unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / Atom feed
* [bug#48751] [PATCH 0/1] Create parent directory for laminar unix socket
@ 2021-05-30 19:59 Arun Isaac
  2021-05-30 20:05 ` [bug#48751] [PATCH] services: laminar: Create parent directory for " Arun Isaac
  0 siblings, 1 reply; 5+ messages in thread
From: Arun Isaac @ 2021-05-30 19:59 UTC (permalink / raw)
  To: 48751; +Cc: Arun Isaac

If laminard is configured to listen on a unix socket, it should create the
parent directory of the unix socket with appropriate permissions. Currently,
no parent directory is created and the service fails to start.

Arun Isaac (1):
  services: laminar: Create parent directory for unix socket.

 gnu/services/ci.scm | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

-- 
2.31.0





^ permalink raw reply	[flat|nested] 5+ messages in thread

* [bug#48751] [PATCH] services: laminar: Create parent directory for unix socket.
  2021-05-30 19:59 [bug#48751] [PATCH 0/1] Create parent directory for laminar unix socket Arun Isaac
@ 2021-05-30 20:05 ` Arun Isaac
  2021-06-08 15:35   ` Christopher Baines
  0 siblings, 1 reply; 5+ messages in thread
From: Arun Isaac @ 2021-05-30 20:05 UTC (permalink / raw)
  To: 48751; +Cc: Arun Isaac

* gnu/services/ci.scm (laminar-activation): New function.
(laminar-service-type): Extend activation-service-type with
laminar-activation.
---
 gnu/services/ci.scm | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/gnu/services/ci.scm b/gnu/services/ci.scm
index 0b18521e76..0c3566bcaf 100644
--- a/gnu/services/ci.scm
+++ b/gnu/services/ci.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2018, 2019, 2020, 2021 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2021 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -115,13 +116,25 @@
          (home-directory (laminar-configuration-home-directory config))
          (shell #~(string-append #$shadow "/sbin/nologin")))))
 
+(define (laminar-activation config)
+  (let ((bind-http (laminar-configuration-bind-http config)))
+    #~(begin
+        ;; If listen is a unix socket, create its parent directory.
+        (when (string-prefix? "unix:" #$bind-http)
+          (let ((run-directory
+                 (dirname (substring #$bind-http (string-length "unix:"))))
+                (user (getpw "laminar")))
+            (mkdir-p run-directory)
+            (chown run-directory (passwd:uid user) (passwd:gid user)))))))
+
 (define laminar-service-type
   (service-type
    (name 'laminar)
    (extensions
     (list
      (service-extension shepherd-root-service-type laminar-shepherd-service)
-     (service-extension account-service-type laminar-account)))
+     (service-extension account-service-type laminar-account)
+     (service-extension activation-service-type laminar-activation)))
    (default-value (laminar-configuration))
    (description
     "Run the Laminar continuous integration service.")))
-- 
2.31.0





^ permalink raw reply	[flat|nested] 5+ messages in thread

* [bug#48751] [PATCH] services: laminar: Create parent directory for unix socket.
  2021-05-30 20:05 ` [bug#48751] [PATCH] services: laminar: Create parent directory for " Arun Isaac
@ 2021-06-08 15:35   ` Christopher Baines
  2021-06-10  5:00     ` bug#48751: " Arun Isaac
  0 siblings, 1 reply; 5+ messages in thread
From: Christopher Baines @ 2021-06-08 15:35 UTC (permalink / raw)
  To: Arun Isaac; +Cc: 48751

[-- Attachment #1: Type: text/plain, Size: 427 bytes --]


Arun Isaac <arunisaac@systemreboot.net> writes:

> * gnu/services/ci.scm (laminar-activation): New function.
> (laminar-service-type): Extend activation-service-type with
> laminar-activation.
> ---
>  gnu/services/ci.scm | 15 ++++++++++++++-
>  1 file changed, 14 insertions(+), 1 deletion(-)

This looks good to me. I don't think I've played around too much with
different bind options, so I haven't come across this issue.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#48751: [PATCH] services: laminar: Create parent directory for unix socket.
  2021-06-08 15:35   ` Christopher Baines
@ 2021-06-10  5:00     ` Arun Isaac
  2021-06-16  7:31       ` [bug#48751] " Christopher Baines
  0 siblings, 1 reply; 5+ messages in thread
From: Arun Isaac @ 2021-06-10  5:00 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 48751-done

[-- Attachment #1: Type: text/plain, Size: 637 bytes --]


Hi Chris,

> This looks good to me.

Pushed to master, thanks for the review!

> I don't think I've played around too much with different bind options,
> so I haven't come across this issue.

One problem still remains even after this patch. If the laminar web UI
is behind an nginx reverse proxy, the nginx user needs to have
read/write permissions to the unix socket. For this, it should be a
member of the laminar group. But, short of modifying the nginx service,
I don't know of any way to achieve this. Something more composable would
be nice. The nginx service being aware of laminar doesn't sound
right. Any ideas?

Regards,
Arun

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 524 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [bug#48751] [PATCH] services: laminar: Create parent directory for unix socket.
  2021-06-10  5:00     ` bug#48751: " Arun Isaac
@ 2021-06-16  7:31       ` Christopher Baines
  0 siblings, 0 replies; 5+ messages in thread
From: Christopher Baines @ 2021-06-16  7:31 UTC (permalink / raw)
  To: Arun Isaac; +Cc: 48751-done

[-- Attachment #1: Type: text/plain, Size: 734 bytes --]


Arun Isaac <arunisaac@systemreboot.net> writes:

> Hi Chris,
>
>> This looks good to me.
>
> Pushed to master, thanks for the review!
>
>> I don't think I've played around too much with different bind options,
>> so I haven't come across this issue.
>
> One problem still remains even after this patch. If the laminar web UI
> is behind an nginx reverse proxy, the nginx user needs to have
> read/write permissions to the unix socket. For this, it should be a
> member of the laminar group. But, short of modifying the nginx service,
> I don't know of any way to achieve this. Something more composable would
> be nice. The nginx service being aware of laminar doesn't sound
> right. Any ideas?

Nothing comes to mind unfortunately.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-06-16  7:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-30 19:59 [bug#48751] [PATCH 0/1] Create parent directory for laminar unix socket Arun Isaac
2021-05-30 20:05 ` [bug#48751] [PATCH] services: laminar: Create parent directory for " Arun Isaac
2021-06-08 15:35   ` Christopher Baines
2021-06-10  5:00     ` bug#48751: " Arun Isaac
2021-06-16  7:31       ` [bug#48751] " Christopher Baines

unofficial mirror of guix-patches@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix-patches/1 guix-patches/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-patches guix-patches/ https://yhetil.org/guix-patches \
		guix-patches@gnu.org
	public-inbox-index guix-patches

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.patches


AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git