[PATCH] Add bolt

  • Open
  • quality assurance status badge
Details
4 participants
  • David Conner
  • Sarah Morgensen
  • Ludovic Courtès
  • phodina
Owner
unassigned
Submitted by
phodina
Severity
normal
P
P
phodina wrote on 15 Jul 2021 18:46
(name . guix-patches@gnu.org)(address . guix-patches@gnu.org)
M1akxhPbhdsagfKtQNdUvQ_gr7_am4nX--PrR6Q_xlyvSCkuUoDtFRURxw8xHioONjC36RuHVt-wy18yvV-EeegHIEOUos87NROWijau444=@protonmail.com
---
index 4b57bc1f24..d07ee33a7e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -123,6 +123,7 @@
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-xyz)
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages readline)
#:use-module (gnu packages rrdtool)
#:use-module (gnu packages samba)
@@ -2479,6 +2480,52 @@ IPv6 packet filter.
Both commands are targeted at system administrators.")
(license license:gpl2+)))

+(define-public bolt
+ (package
+ (name "bolt")
+ (version "0.9.1")
+ (source (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (commit version)))
+ (sha256
+ (base32
+ "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+ (build-system meson-build-system)
+ (arguments
+ `(#:configure-flags (list (string-append "--localstatedir=" (assoc-ref %outputs "out") "/var"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'fix-udev-rules-directory
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (mkdir-p (string-append out "/lib/udev/rules.d"))
+ (substitute* "meson.build"
+ (("udev.get_pkgconfig_variable..udevdir..")
+ (string-append "'" out "/lib'")))#t)))
+ (add-before 'install 'no-polkit-magic
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Meson ‘magically’ invokes pkexec, which fails (not setuid).
+ (setenv "PKEXEC_UID" "something")
+ #t)))))
+ (native-inputs `(("pkg-config" ,pkg-config) ("dbus" ,dbus) ("asciidoc" ,asciidoc) ("umockdev" ,umockdev)))
+ (inputs `(("glib:bin" ,glib "bin") ("eudev" ,eudev) ("polkit" ,polkit)))
+ (synopsis "Userspace system daemon to enable security levels for Thunderbolt™
+on GNU/Linux®.")
+ (description "Thunderbolt™ is the brand name of a hardware interface developed by
+Intel® that allows the connection of external peripherals to a
+computer.
+Devices connected via Thunderbolt can be DMA masters and thus read
+system memory without interference of the operating system (or even
+the CPU). Version 3 of the interface introduced 5 different security
+levels, in order to mitigate the aforementioned security risk that
+connected devices pose to the system. The security level is set by the
+system firmware.")
+ (license license:gpl2+)))
+
(define-public jitterentropy-rngd
(package
(name "jitterentropy-rngd")
--
2.31.1
S
S
Sarah Morgensen wrote on 22 Jul 2021 03:50
(name . phodina)(address . phodina@protonmail.com)(address . 49578@debbugs.gnu.org)
86o8avrua2.fsf@mgsn.dev
Hello,

Thanks for the patch. It's always good to see new contributors around
here! I have a few suggestions for your patch.

phodina <phodina@protonmail.com> writes:

Toggle quote (33 lines)
> ---
> index 4b57bc1f24..d07ee33a7e 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -123,6 +123,7 @@
> #:use-module (gnu packages pulseaudio)
> #:use-module (gnu packages python)
> #:use-module (gnu packages python-xyz)
> + #:use-module (gnu packages polkit)
> #:use-module (gnu packages readline)
> #:use-module (gnu packages rrdtool)
> #:use-module (gnu packages samba)
> @@ -2479,6 +2480,52 @@ IPv6 packet filter.
> Both commands are targeted at system administrators.")
> (license license:gpl2+)))
>
> +(define-public bolt
> + (package
> + (name "bolt")
> + (version "0.9.1")
> + (source (origin
> + (method git-fetch)
> + (uri
> + (git-reference
> + (url "https://gitlab.freedesktop.org/bolt/bolt")
> + (commit version)))
> + (sha256
> + (base32
> + "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
> + (build-system meson-build-system)
> + (arguments
> + `(#:configure-flags (list (string-append "--localstatedir=" (assoc-ref %outputs "out") "/var"))

Are you sure this shouldn't be "--localstatedir=/var"? As it is, it
refers to the read-only directory /gnu/store/...-bolt-0.9.1/var.

Toggle quote (6 lines)
> + #:phases
> + (modify-phases %standard-phases
> + (add-after 'unpack 'fix-udev-rules-directory
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let ((out (assoc-ref outputs "out")))
> + (mkdir-p (string-append out "/lib/udev/rules.d"))
^ I think this is not necessary...

Toggle quote (3 lines)
> + (substitute* "meson.build"
> + (("udev.get_pkgconfig_variable..udevdir..")
> + (string-append "'" out "/lib'")))#t)))
...with this change: ^ /lib/udev

Toggle quote (5 lines)
> + (add-before 'install 'no-polkit-magic
> + (lambda* (#:key outputs #:allow-other-keys)
> + ;; Meson ‘magically’ invokes pkexec, which fails (not setuid).
> + (setenv "PKEXEC_UID" "something")
> + #t)))))
^ Phases no longer need to end with #t, so you can omit this.

Toggle quote (2 lines)
> + (native-inputs `(("pkg-config" ,pkg-config) ("dbus" ,dbus) ("asciidoc" ,asciidoc) ("umockdev" ,umockdev)))

Please wrap lines at 80 characters, and in the special case of package
inputs like here, each input should get its own line, like:

(native-inputs
`(("pkg-config" ,pkg-config)
("dbus" ,dbus)
("asciidoc" ,asciidoc)
("umockdev" ,umockdev)))

Toggle quote (21 lines)
> + (inputs `(("glib:bin" ,glib "bin") ("eudev" ,eudev) ("polkit" ,polkit)))
> + (synopsis "Userspace system daemon to enable security levels for Thunderbolt™
> +on GNU/Linux®.")
> + (description "Thunderbolt™ is the brand name of a hardware interface developed by
> +Intel® that allows the connection of external peripherals to a
> +computer.
> +Devices connected via Thunderbolt can be DMA masters and thus read
> +system memory without interference of the operating system (or even
> +the CPU). Version 3 of the interface introduced 5 different security
> +levels, in order to mitigate the aforementioned security risk that
> +connected devices pose to the system. The security level is set by the
> +system firmware.")
> + (home-page "https://gitlab.freedesktop.org/bolt/bolt")
> + (license license:gpl2+)))
> +
> (define-public jitterentropy-rngd
> (package
> (name "jitterentropy-rngd")
> --
> 2.31.1

--
Sarah
P
P
phodina wrote on 22 Jul 2021 13:32
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
1aJRSz6qFjmFhYY0CBesLTTG0pCFP3k4W0lONoiRV7XP6fDy07As2nMW1DicJXJws8O3IXC-qZLar49bOBNy1FD_I3kNTHUqNRUcNMMtXRo=@protonmail.com
Hi Sarah,

Thanks for the suggestions. Fixes:

- polkit in alphabethical order
- line wraping
- /var dir location
- removed #t in phases
- simplified udev rules install
- more useful synopsis

---
index 41902e7785..6050871264 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -119,6 +119,7 @@
#:use-module (gnu packages perl)
#:use-module (gnu packages pciutils)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages popt)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
@@ -2479,6 +2480,59 @@ IPv6 packet filter.
Both commands are targeted at system administrators.")
(license license:gpl2+)))

+(define-public bolt
+ (package
+ (name "bolt")
+ (version "0.9.1")
+ (source (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+ (build-system meson-build-system)
+ (arguments
+ `(#:configure-flags (list "--localstatedir=/var")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'replace-directories
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "meson.build"
+ (("udev.get_pkgconfig_variable..udevdir..")
+ (string-append "'" (assoc-ref %outputs "out") "/lib/udev'")))
+ (substitute* "meson.build"
+ ((".*scripts/meson-install.sh.*") ""))
+ ))
+ (add-before 'install 'no-polkit-magic
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Meson ‘magically’ invokes pkexec, which fails (not setuid).
+ (setenv "PKEXEC_UID" "something")
+ )))))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("dbus" ,dbus)
+ ("asciidoc" ,asciidoc)
+ ("umockdev" ,umockdev)))
+ (inputs
+ `(("glib:bin" ,glib "bin")
+ ("eudev" ,eudev)
+ ("polkit" ,polkit)))
+ (synopsis "Userspace system daemon to enable security levels
+for Thunderbolt™ on GNU/Linux®.")
+ (description "Userspace daemon 'boltd' exposes devices via D-Bus to clients.
+It stores database of previously authorized devices and depending
+on the policy set for the individual devices, auomatically authorize newly
+connected devices without user interaction. It also adapts its behaivour when
+iommu support is detected.
+Command line utility 'boltctl' can be used to manage thundebolt devices. It can
+list devices, monitor changes and initiate authorization of device.")
+ (license license:gpl2+)))
+
(define-public jitterentropy-rngd
(package
(name "jitterentropy-rngd")
--
2.31.1
P
P
phodina wrote on 22 Jul 2021 13:36
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
hLPvIp8Fqu0eBUVfaBG6dhJJdV3oS0fHf_nVr-sCJZ2iUd1-oHiCvVx6kw42JIupQa187HFlrCeCYh-ZdSzE-UOa1NmhZBgZBMUoDwL1R1Q=@protonmail.com
Also would you have recommendation on how to create a service for the daemon boltd?

Currently it's a good step to have it packaged, but without a running service it's little bit pointless.

There is probably something similar that I can check, learn how the services work and modify it for the thunderbolt case.
S
S
Sarah Morgensen wrote on 22 Jul 2021 22:02
(name . phodina)(address . phodina@protonmail.com)(address . 49578@debbugs.gnu.org)
86bl6urubp.fsf_-_@mgsn.dev
Hi,

phodina <phodina@protonmail.com> writes:

Toggle quote (6 lines)
> Also would you have recommendation on how to create a service for the daemon boltd?
>
> Currently it's a good step to have it packaged, but without a running service it's little bit pointless.
>
> There is probably something similar that I can check, learn how the services work and modify it for the thunderbolt case.

I'm assuming you mean a service to run on Guix System, yes?

There is a section in the manual on this


which has a couple examples. You'll probably want to make a shepherd
service (shepherd is Guix System's services manager). You can also read
the code for existing services in gnu/services/*.scm. I'm not very
familiar with services so unfortunately I can't point you at any similar
ones. Best of luck!

--
Sarah
P
P
phodina wrote on 18 Sep 2021 13:20
[PATCH v3 1/2] gnu: Add bolt.
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
IpWOs4rfABoT7fYcMUB85zS3FRn8ZwpMv_PQzYRjT6aj14ZdfbW8KLgQB9oOJFHKni5PmV5CSNs4h9qbDCpG3DgqGF2btkjbIRCabQV24Zo=@protonmail.com
* gnu/packages/linux.scm: (bolt): New variable.

Toggle diff (69 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 46c9f817a8..3ec896bba6 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -121,6 +121,7 @@
#:use-module (gnu packages perl)
#:use-module (gnu packages pciutils)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages popt)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
@@ -2655,6 +2656,56 @@ IPv6 packet filter.
Both commands are targeted at system administrators.")
(license license:gpl2+)))

+(define-public bolt
+ (package
+ (name "bolt")
+ (version "0.9.1")
+ (source (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://gitlab.freedesktop.org/bolt/bolt")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm"))))
+ (build-system meson-build-system)
+ (arguments
+ `(#:configure-flags (list "--localstatedir=/var")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'replace-directories
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "meson.build"
+ (("udev.get_pkgconfig_variable..udevdir..")
+ (string-append "'" (assoc-ref %outputs "out") "/lib/udev'")))
+ (substitute* "meson.build"
+ ((".*scripts/meson-install.sh.*") ""))))
+ (add-before 'install 'no-polkit-magic
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Meson ‘magically’ invokes pkexec, which fails (not setuid).
+ (setenv "PKEXEC_UID" "something"))))))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("glib:bin" ,glib "bin")
+ ("asciidoc" ,asciidoc)
+ ("umockdev" ,umockdev)))
+ (inputs
+ `(("eudev" ,eudev)
+ ("dbus" ,dbus)
+ ("polkit" ,polkit)))
+ (synopsis "Userspace system daemon for Thunderbolt")
+ (description "Userspace daemon @code{boltd} exposes devices via D-Bus to clients.
+It stores database of previously authorized devices and depending
+on the policy set for the individual devices, automatically authorize newly
+connected devices without user interaction. It also adapts its behaivour when
+iommu support is detected.
+Command line utility 'boltctl' can be used to manage thundebolt devices.
+It can list devices, monitor changes and initiate authorization of device.")
+ (home-page "https://gitlab.freedesktop.org/bolt/bolt")
+ (license license:gpl2+)))
+
(define-public jitterentropy-rngd
(package
(name "jitterentropy-rngd")
--
2.32.0
P
P
phodina wrote on 18 Sep 2021 13:21
[PATCH v3 2/2] services: Add a service for bolt.
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
7hJPvaldH4Bh7rtXByW9GPmxh-s8a1TCz9icV0mkcF6MLy5zRWlgrcruWWbl2KcenTOrIsL89cDh36eBRLrjKa6y53p8a8weWTQpSenjCHE=@protonmail.com
* gnu/services/linux.scm (bolt-service-type)
(bolt-shepherd-service, bolt-dbus-service)
(bolt-configuration, bolt-configuration?): New procedures.

Toggle diff (114 lines)
diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm
index 2eb02ac5a3..dc26f285bf 100644
--- a/gnu/services/linux.scm
+++ b/gnu/services/linux.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@protonmail.com>
;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
+;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -24,7 +25,9 @@
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix modules)
+ #:use-module (gnu system shadow)
#:use-module (gnu services)
+ #:use-module (gnu services dbus)
#:use-module (gnu services base)
#:use-module (gnu services shepherd)
#:use-module (gnu packages linux)
@@ -33,7 +36,11 @@
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (ice-9 match)
- #:export (earlyoom-configuration
+ #:export (bolt-configuration
+ bolt-configuration?
+ bolt-service-type
+
+ earlyoom-configuration
earlyoom-configuration?
earlyoom-configuration-earlyoom
earlyoom-configuration-minimum-available-memory
@@ -61,6 +68,76 @@
zram-device-configuration-priority
zram-device-service-type))

+

+;;;
+;;; Thunderbolt daemon.
+;;;
+
+(define-record-type* <bolt-configuration>
+ bolt-configuration make-bolt-configuration bolt-configuration?
+ (package bolt-configuration-package ; package
+ (default bolt)))
+
+(define bolt-shepherd-service
+ (match-lambda
+ (($ <bolt-configuration> package)
+ (with-imported-modules (source-module-closure
+ '((gnu build shepherd)))
+ (shepherd-service
+ (documentation "Thunderbolt daemon")
+ (provision '(thunderbolt))
+ (requirement '(networking))
+ (modules '((gnu build shepherd)))
+ (start #~(make-forkexec-constructor/container
+ (list #$(file-append package "/libexec/boltd"))
+ ))
+ (stop #~(make-kill-destructor)))))))
+
+(define %bolt-activation
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p "/var/lib/boltd")))
+
+(define (bolt-dbus-service config)
+ (list (wrapped-dbus-service (bolt-configuration-bolt config)
+ "libexec/boltd"
+ `(("BOLT_CONF_FILE_NAME"
+ '("share/dbus-1/interfaces/org.freedesktop.bolt.xml"))))))
+
+(define %bolt-accounts
+ (list (user-group (name "boltd") (system? #t))
+ (user-account
+ (name "boltd")
+ (group "boltd")
+ (system? #t)
+ (comment "Boltd daemon user")
+ (home-directory "/var/empty")
+ (shell "/run/current-system/profile/sbin/nologin"))))
+
+(define bolt-udev-rule
+ (match-lambda
+ (($ <bolt-configuration> package)
+ (file->udev-rule "90-bolt.rules" (file-append package "/lib/udev/rules.d/90-bolt.rules")))))
+
+(define bolt-service-type
+ (service-type
+ (name 'boltd)
+ (description
+ "Thunderbolt daemon")
+ (extensions
+ (list (service-extension udev-service-type
+ (compose list bolt-udev-rule))
+ (service-extension activation-service-type
+ (const %bolt-activation))
+ (service-extension dbus-root-service-type
+ (compose list bolt-configuration-package))
+ ; bolt-dbus-service)
+ (service-extension account-service-type
+ (const %bolt-accounts))
+ (service-extension shepherd-root-service-type
+ (compose list bolt-shepherd-service))))
+ (default-value (bolt-configuration))))
+


;;;
;;; Early OOM daemon.
--
2.32.0
S
S
Sarah Morgensen wrote on 23 Sep 2021 03:11
Re: [bug#49578] [PATCH v3 1/2] gnu: Add bolt.
(name . phodina)(address . phodina@protonmail.com)(address . 49578@debbugs.gnu.org)
86mto4w0xw.fsf@mgsn.dev
Hello Petr,

Thanks for the updated patch :)

I don't have any experiences with services, so I can't comment on the
second patch in this series, and I don't have a Thunderbolt controller
or devices, so I can't test the actual program, but other than the
commit message/synopsis/description this package LGTM.

phodina <phodina@protonmail.com> writes:

Toggle quote (1 lines)
> * gnu/packages/linux.scm: (bolt): New variable.
^ no ":"

Toggle quote (2 lines)
> + (synopsis "Userspace system daemon for Thunderbolt")

Consider this instead (taken from their repository tagline, more
understandable to more users):

(synopsis "Thunderbolt 3 device manager")

Toggle quote (8 lines)
> + (description "Userspace daemon @code{boltd} exposes devices via D-Bus to clients.
> +It stores database of previously authorized devices and depending
> +on the policy set for the individual devices, automatically authorize newly
> +connected devices without user interaction. It also adapts its behaivour when
> +iommu support is detected.
> +Command line utility 'boltctl' can be used to manage thundebolt devices.
> +It can list devices, monitor changes and initiate authorization of device.")

Consider this instead:

(description "This package provides @command{boltd}, a userspace daemon
for Thunderbolt devices, and @command{boltctl}, a command-line utility for
managing those devices.

The daemon @command{boltd} exposes devices via D-Bus to clients. It also
stores a database of previously authorized devices and will, depending on the
policy set for the individual devices, automatically authorize newly connected
devices without user interaction.

The command-line utility @command{boltctl} manages Thunderbolt devices via
@command{boltd}. It can list devices, monitor changes, and initiate
authorization of devices.")


Toggle quote (9 lines)
> + (license license:gpl2+)))
> +
> (define-public jitterentropy-rngd
> (package
> (name "jitterentropy-rngd")
> --
> 2.32.0

With those changes, or similar:

* Package review checklist (WIP)
Lack of a check is not proof of noncompliance.

1. [X] Package builds (guix build package)
[X] x86_64 [ ] aarch64 [ ] armhf [ ] powerpc64le
[ ] i686 [ ] i586 [ ] mips64le
2. [X] Build is reproducible (guix build --rounds=n package)
3. [X] Tests enabled (if available) or disabled with in-source comment
4. [X] No extraneous dependencies (guix size package)
5. [X] No unnecessary pre-built binaries/blobs
6. [X] Dependencies unvendored when available in Guix
7. [X] Cross-compile friendly (cc-for-target, patches with inputs)
8. [X] License matches source
9. [X] No problematic lints (guix lint package)
10. [X] Formatting follows guidelines
- [X] Lines wrap at 80 characters
- [X] Indentation passes etc/indent-code.el
- [X] Two spaces used between sentences

For new packages:
1. [X] Source url is robust
* mirror:// used with url-fetch when possible
* No auto-generated archives from source repo (prefer cloning)
2. [X] Synopsis is short, descriptive, and meaningful to a wide audience
3. [X] Description is objective, takes 5-10 lines, uses full sentences,
and provides the information users need to decide whether the
software fits their needs.

There are lints for CVEs, but they are for the Bolt CMS, not this
project.

--
Sarah
P
P
phodina wrote on 5 Nov 2021 09:39
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
T5oh96qaEZJHH-szMIXMWA_dPsLL5PDeHHfSQlyG4-CjQ1ChMNXuTBvaFLPAd15fDw-0YaOB05qr5SrRCAGOg-Su5NeN59RVHeGcfR5C7Vk=@protonmail.com
Hi,

??????? Original Message ???????

On Thursday, September 23rd, 2021 at 3:11 AM, Sarah Morgensen <iskarian@mgsn.dev> wrote:

Toggle quote (12 lines)
> Hello Petr,
>
> Thanks for the updated patch :)
>
> I don't have any experiences with services, so I can't comment on the
>
> second patch in this series, and I don't have a Thunderbolt controller
>
> or devices, so I can't test the actual program, but other than the
>
> commit message/synopsis/description this package LGTM.

Thanks Sarah for the review and tips on packaging.
Toggle quote (107 lines)
>
> phodina phodina@protonmail.com writes:
>
> > - gnu/packages/linux.scm: (bolt): New variable.
>
> ^ no ":"
>
>
> > - (synopsis "Userspace system daemon for Thunderbolt")
>
> Consider this instead (taken from their repository tagline, more
>
> understandable to more users):
>
> (synopsis "Thunderbolt 3 device manager")
>
> > - (description "Userspace daemon @code{boltd} exposes devices via D-Bus to clients.
> >
> > +It stores database of previously authorized devices and depending
> >
> > +on the policy set for the individual devices, automatically authorize newly
> >
> > +connected devices without user interaction. It also adapts its behaivour when
> >
> > +iommu support is detected.
> >
> > +Command line utility 'boltctl' can be used to manage thundebolt devices.
> >
> > +It can list devices, monitor changes and initiate authorization of device.")
>
> Consider this instead:
>
> (description "This package provides @command{boltd}, a userspace daemon
>
> for Thunderbolt devices, and @command{boltctl}, a command-line utility for
>
> managing those devices.
>
> The daemon @command{boltd} exposes devices via D-Bus to clients. It also
>
> stores a database of previously authorized devices and will, depending on the
>
> policy set for the individual devices, automatically authorize newly connected
>
> devices without user interaction.
>
> The command-line utility @command{boltctl} manages Thunderbolt devices via
>
> @command{boltd}. It can list devices, monitor changes, and initiate
>
> authorization of devices.")
>
> > - (home-page "https://gitlab.freedesktop.org/bolt/bolt")
> > - (license license:gpl2+)))
> >
> > (define-public jitterentropy-rngd
> >
> > (package
> >
> > (name "jitterentropy-rngd")
> > ------------------------------------------------------------------------
> >
> > 2.32.0
>
> With those changes, or similar:
>
> - Package review checklist (WIP)
>
> Lack of a check is not proof of noncompliance.
>
> 1. [X] Package builds (guix build package)
>
> [X] x86_64 [ ] aarch64 [ ] armhf [ ] powerpc64le
>
> [ ] i686 [ ] i586 [ ] mips64le
> 2. [X] Build is reproducible (guix build --rounds=n package)
> 3. [X] Tests enabled (if available) or disabled with in-source comment
> 4. [X] No extraneous dependencies (guix size package)
> 5. [X] No unnecessary pre-built binaries/blobs
> 6. [X] Dependencies unvendored when available in Guix
> 7. [X] Cross-compile friendly (cc-for-target, patches with inputs)
> 8. [X] License matches source
> 9. [X] No problematic lints (guix lint package)
> 10. [X] Formatting follows guidelines
> - [X] Lines wrap at 80 characters
> - [X] Indentation passes etc/indent-code.el
> - [X] Two spaces used between sentences
>
> For new packages:
> 11. [X] Source url is robust
> - mirror:// used with url-fetch when possible
> - No auto-generated archives from source repo (prefer cloning)
> 12. [X] Synopsis is short, descriptive, and meaningful to a wide audience
> 13. [X] Description is objective, takes 5-10 lines, uses full sentences,
>
> and provides the information users need to decide whether the
>
> software fits their needs.
>
> There are lints for CVEs, but they are for the Bolt CMS, not this
>
> project.
>
> --
>
> Sarah

Is there somebody who has Thunderbolt on their machine and could test this patch?

Petr
D
D
David Conner wrote on 22 Jan 2022 07:55
[PATCH] Add bolt
(address . 49578@debbugs.gnu.org)
CAA_WgJXf0sWMbZZTg2avrGFYBj1_7LunsL9=qETFnYNyK1-jFA@mail.gmail.com
I have a late 2013 Macbook Pro with two Thunderbolt 2 ports.

They work if the TB device is inserted on boot, but after you disconnect a
device, it no longer functions when you reconnect it. It show that the
kernel recognizes the device in `dmesg` and that the PCIe port is
registered in `lspci -k` But the device is not found in `nmcli dev status`.
The device I'm testing is an Apple Ethernet adapter.

I am still in the learning phase where I'm trying to reconfigure my
machine, but I have the guix repo cloned and I'm planning on contributing
patches to packages on other channels. I will hopefully be in the position
where I can test this soon.
Attachment: file
D
D
David Conner wrote on 2 Feb 2022 17:19
(address . 49578@debbugs.gnu.org)
CAA_WgJX8FYe6r9c12ZxjJjVzPV87PnBUzzbJ0o0DfyQi=y3Ofw@mail.gmail.com
I am ready to test this. I finally reconfigured my system last night, but I
have some questions about patching guix and testing.

The guix I would reconfigure in order to test this would be ‘master’ with
the patch applied. I think I should be alright applying the patch (I am
noob). If it doesn’t apply right, I can figure it out, but then I’ll need
to update the patch right?

Is git capable of doing this?

Or should I use a tool like ediff/patchwork?

I have the guix checked out with Google repo via
https://github.com/ectorepo/guix.This pulls down the latest copy of
everything on savannah under the guix project.

2022?1?22?(?) ??1:55 David Conner <aionfork@gmail.com>:

Toggle quote (13 lines)
> I have a late 2013 Macbook Pro with two Thunderbolt 2 ports.
>
> They work if the TB device is inserted on boot, but after you disconnect a
> device, it no longer functions when you reconnect it. It show that the
> kernel recognizes the device in `dmesg` and that the PCIe port is
> registered in `lspci -k` But the device is not found in `nmcli dev status`.
> The device I'm testing is an Apple Ethernet adapter.
>
> I am still in the learning phase where I'm trying to reconfigure my
> machine, but I have the guix repo cloned and I'm planning on contributing
> patches to packages on other channels. I will hopefully be in the position
> where I can test this soon.
>
Attachment: file
P
P
phodina wrote on 15 Aug 2022 00:00
Re: [bug#49578] [PATCH v4] gnu: Add bolt.
(name . Sarah Morgensen)(address . iskarian@mgsn.dev)(address . 49578@debbugs.gnu.org)
rp8SpAlHZIINbm9ZNO_4lI_mK0OlLOQM9EdTQt8Zzz_9c5mpXm_xvGC8gpNjRMDew1MOpECQp6y5MpJWgEk7buLEMmBQleiH1NycK7uKAys=@protonmail.com
Hi Sarah,

here's updated patch with your tips.

David, the way I test new packages is either by running:
[1]
guix shell --check --pure -D guix

or
[2]
guix build -L <load_path>



----
Petr
From 538eeedf7ee64f98b17507ea11d38512525ef29f Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Sun, 18 Jul 2021 12:11:55 +0200
Subject: [PATCH v4 1/2] gnu: Add bolt.

* gnu/packages/linux.scm (bolt): New variable.

Toggle diff (71 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d7d373a92f..c1f4c99cbf 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -136,6 +136,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages perl)
#:use-module (gnu packages pciutils)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages popt)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
@@ -2702,6 +2703,56 @@ (define-public iptables
Both commands are targeted at system administrators.")
(license license:gpl2+)))
+(define-public bolt
+ (package
+ (name "bolt")
+ (version "0.9.2")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.freedesktop.org/bolt/bolt")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1h48qmqxhjq9gxv5gf78cqm5wadmnhvc9bkd02zya77rh3pf6y3r"))))
+ (build-system meson-build-system)
+ (arguments
+ (list #:configure-flags '(list "--localstatedir=/var")
+ #:glib-or-gtk? #t ;To wrap binaries and/or compile schemas
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'replace-directories
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "meson.build"
+ (("udev.get_pkgconfig_variable..udevdir..")
+ (string-append "'"
+ #$output "/lib/udev'")))
+ (substitute* "scripts/meson-install.sh"
+ (("mkdir.*")
+ ""))))
+ (add-before 'install 'no-polkit-magic
+ (lambda* (#:key outputs #:allow-other-keys)
+ (setenv "PKEXEC_UID" "something"))))))
+ (native-inputs (list pkg-config
+ `(,glib "bin") python asciidoc umockdev))
+ (inputs (list eudev dbus polkit))
+ (synopsis "Thunderbolt 3 device manager")
+ (description
+ "This package provides @command{boltd}, a userspace daemon
+for Thunderbolt devices, and @command{boltctl}, a command-line utility for
+managing those devices.
+
+The daemon @command{boltd} exposes devices via D-Bus to clients. It also
+stores a database of previously authorized devices and will, depending on the
+policy set for the individual devices, automatically authorize newly connected
+devices without user interaction.
+
+The command-line utility @command{boltctl} manages Thunderbolt devices via
+@command{boltd}. It can list devices, monitor changes, and initiate
+authorization of devices.")
+ (home-page "https://gitlab.freedesktop.org/bolt/bolt")
+ (license license:gpl2+)))
+
(define-public jitterentropy-rngd
(package
(name "jitterentropy-rngd")
--
2.37.0
From e054c89f9964686670e7716c820ca9ebb9f41543 Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Sat, 18 Sep 2021 13:11:18 +0200
Subject: [PATCH v4 2/2] services: Add a service for bolt.

* gnu/services/linux.scm (bolt-service-type)
(bolt-shepherd-service, bolt-dbus-service)
(bolt-configuration, bolt-configuration?): New procedures.

Toggle diff (114 lines)
diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm
index 60e2093e1d..37dcd14f97 100644
--- a/gnu/services/linux.scm
+++ b/gnu/services/linux.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@protonmail.com>
;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
;;; Copyright © 2022 Josselin Poiret <dev@jpoiret.xyz>
+;;; Copyright © 2021-2022 Petr Hodina <phodina@protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -29,15 +30,21 @@ (define-module (gnu services linux)
#:use-module (guix i18n)
#:use-module (guix ui)
#:use-module (gnu services)
+ #:use-module (gnu services dbus)
#:use-module (gnu services base)
#:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
#:use-module (gnu packages linux)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (ice-9 match)
- #:export (earlyoom-configuration
+ #:export (bolt-configuration
+ bolt-configuration?
+ bolt-service-type
+
+ earlyoom-configuration
earlyoom-configuration?
earlyoom-configuration-earlyoom
earlyoom-configuration-minimum-available-memory
@@ -65,6 +72,76 @@ (define-module (gnu services linux)
zram-device-configuration-priority
zram-device-service-type))
+
+;;;
+;;; Thunderbolt daemon.
+;;;
+
+(define-record-type* <bolt-configuration>
+ bolt-configuration make-bolt-configuration bolt-configuration?
+ (package bolt-configuration-package ; package
+ (default bolt)))
+
+(define bolt-shepherd-service
+ (match-lambda
+ (($ <bolt-configuration> package)
+ (with-imported-modules (source-module-closure
+ '((gnu build shepherd)))
+ (shepherd-service
+ (documentation "Thunderbolt daemon")
+ (provision '(thunderbolt))
+ (requirement '(networking))
+ (modules '((gnu build shepherd)))
+ (start #~(make-forkexec-constructor/container
+ (list #$(file-append package "/libexec/boltd"))
+ ))
+ (stop #~(make-kill-destructor)))))))
+
+(define %bolt-activation
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p "/var/lib/boltd")))
+
+(define (bolt-dbus-service config)
+ (list (wrapped-dbus-service (bolt-configuration-bolt config)
+ "libexec/boltd"
+ `(("BOLT_CONF_FILE_NAME"
+ '("share/dbus-1/interfaces/org.freedesktop.bolt.xml"))))))
+
+(define %bolt-accounts
+ (list (user-group (name "boltd") (system? #t))
+ (user-account
+ (name "boltd")
+ (group "boltd")
+ (system? #t)
+ (comment "Boltd daemon user")
+ (home-directory "/var/empty")
+ (shell "/run/current-system/profile/sbin/nologin"))))
+
+(define bolt-udev-rule
+ (match-lambda
+ (($ <bolt-configuration> package)
+ (file->udev-rule "90-bolt.rules" (file-append package "/lib/udev/rules.d/90-bolt.rules")))))
+
+(define bolt-service-type
+ (service-type
+ (name 'boltd)
+ (description
+ "Thunderbolt daemon")
+ (extensions
+ (list (service-extension udev-service-type
+ (compose list bolt-udev-rule))
+ (service-extension activation-service-type
+ (const %bolt-activation))
+ (service-extension dbus-root-service-type
+ (compose list bolt-configuration-package))
+ ; bolt-dbus-service)
+ (service-extension account-service-type
+ (const %bolt-accounts))
+ (service-extension shepherd-root-service-type
+ (compose list bolt-shepherd-service))))
+ (default-value (bolt-configuration))))
+
;;;
;;; Early OOM daemon.
--
2.37.0
L
L
Ludovic Courtès wrote on 14 Dec 2022 12:22
Re: bug#49578: [PATCH] Add bolt
(name . phodina)(address . phodina@protonmail.com)
874jtytek7.fsf_-_@gnu.org
Hi,

Thanks a lot, Sarah, for the review work. Somehow it eventually fell
through the cracks but it’s never too late. :-)

phodina <phodina@protonmail.com> skribis:

Toggle quote (7 lines)
> From 538eeedf7ee64f98b17507ea11d38512525ef29f Mon Sep 17 00:00:00 2001
> From: Petr Hodina <phodina@protonmail.com>
> Date: Sun, 18 Jul 2021 12:11:55 +0200
> Subject: [PATCH v4 1/2] gnu: Add bolt.
>
> * gnu/packages/linux.scm (bolt): New variable.

LGTM! I went ahead and applied it.

Toggle quote (9 lines)
> From e054c89f9964686670e7716c820ca9ebb9f41543 Mon Sep 17 00:00:00 2001
> From: Petr Hodina <phodina@protonmail.com>
> Date: Sat, 18 Sep 2021 13:11:18 +0200
> Subject: [PATCH v4 2/2] services: Add a service for bolt.
>
> * gnu/services/linux.scm (bolt-service-type)
> (bolt-shepherd-service, bolt-dbus-service)
> (bolt-configuration, bolt-configuration?): New procedures.

[...]

Toggle quote (9 lines)
> +(define-record-type* <bolt-configuration>
> + bolt-configuration make-bolt-configuration bolt-configuration?
> + (package bolt-configuration-package ; package
> + (default bolt)))
> +
> +(define bolt-shepherd-service
> + (match-lambda
> + (($ <bolt-configuration> package)

Just call ‘bolt-configuration-package’ instead of using ‘match’ here.

Toggle quote (11 lines)
> + (with-imported-modules (source-module-closure
> + '((gnu build shepherd)))
> + (shepherd-service
> + (documentation "Thunderbolt daemon")
> + (provision '(thunderbolt))
> + (requirement '(networking))
> + (modules '((gnu build shepherd)))
> + (start #~(make-forkexec-constructor/container
> + (list #$(file-append package "/libexec/boltd"))
> + ))

Please move the parens to the previous line. :-)

Toggle quote (23 lines)
> + (stop #~(make-kill-destructor)))))))
> +
> +(define %bolt-activation
> + #~(begin
> + (use-modules (guix build utils))
> + (mkdir-p "/var/lib/boltd")))
> +
> +(define (bolt-dbus-service config)
> + (list (wrapped-dbus-service (bolt-configuration-bolt config)
> + "libexec/boltd"
> + `(("BOLT_CONF_FILE_NAME"
> + '("share/dbus-1/interfaces/org.freedesktop.bolt.xml"))))))
> +
> +(define %bolt-accounts
> + (list (user-group (name "boltd") (system? #t))
> + (user-account
> + (name "boltd")
> + (group "boltd")
> + (system? #t)
> + (comment "Boltd daemon user")
> + (home-directory "/var/empty")
> + (shell "/run/current-system/profile/sbin/nologin"))))

This is creating accounts, but ‘boltd’ is started as root. Is that
expected? Does ‘boltd’ setuids by itself? If so, please add a comment
above the ‘make-forkexec-constructor’ call.

Toggle quote (4 lines)
> +(define bolt-udev-rule
> + (match-lambda
> + (($ <bolt-configuration> package)

Same comment as above.

Toggle quote (6 lines)
> +(define bolt-service-type
> + (service-type
> + (name 'boltd)
> + (description
> + "Thunderbolt daemon")

Please write full sentences here, giving enough context to make ‘guix
system search’ useful.

Toggle quote (9 lines)
> + (extensions
> + (list (service-extension udev-service-type
> + (compose list bolt-udev-rule))
> + (service-extension activation-service-type
> + (const %bolt-activation))
> + (service-extension dbus-root-service-type
> + (compose list bolt-configuration-package))
> + ; bolt-dbus-service)

Maybe remove this line?

One last thing: please document it in ‘doc/guix.texi’. In particular,
make sure to add a paragraph that gives a bit of context andq a
configuration example.

Could you send an updated patch?

Thanks,
Ludo’.
L
L
Ludovic Courtès wrote on 5 Jan 2023 22:28
(name . phodina)(address . phodina@protonmail.com)
87eds83c2u.fsf_-_@gnu.org
Hi,

Just noticed an issue:

phodina <phodina@protonmail.com> skribis:

Toggle quote (11 lines)
> + (($ <bolt-configuration> package)
> + (with-imported-modules (source-module-closure
> + '((gnu build shepherd)))
> + (shepherd-service
> + (documentation "Thunderbolt daemon")
> + (provision '(thunderbolt))
> + (requirement '(networking))
> + (modules '((gnu build shepherd)))
> + (start #~(make-forkexec-constructor/container
> + (list #$(file-append package "/libexec/boltd"))

‘make-forkexec-constructor/container’ is deprecated in favor of the
facilities in (guix least-authority).

However, running boltd in a container might prevent it from accessing
useful files or devices under /dev, /sys, or whatever. I recommend
checking whether boltd can actually run in a container; you can strace
it to get an idea of the files it needs to access. It needs to run as
root anyway so perhaps running it in a container is not that important.

Ludo’.
P
P
phodina wrote on 10 Jan 2023 03:49
(name . Ludovic Courtès)(address . ludo@gnu.org)
i_AcBTkphIOGJxZRyfMDGzwmU5btRnviYWdsgzMca2454cog8oJMea0zvPLi_8zWFhcGCbKYYj8bYnHbU0mzquJQMazDUpMUOhS-W2NbOgw=@protonmail.com
Hi Ludo’,


removed the deprecated contruct make-forkexec-constructor/container and changed bolt into boltd.

Also added plasma-thunderbolt package and documentation for the service.

----
Petr
From 7b87d90d8bf6d6b8188f90f2308a1d96a7a2095c Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Sun, 14 Aug 2022 22:13:48 +0200
Subject: [PATCH v5 3/4] gnu: Add plasma-thunderbolt.

* gnu/packages/kde-plasma.scm (plasma-thunderbolt): New variable.

Toggle diff (47 lines)
diff --git a/gnu/packages/kde-plasma.scm b/gnu/packages/kde-plasma.scm
index 2a3d86f801..3a392bedc9 100644
--- a/gnu/packages/kde-plasma.scm
+++ b/gnu/packages/kde-plasma.scm
@@ -1477,6 +1477,40 @@ (define-public plasma-bigscreen
is controllable via voice or TV remote.")
(license license:gpl2+)))
+(define-public plasma-thunderbolt
+ (package
+ (name "plasma-thunderbolt")
+ (version "5.25.4")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://kde/stable/plasma/"
+ version
+ "/"
+ name
+ "-"
+ version
+ ".tar.xz"))
+ (sha256
+ (base32
+ "0hjvkss0qfmwhrsba83wfxwxhikvzf56faan325ic0iv7fdaj3ns"))))
+ (build-system qt-build-system)
+ (native-inputs (list dbus extra-cmake-modules))
+ (arguments
+ (list #:tests? #f))
+ (inputs (list bolt
+ kcmutils
+ kcoreaddons
+ kdbusaddons
+ kdeclarative
+ ki18n
+ knotifications
+ qtdeclarative-5))
+ (home-page "https://invent.kde.org/plasma/plasma-thunderbolt")
+ (synopsis "Plasma integration for controlling Thunderbolt devices")
+ (description "This package provides Plasma integration for controlling
+Thunderbolt devices.")
+ (license (list license:bsd-3 license:gpl2 license:gpl3))))
+
(define-public plasmatube
(package
(name "plasmatube")
--
2.38.1
From 0bea70cd8e565b6e03b756ca380ffc16274822c4 Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Thu, 15 Dec 2022 10:26:08 +0100
Subject: [PATCH v5 4/4] gnu: kinfocenter: Add plasma-thunderbolt.

* gnu/packages/kde-plasma.scm (plasma-thunderbolt): New variable.

Toggle diff (15 lines)
diff --git a/gnu/packages/kde-plasma.scm b/gnu/packages/kde-plasma.scm
index 3a392bedc9..5904eba391 100644
--- a/gnu/packages/kde-plasma.scm
+++ b/gnu/packages/kde-plasma.scm
@@ -1416,7 +1416,7 @@ (define-public plasma
plasma-nm
plasma-pa
plasma-systemmonitor
- ;; plasma-thunderbolt ;; waiting for bolt
+ plasma-thunderbolt
plasma-vault
plasma-workspace
plasma-workspace-wallpapers
--
2.38.1
From 64d4fe982b19440925895cf18e4be0385bcaaeeb Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Wed, 14 Dec 2022 23:23:48 +0100
Subject: [PATCH v5 1/4] gnu: Add bolt-service-type.

* gnu/services/linux.scm (bolt-service-type): New variable.

Toggle diff (90 lines)
diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm
index 60e2093e1d..3d0cb80b8b 100644
--- a/gnu/services/linux.scm
+++ b/gnu/services/linux.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@protonmail.com>
;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
;;; Copyright © 2022 Josselin Poiret <dev@jpoiret.xyz>
+;;; Copyright © 2021-2022 Petr Hodina <phodina@protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -29,15 +30,21 @@ (define-module (gnu services linux)
#:use-module (guix i18n)
#:use-module (guix ui)
#:use-module (gnu services)
+ #:use-module (gnu services dbus)
#:use-module (gnu services base)
#:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
#:use-module (gnu packages linux)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (ice-9 match)
- #:export (earlyoom-configuration
+ #:export (boltd-configuration
+ boltd-configuration?
+ boltd-service-type
+
+ earlyoom-configuration
earlyoom-configuration?
earlyoom-configuration-earlyoom
earlyoom-configuration-minimum-available-memory
@@ -65,6 +72,52 @@ (define-module (gnu services linux)
zram-device-configuration-priority
zram-device-service-type))
+
+;;;
+;;; Thunderbolt daemon.
+;;;
+
+(define-record-type* <boltd-configuration>
+ boltd-configuration make-boltd-configuration boltd-configuration?
+ (package boltd-configuration-package ; package
+ (default bolt)))
+
+(define boltd-activation-service
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p "/var/lib/boltd")))
+
+(define (boltd-shepherd-service config)
+ (shepherd-service (documentation "Run the boltd daemon.")
+ (provision '(boltd))
+ (requirement '(dbus-system udev))
+ (start #~(make-forkexec-constructor (list (string-append #$bolt
+ "/libexec/boltd"))))
+ (stop #~(make-kill-destructor))))
+
+(define (boltd-udev-rule config)
+ (let ((package (boltd-configuration-package config)))
+ (file->udev-rule "90-bolt.rules" (file-append package
+ "/lib/udev/rules.d/90-bolt.rules"))))
+
+
+(define boltd-service-type
+ (service-type (name 'boltd)
+ (default-value (boltd-configuration))
+ (extensions
+ (list (service-extension udev-service-type
+ (compose list boltd-udev-rule))
+ (service-extension dbus-root-service-type
+ (compose list boltd-configuration-package))
+ (service-extension activation-service-type
+ (const
+ boltd-activation-service))
+ (service-extension
+ shepherd-root-service-type
+ (compose list boltd-shepherd-service))))
+ (description
+ "Run @command{boltd}, the Thunderbolt daemon.")))
+
;;;
;;; Early OOM daemon.
--
2.38.1
From 51112a1d2a5a1fadeafce288270aa5ea17cc23b7 Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Tue, 10 Jan 2023 03:15:27 +0100
Subject: [PATCH v5 2/4] gnu: linux: Add boltd-service-type.

* doc/guix.texi ("Linux Services")[boltd-service-type]: Document them.

Toggle diff (45 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index aef3890298..fbd006f120 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -36940,6 +36940,38 @@ The database location is hard-coded to @file{/var/lib/rasdaemon/ras-mc_event.db}
@end table
@end deftp
+@cindex boltd
+@cindex thunderbolt daemon
+@cindex Thunderbolt daemon
+@subsubheading Thunderbolt daemon Service
+
+The Thunderbolt daemon service provides a managment for the Thunderbolt 3
+interface bus found on newer machines. The daemon configures
+the Thunderbolt security levels:
+@itemize
+@item No security - device works without requesting authorization
+@item User authorization - user must approve the device first
+@item Secure Connect - uses pre-shared keys to approve specific devices
+@item Display Port Only - port functions only as a video output
+@end itemize
+
+@deffn {Scheme Variable} boltd-device-service-type
+This service starts the @code{boltd} daemon that manages the connected device
+on the Thunderbolt bus. The service's value is a
+@code{boltd-device-configuration} record.
+
+@deftp {Data Type} boltd-device-configuration
+This is the data type representing the configuration for the boltd-device
+service.
+
+@table @asis
+@item @code{bolt} (default @code{bolt})
+This is the default package that will be used.
+@end table
+
+@end deftp
+@end deffn
+
@cindex zram
@cindex compressed swap
@cindex Compressed RAM-based block devices
--
2.38.1
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 49578@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 49578
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch