From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id yEI8O/Jga2K4ZAEAbAwnHQ (envelope-from ) for ; Fri, 29 Apr 2022 05:52:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 2IilOvJga2KzGQAAG6o9tA (envelope-from ) for ; Fri, 29 Apr 2022 05:52:18 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 34582F1EA for ; Fri, 29 Apr 2022 05:52:18 +0200 (CEST) Received: from localhost ([::1]:48160 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nkHfz-0005Tm-6k for larch@yhetil.org; Thu, 28 Apr 2022 23:52:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49276) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nkHfm-0005SQ-O0 for guix-patches@gnu.org; Thu, 28 Apr 2022 23:52:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:56548) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nkHfm-00056L-Ed for guix-patches@gnu.org; Thu, 28 Apr 2022 23:52:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nkHfm-0004ni-BY for guix-patches@gnu.org; Thu, 28 Apr 2022 23:52:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 00/12] Add "least authority" program wrapper Resent-From: Thiago Jung Bauermann Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 29 Apr 2022 03:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 54997@debbugs.gnu.org Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165120431318439 (code B ref 54997); Fri, 29 Apr 2022 03:52:02 +0000 Received: (at 54997) by debbugs.gnu.org; 29 Apr 2022 03:51:53 +0000 Received: from localhost ([127.0.0.1]:50445 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nkHfZ-0004nI-Io for submit@debbugs.gnu.org; Thu, 28 Apr 2022 23:51:53 -0400 Received: from mx.kolabnow.com ([212.103.80.153]:47328) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nkHfX-0004n2-Bm for 54997@debbugs.gnu.org; Thu, 28 Apr 2022 23:51:48 -0400 Received: from localhost (unknown [127.0.0.1]) by mx.kolabnow.com (Postfix) with ESMTP id B1D6340F51; Fri, 29 Apr 2022 05:51:41 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kolabnow.com; h= content-transfer-encoding:content-type:content-type:mime-version :message-id:in-reply-to:date:date:subject:subject:from:from :references:received:received:received; s=dkim20160331; t= 1651204301; x=1653018702; bh=CnjYppv+3GPWrL/60DeMngjAcgNRbfPDKLa gCiTIc6M=; b=HyHdyqNclDLJIFAEmPfHU44/S0s7lgQuiKn6D5VilfquLGOGxID RdaS9qNqwqj5LnxavJExwiGuPhoFUyyRAHt+vrsIXb54qg2podT7i1H7kb0B4rii F4FsaZjHh8khbcKWaXX2a8dKSQxlmx7puVHrFckKGYb4vNKpaJeoi4SJHI86mokP DoExsX7iAyzvXiRGZqdQY0XUqHKXIfJFJVoQiuzThmT0Q7pqQtxVAc6d5QQEjpio Lx28vsFmKnBrj0QR0kvQHvJ9OaA8fztoQWQBfbpUQuL4m/EsgjbDcD+bMh1lkKmk KztDGyT4JCRi64tBSkSuTPm7wpEFD3VNtu+RrNmSVEvmIhYwcHC4i4TrdV8w8eJH AQvhLnWayn3+sT6r/FywtDJNfwKjjio8VlFs46JuYu+gRu/7Oz0P+GUrg6ZRl1PO q0m2d5NQcpRQYJBa0OmOOOp81qdsWyTCGQaq9hGHDtWoSiEZPgH/WuYkEiMmVRzF da6LAV3Q89GuV6ooSYM17JROHZlnzY0BbDICEvR/KTgGk5LqKL+6OuLhfyQ/8mdb Gc6l4+ylP98aHEK5QfLCzoabmh3SQ008Xd9/WeaXKYIvmZEFjfxi8ngC5U2NYHMY Bzrh5UhCp+w/NxriezjHVfxaRhN8D98Q8o0avBJXLXFxYYKV1v3sUFqE= X-Virus-Scanned: amavisd-new at mykolab.com Received: from mx.kolabnow.com ([127.0.0.1]) by localhost (ext-mx-out003.mykolab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9x1Tb5VksExp; Fri, 29 Apr 2022 05:51:41 +0200 (CEST) Received: from int-mx003.mykolab.com (unknown [10.9.13.3]) by mx.kolabnow.com (Postfix) with ESMTPS id 2758C40D34; Fri, 29 Apr 2022 05:51:39 +0200 (CEST) Received: from ext-subm001.mykolab.com (unknown [10.9.6.1]) by int-mx003.mykolab.com (Postfix) with ESMTPS id BC798315F; Fri, 29 Apr 2022 05:51:39 +0200 (CEST) References: <20220417210453.27884-1-ludo@gnu.org> <20220417210453.27884-4-ludo@gnu.org> <87h76klv6j.fsf@kolabnow.com> <87o80nk2o8.fsf_-_@gnu.org> Date: Fri, 29 Apr 2022 00:43:59 -0300 In-reply-to: <87o80nk2o8.fsf_-_@gnu.org> Message-ID: <878rrownqz.fsf@kolabnow.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Thiago Jung Bauermann X-ACL-Warn: , Thiago Jung Bauermann via Guix-patches From: Thiago Jung Bauermann via Guix-patches via X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1651204338; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=CnjYppv+3GPWrL/60DeMngjAcgNRbfPDKLagCiTIc6M=; b=S16JII9KR/GbKEor2t5G7GjWolIgG4ogN3RpPLaPdPoNfaIcJb6ZwYcgX38ckvLYneDPOW gICCx5P45roiinZVonayeL3qhGwqIPmmtI+mgxezNH9ZU3ifyW0AMg02EZMN2lxBlhzm3j 8phsJMMLxBlYRSwFDdd3pK6ztAGPFJh2P0buIBrHz/OFhIQD1XXBeE8pyH4hOgilwrLxPf +ZpV60y3KT8iew2he08AhTatS6apGD3szvy5eAs0Ou5ItJh9+hk9QFdY20A5sE45v9OR7M eDL3zTHZYPHxjlS+hwNZaGG4HbCn99uvYKZHU2ajKlIMzkhbEvfvqewcTbXjZA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1651204338; a=rsa-sha256; cv=none; b=Wzb9yeicxK3eLNupFSLaMNUTiFDHlbcxRvKxuzf0TzKK7slGKNv+loMrOPt3glwT9JzFYu x638AP/PFeo6hBN+SjpNK1tI1MXSJrD/BCxX75+mgloI4PtWeOqGADa0RzDXPVVMTHRzLj r8PGNGIC7QfsnSw/z6Amz94gcds03GClCAp53hWW1QRUeIkQd61yih3DukZWNCGNYkPYSg 3wXcpIcSukY6Km7rzcpzOFo9Ot6shRsorYAOqcVAiLhKvDZ2mC9E96WAG8tszepuNovMws dKQgIc0iIV6zsfC89PNGVGyJcHHom0w9mgeO+mooHPIZzz9eQY7q6Onj01keqw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=kolabnow.com header.s=dkim20160331 header.b=HyHdyqNc; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.49 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=kolabnow.com header.s=dkim20160331 header.b=HyHdyqNc; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 34582F1EA X-Spam-Score: -3.49 X-Migadu-Scanner: scn1.migadu.com X-TUID: UouUwRHyzLDc Hi Ludo! Ludovic Court=C3=A8s writes: > Thiago Jung Bauermann skribis: >> So to avoid an accumulation of zombie processes and other signal-related >> problems, I suggest adding a =E2=80=9C(init-program ,tini)=E2=80=9D para= meter to >> =E2=80=98least-authority-wrapper=E2=80=99 and executing =E2=80=98program= =E2=80=99 as a subprocess of >> =E2=80=98tini=E2=80=99 or whatever was passed as the #:init-program (per= haps #f could >> mean running =E2=80=98program=E2=80=99 directly as PID 1). > > Hmm yes. It=E2=80=99s not great that the choice is between =E2=80=98unsh= are=E2=80=99=E2=80=94efficient > but the process lives in the parent PID namespace=E2=80=94and =E2=80=98cl= one=E2=80=99=E2=80=94but then > you have to fork twice. Yeah, the signals part of the Unix design isn't great. > But yeah, you=E2=80=99re right. I=E2=80=99ll try what you suggest and se= nd a v2. Thank you for making these changes! I had a look at v2 and it looks great. >> I mention this because I'm currently dealing with a problem that has >> exactly this root cause: I'm working on updating the public-inbox >> package to the latest version, and the testsuite is failing because it >> tests that lei's daemon process is correctly terminated. But that >> doesn't work because =E2=80=9Cguix build=E2=80=9D doesn't use a proper i= nit program as >> PID 1 and thus the daemon process goes to zombie state and the testsuite >> thinks that it didn't go away. I'm hoping to send a patch to fix that >> issue. > > Now that you mention it, this was discussed before: > > https://issues.guix.gnu.org/30948 > > I think we should do something about it in gnu-build-system.scm. Nice! Thank you for the link. The discussion there was very informative. I'll try to implement your idea of adding a new build phase to install the appropriate signal handlers. Probably even steal your child reaping code from the v2 patches. > Thanks for your feedback! Thank you for taking it into account! --=20 Thanks Thiago