From 0bf7d34d77ffca40be9e04586195054e9f2c7a13 Mon Sep 17 00:00:00 2001 From: Jesse Gibbons Date: Sat, 14 Sep 2019 16:35:39 -0600 Subject: services: For "gdm-password" pam service, include "limits.conf". * gnu/services/base.scm (pam-limits-service-type): For "gdm-password" pam service, include "limits.conf". Signed-off-by: Danny Milosavljevic --- gnu/services/base.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 25716ef152..6ab7b110ec 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1478,7 +1478,7 @@ (define pam-limits-service-type (module "pam_limits.so") (arguments '("conf=/etc/security/limits.conf"))))) (if (member (pam-service-name pam) - '("login" "su" "slim")) + '("login" "su" "slim" "gdm-password")) (pam-service (inherit pam) (session (cons pam-limits -- cgit v1.2.3 From 3a69dd5c1558caa295b22476bbf00d88e62e81a8 Mon Sep 17 00:00:00 2001 From: Jan Nieuwenhuizen Date: Fri, 4 Oct 2019 17:03:24 +0200 Subject: services: httpd: Fix virtual-host doc and config. * doc/guix.texi (Web Services): Fix httpd-virtualhost examples. * gnu/services/web.scm (httpd-process-extensions): Add missing newline separator. --- doc/guix.texi | 16 ++++++++-------- gnu/services/web.scm | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 93139e2d05..b49934dc0e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19419,13 +19419,13 @@ Other services can also extend the @code{httpd-service-type} to add to the configuration. @lisp -(simple-service 'my-extra-server httpd-service-type +(simple-service 'www.example.com-server httpd-service-type (list (httpd-virtualhost "*:80" - (list (string-append - "ServerName "www.example.com - DocumentRoot \"/srv/http/www.example.com\""))))) + (list (string-join '("ServerName www.example.com" + "DocumentRoot /srv/http/www.example.com") + "\n"))))) @end lisp @end deffn @@ -19559,13 +19559,13 @@ This data type represents a virtualhost configuration block for the httpd servic These should be added to the extra-config for the httpd-service. @lisp -(simple-service 'my-extra-server httpd-service-type +(simple-service 'www.example.com-server httpd-service-type (list (httpd-virtualhost "*:80" - (list (string-append - "ServerName "www.example.com - DocumentRoot \"/srv/http/www.example.com\""))))) + (list (string-join '("ServerName www.example.com" + "DocumentRoot /srv/http/www.example.com") + "\n"))))) @end lisp @table @asis diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 56971238ab..899be1c168 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -438,7 +438,7 @@ (define (httpd-process-extensions original-config extension-configs) addresses-and-ports contents) `(,(string-append - "\n") + "\n\n") ,@contents "\n\n")) ((? string? x) -- cgit v1.2.3 From 62c2217570fb3a3437e8316d3679b7fe13db0884 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 6 Oct 2019 12:01:24 +0200 Subject: services: agetty: Explicitly depend on (gnu build linux-boot). * gnu/services/base.scm (default-serial-port): Wrap in 'with-imported-modules'. --- gnu/services/base.scm | 62 ++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 30 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 6ab7b110ec..b1c6f3c941 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -939,36 +939,38 @@ (define-record-type* (define (default-serial-port) "Return a gexp that determines a reasonable default serial port to use as the tty. This is primarily useful for headless systems." - #~(begin - ;; console=device,options - ;; device: can be tty0, ttyS0, lp0, ttyUSB0 (serial). - ;; options: BBBBPNF. P n|o|e, N number of bits, - ;; F flow control (r RTS) - (let* ((not-comma (char-set-complement (char-set #\,))) - (command (linux-command-line)) - (agetty-specs (find-long-options "agetty.tty" command)) - (console-specs (filter (lambda (spec) - (and (string-prefix? "tty" spec) - (not (or - (string-prefix? "tty0" spec) - (string-prefix? "tty1" spec) - (string-prefix? "tty2" spec) - (string-prefix? "tty3" spec) - (string-prefix? "tty4" spec) - (string-prefix? "tty5" spec) - (string-prefix? "tty6" spec) - (string-prefix? "tty7" spec) - (string-prefix? "tty8" spec) - (string-prefix? "tty9" spec))))) - (find-long-options "console" command))) - (specs (append agetty-specs console-specs))) - (match specs - (() #f) - ((spec _ ...) - ;; Extract device name from first spec. - (match (string-tokenize spec not-comma) - ((device-name _ ...) - device-name))))))) + (with-imported-modules (source-module-closure + '((gnu build linux-boot))) ;for 'find-long-options' + #~(begin + ;; console=device,options + ;; device: can be tty0, ttyS0, lp0, ttyUSB0 (serial). + ;; options: BBBBPNF. P n|o|e, N number of bits, + ;; F flow control (r RTS) + (let* ((not-comma (char-set-complement (char-set #\,))) + (command (linux-command-line)) + (agetty-specs (find-long-options "agetty.tty" command)) + (console-specs (filter (lambda (spec) + (and (string-prefix? "tty" spec) + (not (or + (string-prefix? "tty0" spec) + (string-prefix? "tty1" spec) + (string-prefix? "tty2" spec) + (string-prefix? "tty3" spec) + (string-prefix? "tty4" spec) + (string-prefix? "tty5" spec) + (string-prefix? "tty6" spec) + (string-prefix? "tty7" spec) + (string-prefix? "tty8" spec) + (string-prefix? "tty9" spec))))) + (find-long-options "console" command))) + (specs (append agetty-specs console-specs))) + (match specs + (() #f) + ((spec _ ...) + ;; Extract device name from first spec. + (match (string-tokenize spec not-comma) + ((device-name _ ...) + device-name)))))))) (define agetty-shepherd-service (match-lambda -- cgit v1.2.3 From 38b1ea0434665260fa1381555ce7d725ba427f51 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 6 Oct 2019 12:42:41 +0200 Subject: services: udev: Explicitly depend on (gnu build linux-boot). * gnu/services/base.scm (udev-shepherd-service): Wrap 'start' method in 'with-imported-modules'. --- gnu/services/base.scm | 121 ++++++++++++++++++++++++++------------------------ 1 file changed, 62 insertions(+), 59 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index b1c6f3c941..de1321d763 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1996,64 +1996,67 @@ (define udev-shepherd-service (requirement '(root-file-system)) (documentation "Populate the /dev directory, dynamically.") - (start #~(lambda () - (define udevd - ;; 'udevd' from eudev. - #$(file-append udev "/sbin/udevd")) - - (define (wait-for-udevd) - ;; Wait until someone's listening on udevd's control - ;; socket. - (let ((sock (socket AF_UNIX SOCK_SEQPACKET 0))) - (let try () - (catch 'system-error - (lambda () - (connect sock PF_UNIX "/run/udev/control") - (close-port sock)) - (lambda args - (format #t "waiting for udevd...~%") - (usleep 500000) - (try)))))) - - ;; Allow udev to find the modules. - (setenv "LINUX_MODULE_DIRECTORY" - "/run/booted-system/kernel/lib/modules") - - ;; The first one is for udev, the second one for eudev. - (setenv "UDEV_CONFIG_FILE" #$udev.conf) - (setenv "EUDEV_RULES_DIRECTORY" - #$(file-append rules "/lib/udev/rules.d")) - - (let* ((kernel-release - (utsname:release (uname))) - (linux-module-directory - (getenv "LINUX_MODULE_DIRECTORY")) - (directory - (string-append linux-module-directory "/" - kernel-release)) - (old-umask (umask #o022))) - ;; If we're in a container, DIRECTORY might not exist, - ;; for instance because the host runs a different - ;; kernel. In that case, skip it; we'll just miss a few - ;; nodes like /dev/fuse. - (when (file-exists? directory) - (make-static-device-nodes directory)) - (umask old-umask)) - - (let ((pid (fork+exec-command (list udevd)))) - ;; Wait until udevd is up and running. This appears to - ;; be needed so that the events triggered below are - ;; actually handled. - (wait-for-udevd) - - ;; Trigger device node creation. - (system* #$(file-append udev "/bin/udevadm") - "trigger" "--action=add") - - ;; Wait for things to settle down. - (system* #$(file-append udev "/bin/udevadm") - "settle") - pid))) + (start + (with-imported-modules (source-module-closure + '((gnu build linux-boot))) + #~(lambda () + (define udevd + ;; 'udevd' from eudev. + #$(file-append udev "/sbin/udevd")) + + (define (wait-for-udevd) + ;; Wait until someone's listening on udevd's control + ;; socket. + (let ((sock (socket AF_UNIX SOCK_SEQPACKET 0))) + (let try () + (catch 'system-error + (lambda () + (connect sock PF_UNIX "/run/udev/control") + (close-port sock)) + (lambda args + (format #t "waiting for udevd...~%") + (usleep 500000) + (try)))))) + + ;; Allow udev to find the modules. + (setenv "LINUX_MODULE_DIRECTORY" + "/run/booted-system/kernel/lib/modules") + + ;; The first one is for udev, the second one for eudev. + (setenv "UDEV_CONFIG_FILE" #$udev.conf) + (setenv "EUDEV_RULES_DIRECTORY" + #$(file-append rules "/lib/udev/rules.d")) + + (let* ((kernel-release + (utsname:release (uname))) + (linux-module-directory + (getenv "LINUX_MODULE_DIRECTORY")) + (directory + (string-append linux-module-directory "/" + kernel-release)) + (old-umask (umask #o022))) + ;; If we're in a container, DIRECTORY might not exist, + ;; for instance because the host runs a different + ;; kernel. In that case, skip it; we'll just miss a few + ;; nodes like /dev/fuse. + (when (file-exists? directory) + (make-static-device-nodes directory)) + (umask old-umask)) + + (let ((pid (fork+exec-command (list udevd)))) + ;; Wait until udevd is up and running. This appears to + ;; be needed so that the events triggered below are + ;; actually handled. + (wait-for-udevd) + + ;; Trigger device node creation. + (system* #$(file-append udev "/bin/udevadm") + "trigger" "--action=add") + + ;; Wait for things to settle down. + (system* #$(file-append udev "/bin/udevadm") + "settle") + pid)))) (stop #~(make-kill-destructor)) ;; When halting the system, 'udev' is actually killed by @@ -2061,7 +2064,7 @@ (define (wait-for-udevd) ;; Thus, make sure it is not respawned. (respawn? #f) ;; We need additional modules. - (modules `((gnu build linux-boot) + (modules `((gnu build linux-boot) ;'make-static-device-nodes' ,@%default-modules)) (actions (list (shepherd-action -- cgit v1.2.3 From 63b0ce391f6ea79012fac893e933e39d7a16abbd Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 6 Oct 2019 12:51:33 +0200 Subject: services: shepherd: Compile service files. This reduces resident memory for PID 1 from 29.8MiB to 28.7MiB right after boot on a bare-bones system (x86_64-linux). * gnu/services/shepherd.scm (scm->go): New procedure. (shepherd-configuration-file)[config]: Call it and use 'load-compiled' instead of 'primitive-load'. --- gnu/services/shepherd.scm | 77 +++++++++++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 30 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm index 45c67e04eb..08bb33039c 100644 --- a/gnu/services/shepherd.scm +++ b/gnu/services/shepherd.scm @@ -255,6 +255,22 @@ (define (shepherd-service-file service) #~(#$name #$doc #$proc))) (shepherd-service-actions service)))))))) +(define (scm->go file) + "Compile FILE, which contains code to be loaded by shepherd's config file, +and return the resulting '.go' file." + (with-extensions (list shepherd) + (computed-file (string-append (basename (scheme-file-name file) ".scm") + ".go") + #~(begin + (use-modules (system base compile)) + + ;; Do the same as the Shepherd's 'load-in-user-module'. + (let ((env (make-fresh-user-module))) + (module-use! env (resolve-interface '(oop goops))) + (module-use! env (resolve-interface '(shepherd service))) + (compile-file #$file #:output-file #$output + #:env env)))))) + (define (shepherd-configuration-file services) "Return the shepherd configuration file for SERVICES." (assert-valid-graph services) @@ -269,36 +285,37 @@ (define config ;; than a kernel panic. (call-with-error-handling (lambda () - (apply register-services (map primitive-load '#$files)) - - ;; guix-daemon 0.6 aborts if 'PATH' is undefined, so work around - ;; it. - (setenv "PATH" "/run/current-system/profile/bin") - - (format #t "starting services...~%") - (for-each (lambda (service) - ;; In the Shepherd 0.3 the 'start' method can raise - ;; '&action-runtime-error' if it fails, so protect - ;; against it. (XXX: 'action-runtime-error?' is not - ;; exported is 0.3, hence 'service-error?'.) - (guard (c ((service-error? c) - (format (current-error-port) - "failed to start service '~a'~%" - service))) - (start service))) - '#$(append-map shepherd-service-provision - (filter shepherd-service-auto-start? - services))) - - ;; Hang up stdin. At this point, we assume that 'start' methods - ;; that required user interaction on the console (e.g., - ;; 'cryptsetup open' invocations, post-fsck emergency REPL) have - ;; completed. User interaction becomes impossible after this - ;; call; this avoids situations where services wrongfully lead - ;; PID 1 to read from stdin (the console), which users may not - ;; have access to (see ). - (redirect-port (open-input-file "/dev/null") - (current-input-port)))))) + (apply register-services + (map load-compiled '#$(map scm->go files))))) + + ;; guix-daemon 0.6 aborts if 'PATH' is undefined, so work around + ;; it. + (setenv "PATH" "/run/current-system/profile/bin") + + (format #t "starting services...~%") + (for-each (lambda (service) + ;; In the Shepherd 0.3 the 'start' method can raise + ;; '&action-runtime-error' if it fails, so protect + ;; against it. (XXX: 'action-runtime-error?' is not + ;; exported is 0.3, hence 'service-error?'.) + (guard (c ((service-error? c) + (format (current-error-port) + "failed to start service '~a'~%" + service))) + (start service))) + '#$(append-map shepherd-service-provision + (filter shepherd-service-auto-start? + services))) + + ;; Hang up stdin. At this point, we assume that 'start' methods + ;; that required user interaction on the console (e.g., + ;; 'cryptsetup open' invocations, post-fsck emergency REPL) have + ;; completed. User interaction becomes impossible after this + ;; call; this avoids situations where services wrongfully lead + ;; PID 1 to read from stdin (the console), which users may not + ;; have access to (see ). + (redirect-port (open-input-file "/dev/null") + (current-input-port)))) (scheme-file "shepherd.conf" config))) -- cgit v1.2.3