From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50418) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcoM3-0001wt-Gi for guix-patches@gnu.org; Wed, 02 Aug 2017 03:46:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcoLy-0001m6-Ig for guix-patches@gnu.org; Wed, 02 Aug 2017 03:46:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:34939) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dcoLy-0001lT-E7 for guix-patches@gnu.org; Wed, 02 Aug 2017 03:46:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dcoLx-0002QM-OB for guix-patches@gnu.org; Wed, 02 Aug 2017 03:46:01 -0400 Subject: [bug#26684] let nginx configs reference the store Resent-Message-ID: Date: Wed, 2 Aug 2017 08:45:18 +0100 From: Christopher Baines Message-ID: <20170802084518.4e4f1d7b@cbaines.net> In-Reply-To: <87wp6ykmyx.fsf@gnu.org> References: <87pofp7dk5.fsf@lassieur.org> <87wp6ykmyx.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/bbDpdCdBSAkrFGf_Ss7Q3Vt"; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: Andy Wingo , 26684@debbugs.gnu.org, =?UTF-8?Q?Cl=C3=A9ment?= Lassieur --Sig_/bbDpdCdBSAkrFGf_Ss7Q3Vt Content-Type: multipart/mixed; boundary="MP_/alZDM3SxWxP4dGJJxg31TMs" --MP_/alZDM3SxWxP4dGJJxg31TMs Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Mon, 24 Jul 2017 15:01:42 +0200 ludo@gnu.org (Ludovic Court=C3=A8s) wrote: > Hello! >=20 > Christopher, Cl=C3=A9ment: I wanted to apply this patch from Andy but it > conflicts with recent changes, presumably commit cb341293fa by Chris. > Could you take a look and apply it, if possible? >=20 > https://bugs.gnu.org/26684 Hey, So I've had a look at this, it looks like its just the changes that are causing the conflict relate to checking that the files related to SSL exist. I've adjusted the patch so that it applies, and included my translation of the changes. I haven't done much testing yet, but the patch, and the diff with the previous patch is attached. --MP_/alZDM3SxWxP4dGJJxg31TMs Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0001-gnu-services-Nginx-configs-can-reference-store.patch =46rom 247843cb62c36cf0a65064eb0dcf5559dc78a460 Mon Sep 17 00:00:00 2001 From: Andy Wingo Date: Thu, 27 Apr 2017 19:49:02 +0200 Subject: [PATCH] gnu: services: Nginx configs can reference store * gnu/services/web.scm (config-domain-strings, config-index-strings): Emit lists instead of strings. (emit-nginx-location-config, emit-nginx-server-config) (emit-nginx-upstream-config): Rename from nginx-location-config, default-nginx-server-config, and nginx-upstream-config. Emit lists instead= of strings. (flatten): New helper. (default-nginx-config): Use flatten helper to write nginx conf. This allows location configs to reference store values. --- gnu/services/web.scm | 158 +++++++++++++++++++++++++----------------------= ---- 1 file changed, 78 insertions(+), 80 deletions(-) diff --git a/gnu/services/web.scm b/gnu/services/web.scm index c605d7686..6e7ffa787 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -114,105 +114,103 @@ (define (config-domain-strings names) "Return a string denoting the nginx config representation of NAMES, a list of domain names." - (string-join - (map (match-lambda + (map (match-lambda ('default "_ ") - ((? string? str) (string-append str " "))) - names))) + ((? string? str) (list str " "))) + names)) =20 (define (config-index-strings names) "Return a string denoting the nginx config representation of NAMES, a list of index files." - (string-join - (map (match-lambda - ((? string? str) (string-append str " "))) - names))) + (map (match-lambda + ((? string? str) (list str " "))) + names)) =20 -(define nginx-location-config +(define emit-nginx-location-config (match-lambda (($ uri body) - (string-append + (list " location " uri " {\n" - " " (string-join body "\n ") "\n" + (map (lambda (x) (list " " x "\n")) body) " }\n")) (($ name body) - (string-append + (list " location @" name " {\n" - " " (string-join body "\n ") "\n" + (map (lambda (x) (list " " x "\n")) body) " }\n")))) =20 -(define (default-nginx-server-config server) - (string-append - " server {\n" - (if (nginx-server-configuration-http-port server) - (string-append " listen " - (number->string (nginx-server-configuration-http-por= t server)) - ";\n") - "") - (if (nginx-server-configuration-https-port server) - (string-append " listen " - (number->string (nginx-server-configuration-https-po= rt server)) - " ssl;\n") - "") - " server_name " (config-domain-strings - (nginx-server-configuration-server-name server)) - ";\n" - (if (nginx-server-configuration-ssl-certificate server) - (let ((certificate (nginx-server-configuration-ssl-certificate serv= er))) - ;; lstat fails when the certificate file does not exist: it aborts - ;; and lets the user fix their configuration. - (lstat certificate) - (string-append " ssl_certificate " certificate ";\n")) - "") - (if (nginx-server-configuration-ssl-certificate-key server) - (let ((key (nginx-server-configuration-ssl-certificate-key server))) - (lstat key) - (string-append " ssl_certificate_key " key ";\n")) - "") - " root " (nginx-server-configuration-root server) ";\n" - " index " (config-index-strings (nginx-server-configuration-index = server)) ";\n" - " server_tokens " (if (nginx-server-configuration-server-tokens? s= erver) - "on" "off") ";\n" - "\n" - (string-join - (map nginx-location-config (nginx-server-configuration-locations serve= r)) - "\n") - " }\n")) +(define (emit-nginx-server-config server) + (let ((http-port (nginx-server-configuration-http-port server)) + (https-port (nginx-server-configuration-https-port server)) + (server-name (nginx-server-configuration-server-name server)) + (ssl-certificate (nginx-server-configuration-ssl-certificate serve= r)) + (ssl-certificate-key + (nginx-server-configuration-ssl-certificate-key server)) + (root (nginx-server-configuration-root server)) + (index (nginx-server-configuration-index server)) + (server-tokens? (nginx-server-configuration-server-tokens? server)) + (locations (nginx-server-configuration-locations server))) + (define-syntax-parameter <> (syntax-rules ())) + (define-syntax-rule (and/l x tail ...) + (let ((x* x)) + (if x* + (syntax-parameterize ((<> (identifier-syntax x*))) + (list tail ...)) + '()))) + (for-each (lambda (file) + (if (and file (not (file-exists? file))) + (error "~A does not exist" file))) + (list ssl-certificate ssl-certificate-key)) + (list + " server {\n" + (and/l http-port " listen " (number->string <>) ";\n") + (and/l https-port " listen " (number->string <>) " ssl;\n") + " server_name " (config-domain-strings server-name) ";\n" + (and/l ssl-certificate " ssl_certificate " <> ";\n") + (and/l ssl-certificate-key " ssl_certificate_key " <> ";\n") + " root " root ";\n" + " index " (config-index-strings index) ";\n" + " server_tokens " (if server-tokens? "on" "off") ";\n" + "\n" + (map emit-nginx-location-config locations) + "\n" + " }\n"))) =20 -(define (nginx-upstream-config upstream) - (string-append +(define (emit-nginx-upstream-config upstream) + (list " upstream " (nginx-upstream-configuration-name upstream) " {\n" - (string-concatenate - (map (lambda (server) - (simple-format #f " server ~A;\n" server)) - (nginx-upstream-configuration-servers upstream))) + (map (lambda (server) + (simple-format #f " server ~A;\n" server)) + (nginx-upstream-configuration-servers upstream)) " }\n")) =20 +(define (flatten . lst) + "Return a list that recursively concatenates all sub-lists of LST." + (define (flatten1 head out) + (if (list? head) + (fold-right flatten1 out head) + (cons head out))) + (fold-right flatten1 '() lst)) + (define (default-nginx-config nginx log-directory run-directory server-lis= t upstream-list) - (mixed-text-file "nginx.conf" - "user nginx nginx;\n" - "pid " run-directory "/pid;\n" - "error_log " log-directory "/error.log info;\n" - "http {\n" - " client_body_temp_path " run-directory "/client_body_te= mp;\n" - " proxy_temp_path " run-directory "/proxy_temp;\n" - " fastcgi_temp_path " run-directory "/fastcgi_temp;\n" - " uwsgi_temp_path " run-directory "/uwsgi_temp;\n" - " scgi_temp_path " run-directory "/scgi_temp;\n" - " access_log " log-directory "/access.log;\n" - " include " nginx "/share/nginx/conf/mime.types;\n" - "\n" - (string-join - (filter (lambda (section) (not (null? section))) - (map nginx-upstream-config upstream-list)) - "\n") - "\n" - (let ((http (map default-nginx-server-config server-list))) - (do ((http http (cdr http)) - (block "" (string-append (car http) "\n" block ))) - ((null? http) block))) - "}\n" - "events {}\n")) + (apply mixed-text-file "nginx.conf" + (flatten + "user nginx nginx;\n" + "pid " run-directory "/pid;\n" + "error_log " log-directory "/error.log info;\n" + "http {\n" + " client_body_temp_path " run-directory "/client_body_temp;\n" + " proxy_temp_path " run-directory "/proxy_temp;\n" + " fastcgi_temp_path " run-directory "/fastcgi_temp;\n" + " uwsgi_temp_path " run-directory "/uwsgi_temp;\n" + " scgi_temp_path " run-directory "/scgi_temp;\n" + " access_log " log-directory "/access.log;\n" + " include " nginx "/share/nginx/conf/mime.types;\n" + "\n" + (map emit-nginx-upstream-config upstream-list) + (map emit-nginx-server-config server-list) + "}\n" + "events {}\n"))) =20 (define %nginx-accounts (list (user-group (name "nginx") (system? #t)) --=20 2.13.1 --MP_/alZDM3SxWxP4dGJJxg31TMs Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0001-gnu-services-Nginx-configs-can-reference-store.patch.diff 1c1 < From 247843cb62c36cf0a65064eb0dcf5559dc78a460 Mon Sep 17 00:00:00 2001 --- > From b56b797e2ca26619485d874110d3f1f0ae96fba4 Mon Sep 17 00:00:00 2001 4c4 < Subject: [PATCH] gnu: services: Nginx configs can reference store --- > Subject: [PATCH 1/5] gnu: services: Nginx configs can reference store 16,17c16,17 < gnu/services/web.scm | 158 +++++++++++++++++++++++++--------------------= ------ < 1 file changed, 78 insertions(+), 80 deletions(-) --- > gnu/services/web.scm | 150 +++++++++++++++++++++++++--------------------= ------ > 1 file changed, 74 insertions(+), 76 deletions(-) 20c20 < index c605d7686..6e7ffa787 100644 --- > index b7b2f67f1..e8769522a 100644 23c23 < @@ -114,105 +114,103 @@ --- > @@ -110,101 +110,99 @@ 82,86c82,83 < - (let ((certificate (nginx-server-configuration-ssl-certificate se= rver))) < - ;; lstat fails when the certificate file does not exist: it abo= rts < - ;; and lets the user fix their configuration. < - (lstat certificate) < - (string-append " ssl_certificate " certificate ";\n")) --- > - (string-append " ssl_certificate " > - (nginx-server-configuration-ssl-certificate server= ) ";\n") 89,91c86,87 < - (let ((key (nginx-server-configuration-ssl-certificate-key server= ))) < - (lstat key) < - (string-append " ssl_certificate_key " key ";\n")) --- > - (string-append " ssl_certificate_key " > - (nginx-server-configuration-ssl-certificate-key se= rver) ";\n") 120,123d115 < + (for-each (lambda (file) < + (if (and file (not (file-exists? file))) < + (error "~A does not exist" file))) < + (list ssl-certificate ssl-certificate-key)) 208c200 < 2.13.1 --- > 2.12.2 --MP_/alZDM3SxWxP4dGJJxg31TMs-- --Sig_/bbDpdCdBSAkrFGf_Ss7Q3Vt Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlmBgw5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XcpTw/8DydaIAIT6h7V1c8GD521mBSNMGJLD8YNPzLpHIZzqaFo79OLbQ4peRnp QZm3QIGcKZZYAYwgjFaVbIUUKF93JyID57bUfLF2Dc+24CaUapSiS3N5iFHJfO/O zQqO7YxO8k+MnEWLia15oEvo2oO/fRuBGHHKqOz+kY5a3f62jsKdKVRahoPIGIwx Z3s0Zjjf9UVC4wnod1oR1hf0/0gSor5OTNcLqmNz3J5kHesVcEzhPYk4PWvjunR0 tYNWUB5jnmmDLPBK5po8yliPtJiiQBOj9SI16NF1C5uhqcHOtDlikOYa90yEFtrQ 4fsn5CnPLrw2OSBMBNB2VEKKvYv6Mju+A9jVOsxgf96LK6WkEFmJ7MV+fS8tD72F DaVwuilO8ZrFa99j6f0WdGagsQkU3xNP0r7n6m6cG2Go5ppRDjq6asY5dc0ZDpMH T0Me8DaJbijpYx9OKfZe/NM1jfnrHWKe4SLqvM5FKn/8yCWNWl1qF1EPoTrhZ4CV By3Irkq+qAhtqAKPczQjF+ciPVwHHyHVQ8hb64+XzWYEH5qxjMCfRPb44vfdqYnb yA0Nd88ZX+Q3ssKqqWdGoj14eLq+0N8Q0YyBBtoffrjOPv2+ElCMP4eFzzGD1mc+ /YDtpc3zOcGH//wQXBnDPMVXHoWB+sV2xVTT1ca6J5Sw8KQF44Y= =UldH -----END PGP SIGNATURE----- --Sig_/bbDpdCdBSAkrFGf_Ss7Q3Vt--