From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id QFR2GHd4x2K6cAEAbAwnHQ (envelope-from ) for ; Fri, 08 Jul 2022 02:21:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id UNOXF3d4x2IyAwAAG6o9tA (envelope-from ) for ; Fri, 08 Jul 2022 02:21:11 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DE0F32417D for ; Fri, 8 Jul 2022 02:21:10 +0200 (CEST) Received: from localhost ([::1]:35550 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o9bk5-0002mh-Jj for larch@yhetil.org; Thu, 07 Jul 2022 20:21:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55824) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o9bk0-0002mY-Gt for guix-patches@gnu.org; Thu, 07 Jul 2022 20:21:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:36231) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o9bjy-0001c9-Fd for guix-patches@gnu.org; Thu, 07 Jul 2022 20:21:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1o9bjy-0006F9-BC for guix-patches@gnu.org; Thu, 07 Jul 2022 20:21:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50882] [PATCH] gnu: services: Add darkhttpd service Resent-From: jgart Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 08 Jul 2022 00:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch moreinfo To: Maxim Cournoyer Cc: 50882@debbugs.gnu.org, Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 50882-submit@debbugs.gnu.org id=B50882.165723963323940 (code B ref 50882); Fri, 08 Jul 2022 00:21:02 +0000 Received: (at 50882) by debbugs.gnu.org; 8 Jul 2022 00:20:33 +0000 Received: from localhost ([127.0.0.1]:58361 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o9bjU-0006E4-Nx for submit@debbugs.gnu.org; Thu, 07 Jul 2022 20:20:33 -0400 Received: from mx1.dismail.de ([78.46.223.134]:11117) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o9bjP-0006Dm-SD for 50882@debbugs.gnu.org; Thu, 07 Jul 2022 20:20:31 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id ef4624e5; Fri, 8 Jul 2022 02:20:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date :message-id:from:to:cc:subject:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s= 20190914; bh=SBQIsbhy7wHiV9hHLDGwHSajwbLL9BeIEsWU5AY41kc=; b=iS6 fzPPHq0E0+9Kk6bHwKJRNS/7L2i8skZwk5IKi82/Yi9UUTjiEUJrndXQxSkkEU9e iRgSb/nEzbh3nR7xHpms1LwNmm4g73iL9Al6QIr3f9Ri4JjYIODtO6JBFbxht3md p9RUEcOVSvKNBEUjVf2kTsO9fdr+LmyXR1FyS8+Ss0CA7DNVxSAy5fclyHVsYXzl /Im+CFg98nxa9Xtb8/DjmPi3l1ePPJkzQ99QHGzVUIfnBZjwKpCGvZzDErxDZyq6 4RYGGRwwhe5BHk89qf/yqKOnNQ7z8vpgQe6UZXK3LSx1vWMhuptrQLkm+vOxthFW kRUAyhvbsiButDZ3UiQ== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 8c4b4f31; Fri, 8 Jul 2022 02:20:21 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id aa477f24; Fri, 8 Jul 2022 02:20:21 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 423d8845 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 8 Jul 2022 02:20:20 +0200 (CEST) Date: Thu, 7 Jul 2022 19:20:27 -0500 Message-ID: <20220707192027.GT1675@gac> In-Reply-To: <87k08oztqb.fsf_-_@gmail.com> References: <20210928203838.GB15388@gac.attlocal.net> <20210929004633.17158-1-jgart@dismail.de> <87bl3dl1xy.fsf_-_@gnu.org> <87k08oztqb.fsf_-_@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: jgart X-ACL-Warn: , jgart via Guix-patches From: jgart via Guix-patches via X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1657239671; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=zE3oFyFRHF2m7DLH1uhWeV0NvKVZ6u15X1USvW633YA=; b=NaDL2NFSpFLDMeTz6CPjr/cUrRetfAe7feajySSG40qv8tj7dAuxw4gDLiUaOJw0PAkMVq 0Abd3+5Jip3vxt4WBKSq1fq0Ocv5HKTKhclAB8koURJsZ8VnP6D+2Ci/A05jstw12CBwUh xFm8g8Vc5FFz4yzAkNLbBHntRYllaIRDNAk1U3fGkVPKWifn2JOSf/o9/x1lJl+ps6U4aH UrHj7F88K2OOHu+Tsv5X5PXI70ok++empqQJEis9Evbl5NJ5l0GVG8YfMGlqeFO3RZRqKf TfwmTl8JQdWiO+1wt6K+jbS7BRjbm/b4P/Y8SRqCCqn1270Y1NqJjgNEYEFR1A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1657239671; a=rsa-sha256; cv=none; b=pwTYG6PvRtZs7bMrklZochJV1GVuhi+GbBYDu+MQ3wn4icostY7NwFmrBtWYZX+jJgvgdV j2MdE0sVCY4jm2xRYwpDiQxOcYzr7Tlbi8PXsBNcpkkko7I0Fh3oV856TD/szmGexuBdcg NL2yVIf86uuMYgj4MTTDhIob+QR91U5Vsjz6YAgV9/s/626KIA06Wcuw2dfU0dYzHMkrX6 vlw/yYrOWYshJ2LjCnhZM3i96kO5NQfy0JJTNa7LMbmE9mcl7p/QmhJFo1ReklBo0UuJr4 nVaP2YJ8l7uZ2alUBQim6FvufxlM0pjeeB6LoFvzFTFGBZVyaTu1vqUiim8zeA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=dismail.de header.s=20190914 header.b="iS6 fzPP"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.34 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=dismail.de header.s=20190914 header.b="iS6 fzPP"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: DE0F32417D X-Spam-Score: -3.34 X-Migadu-Scanner: scn0.migadu.com X-TUID: K17gjMyFCGmG On Thu, 07 Jul 2022 14:02:36 -0400 Maxim Cournoyer wrote: > tag 50882 moreinfo > thanks > > Hello jgart, > > Ludovic Courtès writes: > > > Hi, > > > > jgart skribis: > > > >> * gnu/services/web.scm (): New record type. > >> (darkhttpd-accounts, darkhttpd-shepherd-service): New procedures. > >> (darkhttpd-service-type): New variable. > >> * doc/guix.texi (Web Services): Adds documentation for darkhttpd. > > > > Overall LGTM! Some comments and suggestions below. > > > >> +@cindex darkhttpd > >> +@uref{https://unix4lyfe.org/darkhttpd/, darkhttpd} is a web server with a > >> +focus on security and having a small memory footprint. > >> + > >> +Some security features are the following: > >> + > >> +@itemize > >> +@item Logging accesses, including Referer and User-Agent. > >> +@item Can chroot. > >> +@item Can drop privileges. > >> +@item Impervious to /../ sniffing. > >> +@item Times out idle connections. > >> +@item Drops overly long requests. > >> +@end itemize > > > > I’d replace the bullet list with a simple sentence like: “Among other > > things, it can change root directories, drop privileges, it times out on > > idle connections and can drop overly long requests.” > > > >> +@deffn {Scheme Variable} darkhttpd-service-type > >> +This is the type of the darkhttpd service, whose value should be a > >> +@code{darkhttpd-service-type} object, as in this example: > >> + > >> +@lisp > >> +(service darkhttpd-service-type > >> + (darkhttpd-configuration > > > > Please don’t use tabs. > > > >> +@end table > >> +@end deftp > >> @node Certificate Services > > > > Missing newline before @node. :-) > > > >> + (mimetypes darkhttpd-configuration-mimetypes > >> + (default #f)) > >> + (default-mimetype darkhttpd-configuration-default-mimetype > > > > Rather ‘mime-type’ (two words). > > > >> +(define darkhttpd-shepherd-service > >> + (match-lambda > >> + (($ package content port address > >> + maximum-connections log-file chroot? > >> + daemonize? index-file do-not-serve-listing? > >> + mimetypes default-mimetype > >> + drop-user-priviledges drop-group-priviledges > >> + write-pid-file disable-keep-alive? > >> + forward forward-all > >> + no-server-id? enable-ipv6? > >> + user group) > > > > Rather use ‘match-record’ here, to make sure we’re getting the right > > fields. > > > >> +(define darkhttpd-accounts > >> + (match-lambda > >> + (($ _ _ _ _ _ _ _ _ > >> + _ _ _ _ _ _ _ _ > >> + _ _ user group) > > > > In such a case, simply call ‘darkhttpd-configuration-user’ and > > ‘darkhttpd-configuration-group’; it’s much less error-prone! > > > >> +(define darkhttpd-service-type > >> + (service-type > >> + (name 'guix) > >> + (extensions > >> + (list (service-extension account-service-type > >> + darkhttpd-accounts) > >> + (service-extension shepherd-root-service-type > >> + darkhttpd-shepherd-service))) > >> + (default-value (darkhttpd-configuration)))) > > > > Please add a ‘description’ field. > > > > Could you also add a system test, under (gnu tests web)? You can start > > by copying the nginx test; it should take around ~20 lines. > > Friendly ping about the above requests from Ludovic :-). Arun Isaac convinced me to not write a service for this one since it's common usage is for quick serving by simply running `darkhttpd ...` from the command line. I think that guile bindings for every CLI feature of darkhttpd doesn't add to that aim. I might change my mind later on this. Feel free to close this one for now. It was a fun exercise though. Ludo, thanks for the review. It was much appreciated! all best, jgart https://whereis.みんな/