diff options
| author | Liliana Marie Prikler <liliana.prikler@gmail.com> | 2023-07-14 07:46:15 +0200 |
|---|---|---|
| committer | Liliana Marie Prikler <liliana.prikler@gmail.com> | 2023-07-14 07:46:15 +0200 |
| commit | d67507cacf934b970f67567bced4e044c3ca9753 (patch) | |
| tree | b1c3160946ceaf74a9a24c7360d28036230210e1 /gnu/services | |
| parent | 3b3d9a13dd2bd67f34c890047680a1ce6e3af28e (diff) | |
| parent | dd4c1992103a65b8fbdc80fe07a9fe9be822769a (diff) | |
Merge branch 'master' into gnome-team
Diffstat (limited to 'gnu/services')
| -rw-r--r-- | gnu/services/base.scm | 2 | ||||
| -rw-r--r-- | gnu/services/cgit.scm | 5 | ||||
| -rw-r--r-- | gnu/services/desktop.scm | 15 | ||||
| -rw-r--r-- | gnu/services/dict.scm | 15 | ||||
| -rw-r--r-- | gnu/services/shepherd.scm | 18 | ||||
| -rw-r--r-- | gnu/services/virtualization.scm | 1 | ||||
| -rw-r--r-- | gnu/services/web.scm | 8 |
7 files changed, 37 insertions, 27 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index bbc2ac2c79f..636d827ff9e 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1613,7 +1613,7 @@ information on the configuration file syntax." '("conf=/etc/security/limits.conf"))))) (if (member (pam-service-name pam) '("login" "greetd" "su" "slim" "gdm-password" - "sddm" "sudo" "sshd")) + "sddm" "sudo" "sshd" "lightdm")) (pam-service (inherit pam) (session (cons pam-limits diff --git a/gnu/services/cgit.scm b/gnu/services/cgit.scm index c2c003983a2..e33cb9e7dbf 100644 --- a/gnu/services/cgit.scm +++ b/gnu/services/cgit.scm @@ -561,7 +561,8 @@ to it, that should loaded as Git repositories. An empty list means that all subdirectories will be loaded.") (readme (file-object "") - "Text which will be used as default value for @code{cgit-repo-readme}.") + "Text which will be used as default @code{repository-cgit-configuration} +@code{readme}.") (remove-suffix? (boolean #f) "If set to @code{#t} and @code{repository-directory} is enabled, if any @@ -642,7 +643,7 @@ for cgit to allow access to that repository.") "URL which, if specified, will be used as root for all cgit links.") (repositories (repository-cgit-configuration-list '()) - "A list of @dfn{cgit-repo} records to use with config.") + "A list of @code{repository-cgit-configuration} records.") (extra-options (list '()) "Extra options will be appended to cgitrc file.")) diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index a63748b652f..01aec64bee3 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -1398,18 +1398,7 @@ rules." '("gnome-settings-daemon" "gnome-control-center" "gnome-system-monitor" - "gvfs" - ;; spice-gtk provides polkit actions for USB redirection - ;; in GNOME Boxes. - ("gnome-boxes" "spice-gtk"))))) - -(define (gnome-setuid-programs config) - "Return the list of GNOME setuid programs." - (let* ((gnome (gnome-desktop-configuration-gnome config)) - (spice-gtk (gnome-package gnome '("gnome-boxes" "spice-gtk")))) - (map file-like->setuid-program - (list (file-append spice-gtk - "/libexec/spice-client-glib-usb-acl-helper"))))) + "gvfs")))) (define gnome-desktop-service-type (service-type @@ -1419,8 +1408,6 @@ rules." gnome-udev-rules) (service-extension polkit-service-type gnome-polkit-settings) - (service-extension setuid-program-service-type - gnome-setuid-programs) (service-extension profile-service-type (compose list gnome-desktop-configuration-gnome)))) (default-value (gnome-desktop-configuration)) diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm index 90d3c35b6c7..23e1d363649 100644 --- a/gnu/services/dict.scm +++ b/gnu/services/dict.scm @@ -167,15 +167,15 @@ database { (provision '(dicod)) (requirement '(user-processes)) (documentation "Run the dicod daemon.") - (start #~(if (and (defined? 'make-inetd-constructor) - #$(= 1 (length interfaces))) ;XXX + (start #~(if (defined? 'make-inetd-constructor) (make-inetd-constructor (list #$dicod "--inetd" "--foreground" (string-append "--config=" #$dicod.conf)) - (list (endpoint - (addrinfo:addr - (car (getaddrinfo #$(first interfaces) - "dict"))))) + (map (lambda (interface) + (endpoint + (addrinfo:addr + (car (getaddrinfo interface "dict"))))) + '#$interfaces) #:requirements '#$requirement #:user "dicod" #:group "dicod" #:service-name-stem "dicod") @@ -183,8 +183,7 @@ database { (list #$dicod "--foreground" (string-append "--config=" #$dicod.conf)) #:user "dicod" #:group "dicod"))) - (stop #~(if (and (defined? 'make-inetd-destructor) - #$(= 1 (length interfaces))) ;XXX + (stop #~(if (defined? 'make-inetd-destructor) (make-inetd-destructor) (make-kill-destructor))) (actions (list (shepherd-configuration-action dicod.conf))))))) diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm index de40454f7da..e9d3a631c21 100644 --- a/gnu/services/shepherd.scm +++ b/gnu/services/shepherd.scm @@ -27,8 +27,9 @@ #:use-module (guix store) #:use-module (guix records) #:use-module (guix packages) - #:use-module (guix derivations) ;imported-modules, etc. #:use-module (guix utils) + #:use-module ((guix diagnostics) + #:select (define-with-syntax-properties formatted-message)) #:use-module (gnu services) #:use-module (gnu services herd) #:use-module (gnu packages admin) @@ -186,12 +187,25 @@ DEFAULT is given, use it as the service's default value." ((guix build utils) #:hide (delete)) (guix build syscalls))) +(define-with-syntax-properties (validate-provision (provision properties)) + (match provision + (((? symbol?) ..1) provision) + (_ + (raise + (make-compound-condition + (condition + (&error-location + (location (source-properties->location properties)))) + (formatted-message + (G_ "'provision' must be a non-empty list of symbols"))))))) + (define-record-type* <shepherd-service> shepherd-service make-shepherd-service shepherd-service? (documentation shepherd-service-documentation ;string (default "[No documentation.]")) - (provision shepherd-service-provision) ;list of symbols + (provision shepherd-service-provision ;list of symbols + (sanitize validate-provision)) (requirement shepherd-service-requirement ;list of symbols (default '())) (one-shot? shepherd-service-one-shot? ;Boolean diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 880557915cd..506f5a7ab6a 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -478,6 +478,7 @@ potential infinite waits blocking libvirt.")) (list (shepherd-service (documentation "Run the libvirt daemon.") (provision '(libvirtd)) + (requirement '(dbus-system)) (start #~(make-forkexec-constructor (list (string-append #$libvirt "/sbin/libvirtd") "-f" #$config-file diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 45897d7d6fd..818226a4f76 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -1144,6 +1144,14 @@ a webserver.") (uri "~ \\.php$") (body (list "fastcgi_split_path_info ^(.+\\.php)(/.+)$;" + + ;; Include some upstream recommendations from + ;; https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi + ;; Mitigate https://httpoxy.org/ vulnerabilities + "fastcgi_param HTTP_PROXY \"\";" + ;; Only pass existing php files to the backend. + "if (!-f $document_root$fastcgi_script_name) { return 404; }" + (string-append "fastcgi_pass unix:" socket ";") "fastcgi_index index.php;" (list "include " nginx-package "/share/nginx/conf/fastcgi.conf;"))))) |