From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id IPXTL1LCXGQxAgAASxT56A (envelope-from ) for ; Thu, 11 May 2023 12:24:18 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id kCTQL1LCXGRZaAAA9RJhRA (envelope-from ) for ; Thu, 11 May 2023 12:24:18 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 526FF1D14 for ; Thu, 11 May 2023 12:24:18 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1px3Su-0004UE-EE; Thu, 11 May 2023 06:24:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1px3Ss-0004Tx-UG for bug-guix@gnu.org; Thu, 11 May 2023 06:24:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1px3Ss-0004h1-MN for bug-guix@gnu.org; Thu, 11 May 2023 06:24:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1px3Ss-00069w-HT for bug-guix@gnu.org; Thu, 11 May 2023 06:24:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#60657: Rethinking how service extensions work Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 11 May 2023 10:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 60657 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Bruno Victal Cc: 60657@debbugs.gnu.org Received: via spool by 60657-submit@debbugs.gnu.org id=B60657.168380058323606 (code B ref 60657); Thu, 11 May 2023 10:24:02 +0000 Received: (at 60657) by debbugs.gnu.org; 11 May 2023 10:23:03 +0000 Received: from localhost ([127.0.0.1]:49786 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1px3Ru-00068W-7k for submit@debbugs.gnu.org; Thu, 11 May 2023 06:23:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44100) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1px3Rp-00067s-51 for 60657@debbugs.gnu.org; Thu, 11 May 2023 06:23:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1px3Rj-0004Yq-6w; Thu, 11 May 2023 06:22:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=+yE3fAxGd9yUzwv2zQzriN6hrPiokzxfQiVcK1jQMHg=; b=KbsuNdQCzuEX9sOUBx2X QIN4yPJHyWSQ+snVlkVkf2gfpKRGGAuNdfxqkUYduT09RsImuO386Uyuc0pDQ23WT9UxM0VRSV6El 75nHrMNcrGpRBgHk5EDqL4awD/TFDr3sz857Glcno1XAheTmzurxnndddOYh18sL5eD1D/hG6BNuX wAON4VmHDYb1Xt84N6Qh6AfjXWZhvpwRGrLBD9zkIxBUlYq4KcaPgqOSsTi1RGGID6T7fuxBUYRj8 j2X3ZHlrTxp+iu1yqEzZif3DzNY28dxfuQyOqPbDXIqQIw/rVScj+efxpb2AuGcAgdM2xKRZf65gT yp4IqZbdwY9OTw==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1px3Ri-00068C-QX; Thu, 11 May 2023 06:22:51 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87pm9xy6xh.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Duodi 22 =?UTF-8?Q?Flor=C3=A9al?= an 231 de la =?UTF-8?Q?R=C3=A9volution,?= jour de la Fritillaire X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 11 May 2023 12:22:48 +0200 In-Reply-To: (Bruno Victal's message of "Tue, 9 May 2023 20:12:58 +0100") Message-ID: <8735436ubr.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1683800658; a=rsa-sha256; cv=none; b=Qm5UXB9o7LI03LzWS0wneD8yJ+h9PPEhgp+e5Vc5EtNIymZ7T5N70kDyZBc3gqqoY7ua4H fXdlXeXu/qQU/JEaK3JfAkv77+b3wKGsJxEFzsi/EJi4BqGcg/+or2lvJA0JqbUIa5HefH X3K05697NAKtwDBjtPiydGgkkYGHula5xkDigwXg5+CDizOVB7l6y7sY7PHzzBg7Bmdv5p qe/MS1eaMB1yMT67+1YJfT+z2nIR+IBIhlSPbqX+TKHwvEM45cCMiK84quPngch4VMt/FS tfav4INRdOUi5RBVXT8QeiqG6dxFbt19XUZajPNorRjG0FItj34h/Mzj1pZ/AQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=KbsuNdQC; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1683800658; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=+yE3fAxGd9yUzwv2zQzriN6hrPiokzxfQiVcK1jQMHg=; b=Sua87Y/4224zLysiYh4bHzvSrZlRkOFl2xILLFbR0SrpFo7kHgvvc9ddI6q63gkq8ZuZTf X2RaFr8LefSuuZXJ9FCejqPsfTUc/+H/46YtmFw5ElTXNt36SE7dRLgaHR80RhxEg2s6CU 8mV8ZpMIjMjJXdcrHOzs7XApMTNNuUm3rxcZ/hFxXZiu21Z0y201+0sTK9w0I++dhZ0Tvx sMEej5LvA8XnKnE+ntjCtkqxP50I3fZpIOGEAl5nbTVXMafshffYp5w3Gdvh6qkOxFOajj m2daldANJNzkEcCGAlWDeaNm5gc+FOoIWigJHh3j6vivyNipefNcuesuSBPMqA== X-Migadu-Spam-Score: -3.38 X-Spam-Score: -3.38 X-Migadu-Queue-Id: 526FF1D14 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=KbsuNdQC; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-TUID: Aj0XSIP8049s Hi Bruno, Bruno Victal skribis: > On 2023-02-25 17:46, Ludovic Court=C3=A8s wrote: [...] >> As we once discussed on IRC, the conclusion to me is that some of the >> code currently implemented as activation snippets should rather be >> implemented either as part of the =E2=80=98start=E2=80=99 method of the = corresponding >> Shepherd service, or as a one-shot Shepherd service that the main >> service would depend on. > > I think moving them into the =E2=80=98start=E2=80=99 method is the best c= ourse of action. > I'm considering the following changes: > * Adding (gnu build activation) to %default-imported-modules + %default-m= odules in (gnu services shepherd). > I expect that mkdir-p/perms is going to be used frequently enough, usin= g the number of activation-service > extensions in use as a rough estimate. > * Refactor the activation extensions into the =E2=80=98start=E2=80=99 met= hod, where it makes sense to do so. OK. Cosmetic considerations: how about adding a =E2=80=98pre-start=E2=80= =99 field in ? That would allow us to keep the =E2=80=9Csetup=E2=80= =9D bit visually separate from the actual =E2=80=98start=E2=80=99 method, even if u= nder the hood they get =E2=80=9Cmerged=E2=80=9D together: (shepherd-service ;; =E2=80=A6 (pre-start #~(mkdir-p "/whatever")) (start #~(make-forkexec-constructor =E2=80=A6))) > There's one issue I'm somewhat concerned about, consider the following sn= ippet: > > > (define log-directory "/var/log") > (define username "notroot") > > (start > #~(lambda _ > (mkdir-p/perms #$log-directory (getpw #$username) #o750) > ...)) > > This is somewhat pitfall prone since you most likely don't want to chown = /var/log to a non-root user. > I'm unsure what's the best course to take here, would a simple file-exist= ? check before mkdir-p/perms be sufficient? We ensure /var/log exists before anything else=E2=80=94see =E2=80=98directi= ves=E2=80=99 in (gnu build install). If we want an extra safety, we can add a real activation snippet that does (mkdir-p "/var/log"), with the understanding that it would notably run at boot time before shepherd is started. > In either case, with or without refactoring this issue is already present= (but in activation-service extensions) > so it's no worse than the status quo. Right. >> Note that this should prolly be declared as a =E2=80=98file-system=E2=80= =99 rather than >> as a custom service. That way, it would get a =E2=80=9Cstandard=E2=80= =9D Shepherd >> service. >>=20 >> There are cases where we add explicit dependencies on >> =E2=80=98file-system-/media/foo=E2=80=99 or similar. has = a =E2=80=98dependencies=E2=80=99 >> field specifically for this purpose (info "(guix) File Systems"). >>=20 >> Would that work for you? > > Unfortunately OverlayFS is filtered out from fstab by Guix (reported #602= 46) and the dependencies field IMO is too restrictive, > there should be a (sane) way to pass shepherd service symbols too. (for c= ases where a file system depends on 'networking or > depends on a particular interface e.g. NFS mount that uses a IPv6 link-lo= cal address) Sure, we could make these changes. Let=E2=80=99s discuss it separately? Thanks, Ludo=E2=80=99.