Hi, Ludovic Courtès <l...@gnu.org> writes:
> Hi, > > Ludovic Courtès <l...@gnu.org> skribis: > >> Diego Nicola Barbato <dnbarb...@posteo.de> skribis: >> >>>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001 >>> From: Diego Nicola Barbato <dnbarb...@posteo.de> >>> Date: Tue, 7 Apr 2020 13:58:28 +0200 >>> Subject: [PATCH 1/2] service: Create log files as non-world-readable. >>> >>> * modules/shepherd/service.scm (exec-command): Create log-file with file >>> permissions #o640. >> >> [...] >> >>>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001 >>> From: Diego Nicola Barbato <dnbarb...@posteo.de> >>> Date: Tue, 7 Apr 2020 13:38:47 +0200 >>> Subject: [PATCH 2/2] service: Add #:file-creation-mask to >>> 'make-forkexec-constructor'. >>> >>> * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask >>> parameter and honor it. >>> (fork+exec-command): Add #:file-creation-mask parameter and pass it to >>> exec-command. >>> (make-forkexec-constructor): Add #:file-creation-mask parameter and pass >>> it >>> to fork+exec-command. >>> * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly. >> >> I went ahead and pushed these two patches. > > These patches are in Shepherd 0.8.0, which was pushed in Guix master > commit e3358a831e7d5d9e8dc614340e49ea5aeb11a7ff, so we’re done! Great! Now we can simplify the 'start' method of 'syslogd-service-type'. I did eventually write a test script, which I've attached in case we want to add it to the Shepherd. I'm sorry it took so long that I missed the new Shepherd release. Regards, Diego
>From 2e7a0795b3a7080376238ab604c50d2c180f8730 Mon Sep 17 00:00:00 2001 From: Diego Nicola Barbato <dnbarb...@posteo.de> Date: Mon, 27 Apr 2020 16:57:36 +0200 Subject: [PATCH] tests: Test #:file-creation-mask option of 'make-forkexec-constructor'. * tests/file-creation-mask.sh: New file. --- tests/file-creation-mask.sh | 79 +++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 tests/file-creation-mask.sh diff --git a/tests/file-creation-mask.sh b/tests/file-creation-mask.sh new file mode 100644 index 0000000..9f5f10a --- /dev/null +++ b/tests/file-creation-mask.sh @@ -0,0 +1,79 @@ +# GNU Shepherd --- Test the #:file-creation-mask option of 'make-forkexec-constructor'. +# Copyright © 2020 Diego N. Barbato <dnbarb...@posteo.de> +# +# This file is part of the GNU Shepherd. +# +# The GNU Shepherd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# The GNU Shepherd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with the GNU Shepherd. If not, see <http://www.gnu.org/licenses/>. + +shepherd --version +herd --version + +socket="t-socket-$$" +conf="t-conf-$$" +log="t-log-$$" +pid="t-pid-$$" +service_log="t-service-log-$$" +service_new_file="t-service-new-file-$$" + +herd="herd -s $socket" + +trap "cat $log || true; + rm -f $socket $conf $log $service_log $service_new_file; + test -f $pid && kill \`cat $pid\` || true; rm -f $pid" EXIT + +function wait_for_file +{ + i=0 + while ! test -f "$1" && test $i -lt 20 + do + sleep 0.3 + i=`expr $i + 1` + done + test -f "$1" +} + +cat > "$conf"<<EOF +(define %command + '("$SHELL" "-c" "touch $PWD/$service_new_file; echo foo")) + +(register-services + (make <service> + #:provides '(test) + #:start (make-forkexec-constructor %command + #:log-file "$PWD/$service_log" + ;; Set the umask such that file + ;; permissions are #o600. + #:file-creation-mask #o177) + #:stop (make-kill-destructor) + #:respawn? #f)) +EOF + +rm -f "$pid" +shepherd -I -s "$socket" -c "$conf" -l "$log" --pid="$pid" & + +# Wait till it's ready. +wait_for_file "$pid" + +# Start the service. +$herd start test + +# Make sure the log file is created with the right permissions independently +# of the value of #:file-creation-mask. +wait_for_file "$service_log" +test `stat -c %a "$service_log"` -eq 640 + +# Make sure the service creates files with the right permissions as determined +# by the value of #:file-creation-mask. +wait_for_file "$service_new_file" +test `stat -c %a "$service_new_file"` -eq 600 -- 2.26.0