[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#29483] [PATCH] services: Add openntpd service.
|
From: |
Marius Bakke |
|
Subject: |
[bug#29483] [PATCH] services: Add openntpd service. |
|
Date: |
Sun, 03 Dec 2017 20:24:13 +0100 |
|
User-agent: |
Notmuch/0.25.2 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) |
Efraim Flashner <address@hidden> writes:
> * gnu/packages/ntp.scm (openntpd)[arguments]: Add 'configure-flags to
> set openntpd daemon's user and protected path. Add a custom phase to not
> try to create said directory at install time.
> * gnu/services/networking.scm (<openntpd-configuration>): New record type.
> (openntpd-shepherd-service, openntpd-service-activation): New procedures.
> (openntpd-service-type): New variable.
> * doc/guix.texi (Networking Services): Add openntpd documentation.
> ---
> doc/guix.texi | 11 ++++++
> gnu/packages/ntp.scm | 12 ++++++
> gnu/services/networking.scm | 92
> ++++++++++++++++++++++++++++++++++++++++++++-
> 3 files changed, 114 insertions(+), 1 deletion(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 2a6825682..f0a7dd958 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -10498,6 +10498,17 @@ make an initial adjustment of more than 1,000
> seconds.
> List of host names used as the default NTP servers.
> @end defvr
>
> address@hidden Openntpd
> address@hidden {Scheme Procedure} openntpd-service [#:openntpd
> @var{openntpd}] @
> + [#:servers @var{%ntp-servers}] @
> + [#:allow-large-adjustment? #f]
> +Return a service that runs the daemon from @var{openntpd}, the
> address@hidden://www.openntpd.org, OpenNTPD package}. The daemon will
> +keep the system clock synchronized with that of @var{servers}.
> address@hidden determines whether @command{ntpd} is allowed to
> +make an initial adjustment of more than 180 seconds."
> address@hidden deffn
> +
> @cindex inetd
> @deffn {Scheme variable} inetd-service-type
> This service runs the @command{inetd} (@pxref{inetd invocation,,,
> diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
> index d270f513d..619b9f998 100644
> --- a/gnu/packages/ntp.scm
> +++ b/gnu/packages/ntp.scm
> @@ -107,6 +107,18 @@ computers over a network.")
> (base32
> "0fn12i4kzsi0zkr4qp3dp9bycmirnfapajqvdfx02zhr4hanj0kv"))))
> (build-system gnu-build-system)
> + (arguments
> + '(#:configure-flags '("--with-privsep-user=ntpd"
> + "--with-privsep-path=/var/lib/openntpd"
> + "--localstatedir=/var/lib/openntpd")
Do we have to change localstatedir? Would it work to create
/var/run/ntpd.sock and chown it? Or is this the common way of
deployment? No strong opinion though.
> + #:phases
> + (modify-phases %standard-phases
> + (add-after 'unpack 'modify-install-locations
> + (lambda _
> + ;; Don't try to create /var/lib/openntpd/run or
> /var/lib/openntpd/db
> + (substitute* "src/Makefile.in"
> + (("DESTDIR\\)\\$\\(localstatedir") "TMPDIR"))
> + #t)))))
> (inputs
> `(("libressl" ,libressl))) ; enable TLS time constraints. See
> ntpd.conf(5).
> (home-page "http://www.openntpd.org/";)
> diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
> index b0c23aafc..82762738f 100644
> --- a/gnu/services/networking.scm
> +++ b/gnu/services/networking.scm
> @@ -1,7 +1,7 @@
> ;;; GNU Guix --- Functional package management for GNU
> ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <address@hidden>
> ;;; Copyright © 2015 Mark H Weaver <address@hidden>
> -;;; Copyright © 2016 Efraim Flashner <address@hidden>
> +;;; Copyright © 2016, 2017 Efraim Flashner <address@hidden>
> ;;; Copyright © 2016 John Darrington <address@hidden>
> ;;; Copyright © 2017 Clément Lassieur <address@hidden>
> ;;; Copyright © 2017 Thomas Danckaert <address@hidden>
> @@ -62,6 +62,11 @@
> ntp-service
> ntp-service-type
>
> + openntpd-configuration
> + openntpd-configuration?
> + openntpd-service
> + openntpd-service-type
> +
> inetd-configuration
> inetd-entry
> inetd-service-type
> @@ -447,6 +452,91 @@ make an initial adjustment of more than 1,000 seconds."
> (allow-large-adjustment?
> allow-large-adjustment?))))
>
> +(define-record-type* <openntpd-configuration>
> + openntpd-configuration make-openntpd-configuration
> + openntpd-configuration?
> + (openntpd openntpd-configuration-openntpd
> + (default openntpd))
> + (servers openntpd-configuration-servers)
> + (allow-large-adjustment? openntpd-allow-large-adjustment?
> + (default #f))) ; upstream default
> +
> +(define openntpd-shepherd-service
> + (match-lambda
> + (($ <openntpd-configuration> openntpd servers allow-large-adjustment?)
> + (let ()
> + (define config
> + (string-append (string-join (map (cut string-append "server " <>)
> + servers)
> + "\n")
> + "
> +# Only listen on localhost
> +listen on 127.0.0.1
> +listen on ::1
> +
> +# Query the 'Date' from trusted HTTPS servers via TLS.
> +constraint from www.gnu.org\n"))
It would be good if these options are configurable. A user may want to
use a different constraint server, or none at all, and maybe also expose
this as an SNTP service. IIRC constraints can also be specified
multiple times, so maybe add #:listen-on and #:constraints ?
It would also be great to have a system test that at least verifies that
the default configuration is okay. Testing NTP functionality may be
trickier.
> +
> + (define ntpd.conf
> + (plain-file "ntpd.conf" config))
> +
> + (list (shepherd-service
> + (provision '(openntpd))
> + (documentation "Run the Network Time Protocol (NTP) daemon.")
> + (requirement '(user-processes networking))
> + (start #~(make-forkexec-constructor
> + (list (string-append #$openntpd "/sbin/ntpd")
> + "-f" #$ntpd.conf
> + #$@(if allow-large-adjustment?
> + '("-s")
> + '()))))
> + (stop #~(make-kill-destructor))))))))
> +
> +(define (openntpd-service-activation config)
> + "Return the activation gexp for CONFIG."
> + (with-imported-modules '((guix build utils))
> + #~(begin
> + (use-modules (guix build utils))
> + (define %user
> + (getpw "ntpd"))
> +
> + (let ((directory "/var/lib/openntpd"))
> + (mkdir-p directory)
> + ;; and for the socket
> + (mkdir-p (string-append directory "/db"))
> + (mkdir-p (string-append directory "/run"))
> + (chown directory (passwd:uid %user) (passwd:gid %user))
> + (chmod directory #o755)))))
> +
> +(define openntpd-service-type
> + (service-type (name 'openntpd)
> + (extensions
> + (list (service-extension shepherd-root-service-type
> + openntpd-shepherd-service)
> + (service-extension account-service-type
> + (const %ntp-accounts))
> + (service-extension activation-service-type
> + openntpd-service-activation)))
> + (description
> + "Run the @command{ntpd}, the Network Time Protocol (NTP)
> +daemon of the @uref{http://www.ntp.org, Network Time Foundation}, as
> +implemented by OpenNTPD. The daemon will keep the system clock synchronized
> +with that of the given servers.")))
> +
> +(define* (openntpd-service #:key (openntpd openntpd)
> + (servers %ntp-servers)
> + allow-large-adjustment?)
> + "Return a service that runs the daemon from @var{openntpd}, the
> address@hidden://www.openntpd.org, OpenNTPD package}. The daemon will
> +keep the system clock synchronized with that of @var{servers}.
> address@hidden determines whether @command{ntpd} is allowed to
> +make an initial adjustment of more than 180 seconds."
> + (service openntpd-service-type
> + (openntpd-configuration (openntpd openntpd)
> + (servers servers)
> + (allow-large-adjustment?
> + allow-large-adjustment?))))
> +
>
> ;;;
> ;;; Inetd.
> --
> 2.15.0
signature.asc
Description: PGP signature