[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#29483] [PATCH] services: Add openntpd service.
From: |
Efraim Flashner |
Subject: |
[bug#29483] [PATCH] services: Add openntpd service. |
Date: |
Tue, 28 Nov 2017 11:04:43 +0200 |
* gnu/packages/ntp.scm (openntpd)[arguments]: Add 'configure-flags to
set openntpd daemon's user and protected path. Add a custom phase to not
try to create said directory at install time.
* gnu/services/networking.scm (<openntpd-configuration>): New record type.
(openntpd-shepherd-service, openntpd-service-activation): New procedures.
(openntpd-service-type): New variable.
* doc/guix.texi (Networking Services): Add openntpd documentation.
---
doc/guix.texi | 11 ++++++
gnu/packages/ntp.scm | 12 ++++++
gnu/services/networking.scm | 92 ++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 114 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 2a6825682..f0a7dd958 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10498,6 +10498,17 @@ make an initial adjustment of more than 1,000 seconds.
List of host names used as the default NTP servers.
@end defvr
address@hidden Openntpd
address@hidden {Scheme Procedure} openntpd-service [#:openntpd @var{openntpd}] @
+ [#:servers @var{%ntp-servers}] @
+ [#:allow-large-adjustment? #f]
+Return a service that runs the daemon from @var{openntpd}, the
address@hidden://www.openntpd.org, OpenNTPD package}. The daemon will
+keep the system clock synchronized with that of @var{servers}.
address@hidden determines whether @command{ntpd} is allowed to
+make an initial adjustment of more than 180 seconds."
address@hidden deffn
+
@cindex inetd
@deffn {Scheme variable} inetd-service-type
This service runs the @command{inetd} (@pxref{inetd invocation,,,
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index d270f513d..619b9f998 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -107,6 +107,18 @@ computers over a network.")
(base32
"0fn12i4kzsi0zkr4qp3dp9bycmirnfapajqvdfx02zhr4hanj0kv"))))
(build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags '("--with-privsep-user=ntpd"
+ "--with-privsep-path=/var/lib/openntpd"
+ "--localstatedir=/var/lib/openntpd")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'modify-install-locations
+ (lambda _
+ ;; Don't try to create /var/lib/openntpd/run or
/var/lib/openntpd/db
+ (substitute* "src/Makefile.in"
+ (("DESTDIR\\)\\$\\(localstatedir") "TMPDIR"))
+ #t)))))
(inputs
`(("libressl" ,libressl))) ; enable TLS time constraints. See
ntpd.conf(5).
(home-page "http://www.openntpd.org/")
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index b0c23aafc..82762738f 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <address@hidden>
;;; Copyright © 2015 Mark H Weaver <address@hidden>
-;;; Copyright © 2016 Efraim Flashner <address@hidden>
+;;; Copyright © 2016, 2017 Efraim Flashner <address@hidden>
;;; Copyright © 2016 John Darrington <address@hidden>
;;; Copyright © 2017 Clément Lassieur <address@hidden>
;;; Copyright © 2017 Thomas Danckaert <address@hidden>
@@ -62,6 +62,11 @@
ntp-service
ntp-service-type
+ openntpd-configuration
+ openntpd-configuration?
+ openntpd-service
+ openntpd-service-type
+
inetd-configuration
inetd-entry
inetd-service-type
@@ -447,6 +452,91 @@ make an initial adjustment of more than 1,000 seconds."
(allow-large-adjustment?
allow-large-adjustment?))))
+(define-record-type* <openntpd-configuration>
+ openntpd-configuration make-openntpd-configuration
+ openntpd-configuration?
+ (openntpd openntpd-configuration-openntpd
+ (default openntpd))
+ (servers openntpd-configuration-servers)
+ (allow-large-adjustment? openntpd-allow-large-adjustment?
+ (default #f))) ; upstream default
+
+(define openntpd-shepherd-service
+ (match-lambda
+ (($ <openntpd-configuration> openntpd servers allow-large-adjustment?)
+ (let ()
+ (define config
+ (string-append (string-join (map (cut string-append "server " <>)
+ servers)
+ "\n")
+ "
+# Only listen on localhost
+listen on 127.0.0.1
+listen on ::1
+
+# Query the 'Date' from trusted HTTPS servers via TLS.
+constraint from www.gnu.org\n"))
+
+ (define ntpd.conf
+ (plain-file "ntpd.conf" config))
+
+ (list (shepherd-service
+ (provision '(openntpd))
+ (documentation "Run the Network Time Protocol (NTP) daemon.")
+ (requirement '(user-processes networking))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$openntpd "/sbin/ntpd")
+ "-f" #$ntpd.conf
+ #$@(if allow-large-adjustment?
+ '("-s")
+ '()))))
+ (stop #~(make-kill-destructor))))))))
+
+(define (openntpd-service-activation config)
+ "Return the activation gexp for CONFIG."
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (define %user
+ (getpw "ntpd"))
+
+ (let ((directory "/var/lib/openntpd"))
+ (mkdir-p directory)
+ ;; and for the socket
+ (mkdir-p (string-append directory "/db"))
+ (mkdir-p (string-append directory "/run"))
+ (chown directory (passwd:uid %user) (passwd:gid %user))
+ (chmod directory #o755)))))
+
+(define openntpd-service-type
+ (service-type (name 'openntpd)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ openntpd-shepherd-service)
+ (service-extension account-service-type
+ (const %ntp-accounts))
+ (service-extension activation-service-type
+ openntpd-service-activation)))
+ (description
+ "Run the @command{ntpd}, the Network Time Protocol (NTP)
+daemon of the @uref{http://www.ntp.org, Network Time Foundation}, as
+implemented by OpenNTPD. The daemon will keep the system clock synchronized
+with that of the given servers.")))
+
+(define* (openntpd-service #:key (openntpd openntpd)
+ (servers %ntp-servers)
+ allow-large-adjustment?)
+ "Return a service that runs the daemon from @var{openntpd}, the
address@hidden://www.openntpd.org, OpenNTPD package}. The daemon will
+keep the system clock synchronized with that of @var{servers}.
address@hidden determines whether @command{ntpd} is allowed to
+make an initial adjustment of more than 180 seconds."
+ (service openntpd-service-type
+ (openntpd-configuration (openntpd openntpd)
+ (servers servers)
+ (allow-large-adjustment?
+ allow-large-adjustment?))))
+
;;;
;;; Inetd.
--
2.15.0
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug#29483] [PATCH] services: Add openntpd service.,
Efraim Flashner <=