From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christopher Baines Subject: bug#37388: can lead to syntactically invalid configs Date: Sat, 14 Sep 2019 16:45:27 +0100 Message-ID: <87a7b6op9k.fsf@cbaines.net> References: <87d0g6q752.fsf@inria.fr> <87d0g3nqjw.fsf@cbaines.net> <87r24j3vyk.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:55686) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i9AFP-0000Oy-Oz for bug-guix@gnu.org; Sat, 14 Sep 2019 11:46:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i9AFO-0002aJ-Ph for bug-guix@gnu.org; Sat, 14 Sep 2019 11:46:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:38238) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i9AFO-0002aB-NR for bug-guix@gnu.org; Sat, 14 Sep 2019 11:46:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1i9AFO-00009e-JR for bug-guix@gnu.org; Sat, 14 Sep 2019 11:46:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-reply-to: <87r24j3vyk.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 37388@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: >> I wonder if some errors could be caught at build time, before attempting >> to start the service. >> >> If in the derivation to build the configuration file, nginx is run >> against the built config file with -t, that might spot errors at >> derivation build time. > > Yeah, this is probably doable. > > I would consider it a stop-gap measure though. Fundamentally, I think > we should make it so that, by construction, invalid (or at least > syntactically-invalid) config files cannot be produced. Catching errors earlier is better, but being able to catch any syntactic issues that have snuck through, as well as semantic ones when building the configuration would be good I think. I haven't actually tested out the NGinx configuration check functionality though, so I'm guessing about what it does. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl19CxdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XeJ3BAAnwq2sbeedy6HErF/PMtoSFPaozUo0n1KCGBnxPPa35t+FcLXOyEmFBVI JEiuNpQRoAcjdcSPgLgkFZEXjZtOv7eq+FsPRqEWqkU6SJq3ufMiy+GkqhuntM8Z wLmSinXJVs/oU3UKgLIp6ZUUmBfEdryyjFLUXsG1ar1vVHPVURJBX/A8rXJZGKoN Urovv7IvDTWD0yRkPnczAVAAYPIjh/BaDokMmQzoqkqBKuhjDVZYOKa0cu8UK+MN MAhQnaNr9ncZkiYBLuaSPNMOjAbk664axENZWxBG/gmPSwyQ4di5yaksYnzjGUio 9ujgz/adtk3fO110Brzjc4GOYkmDFHNYU8wwUOU6r5VXfJY10Lphpmlg6HVuxJQf P66besTTfF/u75tE6UzrxaVitqYH847dye0l1YijEK9Juv138x+PlZZ04UgoFJZP ZWyaNw+h5suIzLw3eswCQH0u0TYL+WSV5ftUmCdmr/6AxIuKgsrg343mEGrgIy3p kkWqHXPoXY3msEDLqzY62+HJWRnyGPPb8O5srsnIoYFpYyeM6bNkougHlCDOPWUn IZhVFrdVovG4Yo/TWwiOSNDoYbYh3F/8z9WcB3fSs23gj/HC2uMOvXGzhaCnbuEG 7Hycri3CBKrQguzK6vB1QFMz9OOLFDTcEhlLjVeURcjQmDoaCKo= =RBzU -----END PGP SIGNATURE----- --=-=-=--