services: ntpd: Use a dedicated directory for drift file.

Fixes <https://bugs.gnu.org/24366>.  Drift file now resides in a
dedicated directory owned by the daemon.

* gnu/services/networking.scm (ntp-service-activation): New procedure,
(ntp-service-type): Add new service-extension.
This commit is contained in:
John Darrington 2016-09-05 13:53:39 +02:00
parent 7fb461d2fe
commit 1c6c0ad067
No known key found for this signature in database
GPG Key ID: 8A67719C2DE827B3
1 changed files with 17 additions and 2 deletions

View File

@ -2,6 +2,7 @@
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -272,7 +273,7 @@ Protocol (DHCP) client, on all the non-loopback network interfaces."
(let () (let ()
;; TODO: Add authentication support. ;; TODO: Add authentication support.
(define config (define config
(string-append "driftfile /var/run/ntp.drift\n" (string-append "driftfile /var/run/ntpd/ntp.drift\n"
(string-join (map (cut string-append "server " <>) (string-join (map (cut string-append "server " <>)
servers) servers)
"\n") "\n")
@ -307,13 +308,27 @@ restrict -6 ::1\n"))
(home-directory "/var/empty") (home-directory "/var/empty")
(shell #~(string-append #$shadow "/sbin/nologin"))))) (shell #~(string-append #$shadow "/sbin/nologin")))))
(define (ntp-service-activation config)
"Return the activation gexp for CONFIG."
(with-imported-modules '((guix build utils))
#~(begin
(define %user
(getpw "ntpd"))
(let ((directory "/var/run/ntpd"))
(mkdir-p directory)
(chown directory (passwd:uid %user) (passwd:gid %user))))))
(define ntp-service-type (define ntp-service-type
(service-type (name 'ntp) (service-type (name 'ntp)
(extensions (extensions
(list (service-extension shepherd-root-service-type (list (service-extension shepherd-root-service-type
ntp-shepherd-service) ntp-shepherd-service)
(service-extension account-service-type (service-extension account-service-type
(const %ntp-accounts)))))) (const %ntp-accounts))
(service-extension activation-service-type
ntp-service-activation)))))
(define* (ntp-service #:key (ntp ntp) (define* (ntp-service #:key (ntp ntp)
(servers %ntp-servers)) (servers %ntp-servers))