01/01: install: Don't start sshd by default.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: install: Don't start sshd by default.

From:	Ludovic Court�s
Subject:	01/01: install: Don't start sshd by default.
Date:	Mon, 4 Dec 2017 17:33:45 -0500 (EST)

civodul pushed a commit to branch version-0.14.0
in repository guix.

commit aab322d909c0b4abec132ef7aff31c31a1208841
Author: Ludovic Courtès <address@hidden>
Date:   Mon Dec 4 23:31:15 2017 +0100

    install: Don't start sshd by default.
    
    Reported by Christopher Baines <address@hidden>
    at <https://lists.gnu.org/archive/html/guix-devel/2017-12/msg00058.html>.
    
    * gnu/services/ssh.scm (<openssh-configuration>)[%auto-start?]: New
    field.
    (openssh-shepherd-service): Honor it.
    * gnu/system/install.scm (%installation-services): Set '%auto-start?' to
     #f for openssh-service-type.
---
 gnu/services/ssh.scm   | 12 ++++++++++--
 gnu/system/install.scm |  5 ++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index b33ec94..301ba74 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -304,7 +304,14 @@ The other options should be self-descriptive."
 
   ;; list of user-name/file-like tuples
   (authorized-keys       openssh-authorized-keys
-                         (default '())))
+                         (default '()))
+
+  ;; Boolean
+  ;; XXX: This should really be handled in an orthogonal way, for instance as
+  ;; proposed in <https://bugs.gnu.org/27155>.  Keep it internal/undocumented
+  ;; for now.
+  (%auto-start?          openssh-auto-start?
+                         (default #t)))
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -445,7 +452,8 @@ of user-name/file-like tuples."
          (provision '(ssh-daemon))
          (start #~(make-forkexec-constructor #$openssh-command
                                              #:pid-file #$pid-file))
-         (stop #~(make-kill-destructor)))))
+         (stop #~(make-kill-destructor))
+         (auto-start? (openssh-auto-start? config)))))
 
 (define (openssh-pam-services config)
   "Return a list of <pam-services> for sshd with CONFIG."
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 78f2bf3..0dd7688 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -264,7 +264,10 @@ You have been warned.  Thanks for being so brave.\x1b[0m
                     ;; The root account is passwordless, so make sure
                     ;; a password is set before allowing logins.
                     (allow-empty-passwords? #f)
-                    (password-authentication? #t)))
+                    (password-authentication? #t)
+
+                    ;; Don't start it upfront.
+                    (%auto-start? #f)))
 
           ;; Since this is running on a USB stick with a overlayfs as the root
           ;; file system, use an appropriate cache configuration.

[Prev in Thread]

Current Thread

[Next in Thread]

branch version-0.14.0 created (now aab322d), Ludovic Court�s, 2017/12/04
- 01/01: install: Don't start sshd by default., Ludovic Court�s <=

Prev by Date: branch master updated (dba33ca -> 1fa37d1)
Next by Date: branch version-0.14.0 created (now aab322d)
Previous by thread: branch version-0.14.0 created (now aab322d)
Next by thread: branch wip-bootstrap updated (312b271 -> 20acb1e)
Index(es):
- Date
- Thread