On 2023-05-05 19:29, Maxim Cournoyer wrote: > Relates to <https://issues.guix.gnu.org/63082>. > > Quoting a MPD developer, regarding MPD's feature to switch user itself: > "that's legacy for the dark ages when proper service managers did not exist" > :-). > > * gnu/services/audio.scm (mpd-serialize-user-account) > (mpd-serialize-user-group): Delete procedures. > * gnu/services/audio.scm (mpd-configuration) [user]: Do not serialize. > [group]: Likewise. > (mpd-shepherd-service): Provide the #:user, #:group and #:supplementary-groups > arguments. > (mympd-shepherd-service): Likewise, and remove the '--user' argument. > * doc/guix.texi (Audio Services): Update doc. > (mympd-configuration) [port]: Change default value to 8080. > [ssl-port]: Change default value to 443. > * gnu/tests/audio.scm (run-mympd-test): Adjust accordingly. > --- > doc/guix.texi | 12 +++++----- > gnu/services/audio.scm | 52 +++++++++++++++++++++++++----------------- > gnu/tests/audio.scm | 4 ++-- > 3 files changed, 39 insertions(+), 29 deletions(-)
This contains a submarine change that isn't easily spotted from the commit message, that mympd is getting its default port changed and that it can no longer bind to privileged ports, since although mympd can start as root in order to bind to possibly privileged ports, it will explicitly refuse to continue running as root afterwards. I think we can have shepherd effect for mympd, but only if (and after) shepherd gets support for POSIX capabilities (CAP_NET_BIND_SERVICE) or a suitable way to specify that “yes, the program invoked by the service should have CAP_NET_BIND_SERVICE” is provided. -- Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno.
