From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id AI8rIuMfx2JL7QAAbAwnHQ (envelope-from ) for ; Thu, 07 Jul 2022 20:03:15 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id SIQWIuMfx2IQagEA9RJhRA (envelope-from ) for ; Thu, 07 Jul 2022 20:03:15 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 33B4946B69 for ; Thu, 7 Jul 2022 20:03:11 +0200 (CEST) Received: from localhost ([::1]:54038 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o9VqI-0008NT-BE for larch@yhetil.org; Thu, 07 Jul 2022 14:03:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41504) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o9VqA-0008MV-Ai for guix-patches@gnu.org; Thu, 07 Jul 2022 14:03:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35690) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o9VqA-0007Uq-12 for guix-patches@gnu.org; Thu, 07 Jul 2022 14:03:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1o9Vq9-0006KC-V4 for guix-patches@gnu.org; Thu, 07 Jul 2022 14:03:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50882] [PATCH] gnu: services: Add darkhttpd service Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 07 Jul 2022 18:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 50882@debbugs.gnu.org, jgart Received: via spool by 50882-submit@debbugs.gnu.org id=B50882.165721696524262 (code B ref 50882); Thu, 07 Jul 2022 18:03:01 +0000 Received: (at 50882) by debbugs.gnu.org; 7 Jul 2022 18:02:45 +0000 Received: from localhost ([127.0.0.1]:57814 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o9Vpt-0006JG-D4 for submit@debbugs.gnu.org; Thu, 07 Jul 2022 14:02:45 -0400 Received: from mail-qk1-f182.google.com ([209.85.222.182]:46048) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o9Vps-0006J1-04 for 50882@debbugs.gnu.org; Thu, 07 Jul 2022 14:02:44 -0400 Received: by mail-qk1-f182.google.com with SMTP id p11so13946549qkg.12 for <50882@debbugs.gnu.org>; Thu, 07 Jul 2022 11:02:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=1naxu65xFQCHl5GXtoiAkYdlt9SVzLjg/zXoiiyaHjk=; b=Oy3+21fq7CshPbJnnQHNDrhRAsSPgOafveo1C0FJ1BO4Pi84BLXSEPe02aTJdEyLHz nO5j1JoJZ4dzfE75m695Hpw0a2CoAP2FaQcjaQUEiQvq9OHGZPDc02XNk6tQmsxHxOKt NCK74rLzYy+KCReIehodfuU3dxJotmuBojqLuLt07jP/bbMGd3TQ2shgqqsrBispj0+R bTFR2VcFXm7WKHeRyMlE4Tq7NqaZ21fgwzRPvZ8zZCvve1IQ5Iiuc0wNgqXOoLBzWJUX 7ee9Jw5n/cdhm7r2IiJ4b8xhDOVXwY3rP1RqqJv3s7nZuamC2fO5XDfqkhkOqd0r4l9G YVsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=1naxu65xFQCHl5GXtoiAkYdlt9SVzLjg/zXoiiyaHjk=; b=FA9p4VKhrBP79JdaDGYPLpsDrZ1/uG5sPkh3yAAb0F+jF2b2dpVqMdpoDhnwUvVDo/ J7Og1q00nEwz2t4m3SLub7LHxxbtJo+l6U59fOiu3Kswgcp6x6pn5RIe0V/TNi0K/aD7 RqfpPQOxuADpC8Tles+o8pryQorQdyx9aZrjYgodXKYbuGFUG1heInPx3TmXP2Uxjj4b LXgHQ2ntx9oMmJJMA4lOhA2myalV9oRSsx76CDiiNy8hM197XjembSCQzIwGA6/bn3Fd XEjflTUPoKZJ5zIAsMBamk46CMvgUkBtlOppO/uDDjFykBlh5qSQSrYJwn9xDqFbQbho cFlw== X-Gm-Message-State: AJIora/0MtMeqosQndXKATVD7DpQ5KTCNb7AfIgjiRdTEa3o8f6Bp8pr Wac4RXkvAoEZ48IuGitkwzzBqVhBljfDTw== X-Google-Smtp-Source: AGRyM1uVxuYZNfPjCRoF9k0kpKkpcJboffwKfKv/5yLTz9aZBC55lIcCijkV8fmPi3k6XeGDTHV6pQ== X-Received: by 2002:a05:620a:4442:b0:6b2:844e:ee67 with SMTP id w2-20020a05620a444200b006b2844eee67mr17675356qkp.625.1657216958024; Thu, 07 Jul 2022 11:02:38 -0700 (PDT) Received: from hurd (dsl-153-127.b2b2c.ca. [66.158.153.127]) by smtp.gmail.com with ESMTPSA id g16-20020ae9e110000000b006aefa015c05sm30489327qkm.25.2022.07.07.11.02.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Jul 2022 11:02:37 -0700 (PDT) From: Maxim Cournoyer References: <20210928203838.GB15388@gac.attlocal.net> <20210929004633.17158-1-jgart@dismail.de> <87bl3dl1xy.fsf_-_@gnu.org> Date: Thu, 07 Jul 2022 14:02:36 -0400 In-Reply-To: <87bl3dl1xy.fsf_-_@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Mon, 25 Oct 2021 14:32:41 +0200") Message-ID: <87k08oztqb.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1657216991; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=1naxu65xFQCHl5GXtoiAkYdlt9SVzLjg/zXoiiyaHjk=; b=nsul7N8XYjB+PZPPpQ82YOz4QtG4t614aBJxR5RaWhJldOpGIWCp2+aWpmp+9PpN8pb8Fw 6rzSRW48WoZIw42MEgOu241d9/CyONBlc6tlJGsBAVDqOIV4ZF2VuiHwc/G3CXyG6zd+dg jJZEF5JvWz8bEoWVfGe9puCmFXKH2J7xW5vIdP/5ZYfuFfsOuLSq9CKQNq3PvcfOR0Fpzv pib91kNgNjH64ZD7UcV+EsJbPzY8b3xdQPCa1T14sFceM5cP9+nTsT8ZpyE42lpWZL2pWb VzxmK0z+thsAx3Ib88cUWAFxIZVflp21/xcEGLuOikwNYyVNBQpj9vwibjf9Fg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1657216991; a=rsa-sha256; cv=none; b=fskXJO0qMqBU18w038CwytybQAZZGXVZX+QyrWd9dizrspETsyng7LxY8JRri11kfjqyeI DgXCbUTf/yZbhu+op9I7obeTrtQVtXqvEl/8z0Q1vmu3fuhP2cQFnR+iSfkb7Qo7RhiOyd uvpig0p17LYFMNVaYtCxJ43Vx8t+8hpXFC5nR2ZflcsL2hnUlMTqFbq3xkaMmIG4OXr6hL SipEB5zW/q21xF0PeScHsMvoszQZ6o8mdPPfw6LdXJMopYFEf3JAvKfWUEXvj0b1EZJkoj EQnLC/r/p2JxVo0QettAemVzf27fNSiB5kTHNhlrjKZ7MIxMBjCJc0960o+Xag== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=Oy3+21fq; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 7.55 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=Oy3+21fq; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 33B4946B69 X-Spam-Score: 7.55 X-Migadu-Scanner: scn1.migadu.com X-TUID: /oUmb5FWWHpa tag 50882 moreinfo thanks Hello jgart, Ludovic Court=C3=A8s writes: > Hi, > > jgart skribis: > >> * gnu/services/web.scm (): New record type. >> (darkhttpd-accounts, darkhttpd-shepherd-service): New procedures. >> (darkhttpd-service-type): New variable. >> * doc/guix.texi (Web Services): Adds documentation for darkhttpd. > > Overall LGTM! Some comments and suggestions below. > >> +@cindex darkhttpd >> +@uref{https://unix4lyfe.org/darkhttpd/, darkhttpd} is a web server with= a=20 >> +focus on security and having a small memory footprint. >> + >> +Some security features are the following: >> + >> +@itemize >> +@item Logging accesses, including Referer and User-Agent. >> +@item Can chroot. >> +@item Can drop privileges. >> +@item Impervious to /../ sniffing. >> +@item Times out idle connections. >> +@item Drops overly long requests. >> +@end itemize=20 > > I=E2=80=99d replace the bullet list with a simple sentence like: =E2=80= =9CAmong other > things, it can change root directories, drop privileges, it times out on > idle connections and can drop overly long requests.=E2=80=9D > >> +@deffn {Scheme Variable} darkhttpd-service-type >> +This is the type of the darkhttpd service, whose value should be a >> +@code{darkhttpd-service-type} object, as in this example: >> + >> +@lisp >> +(service darkhttpd-service-type >> + (darkhttpd-configuration > > Please don=E2=80=99t use tabs. > >> +@end table >> +@end deftp >> @node Certificate Services > > Missing newline before @node. :-) > >> + (mimetypes darkhttpd-configuration-mimetypes >> + (default #f)) >> + (default-mimetype darkhttpd-configuration-default-mimetype > > Rather =E2=80=98mime-type=E2=80=99 (two words). > >> +(define darkhttpd-shepherd-service >> + (match-lambda >> + (($ package content port address=20 >> + maximum-connections log-file chroot?= =20 >> + daemonize? index-file do-not-serve-li= sting? >> + mimetypes default-mimetype=20 >> + drop-user-priviledges drop-group-priv= iledges=20 >> + write-pid-file disable-keep-alive?=20 >> + forward forward-all=20 >> + no-server-id? enable-ipv6?=20 >> + user group) > > Rather use =E2=80=98match-record=E2=80=99 here, to make sure we=E2=80=99r= e getting the right > fields. > >> +(define darkhttpd-accounts >> + (match-lambda >> + (($ _ _ _ _ _ _ _ _=20 >> + _ _ _ _ _ _ _ _=20 >> + _ _ user group) > > In such a case, simply call =E2=80=98darkhttpd-configuration-user=E2=80= =99 and > =E2=80=98darkhttpd-configuration-group=E2=80=99; it=E2=80=99s much less e= rror-prone! > >> +(define darkhttpd-service-type >> + (service-type >> + (name 'guix) >> + (extensions >> + (list (service-extension account-service-type >> + darkhttpd-accounts) >> + (service-extension shepherd-root-service-type >> + darkhttpd-shepherd-service))) >> + (default-value (darkhttpd-configuration)))) > > Please add a =E2=80=98description=E2=80=99 field. > > Could you also add a system test, under (gnu tests web)? You can start > by copying the nginx test; it should take around ~20 lines. Friendly ping about the above requests from Ludovic :-). Thanks, Maxim