* [bug#48751] [PATCH 0/1] Create parent directory for laminar unix socket
@ 2021-05-30 19:59 Arun Isaac
2021-05-30 20:05 ` [bug#48751] [PATCH] services: laminar: Create parent directory for " Arun Isaac
0 siblings, 1 reply; 5+ messages in thread
From: Arun Isaac @ 2021-05-30 19:59 UTC (permalink / raw)
To: 48751; +Cc: Arun Isaac
If laminard is configured to listen on a unix socket, it should create the
parent directory of the unix socket with appropriate permissions. Currently,
no parent directory is created and the service fails to start.
Arun Isaac (1):
services: laminar: Create parent directory for unix socket.
gnu/services/ci.scm | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
--
2.31.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [bug#48751] [PATCH] services: laminar: Create parent directory for unix socket.
2021-05-30 19:59 [bug#48751] [PATCH 0/1] Create parent directory for laminar unix socket Arun Isaac
@ 2021-05-30 20:05 ` Arun Isaac
2021-06-08 15:35 ` Christopher Baines
0 siblings, 1 reply; 5+ messages in thread
From: Arun Isaac @ 2021-05-30 20:05 UTC (permalink / raw)
To: 48751; +Cc: Arun Isaac
* gnu/services/ci.scm (laminar-activation): New function.
(laminar-service-type): Extend activation-service-type with
laminar-activation.
---
gnu/services/ci.scm | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/gnu/services/ci.scm b/gnu/services/ci.scm
index 0b18521e76..0c3566bcaf 100644
--- a/gnu/services/ci.scm
+++ b/gnu/services/ci.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018, 2019, 2020, 2021 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2021 Arun Isaac <arunisaac@systemreboot.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -115,13 +116,25 @@
(home-directory (laminar-configuration-home-directory config))
(shell #~(string-append #$shadow "/sbin/nologin")))))
+(define (laminar-activation config)
+ (let ((bind-http (laminar-configuration-bind-http config)))
+ #~(begin
+ ;; If listen is a unix socket, create its parent directory.
+ (when (string-prefix? "unix:" #$bind-http)
+ (let ((run-directory
+ (dirname (substring #$bind-http (string-length "unix:"))))
+ (user (getpw "laminar")))
+ (mkdir-p run-directory)
+ (chown run-directory (passwd:uid user) (passwd:gid user)))))))
+
(define laminar-service-type
(service-type
(name 'laminar)
(extensions
(list
(service-extension shepherd-root-service-type laminar-shepherd-service)
- (service-extension account-service-type laminar-account)))
+ (service-extension account-service-type laminar-account)
+ (service-extension activation-service-type laminar-activation)))
(default-value (laminar-configuration))
(description
"Run the Laminar continuous integration service.")))
--
2.31.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#48751] [PATCH] services: laminar: Create parent directory for unix socket.
2021-05-30 20:05 ` [bug#48751] [PATCH] services: laminar: Create parent directory for " Arun Isaac
@ 2021-06-08 15:35 ` Christopher Baines
2021-06-10 5:00 ` bug#48751: " Arun Isaac
0 siblings, 1 reply; 5+ messages in thread
From: Christopher Baines @ 2021-06-08 15:35 UTC (permalink / raw)
To: Arun Isaac; +Cc: 48751
[-- Attachment #1: Type: text/plain, Size: 427 bytes --]
Arun Isaac <arunisaac@systemreboot.net> writes:
> * gnu/services/ci.scm (laminar-activation): New function.
> (laminar-service-type): Extend activation-service-type with
> laminar-activation.
> ---
> gnu/services/ci.scm | 15 ++++++++++++++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
This looks good to me. I don't think I've played around too much with
different bind options, so I haven't come across this issue.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#48751: [PATCH] services: laminar: Create parent directory for unix socket.
2021-06-08 15:35 ` Christopher Baines
@ 2021-06-10 5:00 ` Arun Isaac
2021-06-16 7:31 ` [bug#48751] " Christopher Baines
0 siblings, 1 reply; 5+ messages in thread
From: Arun Isaac @ 2021-06-10 5:00 UTC (permalink / raw)
To: Christopher Baines; +Cc: 48751-done
[-- Attachment #1: Type: text/plain, Size: 637 bytes --]
Hi Chris,
> This looks good to me.
Pushed to master, thanks for the review!
> I don't think I've played around too much with different bind options,
> so I haven't come across this issue.
One problem still remains even after this patch. If the laminar web UI
is behind an nginx reverse proxy, the nginx user needs to have
read/write permissions to the unix socket. For this, it should be a
member of the laminar group. But, short of modifying the nginx service,
I don't know of any way to achieve this. Something more composable would
be nice. The nginx service being aware of laminar doesn't sound
right. Any ideas?
Regards,
Arun
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 524 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [bug#48751] [PATCH] services: laminar: Create parent directory for unix socket.
2021-06-10 5:00 ` bug#48751: " Arun Isaac
@ 2021-06-16 7:31 ` Christopher Baines
0 siblings, 0 replies; 5+ messages in thread
From: Christopher Baines @ 2021-06-16 7:31 UTC (permalink / raw)
To: Arun Isaac; +Cc: 48751-done
[-- Attachment #1: Type: text/plain, Size: 734 bytes --]
Arun Isaac <arunisaac@systemreboot.net> writes:
> Hi Chris,
>
>> This looks good to me.
>
> Pushed to master, thanks for the review!
>
>> I don't think I've played around too much with different bind options,
>> so I haven't come across this issue.
>
> One problem still remains even after this patch. If the laminar web UI
> is behind an nginx reverse proxy, the nginx user needs to have
> read/write permissions to the unix socket. For this, it should be a
> member of the laminar group. But, short of modifying the nginx service,
> I don't know of any way to achieve this. Something more composable would
> be nice. The nginx service being aware of laminar doesn't sound
> right. Any ideas?
Nothing comes to mind unfortunately.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-06-16 7:32 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-30 19:59 [bug#48751] [PATCH 0/1] Create parent directory for laminar unix socket Arun Isaac
2021-05-30 20:05 ` [bug#48751] [PATCH] services: laminar: Create parent directory for " Arun Isaac
2021-06-08 15:35 ` Christopher Baines
2021-06-10 5:00 ` bug#48751: " Arun Isaac
2021-06-16 7:31 ` [bug#48751] " Christopher Baines
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.