bug#27889: Polkit actions are not updated after guix system reconfigure

bug#27889: Polkit actions are not updated after guix system reconfigure

[Ryan Moe]

When a service is added to or removed from the system configuration,
polkit actions are not appropriately registered or unregistered.

The policy files are added and deleted correctly but the polkitd
process needs a SIGHUP afterwards to update the list of registered
actions.


Steps to reproduce:

1. Add (xfce-desktop-service) to (services) in config.scm. [Or any
service which adds polkit actions]

2. Run guix system reconfigure.

3. Observe that the policy files are in place but not registered:
    $ ls /etc/polkit-1/actions/*xfce*
    /etc/polkit-1/actions/org.xfce.thunar.policy

    $ pkaction | grep -i xfce
    $

4. Run killall -HUP polkitd

5. Observe that actions are registered.
    $ pkaction | grep -i xfce
    org.xfce.thunar

bug#27889: Polkit actions are not updated after guix system reconfigure

[Danny Milosavljevic]

Oops!

That's indeed still broken.

But gnu/services/shepherd.scm shepherd-service-file could be extended to provide a "restart" action (shepherd itself already supports it).

The general format for shepherd is:

(register-services
  (make <service>
        #:provides '(apache-2.0 apache httpd)
        #:requires '()
        #:start (...)
        #:stop (...)
        #:actions (make-actions
                   (restart (...)))))
                    ^^^^^^^^^^^^^

But the Guix <shepherd-service> record, which is the source that is eventually compiled to the above, neither has an "actions" slot nor a "restart" slot.  It would have to be extended with one.

I wonder whether it would make sense to make shepherd automatically default to a SIGHUP restart action for daemonized processes instead, though.  It's not exactly rare for daemons to provide that.

Also, does "guix system reconfigure" already call this restart action if it's present?

bug#27889: Polkit actions are not updated after guix system reconfigure

[Ryan Moe]

On Mon, Jul 31, 2017 at 2:34 PM, Danny Milosavljevic
<dannym@scratchpost.org> wrote:
> Oops!
>
> That's indeed still broken.
>
> But gnu/services/shepherd.scm shepherd-service-file could be extended to provide a "restart" action (shepherd itself already supports it).
>
> The general format for shepherd is:
>
> (register-services
>   (make <service>
>         #:provides '(apache-2.0 apache httpd)
>         #:requires '()
>         #:start (...)
>         #:stop (...)
>         #:actions (make-actions
>                    (restart (...)))))
>                     ^^^^^^^^^^^^^
>
> But the Guix <shepherd-service> record, which is the source that is eventually compiled to the above, neither has an "actions" slot nor a "restart" slot.  It would have to be extended with one.
>
> I wonder whether it would make sense to make shepherd automatically default to a SIGHUP restart action for daemonized processes instead, though.  It's not exactly rare for daemons to provide that.
>
> Also, does "guix system reconfigure" already call this restart action if it's present?

polkitd isn't managed by shepherd. It looks to be managed by dbus and
I'm not sure how to restart an individual dbus service (or if you even
can). Restarting dbus-system is obviously too intrusive (it does
reload the policy files at the expense of restarting my X session :)).

bug#27889: Polkit actions are not updated after guix system reconfigure

[Danny Milosavljevic]

> polkitd isn't managed by shepherd. It looks to be managed by dbus and
> I'm not sure how to restart an individual dbus service (or if you even
> can). Restarting dbus-system is obviously too intrusive (it does
> reload the policy files at the expense of restarting my X session :)).

Yeah, we specifically don't restart dbus because of that.

But I guess we could still send SIGHUP to polkitd.

I'm not sure how to find out which polkitd it is - if we don't want to restart a superset.

Also, pstree says that polkitd forked and started another polkitd.  There are two polkitd.  Which one has to get the SIGHUP?

bug#27889: Polkit actions are not updated after guix system reconfigure

[Ludovic Courtès]

Hello,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

> But gnu/services/shepherd.scm shepherd-service-file could be extended to provide a "restart" action (shepherd itself already supports it).
>
> The general format for shepherd is:
>
> (register-services
>   (make <service>
>         #:provides '(apache-2.0 apache httpd)
>         #:requires '()
>         #:start (...)
>         #:stop (...)
>         #:actions (make-actions
>                    (restart (...)))))
>                     ^^^^^^^^^^^^^
>
> But the Guix <shepherd-service> record, which is the source that is eventually compiled to the above, neither has an "actions" slot nor a "restart" slot.  It would have to be extended with one.
>
> I wonder whether it would make sense to make shepherd automatically default to a SIGHUP restart action for daemonized processes instead, though.  It's not exactly rare for daemons to provide that.
>
> Also, does "guix system reconfigure" already call this restart action if it's present?

Not yet, but it should.  I think the patches at
<https://bugs.gnu.org/26830> would be sufficient if the action boils
down to sending SIGHUP.  Perhaps time to revive that patch set!

Ludo’.