))
>
> (define (mpd-output->string output)
> "Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
> @@ -110,8 +139,14 @@ audio_output {
> (apply
> mixed-text-file "mpd.conf"
> "pid_file \"" (mpd-file-name config "pid") "\"\n"
> + "default_permissions \""
> + (mpd-permissions->string
> + (mpd-configuration-default-permissions config))
> + "\"\n"
> (append (map mpd-output->string
> (mpd-configuration-outputs config))
> + (map mpd-credential->string
> + (mpd-configuration-credentials config))
> (map (match-lambda
> ((config-name config-val)
> (string-append config-name " \"" (config-val config) "\"\n")))
> @@ -143,10 +178,10 @@ audio_output {
> #:environment-variables
> ;; Required to detect PulseAudio when run under a user account.
> '(#$(string-append
> - "XDG_RUNTIME_DIR=/run/user/"
> - (number->string
> - (passwd:uid
> - (getpwnam (mpd-configuration-user config))))))
> + "XDG_RUNTIME_DIR=/run/user/"
> + (number->string
> + (passwd:uid
> + (getpwnam (mpd-configuration-user config))))))
> #:log-file #$(mpd-file-name config "log")))
> (stop #~(make-kill-destructor))))
>
I know it's rather late to reply to this patch, yet I believe it's worth stating:
1. mpd-service-type has gone through extensive refactoring, which makes this patch no longer apply.
2. This kind of change poses a problem, your credentials will get stored under /gnu/store, which is
world readable. Hardly the place you want to use to store secrets like credential data.
As such, the best course of action is to use a "include …" directive, which you can via the 'extra-options'
field, and point it at a file containing the credentials (which you have to provision manually).
Cheers,
Bruno
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-03-30 22:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-26 20:16 [bug#40878] [PATCH] services: mpd: Allow authentication and permissions to be configured pinoaffe
2020-04-28 11:29 ` [bug#40878] [PATCH (hopefully not garbled this time)] " pinoaffe
2020-04-28 15:00 ` [bug#40878] [PATCH v2] " pinoaffe
2023-03-30 22:23 ` [bug#40878] [PATCH] " Bruno Victal
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.