[PATCH] opensmtpd-service-type to extend pam

DoneSubmitted by Kristofer Buffington.
Details
3 participants
  • Kristofer Buffington
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Severity
normal
K
K
Kristofer Buffington wrote on 16 Jun 2019 04:45
(address . guix-patches@gnu.org)
87sgsaxn6t.fsf@walletsworth.com
From 4498a2c9e1453cb81b54231a5203bc55019e62db Mon Sep 17 00:00:00 2001From: Kristofer Buffington <kristoferbuffington@gmail.com>Date: Wed, 12 Jun 2019 16:34:30 -0400Subject: [PATCH] * gnu/services/mail.scm added %opensmtpd-pam-services to the opensmtpd-service-typeTo: guix-patches@gnu.org
--- gnu/services/mail.scm | 6 ++++++ 1 file changed, 6 insertions(+)
Toggle diff (33 lines)diff --git a/gnu/services/mail.scm b/gnu/services/mail.scmindex 216b2c80b0..e54d7eb3c1 100644--- a/gnu/services/mail.scm+++ b/gnu/services/mail.scm@@ -3,6 +3,7 @@ ;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au> ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>+;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -1667,6 +1668,9 @@ accept from local for any relay (mkdir-p "/var/spool/smtpd") (chmod "/var/spool/smtpd" #o711)))))) +(define %opensmtpd-pam-services+ (list (unix-pam-service "smtpd")))+ (define opensmtpd-service-type (service-type (name 'opensmtpd)@@ -1675,6 +1679,8 @@ accept from local for any relay (const %opensmtpd-accounts)) (service-extension activation-service-type opensmtpd-activation)+ (service-extension pam-root-service-type+ (const %opensmtpd-pam-services)) (service-extension profile-service-type (compose list opensmtpd-configuration-package)) (service-extension shepherd-root-service-type-- 2.18.0
L
L
Ludovic Courtès wrote on 19 Jun 2019 22:40
(name . Kristofer Buffington)(address . kristofer@walletsworth.com)(address . 36239@debbugs.gnu.org)
87tvcl1f76.fsf@gnu.org
Hi Kristofer,
Kristofer Buffington <kristofer@walletsworth.com> skribis:
Toggle quote (13 lines)> +(define %opensmtpd-pam-services> + (list (unix-pam-service "smtpd")))> +> (define opensmtpd-service-type> (service-type> (name 'opensmtpd)> @@ -1675,6 +1679,8 @@ accept from local for any relay> (const %opensmtpd-accounts))> (service-extension activation-service-type> opensmtpd-activation)> + (service-extension pam-root-service-type> + (const %opensmtpd-pam-services))
Could you explain why the PAM service is needed and what went wrongbefore that?
I haven’t use this service (yet) but I’m surprised it needs a PAM hook.
Thanks for your patch,Ludo’.
K
K
Kristofer Buffington wrote on 20 Jun 2019 02:52
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36239@debbugs.gnu.org)
87tvclqdsd.fsf@walletsworth.com
The opensmtpd package includes --with-pam at build time, but the servicedoes not extend pam. As a result, an administrator would need tomaintain a seperate passwd or other authenticationmechanism instead of using PAM.
Kris
T
T
Tobias Geerinckx-Rice wrote on 20 Jun 2019 11:11
(address . 36239@debbugs.gnu.org)
87k1dgsjs9.fsf@nckx
Kristofer, Ludo',
Kristofer Buffington wrote:
Toggle quote (6 lines)> The opensmtpd package includes --with-pam at build time, but the > service> does not extend pam. As a result, an administrator would need to> maintain a seperate passwd or other authentication> mechanism instead of using PAM.
Thanks for the patch! Looks good to me, assuming you've battle-tested the thing. I've Guixed up the commit message, but let's give Ludo' a chance to respond.
Toggle quote (2 lines)> walletsworth
I feel all, like, personally offended.
Kind regards,
T G-R
From 60f3fd35ac4925e86556781ccc2620f54dccacd9 Mon Sep 17 00:00:00 2001From: Kristofer Buffington <kristoferbuffington@gmail.com>Date: Wed, 12 Jun 2019 16:34:30 -0400Subject: [PATCH] services: opensmtpd: Extend the PAM service.
* gnu/services/mail.scm (%opensmtpd-pam-services): New variable.(opensmtpd-service-type)[extensions]: Add it, extendingPAM-ROOT-SERVICE-TYPE.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>--- gnu/services/mail.scm | 6 ++++++ 1 file changed, 6 insertions(+)
Toggle diff (33 lines)diff --git a/gnu/services/mail.scm b/gnu/services/mail.scmindex 0e85ada3d0..3de0b4c2f3 100644--- a/gnu/services/mail.scm+++ b/gnu/services/mail.scm@@ -3,6 +3,7 @@ ;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au> ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>+;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -1667,6 +1668,9 @@ accept from local for any relay (mkdir-p "/var/spool/smtpd") (chmod "/var/spool/smtpd" #o711)))))) +(define %opensmtpd-pam-services+ (list (unix-pam-service "smtpd")))+ (define opensmtpd-service-type (service-type (name 'opensmtpd)@@ -1675,6 +1679,8 @@ accept from local for any relay (const %opensmtpd-accounts)) (service-extension activation-service-type opensmtpd-activation)+ (service-extension pam-root-service-type+ (const %opensmtpd-pam-services)) (service-extension profile-service-type (compose list opensmtpd-configuration-package)) (service-extension shepherd-root-service-type-- 2.22.0
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXQtN1gAKCRANsP+IT1VtebJDAP0dm1lAD1glXbBAWTifBYtvG5hNFMcqvD91QL08cZW8KgEA60GqtLyrl+W0JJPgmyK89S8kAFR+MEPZiaWf2BzQAAI==3oaN-----END PGP SIGNATURE-----
T
T
Tobias Geerinckx-Rice wrote on 20 Jun 2019 11:23
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36239@debbugs.gnu.org)
87imt0sj82.fsf@nckx
Ludo',
Toggle quote (3 lines)> +(define %opensmtpd-pam-services> + (list (unix-pam-service "smtpd")))
Hm. This is consistent with the (inconsistent) use of % in (gnu services mail) even for unexported variables, but that doesn't match my understanding of %.
I'd like to remove it here and elsewhere in the file:
$ grep define.*-activation gnu/services/mail.scm (define (%dovecot-activation config) ← local (define opensmtpd-activation (define exim-activation
Would that be noise?
Kind regards,
T G-R
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXQtQrQAKCRANsP+IT1VteX8mAQD6oknkJs2200S/Sj72+KTzWh4fciJ0NkhB8CpzwQQRrQEAo9VfNRB4IE2bPTttL0KfojurcnBEfdnr25/EYF1AIgA==5A+p-----END PGP SIGNATURE-----
L
L
Ludovic Courtès wrote on 20 Jun 2019 13:52
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
871rzolbiw.fsf@gnu.org
Hello,
Tobias Geerinckx-Rice <me@tobias.gr> skribis:
Toggle quote (11 lines)> From 60f3fd35ac4925e86556781ccc2620f54dccacd9 Mon Sep 17 00:00:00 2001> From: Kristofer Buffington <kristoferbuffington@gmail.com>> Date: Wed, 12 Jun 2019 16:34:30 -0400> Subject: [PATCH] services: opensmtpd: Extend the PAM service.>> * gnu/services/mail.scm (%opensmtpd-pam-services): New variable.> (opensmtpd-service-type)[extensions]: Add it, extending> PAM-ROOT-SERVICE-TYPE.>> Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
LGTM, please push Tobias!
Thanks,Ludo’.
L
L
Ludovic Courtès wrote on 20 Jun 2019 13:54
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 36239@debbugs.gnu.org)
87wohgjwuz.fsf@gnu.org
Tobias Geerinckx-Rice <me@tobias.gr> skribis:
Toggle quote (7 lines)>> +(define %opensmtpd-pam-services>> + (list (unix-pam-service "smtpd")))>> Hm. This is consistent with the (inconsistent) use of % in (gnu> services mail) even for unexported variables, but that doesn't match> my understanding of %.
I think I’d use it here; that’s consistent with the rest of the fileactually, no? To me everything looks OK as it is.
Thanks,Ludo’.
T
T
Tobias Geerinckx-Rice wrote on 20 Jun 2019 14:18
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36239@debbugs.gnu.org)
87r27o30xi.fsf@nckx
Ludovic Courtès wrote:
Toggle quote (4 lines)> I think I’d use it here; that’s consistent with the rest of the > file> actually, no? To me everything looks OK as it is.
Then I'm not sure I grok % (which is likely as I've never read a description, only induced its use).
What's the difference between:
(define (%dovecot-activation config) …
and
(define opensmtpd-activation … (define exim-activation …
? I thought it had something to do with being exports/globals but here (%opensmtpd-accounts, etc.) it is used simply to say ‘this is a list’.
Will push,
T G-R
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXQt5kwAKCRANsP+IT1VteSHlAQC+pyqrv1P/jP4WZCYFRFFu/r3FwwHBB7swcPOgIiFgswEA4wYRAqZUhlMt1IPYnZbgXa3ks/2n6++nG/DWR4vWkg4==TiZx-----END PGP SIGNATURE-----
L
L
Ludovic Courtès wrote on 20 Jun 2019 14:49
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 36239@debbugs.gnu.org)
87y31wifps.fsf@gnu.org
Tobias Geerinckx-Rice <me@tobias.gr> skribis:
Toggle quote (20 lines)> Ludovic Courtès wrote:>> I think I’d use it here; that’s consistent with the rest of the file>> actually, no? To me everything looks OK as it is.>> Then I'm not sure I grok % (which is likely as I've never read a> description, only induced its use).>> What's the difference between:>> (define (%dovecot-activation config) …>> and>> (define opensmtpd-activation …> (define exim-activation …>> ? I thought it had something to do with being exports/globals but> here (%opensmtpd-accounts, etc.) it is used simply to say ‘this is a> list’.
It’s a long story. :-)
Initially in Guile the ‘%’ prefix was used for “system” bindings, thingyou don’t normally use as a normal user. Then I think I started usingit for things that are meant to be “internal” or variables meant to beread-only (not procedures). In Guix we sort of follow that but somewhatextend the meaning.
In the example above, I’d rather write ‘dovecot-activation’ (withoutprefix, because it’s a procedure), but I’d probably write‘%exim-activation’, depending on the phase of the moon.
HTH!
Ludo’.
T
T
Tobias Geerinckx-Rice wrote on 20 Jun 2019 15:54
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36239@debbugs.gnu.org)
87o92s2wgu.fsf@nckx
Ludo',
Ludovic Courtès wrote:
Toggle quote (8 lines)>> I thought [%] had something to do with being exports/globals >> but>> here (%opensmtpd-accounts, etc.) it is used simply to say ‘this >> is a>> list’.>> It’s a long story. :-)
Thanks for taking the time to tell it.
Toggle quote (10 lines)> Initially in Guile the ‘%’ prefix was used for “system” > bindings, thing> you don’t normally use as a normal user. Then I think I started > using> it for things that are meant to be “internal” or variables meant > to be> read-only (not procedures). In Guix we sort of follow that but > somewhat> extend the meaning.
s/extend/invert/ if I were feeling sassy. I'd be lying if I said I understood it clearly now, but it'll be a lot easier to placate my obsessive side with a tasty bag of hysterical raisins than to keep searching for a pattern that's just not there.
Toggle quote (5 lines)> In the example above, I’d rather write ‘dovecot-activation’ > (without> prefix, because it’s a procedure), but I’d probably write> ‘%exim-activation’, depending on the phase of the moon.
Now you're just trollin'.
Thanks,
T G-R
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXQuQIQAKCRANsP+IT1VteVJhAP94NE7AjP0rINCP4gaoqSyS4VuW2DYJ0H0cdg42OmT3QQD/c3L0NRKl4I3G0rC/uwvWaTTivwg4mBxYFIYhUeIpOg0==Dggz-----END PGP SIGNATURE-----
T
T
Tobias Geerinckx-Rice wrote on 20 Jun 2019 16:01
87muic2w5y.fsf@nckx
Ludovic Courtès wrote:
Toggle quote (2 lines)> LGTM, please push Tobias!
Done with ace8e269a40b31a9c6f413c0674529880da6a48e.
Thanks, Kristofer!
Kind regards,
T G-R
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXQuRqQAKCRANsP+IT1VteVPBAQDqOWwZOO7ABTzW5mOXZGtKRLL4EgioxCRQQ93VY/TO8QEA/61bEQf8FET9f830VpJ9uf8vZuUvdDdOG2ZCvYKC4As==tjfs-----END PGP SIGNATURE-----
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 36239@debbugs.gnu.org