[PATCH] Add bolt

OpenSubmitted by phodina.
Details
3 participants
  • David Conner
  • Sarah Morgensen
  • phodina
Owner
unassigned
Severity
normal
P
P
phodina wrote on 15 Jul 2021 18:46
(name . guix-patches@gnu.org)(address . guix-patches@gnu.org)
M1akxhPbhdsagfKtQNdUvQ_gr7_am4nX--PrR6Q_xlyvSCkuUoDtFRURxw8xHioONjC36RuHVt-wy18yvV-EeegHIEOUos87NROWijau444=@protonmail.com
---
index 4b57bc1f24..d07ee33a7e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -123,6 +123,7 @@
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-xyz)
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages readline)
#:use-module (gnu packages rrdtool)
#:use-module (gnu packages samba)
@@ -2479,6 +2480,52 @@ IPv6 packet filter.
Both commands are targeted at system administrators.")
(license license:gpl2+)))

+(define-public bolt
+ (package
+ (name "bolt")
+ (version "0.9.1")
+ (source (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (commit version)))
+ (sha256
+ (base32
+ "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+ (build-system meson-build-system)
+ (arguments
+ `(#:configure-flags (list (string-append "--localstatedir=" (assoc-ref %outputs "out") "/var"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'fix-udev-rules-directory
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (mkdir-p (string-append out "/lib/udev/rules.d"))
+ (substitute* "meson.build"
+ (("udev.get_pkgconfig_variable..udevdir..")
+ (string-append "'" out "/lib'")))#t)))
+ (add-before 'install 'no-polkit-magic
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Meson ‘magically’ invokes pkexec, which fails (not setuid).
+ (setenv "PKEXEC_UID" "something")
+ #t)))))
+ (native-inputs `(("pkg-config" ,pkg-config) ("dbus" ,dbus) ("asciidoc" ,asciidoc) ("umockdev" ,umockdev)))
+ (inputs `(("glib:bin" ,glib "bin") ("eudev" ,eudev) ("polkit" ,polkit)))
+ (synopsis "Userspace system daemon to enable security levels for Thunderbolt™
+on GNU/Linux®.")
+ (description "Thunderbolt™ is the brand name of a hardware interface developed by
+Intel® that allows the connection of external peripherals to a
+computer.
+Devices connected via Thunderbolt can be DMA masters and thus read
+system memory without interference of the operating system (or even
+the CPU). Version 3 of the interface introduced 5 different security
+levels, in order to mitigate the aforementioned security risk that
+connected devices pose to the system. The security level is set by the
+system firmware.")
+ (license license:gpl2+)))
+
(define-public jitterentropy-rngd
(package
(name "jitterentropy-rngd")
--
2.31.1
S
S
Sarah Morgensen wrote on 22 Jul 2021 03:50
(name . phodina)(address . phodina@protonmail.com)(address . 49578@debbugs.gnu.org)
86o8avrua2.fsf@mgsn.dev
Hello,

Thanks for the patch. It's always good to see new contributors around
here! I have a few suggestions for your patch.

phodina <phodina@protonmail.com> writes:

Toggle quote (33 lines)
> ---
> index 4b57bc1f24..d07ee33a7e 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -123,6 +123,7 @@
> #:use-module (gnu packages pulseaudio)
> #:use-module (gnu packages python)
> #:use-module (gnu packages python-xyz)
> + #:use-module (gnu packages polkit)
> #:use-module (gnu packages readline)
> #:use-module (gnu packages rrdtool)
> #:use-module (gnu packages samba)
> @@ -2479,6 +2480,52 @@ IPv6 packet filter.
> Both commands are targeted at system administrators.")
> (license license:gpl2+)))
>
> +(define-public bolt
> + (package
> + (name "bolt")
> + (version "0.9.1")
> + (source (origin
> + (method git-fetch)
> + (uri
> + (git-reference
> + (url "https://gitlab.freedesktop.org/bolt/bolt")
> + (commit version)))
> + (sha256
> + (base32
> + "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
> + (build-system meson-build-system)
> + (arguments
> + `(#:configure-flags (list (string-append "--localstatedir=" (assoc-ref %outputs "out") "/var"))

Are you sure this shouldn't be "--localstatedir=/var"? As it is, it
refers to the read-only directory /gnu/store/...-bolt-0.9.1/var.

Toggle quote (6 lines)
> + #:phases
> + (modify-phases %standard-phases
> + (add-after 'unpack 'fix-udev-rules-directory
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let ((out (assoc-ref outputs "out")))
> + (mkdir-p (string-append out "/lib/udev/rules.d"))
^ I think this is not necessary...

Toggle quote (3 lines)
> + (substitute* "meson.build"
> + (("udev.get_pkgconfig_variable..udevdir..")
> + (string-append "'" out "/lib'")))#t)))
...with this change: ^ /lib/udev

Toggle quote (5 lines)
> + (add-before 'install 'no-polkit-magic
> + (lambda* (#:key outputs #:allow-other-keys)
> + ;; Meson ‘magically’ invokes pkexec, which fails (not setuid).
> + (setenv "PKEXEC_UID" "something")
> + #t)))))
^ Phases no longer need to end with #t, so you can omit this.

Toggle quote (2 lines)
> + (native-inputs `(("pkg-config" ,pkg-config) ("dbus" ,dbus) ("asciidoc" ,asciidoc) ("umockdev" ,umockdev)))

Please wrap lines at 80 characters, and in the special case of package
inputs like here, each input should get its own line, like:

(native-inputs
`(("pkg-config" ,pkg-config)
("dbus" ,dbus)
("asciidoc" ,asciidoc)
("umockdev" ,umockdev)))

Toggle quote (21 lines)
> + (inputs `(("glib:bin" ,glib "bin") ("eudev" ,eudev) ("polkit" ,polkit)))
> + (synopsis "Userspace system daemon to enable security levels for Thunderbolt™
> +on GNU/Linux®.")
> + (description "Thunderbolt™ is the brand name of a hardware interface developed by
> +Intel® that allows the connection of external peripherals to a
> +computer.
> +Devices connected via Thunderbolt can be DMA masters and thus read
> +system memory without interference of the operating system (or even
> +the CPU). Version 3 of the interface introduced 5 different security
> +levels, in order to mitigate the aforementioned security risk that
> +connected devices pose to the system. The security level is set by the
> +system firmware.")
> + (home-page "https://gitlab.freedesktop.org/bolt/bolt")
> + (license license:gpl2+)))
> +
> (define-public jitterentropy-rngd
> (package
> (name "jitterentropy-rngd")
> --
> 2.31.1

--
Sarah
P
P
phodina wrote on 22 Jul 2021 13:32
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
1aJRSz6qFjmFhYY0CBesLTTG0pCFP3k4W0lONoiRV7XP6fDy07As2nMW1DicJXJws8O3IXC-qZLar49bOBNy1FD_I3kNTHUqNRUcNMMtXRo=@protonmail.com
Hi Sarah,

Thanks for the suggestions. Fixes:

- polkit in alphabethical order
- line wraping
- /var dir location
- removed #t in phases
- simplified udev rules install
- more useful synopsis

---
index 41902e7785..6050871264 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -119,6 +119,7 @@
#:use-module (gnu packages perl)
#:use-module (gnu packages pciutils)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages popt)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
@@ -2479,6 +2480,59 @@ IPv6 packet filter.
Both commands are targeted at system administrators.")
(license license:gpl2+)))

+(define-public bolt
+ (package
+ (name "bolt")
+ (version "0.9.1")
+ (source (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+ (build-system meson-build-system)
+ (arguments
+ `(#:configure-flags (list "--localstatedir=/var")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'replace-directories
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "meson.build"
+ (("udev.get_pkgconfig_variable..udevdir..")
+ (string-append "'" (assoc-ref %outputs "out") "/lib/udev'")))
+ (substitute* "meson.build"
+ ((".*scripts/meson-install.sh.*") ""))
+ ))
+ (add-before 'install 'no-polkit-magic
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Meson ‘magically’ invokes pkexec, which fails (not setuid).
+ (setenv "PKEXEC_UID" "something")
+ )))))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("dbus" ,dbus)
+ ("asciidoc" ,asciidoc)
+ ("umockdev" ,umockdev)))
+ (inputs
+ `(("glib:bin" ,glib "bin")
+ ("eudev" ,eudev)
+ ("polkit" ,polkit)))
+ (synopsis "Userspace system daemon to enable security levels
+for Thunderbolt™ on GNU/Linux®.")
+ (description "Userspace daemon 'boltd' exposes devices via D-Bus to clients.
+It stores database of previously authorized devices and depending
+on the policy set for the individual devices, auomatically authorize newly
+connected devices without user interaction. It also adapts its behaivour when
+iommu support is detected.
+Command line utility 'boltctl' can be used to manage thundebolt devices. It can
+list devices, monitor changes and initiate authorization of device.")
+ (license license:gpl2+)))
+
(define-public jitterentropy-rngd
(package
(name "jitterentropy-rngd")
--
2.31.1
P
P
phodina wrote on 22 Jul 2021 13:36
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
hLPvIp8Fqu0eBUVfaBG6dhJJdV3oS0fHf_nVr-sCJZ2iUd1-oHiCvVx6kw42JIupQa187HFlrCeCYh-ZdSzE-UOa1NmhZBgZBMUoDwL1R1Q=@protonmail.com
Also would you have recommendation on how to create a service for the daemon boltd?

Currently it's a good step to have it packaged, but without a running service it's little bit pointless.

There is probably something similar that I can check, learn how the services work and modify it for the thunderbolt case.
S
S
Sarah Morgensen wrote on 22 Jul 2021 22:02
(name . phodina)(address . phodina@protonmail.com)(address . 49578@debbugs.gnu.org)
86bl6urubp.fsf_-_@mgsn.dev
Hi,

phodina <phodina@protonmail.com> writes:

Toggle quote (6 lines)
> Also would you have recommendation on how to create a service for the daemon boltd?
>
> Currently it's a good step to have it packaged, but without a running service it's little bit pointless.
>
> There is probably something similar that I can check, learn how the services work and modify it for the thunderbolt case.

I'm assuming you mean a service to run on Guix System, yes?

There is a section in the manual on this


which has a couple examples. You'll probably want to make a shepherd
service (shepherd is Guix System's services manager). You can also read
the code for existing services in gnu/services/*.scm. I'm not very
familiar with services so unfortunately I can't point you at any similar
ones. Best of luck!

--
Sarah
P
P
phodina wrote on 18 Sep 2021 13:20
[PATCH v3 1/2] gnu: Add bolt.
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
IpWOs4rfABoT7fYcMUB85zS3FRn8ZwpMv_PQzYRjT6aj14ZdfbW8KLgQB9oOJFHKni5PmV5CSNs4h9qbDCpG3DgqGF2btkjbIRCabQV24Zo=@protonmail.com
* gnu/packages/linux.scm: (bolt): New variable.

Toggle diff (69 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 46c9f817a8..3ec896bba6 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -121,6 +121,7 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pciutils)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages polkit)
   #:use-module (gnu packages popt)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
@@ -2655,6 +2656,56 @@ IPv6 packet filter.
 Both commands are targeted at system administrators.")
     (license license:gpl2+)))

+(define-public bolt
+  (package
+    (name "bolt")
+    (version "0.9.1")
+    (source (origin
+              (method git-fetch)
+              (uri
+               (git-reference
+                (url "https://gitlab.freedesktop.org/bolt/bolt")
+                (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+    (build-system meson-build-system)
+    (arguments
+     `(#:configure-flags (list "--localstatedir=/var")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'replace-directories
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "meson.build"
+               (("udev.get_pkgconfig_variable..udevdir..")
+                (string-append "'" (assoc-ref %outputs "out") "/lib/udev'")))
+             (substitute* "meson.build"
+               ((".*scripts/meson-install.sh.*") ""))))
+         (add-before 'install 'no-polkit-magic
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Meson ‘magically’ invokes pkexec, which fails (not setuid).
+             (setenv "PKEXEC_UID" "something"))))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("glib:bin" ,glib "bin")
+       ("asciidoc" ,asciidoc)
+       ("umockdev" ,umockdev)))
+    (inputs
+     `(("eudev" ,eudev)
+       ("dbus" ,dbus)
+       ("polkit" ,polkit)))
+    (synopsis "Userspace system daemon for Thunderbolt")
+    (description "Userspace daemon @code{boltd} exposes devices via D-Bus to clients.
+It stores database of previously authorized devices and depending
+on the policy set for the individual devices, automatically authorize newly
+connected devices without user interaction.  It also adapts its behaivour when
+iommu support is detected.
+Command line utility 'boltctl' can be used to manage thundebolt devices.
+It can list devices, monitor changes and initiate authorization of device.")
+    (home-page "https://gitlab.freedesktop.org/bolt/bolt")
+    (license license:gpl2+)))
+
 (define-public jitterentropy-rngd
   (package
     (name "jitterentropy-rngd")
--
2.32.0
P
P
phodina wrote on 18 Sep 2021 13:21
[PATCH v3 2/2] services: Add a service for bolt.
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
7hJPvaldH4Bh7rtXByW9GPmxh-s8a1TCz9icV0mkcF6MLy5zRWlgrcruWWbl2KcenTOrIsL89cDh36eBRLrjKa6y53p8a8weWTQpSenjCHE=@protonmail.com
* gnu/services/linux.scm (bolt-service-type)
(bolt-shepherd-service, bolt-dbus-service)
(bolt-configuration, bolt-configuration?): New procedures.

Toggle diff (114 lines)
diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm
index 2eb02ac5a3..dc26f285bf 100644
--- a/gnu/services/linux.scm
+++ b/gnu/services/linux.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@protonmail.com>
 ;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
+;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,7 +25,9 @@
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (guix modules)
+  #:use-module (gnu system shadow)
   #:use-module (gnu services)
+  #:use-module (gnu services dbus)
   #:use-module (gnu services base)
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages linux)
@@ -33,7 +36,11 @@
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
-  #:export (earlyoom-configuration
+  #:export (bolt-configuration
+            bolt-configuration?
+            bolt-service-type
+
+            earlyoom-configuration
             earlyoom-configuration?
             earlyoom-configuration-earlyoom
             earlyoom-configuration-minimum-available-memory
@@ -61,6 +68,76 @@
             zram-device-configuration-priority
             zram-device-service-type))

+

+;;;
+;;; Thunderbolt daemon.
+;;;
+
+(define-record-type* <bolt-configuration>
+  bolt-configuration make-bolt-configuration bolt-configuration?
+  (package bolt-configuration-package ; package
+           (default bolt)))
+
+(define bolt-shepherd-service
+  (match-lambda
+    (($ <bolt-configuration> package)
+     (with-imported-modules (source-module-closure
+                             '((gnu build shepherd)))
+       (shepherd-service
+        (documentation "Thunderbolt daemon")
+        (provision '(thunderbolt))
+        (requirement '(networking))
+        (modules '((gnu build shepherd)))
+        (start #~(make-forkexec-constructor/container
+                  (list #$(file-append package "/libexec/boltd"))
+		  ))
+        (stop #~(make-kill-destructor)))))))
+
+(define %bolt-activation
+  #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p "/var/lib/boltd")))
+
+(define (bolt-dbus-service config)
+  (list (wrapped-dbus-service (bolt-configuration-bolt config)
+			      "libexec/boltd"
+			      `(("BOLT_CONF_FILE_NAME"
+				 '("share/dbus-1/interfaces/org.freedesktop.bolt.xml"))))))
+
+(define %bolt-accounts
+ (list (user-group (name "boltd") (system? #t))
+       (user-account
+	 (name "boltd")
+	 (group "boltd")
+	 (system? #t)
+	 (comment "Boltd daemon user")
+	 (home-directory "/var/empty")
+	 (shell "/run/current-system/profile/sbin/nologin"))))
+
+(define bolt-udev-rule
+  (match-lambda
+    (($ <bolt-configuration> package)
+  (file->udev-rule "90-bolt.rules" (file-append package "/lib/udev/rules.d/90-bolt.rules")))))
+
+(define bolt-service-type
+  (service-type
+   (name 'boltd)
+   (description
+    "Thunderbolt daemon")
+   (extensions
+    (list (service-extension udev-service-type
+			     (compose list bolt-udev-rule))
+	  (service-extension activation-service-type
+			     (const %bolt-activation))
+	  (service-extension dbus-root-service-type
+	  (compose list bolt-configuration-package))
+	;		     bolt-dbus-service)
+	  (service-extension account-service-type
+			     (const %bolt-accounts))
+          (service-extension shepherd-root-service-type
+                             (compose list bolt-shepherd-service))))
+   (default-value (bolt-configuration))))
+


 ;;;
 ;;; Early OOM daemon.
--
2.32.0
S
S
Sarah Morgensen wrote on 23 Sep 2021 03:11
Re: [bug#49578] [PATCH v3 1/2] gnu: Add bolt.
(name . phodina)(address . phodina@protonmail.com)(address . 49578@debbugs.gnu.org)
86mto4w0xw.fsf@mgsn.dev
Hello Petr,

Thanks for the updated patch :)

I don't have any experiences with services, so I can't comment on the
second patch in this series, and I don't have a Thunderbolt controller
or devices, so I can't test the actual program, but other than the
commit message/synopsis/description this package LGTM.

phodina <phodina@protonmail.com> writes:

Toggle quote (1 lines)
> * gnu/packages/linux.scm: (bolt): New variable.
^ no ":"

Toggle quote (2 lines)
> + (synopsis "Userspace system daemon for Thunderbolt")

Consider this instead (taken from their repository tagline, more
understandable to more users):

(synopsis "Thunderbolt 3 device manager")

Toggle quote (8 lines)
> + (description "Userspace daemon @code{boltd} exposes devices via D-Bus to clients.
> +It stores database of previously authorized devices and depending
> +on the policy set for the individual devices, automatically authorize newly
> +connected devices without user interaction. It also adapts its behaivour when
> +iommu support is detected.
> +Command line utility 'boltctl' can be used to manage thundebolt devices.
> +It can list devices, monitor changes and initiate authorization of device.")

Consider this instead:

(description "This package provides @command{boltd}, a userspace daemon
for Thunderbolt devices, and @command{boltctl}, a command-line utility for
managing those devices.

The daemon @command{boltd} exposes devices via D-Bus to clients. It also
stores a database of previously authorized devices and will, depending on the
policy set for the individual devices, automatically authorize newly connected
devices without user interaction.

The command-line utility @command{boltctl} manages Thunderbolt devices via
@command{boltd}. It can list devices, monitor changes, and initiate
authorization of devices.")


Toggle quote (9 lines)
> + (license license:gpl2+)))
> +
> (define-public jitterentropy-rngd
> (package
> (name "jitterentropy-rngd")
> --
> 2.32.0

With those changes, or similar:

* Package review checklist (WIP)
Lack of a check is not proof of noncompliance.

1. [X] Package builds (guix build package)
[X] x86_64 [ ] aarch64 [ ] armhf [ ] powerpc64le
[ ] i686 [ ] i586 [ ] mips64le
2. [X] Build is reproducible (guix build --rounds=n package)
3. [X] Tests enabled (if available) or disabled with in-source comment
4. [X] No extraneous dependencies (guix size package)
5. [X] No unnecessary pre-built binaries/blobs
6. [X] Dependencies unvendored when available in Guix
7. [X] Cross-compile friendly (cc-for-target, patches with inputs)
8. [X] License matches source
9. [X] No problematic lints (guix lint package)
10. [X] Formatting follows guidelines
- [X] Lines wrap at 80 characters
- [X] Indentation passes etc/indent-code.el
- [X] Two spaces used between sentences

For new packages:
1. [X] Source url is robust
* mirror:// used with url-fetch when possible
* No auto-generated archives from source repo (prefer cloning)
2. [X] Synopsis is short, descriptive, and meaningful to a wide audience
3. [X] Description is objective, takes 5-10 lines, uses full sentences,
and provides the information users need to decide whether the
software fits their needs.

There are lints for CVEs, but they are for the Bolt CMS, not this
project.

--
Sarah
P
P
phodina wrote on 5 Nov 2021 09:39
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
T5oh96qaEZJHH-szMIXMWA_dPsLL5PDeHHfSQlyG4-CjQ1ChMNXuTBvaFLPAd15fDw-0YaOB05qr5SrRCAGOg-Su5NeN59RVHeGcfR5C7Vk=@protonmail.com
Hi,

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Thursday, September 23rd, 2021 at 3:11 AM, Sarah Morgensen <iskarian@mgsn.dev> wrote:

Toggle quote (12 lines)
> Hello Petr,
>
> Thanks for the updated patch :)
>
> I don't have any experiences with services, so I can't comment on the
>
> second patch in this series, and I don't have a Thunderbolt controller
>
> or devices, so I can't test the actual program, but other than the
>
> commit message/synopsis/description this package LGTM.

Thanks Sarah for the review and tips on packaging.
Toggle quote (107 lines)
>
> phodina phodina@protonmail.com writes:
>
> > - gnu/packages/linux.scm: (bolt): New variable.
>
> ^ no ":"
>
>
> > - (synopsis "Userspace system daemon for Thunderbolt")
>
> Consider this instead (taken from their repository tagline, more
>
> understandable to more users):
>
> (synopsis "Thunderbolt 3 device manager")
>
> > - (description "Userspace daemon @code{boltd} exposes devices via D-Bus to clients.
> >
> > +It stores database of previously authorized devices and depending
> >
> > +on the policy set for the individual devices, automatically authorize newly
> >
> > +connected devices without user interaction. It also adapts its behaivour when
> >
> > +iommu support is detected.
> >
> > +Command line utility 'boltctl' can be used to manage thundebolt devices.
> >
> > +It can list devices, monitor changes and initiate authorization of device.")
>
> Consider this instead:
>
> (description "This package provides @command{boltd}, a userspace daemon
>
> for Thunderbolt devices, and @command{boltctl}, a command-line utility for
>
> managing those devices.
>
> The daemon @command{boltd} exposes devices via D-Bus to clients. It also
>
> stores a database of previously authorized devices and will, depending on the
>
> policy set for the individual devices, automatically authorize newly connected
>
> devices without user interaction.
>
> The command-line utility @command{boltctl} manages Thunderbolt devices via
>
> @command{boltd}. It can list devices, monitor changes, and initiate
>
> authorization of devices.")
>
> > - (home-page "https://gitlab.freedesktop.org/bolt/bolt")
> > - (license license:gpl2+)))
> >
> > (define-public jitterentropy-rngd
> >
> > (package
> >
> > (name "jitterentropy-rngd")
> > ------------------------------------------------------------------------
> >
> > 2.32.0
>
> With those changes, or similar:
>
> - Package review checklist (WIP)
>
> Lack of a check is not proof of noncompliance.
>
> 1. [X] Package builds (guix build package)
>
> [X] x86_64 [ ] aarch64 [ ] armhf [ ] powerpc64le
>
> [ ] i686 [ ] i586 [ ] mips64le
> 2. [X] Build is reproducible (guix build --rounds=n package)
> 3. [X] Tests enabled (if available) or disabled with in-source comment
> 4. [X] No extraneous dependencies (guix size package)
> 5. [X] No unnecessary pre-built binaries/blobs
> 6. [X] Dependencies unvendored when available in Guix
> 7. [X] Cross-compile friendly (cc-for-target, patches with inputs)
> 8. [X] License matches source
> 9. [X] No problematic lints (guix lint package)
> 10. [X] Formatting follows guidelines
> - [X] Lines wrap at 80 characters
> - [X] Indentation passes etc/indent-code.el
> - [X] Two spaces used between sentences
>
> For new packages:
> 11. [X] Source url is robust
> - mirror:// used with url-fetch when possible
> - No auto-generated archives from source repo (prefer cloning)
> 12. [X] Synopsis is short, descriptive, and meaningful to a wide audience
> 13. [X] Description is objective, takes 5-10 lines, uses full sentences,
>
> and provides the information users need to decide whether the
>
> software fits their needs.
>
> There are lints for CVEs, but they are for the Bolt CMS, not this
>
> project.
>
> --
>
> Sarah

Is there somebody who has Thunderbolt on their machine and could test this patch?

Petr
D
D
David Conner wrote on 22 Jan 07:55 +0100
[PATCH] Add bolt
(address . 49578@debbugs.gnu.org)
CAA_WgJXf0sWMbZZTg2avrGFYBj1_7LunsL9=qETFnYNyK1-jFA@mail.gmail.com
I have a late 2013 Macbook Pro with two Thunderbolt 2 ports.

They work if the TB device is inserted on boot, but after you disconnect a
device, it no longer functions when you reconnect it. It show that the
kernel recognizes the device in `dmesg` and that the PCIe port is
registered in `lspci -k` But the device is not found in `nmcli dev status`.
The device I'm testing is an Apple Ethernet adapter.

I am still in the learning phase where I'm trying to reconfigure my
machine, but I have the guix repo cloned and I'm planning on contributing
patches to packages on other channels. I will hopefully be in the position
where I can test this soon.
Attachment: file
D
D
David Conner wrote on 2 Feb 17:19 +0100
(address . 49578@debbugs.gnu.org)
CAA_WgJX8FYe6r9c12ZxjJjVzPV87PnBUzzbJ0o0DfyQi=y3Ofw@mail.gmail.com
I am ready to test this. I finally reconfigured my system last night, but I
have some questions about patching guix and testing.

The guix I would reconfigure in order to test this would be ‘master’ with
the patch applied. I think I should be alright applying the patch (I am
noob). If it doesn’t apply right, I can figure it out, but then I’ll need
to update the patch right?

Is git capable of doing this?

Or should I use a tool like ediff/patchwork?

I have the guix checked out with Google repo via
https://github.com/ectorepo/guix.This pulls down the latest copy of
everything on savannah under the guix project.

2022年1月22日(土) 午前1:55 David Conner <aionfork@gmail.com>:

Toggle quote (13 lines)
> I have a late 2013 Macbook Pro with two Thunderbolt 2 ports.
>
> They work if the TB device is inserted on boot, but after you disconnect a
> device, it no longer functions when you reconnect it. It show that the
> kernel recognizes the device in `dmesg` and that the PCIe port is
> registered in `lspci -k` But the device is not found in `nmcli dev status`.
> The device I'm testing is an Apple Ethernet adapter.
>
> I am still in the learning phase where I'm trying to reconfigure my
> machine, but I have the guix repo cloned and I'm planning on contributing
> patches to packages on other channels. I will hopefully be in the position
> where I can test this soon.
>
Attachment: file
P
P
phodina wrote 3 days ago
Re: [bug#49578] [PATCH v4] gnu: Add bolt.
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
rp8SpAlHZIINbm9ZNO_4lI_mK0OlLOQM9EdTQt8Zzz_9c5mpXm_xvGC8gpNjRMDew1MOpECQp6y5MpJWgEk7buLEMmBQleiH1NycK7uKAys=@protonmail.com
Hi Sarah,

here's updated patch with your tips.

David, the way I test new packages is either by running:
[1]
guix shell --check --pure -D guix

or
[2]
guix build -L <load_path>



----
Petr
From 538eeedf7ee64f98b17507ea11d38512525ef29f Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Sun, 18 Jul 2021 12:11:55 +0200
Subject: [PATCH v4 1/2] gnu: Add bolt.

* gnu/packages/linux.scm (bolt): New variable.

Toggle diff (71 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d7d373a92f..c1f4c99cbf 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -136,6 +136,7 @@ (define-module (gnu packages linux)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pciutils)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages polkit)
   #:use-module (gnu packages popt)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
@@ -2702,6 +2703,56 @@ (define-public iptables
 Both commands are targeted at system administrators.")
     (license license:gpl2+)))
 
+(define-public bolt
+  (package
+    (name "bolt")
+    (version "0.9.2")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://gitlab.freedesktop.org/bolt/bolt")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1h48qmqxhjq9gxv5gf78cqm5wadmnhvc9bkd02zya77rh3pf6y3r"))))
+    (build-system meson-build-system)
+    (arguments
+     (list #:configure-flags '(list "--localstatedir=/var")
+           #:glib-or-gtk? #t ;To wrap binaries and/or compile schemas
+           #:phases #~(modify-phases %standard-phases
+                        (add-after 'unpack 'replace-directories
+                          (lambda* (#:key outputs #:allow-other-keys)
+                            (substitute* "meson.build"
+                              (("udev.get_pkgconfig_variable..udevdir..")
+                               (string-append "'"
+                                              #$output "/lib/udev'")))
+                            (substitute* "scripts/meson-install.sh"
+                              (("mkdir.*")
+                               ""))))
+                        (add-before 'install 'no-polkit-magic
+                          (lambda* (#:key outputs #:allow-other-keys)
+                            (setenv "PKEXEC_UID" "something"))))))
+    (native-inputs (list pkg-config
+                         `(,glib "bin") python asciidoc umockdev))
+    (inputs (list eudev dbus polkit))
+    (synopsis "Thunderbolt 3 device manager")
+    (description
+     "This package provides @command{boltd}, a userspace daemon
+for Thunderbolt devices, and @command{boltctl}, a command-line utility for
+managing those devices.
+
+The daemon @command{boltd} exposes devices via D-Bus to clients.  It also
+stores a database of previously authorized devices and will, depending on the
+policy set for the individual devices, automatically authorize newly connected
+devices without user interaction.
+
+The command-line utility @command{boltctl} manages Thunderbolt devices via
+@command{boltd}.  It can list devices, monitor changes, and initiate
+authorization of devices.")
+    (home-page "https://gitlab.freedesktop.org/bolt/bolt")
+    (license license:gpl2+)))
+
 (define-public jitterentropy-rngd
   (package
     (name "jitterentropy-rngd")
-- 
2.37.0
From e054c89f9964686670e7716c820ca9ebb9f41543 Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Sat, 18 Sep 2021 13:11:18 +0200
Subject: [PATCH v4 2/2] services: Add a service for bolt.

* gnu/services/linux.scm (bolt-service-type)
(bolt-shepherd-service, bolt-dbus-service)
(bolt-configuration, bolt-configuration?): New procedures.

Toggle diff (114 lines)
diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm
index 60e2093e1d..37dcd14f97 100644
--- a/gnu/services/linux.scm
+++ b/gnu/services/linux.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@protonmail.com>
 ;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
 ;;; Copyright © 2022 Josselin Poiret <dev@jpoiret.xyz>
+;;; Copyright © 2021-2022 Petr Hodina <phodina@protonmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,15 +30,21 @@ (define-module (gnu services linux)
   #:use-module (guix i18n)
   #:use-module (guix ui)
   #:use-module (gnu services)
+  #:use-module (gnu services dbus)
   #:use-module (gnu services base)
   #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
   #:use-module (gnu packages linux)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
-  #:export (earlyoom-configuration
+  #:export (bolt-configuration
+            bolt-configuration?
+            bolt-service-type
+
+            earlyoom-configuration
             earlyoom-configuration?
             earlyoom-configuration-earlyoom
             earlyoom-configuration-minimum-available-memory
@@ -65,6 +72,76 @@ (define-module (gnu services linux)
             zram-device-configuration-priority
             zram-device-service-type))
 
+
+;;;
+;;; Thunderbolt daemon.
+;;;
+
+(define-record-type* <bolt-configuration>
+  bolt-configuration make-bolt-configuration bolt-configuration?
+  (package bolt-configuration-package ; package
+           (default bolt)))
+
+(define bolt-shepherd-service
+  (match-lambda
+    (($ <bolt-configuration> package)
+     (with-imported-modules (source-module-closure
+                             '((gnu build shepherd)))
+       (shepherd-service
+        (documentation "Thunderbolt daemon")
+        (provision '(thunderbolt))
+        (requirement '(networking))
+        (modules '((gnu build shepherd)))
+        (start #~(make-forkexec-constructor/container
+                  (list #$(file-append package "/libexec/boltd"))
+		  ))
+        (stop #~(make-kill-destructor)))))))
+
+(define %bolt-activation
+  #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p "/var/lib/boltd")))
+
+(define (bolt-dbus-service config)
+  (list (wrapped-dbus-service (bolt-configuration-bolt config)
+			      "libexec/boltd"
+			      `(("BOLT_CONF_FILE_NAME"
+				 '("share/dbus-1/interfaces/org.freedesktop.bolt.xml"))))))
+
+(define %bolt-accounts
+ (list (user-group (name "boltd") (system? #t))
+       (user-account
+	 (name "boltd")
+	 (group "boltd")
+	 (system? #t)
+	 (comment "Boltd daemon user")
+	 (home-directory "/var/empty")
+	 (shell "/run/current-system/profile/sbin/nologin"))))
+
+(define bolt-udev-rule
+  (match-lambda
+    (($ <bolt-configuration> package)
+  (file->udev-rule "90-bolt.rules" (file-append package "/lib/udev/rules.d/90-bolt.rules")))))
+
+(define bolt-service-type
+  (service-type
+   (name 'boltd)
+   (description
+    "Thunderbolt daemon")
+   (extensions
+    (list (service-extension udev-service-type
+			     (compose list bolt-udev-rule))
+	  (service-extension activation-service-type
+			     (const %bolt-activation))
+	  (service-extension dbus-root-service-type
+	  (compose list bolt-configuration-package))
+	;		     bolt-dbus-service)
+	  (service-extension account-service-type
+			     (const %bolt-accounts))
+          (service-extension shepherd-root-service-type
+                             (compose list bolt-shepherd-service))))
+   (default-value (bolt-configuration))))
+
 
 ;;;
 ;;; Early OOM daemon.
-- 
2.37.0
?