[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#61744] [PATCH] services: base: Deprecate 'pam-limits-service' proce
|
From: |
Bruno Victal |
|
Subject: |
[bug#61744] [PATCH] services: base: Deprecate 'pam-limits-service' procedure. |
|
Date: |
Fri, 24 Feb 2023 00:12:10 +0000 |
* doc/guix.texi (Base Services): Replace pam-limits-service with
pam-limits-service-type.
* gnu/packages/benchmark.scm (python-locust)[description]: Update index anchor
to manual.
* gnu/services/base.scm (pam-limits-service-type): Accept both lists and
file-like objects for compatibility.
(pam-limits-service): Deprecate procedure.
---
Sending this one for review now since this service is a bit unusual compared to
the other ones.
doc/guix.texi | 18 ++++++++---------
gnu/packages/benchmark.scm | 2 +-
gnu/services/base.scm | 41 +++++++++++++++++++++++++++-----------
3 files changed, 39 insertions(+), 22 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index a7ef00f421..9127090d44 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18926,7 +18926,6 @@ Base Services
@var{device} does not exist.
@end deffn
-@anchor{pam-limits-service}
@cindex session limits
@cindex ulimit
@cindex priority
@@ -18934,19 +18933,20 @@ Base Services
@cindex jackd
@cindex nofile
@cindex open file descriptors
-@deffn {Scheme Procedure} pam-limits-service [#:limits @code{'()}]
-
-Return a service that installs a configuration file for the
+@anchor{pam-limits-service-type}
+@defvar pam-limits-service-type
+Type of the service that installs a configuration file for the
@uref{http://linux-pam.org/Linux-PAM-html/sag-pam_limits.html,
-@code{pam_limits} module}. The procedure optionally takes a list of
-@code{pam-limits-entry} values, which can be used to specify
+@code{pam_limits} module}. The value for this service type is
+a list of @code{pam-limits-entry} values, which can be used to specify
@code{ulimit} limits and @code{nice} priority limits to user sessions.
+By default, the value is the empty list.
The following limits definition sets two hard and soft limits for all
login sessions of users in the @code{realtime} group:
@lisp
-(pam-limits-service
+(service pam-limits-service-type
(list
(pam-limits-entry "@@realtime" 'both 'rtprio 99)
(pam-limits-entry "@@realtime" 'both 'memlock 'unlimited)))
@@ -18961,7 +18961,7 @@ Base Services
descriptors that can be used:
@lisp
-(pam-limits-service
+(service pam-limits-service-type
(list
(pam-limits-entry "*" 'both 'nofile 100000)))
@end lisp
@@ -18972,7 +18972,7 @@ Base Services
else the users would be prevented from login in. For more information
about the Pluggable Authentication Module (PAM) limits, refer to the
@samp{pam_limits} man page from the @code{linux-pam} package.
-@end deffn
+@end defvar
@defvar greetd-service-type
@uref{https://git.sr.ht/~kennylevinsen/greetd, @code{greetd}} is a minimal and
diff --git a/gnu/packages/benchmark.scm b/gnu/packages/benchmark.scm
index 33e2466da9..fd8513f41d 100644
--- a/gnu/packages/benchmark.scm
+++ b/gnu/packages/benchmark.scm
@@ -458,7 +458,7 @@ (define-public python-locust
Note: Locust will complain if the available open file descriptors limit for
the user is too low. To raise such limit on a Guix System, refer to
-@samp{info guix --index-search=pam-limits-service}.")
+@samp{info guix --index-search=pam-limits-service-type}.")
(license license:expat)))
(define-public interbench
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 35b03a877b..5a2e0263e4 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -40,7 +40,7 @@
(define-module (gnu services base)
#:use-module (guix store)
#:use-module (guix deprecation)
- #:autoload (guix diagnostics) (warning &fix-hint)
+ #:autoload (guix diagnostics) (warning report-error &fix-hint)
#:autoload (guix i18n) (G_)
#:use-module (guix combinators)
#:use-module (gnu services)
@@ -245,7 +245,7 @@ (define-module (gnu services base)
kmscon-service-type
pam-limits-service-type
- pam-limits-service
+ pam-limits-service ; deprecated
greetd-service-type
greetd-configuration
@@ -1570,17 +1570,13 @@ (define* (syslog-service #:optional (config
(syslog-configuration)))
(define pam-limits-service-type
- (let ((security-limits
- ;; Create /etc/security containing the provided "limits.conf" file.
- (lambda (limits-file)
- `(("security/limits.conf"
- ,limits-file))))
- (pam-extension
+ (let ((pam-extension
(lambda (pam)
(let ((pam-limits (pam-entry
(control "required")
(module "pam_limits.so")
- (arguments
'("conf=/etc/security/limits.conf")))))
+ (arguments
+ '("conf=/etc/security/limits.conf")))))
(if (member (pam-service-name pam)
'("login" "greetd" "su" "slim" "gdm-password" "sddm"
"sudo" "sshd"))
@@ -1588,7 +1584,26 @@ (define pam-limits-service-type
(inherit pam)
(session (cons pam-limits
(pam-service-session pam))))
- pam)))))
+ pam))))
+
+ ;; XXX: Using file-like objects is deprecated, use lists instead.
+ ;; This is to be reduced into the list? case when the deprecated
+ ;; code gets removed.
+ ;; Create /etc/security containing the provided "limits.conf" file.
+ (security-limits
+ (match-lambda
+ ((? file-like? obj)
+ (warning (G_ "Using file-like value for 'pam-limits-service-type'
+is deprecated~%"))
+ obj)
+ ((? list? lst)
+ `(("security/limits.conf"
+ ,(plain-file "limits.conf"
+ (string-join (map pam-limits-entry->string lst)
+ "\n" 'suffix)))))
+ (_ (report-error
+ (G_ "invalid input for 'pam-limits-service-type'~%"))))))
+
(service-type
(name 'limits)
(extensions
@@ -1598,9 +1613,11 @@ (define pam-limits-service-type
(description
"Install the specified resource usage limits by populating
@file{/etc/security/limits.conf} and using the @code{pam_limits}
-authentication module."))))
+authentication module.")
+ (default-value '()))))
-(define* (pam-limits-service #:optional (limits '()))
+(define-deprecated (pam-limits-service #:optional (limits '()))
+ pam-limits-service-type
"Return a service that makes selected programs respect the list of
pam-limits-entry specified in LIMITS via pam_limits.so."
(service pam-limits-service-type
base-commit: 5d10644371abd54d0edcd638691113f0a92de743
--
2.39.1
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug#61744] [PATCH] services: base: Deprecate 'pam-limits-service' procedure.,
Bruno Victal <=