[PATCH] services: mpd: Allow authentication and permissions to be configured.

  • Done
  • quality assurance status badge
Details
2 participants
  • Bruno Victal
  • pinoaffe
Owner
unassigned
Submitted by
pinoaffe
Severity
normal
P
P
pinoaffe wrote on 26 Apr 2020 22:16
(address . guix-patches@gnu.org)
1ee4ef44362d20518fe69da7b6c37df5@airmail.cc
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 23 ++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 80 insertions(+), 22 deletions(-)

Toggle diff (171 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..1693d938f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,12 +23271,35 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output
using pulseaudio.

+@item @code{default-permissions} (default: @code{'(read add control
admin)})
+The permissions a user that connected to the mpd server without a
password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra
permissions. By
+default this is an empty list.
+
@end table
@end deftp

+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
@deftp {Data Type} mpd-output
Data type representing an @command{mpd} audio output.

+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using
@code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
+@end table
+@end deftp
+
@table @asis
@item @code{name} (default: @code{"MPD"})
The name of the audio output.
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:

+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file
snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))

(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file
snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config)
"\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user
account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))

--
2.26.2
P
P
pinoaffe wrote on 28 Apr 2020 13:29
[PATCH (hopefully not garbled this time)] services: mpd: Allow authentication and permissions to be configured.
(address . 40878@debbugs.gnu.org)
20200426223555.2a5793bb@airmail.cc
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 23 ++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 80 insertions(+), 22 deletions(-)

Toggle diff (162 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..1693d938f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,12 +23271,35 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output using pulseaudio.
+@item @code{default-permissions} (default: @code{'(read add control admin)})
+The permissions a user that connected to the mpd server without a password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra permissions. By
+default this is an empty list.
+
@end table
@end deftp
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
@deftp {Data Type} mpd-output
Data type representing an @command{mpd} audio output.
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using @code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
+@end table
+@end deftp
+
@table @asis
@item @code{name} (default: @code{"MPD"})
The name of the audio output.
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:
+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))
(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config) "\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
--
2.26.2
P
P
pinoaffe wrote on 28 Apr 2020 17:00
[PATCH v2] services: mpd: Allow authentication and permissions to be configured.
(address . 40878@debbugs.gnu.org)
20200428170023.3304924a@airmail.cc
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 26 ++++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 83 insertions(+), 22 deletions(-)

Toggle diff (159 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..6a5038fd37 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,6 +23271,32 @@ an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output using pulseaudio.
+@item @code{default-permissions} (default: @code{'(read add control admin)})
+The permissions a user that connected to the mpd server without a password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra permissions. By
+default this is an empty list.
+
+@end table
+@end deftp
+
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate. The password may not contain "@".
+Warning: due to limitations of the mpd configuration system, the generated mpd config
+(which is stored in the guix store and is readable to all users) will include a
+plaintext copy of the provided password(s).
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using @code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
@end table
@end deftp
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
#:use-module (ice-9 match)
#:export (mpd-output
mpd-output?
+ mpd-credential
+ mpd-credential?
mpd-configuration
mpd-configuration?
mpd-service-type))
@@ -36,6 +38,16 @@
;;;
;;; Code:
+(define-record-type* <mpd-credential>
+ mpd-credential make-mpd-credential
+ mpd-credential?
+ (password mpd-credential-password
+ ;; valid: any string that does not contain #\@
+ (default ""))
+ (permissions mpd-credential-permissions
+ ;; valid: any subset of read, add, control and admin
+ (default '())))
+
(define-record-type* <mpd-output>
mpd-output make-mpd-output
mpd-output?
@@ -58,24 +70,41 @@
(define-record-type* <mpd-configuration>
mpd-configuration make-mpd-configuration
mpd-configuration?
- (user mpd-configuration-user
- (default "mpd"))
- (music-dir mpd-configuration-music-dir
- (default "~/Music"))
- (playlist-dir mpd-configuration-playlist-dir
- (default "~/.mpd/playlists"))
- (db-file mpd-configuration-db-file
- (default "~/.mpd/tag_cache"))
- (state-file mpd-configuration-state-file
- (default "~/.mpd/state"))
- (sticker-file mpd-configuration-sticker-file
- (default "~/.mpd/sticker.sql"))
- (port mpd-configuration-port
- (default "6600"))
- (address mpd-configuration-address
- (default "any"))
- (outputs mpd-configuration-outputs
- (default (list (mpd-output)))))
+ (user mpd-configuration-user
+ (default "mpd"))
+ (music-dir mpd-configuration-music-dir
+ (default "~/Music"))
+ (playlist-dir mpd-configuration-playlist-dir
+ (default "~/.mpd/playlists"))
+ (db-file mpd-configuration-db-file
+ (default "~/.mpd/tag_cache"))
+ (state-file mpd-configuration-state-file
+ (default "~/.mpd/state"))
+ (sticker-file mpd-configuration-sticker-file
+ (default "~/.mpd/sticker.sql"))
+ (port mpd-configuration-port
+ (default "6600"))
+ (address mpd-configuration-address
+ (default "any"))
+ (credentials mpd-configuration-credentials
+ (default '()))
+ (default-permissions mpd-configuration-default-permissions
+ (default '(read add control admin)))
+ (outputs mpd-configuration-outputs
+ (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+ (string-join (map symbol->string
+ permissions)
+ ","))
+
+(define (mpd-credential->string credential)
+ "Convert the USER of type <mpd-credential> to a configuration file snippet."
+ (format #f
+ "password \"~a@~a\"\n"
+ (mpd-credential-password credential)
+ (mpd-permissions->string
+ (mpd-credential-permissions credential))))
(define (mpd-output->string output)
"Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
@@ -110,8 +139,14 @@ audio_output {
(apply
mixed-text-file "mpd.conf"
"pid_file \"" (mpd-file-name config "pid") "\"\n"
+ "default_permissions \""
+ (mpd-permissions->string
+ (mpd-configuration-default-permissions config))
+ "\"\n"
(append (map mpd-output->string
(mpd-configuration-outputs config))
+ (map mpd-credential->string
+ (mpd-configuration-credentials config))
(map (match-lambda
((config-name config-val)
(string-append config-name " \"" (config-val config) "\"\n")))
@@ -143,10 +178,10 @@ audio_output {
#:environment-variables
;; Required to detect PulseAudio when run under a user account.
'(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
- (passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
+ (passwd:uid
+ (getpwnam (mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
--
2.26.2
B
B
Bruno Victal wrote on 31 Mar 2023 00:23
Re: [bug#40878] [PATCH] services: mpd: Allow authentication and permissions to be configured.
(address . pinoaffe@airmail.cc)(address . 40878@debbugs.gnu.org)
f1695147-b758-e711-be65-c2d5553bd252@makinata.eu
Hi,

On 2020-04-26 21:16, pinoaffe@airmail.cc wrote:
Toggle quote (169 lines)
> * gnu/services/audio.scm (mpd-credential): New public variable.
> * gnu/services/audio.scm (mpd-configuration): Add credentials
> and permissions.
> ---
>  doc/guix.texi          | 23 ++++++++++++
>  gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
>  2 files changed, 80 insertions(+), 22 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 6613a4af13..1693d938f1 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -23271,12 +23271,35 @@ an absolute path can be specified here.
>  @item @code{outputs} (default: @code{"(list (mpd-output))"})
>  The audio outputs that MPD can use.  By default this is a single output using pulseaudio.
>
> +@item @code{default-permissions} (default: @code{'(read add control admin)})
> +The permissions a user that connected to the mpd server without a password should enjoy.
> +Should be a subset of @code{'(read add control admin)}.
> +
> +@item @code{credentials} (default: @code{'()})
> +The list of credentials one can use to sign in to mpd and gain extra permissions.  By
> +default this is an empty list.
> +
>  @end table
>  @end deftp
>
> +@deftp {Data Type} mpd-credential
> +Data type representing an @command{mpd} password/permissions pair.
> +
>  @deftp {Data Type} mpd-output
>  Data type representing an @command{mpd} audio output.
>
> +@table @asis
> +@item @code{password} (default: @code{""})
> +The password used to authenticate.  The password may not contain "@".
> +
> +@item @code{permissions} (default: @code{'()})
> +The permissions one gains after authenticating to the server using @code{password}.
> +This should be a subset of @code{'(read add control admin)}, as in
> +@code{default-permissions}.
> +
> +@end table
> +@end deftp
> +
>  @table @asis
>  @item @code{name} (default: @code{"MPD"})
>  The name of the audio output.
> diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
> index 345d8225b2..9a6dc8db94 100644
> --- a/gnu/services/audio.scm
> +++ b/gnu/services/audio.scm
> @@ -26,6 +26,8 @@
>    #:use-module (ice-9 match)
>    #:export (mpd-output
>              mpd-output?
> +            mpd-credential
> +            mpd-credential?
>              mpd-configuration
>              mpd-configuration?
>              mpd-service-type))
> @@ -36,6 +38,16 @@
>  ;;;
>  ;;; Code:
>
> +(define-record-type* <mpd-credential>
> +  mpd-credential make-mpd-credential
> +  mpd-credential?
> +  (password    mpd-credential-password
> +               ;; valid: any string that does not contain #\@
> +               (default ""))
> +  (permissions mpd-credential-permissions
> +               ;; valid: any subset of read, add, control and admin
> +               (default '())))
> +
>  (define-record-type* <mpd-output>
>    mpd-output make-mpd-output
>    mpd-output?
> @@ -58,24 +70,41 @@
>  (define-record-type* <mpd-configuration>
>    mpd-configuration make-mpd-configuration
>    mpd-configuration?
> -  (user         mpd-configuration-user
> -                (default "mpd"))
> -  (music-dir    mpd-configuration-music-dir
> -                (default "~/Music"))
> -  (playlist-dir mpd-configuration-playlist-dir
> -                (default "~/.mpd/playlists"))
> -  (db-file      mpd-configuration-db-file
> -                (default "~/.mpd/tag_cache"))
> -  (state-file   mpd-configuration-state-file
> -                (default "~/.mpd/state"))
> -  (sticker-file mpd-configuration-sticker-file
> -                (default "~/.mpd/sticker.sql"))
> -  (port         mpd-configuration-port
> -                (default "6600"))
> -  (address      mpd-configuration-address
> -                (default "any"))
> -  (outputs      mpd-configuration-outputs
> -                (default (list (mpd-output)))))
> +  (user                mpd-configuration-user
> +                       (default "mpd"))
> +  (music-dir           mpd-configuration-music-dir
> +                       (default "~/Music"))
> +  (playlist-dir        mpd-configuration-playlist-dir
> +                       (default "~/.mpd/playlists"))
> +  (db-file             mpd-configuration-db-file
> +                       (default "~/.mpd/tag_cache"))
> +  (state-file          mpd-configuration-state-file
> +                       (default "~/.mpd/state"))
> +  (sticker-file        mpd-configuration-sticker-file
> +                       (default "~/.mpd/sticker.sql"))
> +  (port                mpd-configuration-port
> +                       (default "6600"))
> +  (address             mpd-configuration-address
> +                       (default "any"))
> +  (credentials         mpd-configuration-credentials
> +                       (default '()))
> +  (default-permissions mpd-configuration-default-permissions
> +                       (default '(read add control admin)))
> +  (outputs             mpd-configuration-outputs
> +                       (default (list (mpd-output)))))
> +
> +(define (mpd-permissions->string permissions)
> +  (string-join (map symbol->string
> +                    permissions)
> +               ","))
> +
> +(define (mpd-credential->string credential)
> +  "Convert the USER of type <mpd-credential> to a configuration file snippet."
> +  (format #f
> +          "password \"~a@~a\"\n"
> +          (mpd-credential-password credential)
> +          (mpd-permissions->string
> +           (mpd-credential-permissions credential))))
>
>  (define (mpd-output->string output)
>    "Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
> @@ -110,8 +139,14 @@ audio_output {
>    (apply
>     mixed-text-file "mpd.conf"
>     "pid_file \"" (mpd-file-name config "pid") "\"\n"
> +   "default_permissions \""
> +   (mpd-permissions->string
> +    (mpd-configuration-default-permissions config))
> +   "\"\n"
>     (append (map mpd-output->string
>                  (mpd-configuration-outputs config))
> +           (map mpd-credential->string
> +                (mpd-configuration-credentials config))
>             (map (match-lambda
>                    ((config-name config-val)
>                     (string-append config-name " \"" (config-val config) "\"\n")))
> @@ -143,10 +178,10 @@ audio_output {
>               #:environment-variables
>               ;; Required to detect PulseAudio when run under a user account.
>               '(#$(string-append
> -                   "XDG_RUNTIME_DIR=/run/user/"
> -                   (number->string
> -                     (passwd:uid
> -                       (getpwnam (mpd-configuration-user config))))))
> +                  "XDG_RUNTIME_DIR=/run/user/"
> +                  (number->string
> +                   (passwd:uid
> +                    (getpwnam (mpd-configuration-user config))))))
>               #:log-file #$(mpd-file-name config "log")))
>     (stop  #~(make-kill-destructor))))
>

I know it's rather late to reply to this patch, yet I believe it's worth stating:

1. mpd-service-type has gone through extensive refactoring, which makes this patch no longer apply.
2. This kind of change poses a problem, your credentials will get stored under /gnu/store, which is
world readable. Hardly the place you want to use to store secrets like credential data.

As such, the best course of action is to use a "include …" directive, which you can via the 'extra-options'
field, and point it at a file containing the credentials (which you have to provision manually).


Cheers,
Bruno
B
B
Bruno Victal wrote on 31 Mar 2023 00:26
control-msg
(name . control)(address . control@debbugs.gnu.org)
add813b8-249d-4b0e-8414-dc66e3abe060@makinata.eu
tags 40878 wontfix
close 40878
quit
?
Your comment

This issue is archived.

To comment on this conversation send an email to 40878@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 40878
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch