From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55609)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eNFAT-0000Hx-7W
	for guix-patches@gnu.org; Fri, 08 Dec 2017 04:42:06 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eNFAQ-0001ty-22
	for guix-patches@gnu.org; Fri, 08 Dec 2017 04:42:05 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:42660)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1eNFAP-0001ts-UZ
	for guix-patches@gnu.org; Fri, 08 Dec 2017 04:42:01 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eNFAP-0008N7-Ns
	for guix-patches@gnu.org; Fri, 08 Dec 2017 04:42:01 -0500
Subject: [bug#29467] [PATCH] web: Don't error about missing ssl related files.
Resent-Message-ID: <handler.29467.B29467.151272610032151@debbugs.gnu.org>
From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
References: <20171127082620.19237-1-mail@cbaines.net>
	<873b92b926e5037c904e1d0599ca6b63@lepiller.eu>
	<87vahlctq3.fsf@gnu.org>
	<f71e915584d672abef213ed082e52745@lepiller.eu>
Date: Fri, 08 Dec 2017 10:41:36 +0100
In-Reply-To: <f71e915584d672abef213ed082e52745@lepiller.eu> (julien lepiller's
	message of "Tue, 05 Dec 2017 12:23:39 +0100")
Message-ID: <87374l36b3.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: julien lepiller <julien@lepiller.eu>
Cc: 29467@debbugs.gnu.org

Hi,

julien lepiller <julien@lepiller.eu> skribis:

> Le 2017-12-05 12:14, ludo@gnu.org a =C3=A9crit=C2=A0:

[...]

>> We cannot check for file existence at configuration time for the
>> reasons
>> above.
>>
>> We cannot check for file existence at build time because certificates
>> may be part of the machine=E2=80=99s state; they are typically managed i=
n a
>> stateful fashion, outside of GuixSD.
>>
>> So the only option we=E2=80=99re left with is checking at run time, when=
 we
>> start the service.  But that=E2=80=99s something nginx already does, I t=
hink?
>>
>> As for the default, I would be in favor of setting it to #f, because I
>> can=E2=80=99t really think of a default that would work for everyone.
>>
>> WDYT?
>
> Having it default to #f is fine with me. Nginx does this check at
> runtime
> and will refuse to start if these files are missing. Keeping https-port
> to 443 and certificates to #f means it will not be able to establish a
> connection to the client, but the http website will be available. So
> just
> setting the key and the certificate to #f by default should be OK.

OK, sounds good.

Chris, can you make this change?

Thanks,
Ludo=E2=80=99.