[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/12: services: pagekite: Use ‘least-authority-wrapper’.
From: |
guix-commits |
Subject: |
03/12: services: pagekite: Use ‘least-authority-wrapper’. |
Date: |
Thu, 21 Dec 2023 18:36:52 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 43acd98e4133074598b826f5406b4a3e58ffb3b6
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sat Nov 11 16:04:57 2023 +0100
services: pagekite: Use ‘least-authority-wrapper’.
* gnu/services/networking.scm (pagekite-shepherd-service): Define
‘config-file’ and ‘mappings’; define ‘pagekite’ in terms of
‘least-authority-wrapper’. Remove now-unneeded ‘with-imported-modules’
form and ‘modules’ field. Use ‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’.
Change-Id: I7c6c6266785f6a0f81a69d85f070779a0d6edd91
---
gnu/services/networking.scm | 35 ++++++++++++++++++++---------------
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 0508a4282c..d3376f9acb 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1918,29 +1918,34 @@ table inet filter {
(define (pagekite-shepherd-service config)
(match-record config <pagekite-configuration>
(package kitename kitesecret frontend kites extra-file)
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
+ (let* ((config-file (pagekite-configuration-file config))
+ (mappings (cons (file-system-mapping
+ (source config-file)
+ (target source))
+ (if extra-file
+ (list (file-system-mapping
+ (source extra-file)
+ (target source)))
+ '())))
+ (pagekite (least-authority-wrapper
+ (file-append package "/bin/pagekite")
+ #:name "pagekite"
+ #:mappings mappings
+ ;; 'pagekite' changes user IDs to it needs to run in the
+ ;; global user namespace.
+ #:namespaces (fold delq %namespaces '(net user)))))
(shepherd-service
(documentation "Run the PageKite service.")
(provision '(pagekite))
(requirement '(networking))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start #~(make-forkexec-constructor/container
- (list #$(file-append package "/bin/pagekite")
+ (start #~(make-forkexec-constructor
+ (list #$pagekite
"--clean"
"--nullui"
"--nocrashreport"
"--runas=pagekite:pagekite"
- (string-append "--optfile="
- #$(pagekite-configuration-file config)))
- #:log-file "/var/log/pagekite.log"
- #:mappings #$(if extra-file
- #~(list (file-system-mapping
- (source #$extra-file)
- (target source)))
- #~'())))
+ (string-append "--optfile=" #$config-file))
+ #:log-file "/var/log/pagekite.log"))
;; SIGTERM doesn't always work for some reason.
(stop #~(make-kill-destructor SIGINT))))))
- branch master updated (4771960e5d -> ca81317389), guix-commits, 2023/12/21
- 02/12: gexp: #:references-graphs accepts and honors <gexp-input> records., guix-commits, 2023/12/21
- 11/12: services: Remove unnecessary references to (gnu build shepherd)., guix-commits, 2023/12/21
- 07/12: tests: jami: Check status of Jami D-Bus session., guix-commits, 2023/12/21
- 06/12: least-authority: Add support for changing UIDs/GIDs before exec., guix-commits, 2023/12/21
- 05/12: services: bitlbee: Remove use of ‘make-forkexec-constructor/container’., guix-commits, 2023/12/21
- 01/12: gexp: Add compiler for <gexp-input>., guix-commits, 2023/12/21
- 10/12: services: jami: Use ‘least-authority-wrapper’., guix-commits, 2023/12/21
- 12/12: shepherd: Remove ‘make-forkexec-constructor/container’., guix-commits, 2023/12/21
- 08/12: tests: jami: Double timeouts., guix-commits, 2023/12/21
- 03/12: services: pagekite: Use ‘least-authority-wrapper’.,
guix-commits <=
- 04/12: services: pagekite: Add ‘configuration’ action., guix-commits, 2023/12/21
- 09/12: services: jami-dbus-session: Use ‘least-authority-wrapper’., guix-commits, 2023/12/21