From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id iG4LDc7kWGAqGAAA0tVLHw (envelope-from ) for ; Mon, 22 Mar 2021 18:41:18 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id uGj5CM7kWGC3XQAA1q6Kng (envelope-from ) for ; Mon, 22 Mar 2021 18:41:18 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 877201407D for ; Mon, 22 Mar 2021 19:41:17 +0100 (CET) Received: from localhost ([::1]:49816 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lOPUK-0000BJ-Hx for larch@yhetil.org; Mon, 22 Mar 2021 14:41:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36378) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOPU6-000094-Bm for guix-patches@gnu.org; Mon, 22 Mar 2021 14:41:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:47075) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lOPU6-0005FP-2e for guix-patches@gnu.org; Mon, 22 Mar 2021 14:41:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lOPU6-00045D-0x for guix-patches@gnu.org; Mon, 22 Mar 2021 14:41:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#45905] [PATCH] IPFS service definition Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 22 Mar 2021 18:41:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45905 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 45905@debbugs.gnu.org Received: via spool by 45905-submit@debbugs.gnu.org id=B45905.161643844715666 (code B ref 45905); Mon, 22 Mar 2021 18:41:01 +0000 Received: (at 45905) by debbugs.gnu.org; 22 Mar 2021 18:40:47 +0000 Received: from localhost ([127.0.0.1]:58621 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOPTr-00044c-8C for submit@debbugs.gnu.org; Mon, 22 Mar 2021 14:40:47 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:54576) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOPTo-00044R-N1 for 45905@debbugs.gnu.org; Mon, 22 Mar 2021 14:40:45 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by albert.telenet-ops.be with bizsmtp id jWgi2400D0mfAB406WgiLp; Mon, 22 Mar 2021 19:40:43 +0100 Message-ID: <36af87b3ec48ed159cc237dcac93320817c74f58.camel@telenet.be> From: Maxime Devos Date: Mon, 22 Mar 2021 19:40:37 +0100 In-Reply-To: <874kh3w1j6.fsf@gnu.org> References: <874kh3w1j6.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-vUatxNZDjhHG+9tK/VN8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1616438443; bh=wTRNuXKD/NR9zUTI3JPZVLQFfEwmL8CnhUGOo9Gx7Sw=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=lc2DB0JpndbCI1rjrOjO94W0Z5suhaqB6CynOK+Yf7PsuvjvmraQV0FrmhUdDdo+z 31GFFUTcfkh1Kiyh05u821wbu1EfbLIgE3KaFv+u0Lqmkya4H4YTChRrWHCK0CYUxa SrvWtCp6A19Psv6bS1OJHyjCeATBR7PJux2E+dinfB4MjWalJnnOo7ZHHd7hXsu58X z4sbUbWSgnpki6AQ2RohDRFH35ATs5oL9Z34Q9ktnTCQG+o3Kmx6yEWJLARP6TcoXy Bg+vj/Ji3c1IS4N1W7LRY1eCdteHlJPc3swctXX9SRcT41wdYKTrh6GezgWLAogLdP ZI3p3Nn+tJ/Ug== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616438477; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=wTRNuXKD/NR9zUTI3JPZVLQFfEwmL8CnhUGOo9Gx7Sw=; b=Nt5yoHPEPeBu9ESCClF7TxZh37o6v21jdUiaqIG7N+tFDe6bBhfIN6gv7lJQCmjeWi9pYq Ocd8CgAnAguEQIYLplrUEOWiRy09c+22WGgbUaZTYiz9bIXikE0ynAe7anHI74RM27jNMA GCQH/M+/yDIUIRLQZpjbLfJZh2/C37SIYgoWMdPjCWeGNqhMveZq/K/p2hAMK6454l+96x oM/o5VGOW9+REfE0wCCfQ/71L7V2+bP0AFlv2tylRCOrc/G24Hh3vN4ooW0smyLnK6YsWc 7Fqlt+KMQPk/v4r69EgU8KmsCGDR0xsw42tpXAcbcw5GpJO0Wtn+NfVhKO551w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616438477; a=rsa-sha256; cv=none; b=YXC85dqnsACOlDvJCyM4IgKmQf6yjWlXI3qk2nCVZi3RMCUVi5FEetad2fzNZbrUFd7mzJ rT0mGxj1vJPtB48MZBAkSSazFHP6aoqU+EqTomqtcfXECfGmVm3mQcMc90uABBVYc3GLvN H+0nnt2sEx99PJ9OwGRVfm/X2o3ZNzLJPA00A8pyiVxVQ2oWiftpN52OrvHbHdepFsBCF0 aE/NSh3fK6+gpMuobUiehmacSA09M4Sf++QzbMrj4wRbB2uDrWY38Ab5genyNF9rLQsyfW 4c5q4rgCrofz+sAEso+wSMGqVSks7i3R14trM5uHTOfeTlaHu3fK+IsPWUCtSA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=lc2DB0Jp; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -3.42 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=lc2DB0Jp; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 877201407D X-Spam-Score: -3.42 X-Migadu-Scanner: scn0.migadu.com X-TUID: ClviLdctE3SG --=-vUatxNZDjhHG+9tK/VN8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2021-03-22 at 18:17 +0100, Ludovic Court=C3=A8s wrote: > Hi Maxime, Hi > Maxime Devos skribis: >=20 > > A patch defining simple =E2=80=98ipfs-service-type=E2=80=99 is attached= . I've tested > > this in a VM, and will test it on a =E2=80=98real=E2=80=99 system later= . The gateway > > is currently broken, it tries to redirect to non-existent subdomains > > of localhost. Correcting this might require fiddling with the DNS > > configuration. >=20 > OK. That doesn=E2=80=99t prevent one from using it, right? Nah, the REST API presumably works just fine and there is plenty to see on the webui: http://localhost:5001/ipfs/bafybeif4zkmu7qdhkpf3pnhwxipylqleof7rl6ojbe7mq3f= zogz6m4xk3i/#/ Not perfect, but it might suffice for your purposes. That reminds me the configuration can be modified from there. I didn't figure how to disable that. Not ideal from a security perspective, but at least its only loopback & ipfs is in a container. > > +@lisp > > +;; part of the operating-system declaration > I think you can omit this line. I think I found that line somewhere & copied it for consistency, but it has been some time ago. > > +(service ipfs-service-type > > + (ipfs-configuration > > + (gateway "/ip4/127.0.0.1/tcp/8880") > > + (api "/ip4/127.0.0.1/tcp/8881"))) >=20 > Indentation is left (should be aligned with =E2=80=98ipfs-service-type=E2= =80=99.) Ok, not sure how this happened. > > + (start #~(make-forkexec-constructor/container > > + [container stuff] > > + #:environment-variables #$%ipfs-environment)) >=20 > Nice! Yep! Also, this reminds me I'm not sure what the distinction between #+ and #~ is in activation gexps, in shepherd services definitions, etc. > > + ;; Run ipfs init and ipfs config from a container, > > + ;; in case the IPFS daemon was compromised at some point > > + ;; and ~/.ipfs is now a symlink to somewhere outside > > + ;; %ipfs-home. > > + (define container-gexp [complicated container stuff]) > >=20 > That=E2=80=99s a bit involved, but it makes sense to me. Unfortunately, there are (non-container related) some more issues. Last few weeks I've been seeing this error (/var/log/ipfs.log): (start snip) Error: fs-repo requires migration Initializing daemon... go-ipfs version: 0.8.0 Repo version: 11 System version: amd64/linux Golang version: go1.14.15 Found outdated fs-repo, migrations need to be run. Run migrations now? [y/N] Not running migrations of fs-repo now. Please get fs-repo-migrations from https://dist.ipfs.io Error: fs-repo requires migration (end snip) (Super hacky work-around: rm -r /var/lib/ipfs mkdir /var/lib/ipfs chmod a-rwx /var/lib/ipfs chmod u+rwx /var/lib/ipfs chown ipfs:ipfs /var/lib/ipfs sudo -u ipfs -g ipfs "`guix build go-ipfs`/bin/ipfs" init # ^ this can take some seconds to complete sudo -u ipfs -g ipfs "`guix build go-ipfs`/bin/ipfs" config API /ip4/127.= 0.0.1/tcp/5001 sudo -u ipfs -g ipfs "`guix build go-ipfs`/bin/ipfs" config Addresses.Gat= eway /ip4/127.0.0.1/tcp/8082 herd enable ipfs herd start ipfs) Unfortunately "fs-repo-migrations" does not seem to be packaged in Guix. Apparently there has been a change in repo format in the go-ipfs v0.7.0 --> v0.8.0 upgrade. I believe for most users simply automatically running the upgrades would be sufficient. Now, how could we do this safely from shepherd? Maybe before starting open a pipe, write "y\n" to it an pass it as file descriptor 0 (stdin) would be sufficient? But shepherd always closes /dev/stdin before exec IIRC .. Seems like shepherd needs support for file descriptor! I've a patch for that, but it needs to be verified (& corrected likely) on GNU/Hurd. Feel free to ask for the incomplete patch if you're impatient and want to finish it yourself! (Seems to work on GNU/Linux in any case.) > The patch LGTM. However, we usually commit services along with a system > test under (gnu tests =E2=80=A6). The manual has info on how to run indi= vidual > system tests: >=20 > https://guix.gnu.org/manual/en/html_node/Running-the-Test-Suite.html >=20 > Could you write a test that ensures that basic functionality works? It > could be as simple as waiting for the service to be up, then invoking > =E2=80=98ipfs add=E2=80=99 and =E2=80=98ipfs get=E2=80=99. WDYT? Will look into it eventually, but I am currently occupied with other things that have deadlines )-:. (Not feeling very inspired for a writing/presentation assignment ...) (And I would rather hack on GNUnet frankly; IPFS is more of a stop-gap to me for having some distributed something for substitutes.) So feel free to beat me to it. Greetings, Maxime. --=-vUatxNZDjhHG+9tK/VN8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYIADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYFjkpRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7q74AQCWznKm3gQg4zKipnOle2hpQbEo x1mPjbKLJIXMYSk9DgEAwU30UR0baPI32ym4YvZORhhywcWH+B9J70naA0VerA4= =IBUS -----END PGP SIGNATURE----- --=-vUatxNZDjhHG+9tK/VN8--