services: jami: Use ‘least-authority-wrapper’.

* gnu/services/telephony.scm (jami-configuration->command-line-arguments)
[wrapper]: New procedure.
Use it.
(jami-shepherd-services): In ‘start’ method of ‘jami’ service, use
‘fork+exec-command’ instead of ‘make-forkexec-constructor/container’.
Remove use of (gnu build shepherd).

Change-Id: Ic71c0c88477d92bf137d9d0a5832bae8721cc210
This commit is contained in:
Ludovic Courtès 2023-11-14 11:06:26 +01:00
parent 8bd1c14997
commit 62a08abea7
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -261,9 +261,37 @@ (define %jami-accounts
(define (jami-configuration->command-line-arguments config) (define (jami-configuration->command-line-arguments config)
"Derive the command line arguments to used to launch the Jami daemon from "Derive the command line arguments to used to launch the Jami daemon from
CONFIG, a <jami-configuration> object." CONFIG, a <jami-configuration> object."
(define (wrapper libjami)
(least-authority-wrapper
;; XXX: 'gexp-input' is needed as the outer layer so that
;; 'references-file' picks the right output of LIBJAMI.
(gexp-input (file-append (gexp-input libjami "bin") "/libexec/jamid")
"bin")
#:mappings
(list (file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/lib/jami")
(target source)
(writable? #t))
(file-system-mapping
(source "/var/run/jami")
(target source)
(writable? #t))
;; Expose TLS certificates for GnuTLS.
(file-system-mapping
(source (file-append nss-certs "/etc/ssl/certs"))
(target "/etc/ssl/certs")))
#:preserved-environment-variables
'("DBUS_SESSION_BUS_ADDRESS" "SSL_CERT_DIR")
#:user "jami"
#:group "jami"
#:namespaces (fold delq %namespaces '(net user))))
(match-record config <jami-configuration> (match-record config <jami-configuration>
(libjami dbus enable-logging? debug? auto-answer?) (libjami dbus enable-logging? debug? auto-answer?)
`(,#~(string-append #$libjami:bin "/libexec/jamid") `(,(wrapper libjami)
"--persistent" ;stay alive after client quits "--persistent" ;stay alive after client quits
,@(if enable-logging? ,@(if enable-logging?
'() ;logs go to syslog by default '() ;logs go to syslog by default
@ -334,7 +362,6 @@ (define (jami-shepherd-services config)
(with-imported-modules (source-module-closure (with-imported-modules (source-module-closure
'((gnu build dbus-service) '((gnu build dbus-service)
(gnu build jami-service) (gnu build jami-service)
(gnu build shepherd)
(gnu system file-systems))) (gnu system file-systems)))
(define list-accounts-action (define list-accounts-action
@ -562,7 +589,6 @@ (define pid
(srfi srfi-26) (srfi srfi-26)
(gnu build dbus-service) (gnu build dbus-service)
(gnu build jami-service) (gnu build jami-service)
(gnu build shepherd)
(gnu system file-systems) (gnu system file-systems)
,@%default-modules)) ,@%default-modules))
(start (start
@ -608,32 +634,14 @@ (define (delete-file-recursively/safe file)
;; Start the daemon. ;; Start the daemon.
(define daemon-pid (define daemon-pid
((make-forkexec-constructor/container (fork+exec-command
(list #$@(jami-configuration->command-line-arguments (list #$@(jami-configuration->command-line-arguments
config)) config))
#:mappings
(list (file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/lib/jami")
(target source)
(writable? #t))
(file-system-mapping
(source "/var/run/jami")
(target source)
(writable? #t))
;; Expose TLS certificates for GnuTLS.
(file-system-mapping
(source #$(file-append nss-certs "/etc/ssl/certs"))
(target "/etc/ssl/certs")))
#:user "jami"
#:group "jami"
#:environment-variables #:environment-variables
(list (string-append "DBUS_SESSION_BUS_ADDRESS=" (list (string-append "DBUS_SESSION_BUS_ADDRESS="
"unix:path=/var/run/jami/bus") "unix:path=/var/run/jami/bus")
;; Expose TLS certificates for OpenSSL. ;; Expose TLS certificates for OpenSSL.
"SSL_CERT_DIR=/etc/ssl/certs")))) "SSL_CERT_DIR=/etc/ssl/certs")))
(setenv "DBUS_SESSION_BUS_ADDRESS" (setenv "DBUS_SESSION_BUS_ADDRESS"
"unix:path=/var/run/jami/bus") "unix:path=/var/run/jami/bus")