futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

services: jami: Use ‘least-authority-wrapper’.

Browse Source 
* gnu/services/telephony.scm (jami-configuration->command-line-arguments)
[wrapper]: New procedure.
Use it.
(jami-shepherd-services): In ‘start’ method of ‘jami’ service, use
‘fork+exec-command’ instead of ‘make-forkexec-constructor/container’.
Remove use of (gnu build shepherd).

Change-Id: Ic71c0c88477d92bf137d9d0a5832bae8721cc210
This commit is contained in:
Ludovic Courtès 2023-11-14 11:06:26 +01:00
parent 8bd1c14997
commit 62a08abea7
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 37 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
gnu/services/telephony.scm
View File

@ -261,9 +261,37 @@ consistent state."))
(define (jami-configuration->command-line-arguments config)
"Derive the command line arguments to used to launch the Jami daemon from
CONFIG, a <jami-configuration> object."
(define (wrapper libjami)
(least-authority-wrapper
;; XXX: 'gexp-input' is needed as the outer layer so that
;; 'references-file' picks the right output of LIBJAMI.
(gexp-input (file-append (gexp-input libjami "bin") "/libexec/jamid")
"bin")
#:mappings
(list (file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/lib/jami")
(target source)
(writable? #t))
(file-system-mapping
(source "/var/run/jami")
(target source)
(writable? #t))
;; Expose TLS certificates for GnuTLS.
(file-system-mapping
(source (file-append nss-certs "/etc/ssl/certs"))
(target "/etc/ssl/certs")))
#:preserved-environment-variables
'("DBUS_SESSION_BUS_ADDRESS" "SSL_CERT_DIR")
#:user "jami"
#:group "jami"
#:namespaces (fold delq %namespaces '(net user))))
(match-record config <jami-configuration>
(libjami dbus enable-logging? debug? auto-answer?)
`(,#~(string-append #$libjami:bin "/libexec/jamid")
`(,(wrapper libjami)
"--persistent" ;stay alive after client quits
,@(if enable-logging?
'() ;logs go to syslog by default
@ -334,7 +362,6 @@ CONFIG, a <jami-configuration> object."
(with-imported-modules (source-module-closure
'((gnu build dbus-service)
(gnu build jami-service)
(gnu build shepherd)
(gnu system file-systems)))
(define list-accounts-action
@ -562,7 +589,6 @@ argument, either a registered username or the fingerprint of the account.")
(srfi srfi-26)
(gnu build dbus-service)
(gnu build jami-service)
(gnu build shepherd)
(gnu system file-systems)
,@%default-modules))
(start
@ -608,32 +634,14 @@ argument, either a registered username or the fingerprint of the account.")
;; Start the daemon.
(define daemon-pid
((make-forkexec-constructor/container
(list #$@(jami-configuration->command-line-arguments
config))
#:mappings
(list (file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/lib/jami")
(target source)
(writable? #t))
(file-system-mapping
(source "/var/run/jami")
(target source)
(writable? #t))
;; Expose TLS certificates for GnuTLS.
(file-system-mapping
(source #$(file-append nss-certs "/etc/ssl/certs"))
(target "/etc/ssl/certs")))
#:user "jami"
#:group "jami"
#:environment-variables
(list (string-append "DBUS_SESSION_BUS_ADDRESS="
"unix:path=/var/run/jami/bus")
;; Expose TLS certificates for OpenSSL.
"SSL_CERT_DIR=/etc/ssl/certs"))))
(fork+exec-command
(list #$@(jami-configuration->command-line-arguments
config))
#:environment-variables
(list (string-append "DBUS_SESSION_BUS_ADDRESS="
"unix:path=/var/run/jami/bus")
;; Expose TLS certificates for OpenSSL.
"SSL_CERT_DIR=/etc/ssl/certs")))
(setenv "DBUS_SESSION_BUS_ADDRESS"
"unix:path=/var/run/jami/bus")