* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
@ 2022-04-09 9:12 Ludovic Courtès
2022-04-09 9:13 ` [bug#54811] [PATCH 1/3] publish: Use SRFI-71 instead of SRFI-11 Ludovic Courtès
2022-04-09 9:19 ` Maxime Devos
0 siblings, 2 replies; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-09 9:12 UTC (permalink / raw)
To: 54811; +Cc: Ludovic Courtès
Hello!
Now that we have this fancy new Shepherd, we can have our daemons
started lazily via “socket activation” like all the cool kids have
been doing. :-)
Next steps: update the ‘guix’ package, update the .service files,
and update (gnu services base) (I’m not entirely sure we can start
‘guix-daemon’ via socket activation though due to the container
shenanigans in there.)
Thoughts?
Ludo’.
Ludovic Courtès (3):
publish: Use SRFI-71 instead of SRFI-11.
publish: Support systemd-style socket activation.
daemon: Support systemd-style socket activation.
doc/guix.texi | 11 ++++++++-
guix/scripts/publish.scm | 39 +++++++++++++++++++++++++-------
nix/nix-daemon/guix-daemon.cc | 42 ++++++++++++++++++++++++++++++-----
3 files changed, 78 insertions(+), 14 deletions(-)
base-commit: 0996d48d0e79a360e0d5583b812cd565f62ca32e
--
2.35.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 1/3] publish: Use SRFI-71 instead of SRFI-11.
2022-04-09 9:12 [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Ludovic Courtès
@ 2022-04-09 9:13 ` Ludovic Courtès
2022-04-09 9:13 ` [bug#54811] [PATCH 2/3] publish: Support systemd-style socket activation Ludovic Courtès
2022-04-09 9:13 ` [bug#54811] [PATCH 3/3] daemon: Support systemd-style socket activation Ludovic Courtès
2022-04-09 9:19 ` Maxime Devos
1 sibling, 2 replies; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-09 9:13 UTC (permalink / raw)
To: 54811; +Cc: Ludovic Courtès
* guix/scripts/publish.scm (make-request-handler): Use 'let' instead of
'let-values'.
---
guix/scripts/publish.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index 870dfc11e9..d6eb65d912 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -36,11 +36,11 @@ (define-module (guix scripts publish)
#:use-module (srfi srfi-2)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-9 gnu)
- #:use-module (srfi srfi-11)
#:use-module (srfi srfi-19)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-37)
+ #:use-module (srfi srfi-71)
#:use-module (web http)
#:use-module (web request)
#:use-module (web response)
@@ -1190,8 +1190,7 @@ (define (handle request body)
;; Preserve the request's 'connection' header in the response, so that the
;; server can close the connection if this is requested by the client.
(lambda (request body)
- (let-values (((response response-body)
- (handle request body)))
+ (let ((response response-body (handle request body)))
(values (preserve-connection-headers request response)
response-body))))
--
2.35.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 2/3] publish: Support systemd-style socket activation.
2022-04-09 9:13 ` [bug#54811] [PATCH 1/3] publish: Use SRFI-71 instead of SRFI-11 Ludovic Courtès
@ 2022-04-09 9:13 ` Ludovic Courtès
2022-04-09 9:20 ` Maxime Devos
2022-04-09 9:13 ` [bug#54811] [PATCH 3/3] daemon: Support systemd-style socket activation Ludovic Courtès
1 sibling, 1 reply; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-09 9:13 UTC (permalink / raw)
To: 54811; +Cc: Ludovic Courtès
* guix/scripts/publish.scm (systemd-socket): New procedure.
(guix-publish): Add 'style' variable. Adjust startup message depending
on whether STYLE is 'systemd.
* doc/guix.texi (Invoking guix publish): Mention socket activation.
---
doc/guix.texi | 5 +++++
guix/scripts/publish.scm | 34 +++++++++++++++++++++++++++++-----
2 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 59db00e581..16bd858a3b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -14041,6 +14041,11 @@ spawn an HTTP server on port 8080:
guix publish
@end example
+@cindex socket activation, for @command{guix publish}
+@command{guix publish} can also be started following the systemd
+``socket activation'' protocol (@pxref{Service De- and Constructors,
+@code{make-systemd-constructor},, shepherd, The GNU Shepherd Manual}).
+
Once a publishing server has been authorized, the daemon may download
substitutes from it. @xref{Getting Substitutes from Other Servers}.
diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index d6eb65d912..a4b9565f91 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -1235,6 +1235,23 @@ (define (open-server-socket address)
(bind sock address)
sock))
+(define (systemd-socket)
+ "If this program is being spawned through systemd-style \"socket
+activation\", whereby the listening socket is passed as file descriptor 3,
+return the corresponding socket."
+ (and (equal? (and=> (getenv "LISTEN_PID") string->number)
+ (getpid))
+ (match (getenv "LISTEN_FDS")
+ ((= string->number 1)
+ (let ((sock (fdopen 3 "r+0")))
+ (configure-socket sock)
+ sock))
+ ((= string->number (? integer? n))
+ (leave (G_ "~a: unexpected number of startup file descriptors")
+ n))
+ (_
+ #f))))
+
(define (gather-user-privileges user)
"Switch to the identity of USER, a user name."
(catch 'misc-error
@@ -1280,7 +1297,12 @@ (define-command (guix-publish . args)
(make-socket-address (sockaddr:fam addr)
(sockaddr:addr addr)
port)))
- (socket (open-server-socket address))
+ (socket style (match (systemd-socket)
+ (#f
+ (values (open-server-socket address)
+ 'normal))
+ (socket
+ (values socket 'systemd))))
(nar-path (assoc-ref opts 'nar-path))
(repl-port (assoc-ref opts 'repl))
(cache (assoc-ref opts 'cache))
@@ -1305,10 +1327,12 @@ (define-command (guix-publish . args)
(cache-bypass-threshold
(or (assoc-ref opts 'cache-bypass-threshold)
(cache-bypass-threshold))))
- (info (G_ "publishing ~a on ~a, port ~d~%")
- %store-directory
- (inet-ntop (sockaddr:fam address) (sockaddr:addr address))
- (sockaddr:port address))
+ (if (eq? style 'systemd)
+ (info (G_ "publishing (started via socket activation)~%"))
+ (info (G_ "publishing ~a on ~a, port ~d~%")
+ %store-directory
+ (inet-ntop (sockaddr:fam address) (sockaddr:addr address))
+ (sockaddr:port address)))
(for-each (lambda (compression)
(info (G_ "using '~a' compression method, level ~a~%")
--
2.35.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 3/3] daemon: Support systemd-style socket activation.
2022-04-09 9:13 ` [bug#54811] [PATCH 1/3] publish: Use SRFI-71 instead of SRFI-11 Ludovic Courtès
2022-04-09 9:13 ` [bug#54811] [PATCH 2/3] publish: Support systemd-style socket activation Ludovic Courtès
@ 2022-04-09 9:13 ` Ludovic Courtès
2022-04-09 9:29 ` Maxime Devos
1 sibling, 1 reply; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-09 9:13 UTC (permalink / raw)
To: 54811; +Cc: Ludovic Courtès
* nix/nix-daemon/guix-daemon.cc (SD_LISTEN_FDS_START): New macro.
(systemd_activation_sockets): New function.
(main): Use it. Remove obsolete 'printMsg' call.
* doc/guix.texi (Invoking guix-daemon): Document socket activation.
---
doc/guix.texi | 6 ++++-
nix/nix-daemon/guix-daemon.cc | 42 ++++++++++++++++++++++++++++++-----
2 files changed, 42 insertions(+), 6 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 16bd858a3b..81fec35eb7 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1554,7 +1554,11 @@ is normally run as @code{root} like this:
# guix-daemon --build-users-group=guixbuild
@end example
-@noindent
+@cindex socket activation, for @command{guix-daemon}
+This daemon can also be started following the systemd ``socket
+activation'' protocol (@pxref{Service De- and Constructors,
+@code{make-systemd-constructor},, shepherd, The GNU Shepherd Manual}).
+
For details on how to set it up, @pxref{Setting Up the Daemon}.
@cindex chroot
diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index 36a06a3fae..d7ab9c5e64 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -1,5 +1,5 @@
/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org>
+ Copyright (C) 2012-2019, 2021-2022 Ludovic Courtès <ludo@gnu.org>
Copyright (C) 2006, 2010, 2012, 2014 Eelco Dolstra <e.dolstra@tudelft.nl>
This file is part of GNU Guix.
@@ -434,6 +434,31 @@ listening_sockets (const std::list<std::string> &options)
return result;
}
+/* First file descriptor provided at startup using systemd-style socket
+ activation. */
+#define SD_LISTEN_FDS_START 3
+
+/* Return a list of file descriptors of listening sockets provided following
+ the systemd "socket activation" protocol. Return the empty list if we are
+ not being socket-activated. */
+static std::vector<int>
+systemd_activation_sockets ()
+{
+ std::vector<int> result;
+
+ if (getEnv ("LISTEN_PID") == std::to_string (getpid ()))
+ {
+ unsigned int fdCount;
+ if (string2Int (getEnv ("LISTEN_FDS"), fdCount))
+ {
+ for (unsigned int i = 0; i < fdCount; i++)
+ result.push_back (SD_LISTEN_FDS_START + i);
+ }
+ }
+
+ return result;
+}
+
\f
int
main (int argc, char *argv[])
@@ -494,7 +519,17 @@ main (int argc, char *argv[])
argp_parse (&argp, argc, argv, 0, 0, 0);
- auto sockets = listening_sockets (listen_options);
+ auto sockets = systemd_activation_sockets ();
+ if (sockets.empty ())
+ /* We were not "socket-activated" so open the sockets specified by
+ LISTEN_OPTIONS. */
+ sockets = listening_sockets (listen_options);
+ else
+ printMsg (lvlInfo,
+ format (ngettext ("socket-activated with %1% socket",
+ "socket-activated with %1% sockets",
+ sockets.size ()))
+ % sockets.size ());
/* Effect all the changes made via 'settings.set'. */
settings.update ();
@@ -531,9 +566,6 @@ using `--build-users-group' is highly recommended\n"));
format ("automatic deduplication set to %1%")
% settings.autoOptimiseStore);
- printMsg (lvlDebug,
- format ("listening on `%1%'") % settings.nixDaemonSocketFile);
-
run (sockets);
}
catch (std::exception &e)
--
2.35.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-09 9:12 [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Ludovic Courtès
2022-04-09 9:13 ` [bug#54811] [PATCH 1/3] publish: Use SRFI-71 instead of SRFI-11 Ludovic Courtès
@ 2022-04-09 9:19 ` Maxime Devos
2022-04-09 20:30 ` Ludovic Courtès
1 sibling, 1 reply; 22+ messages in thread
From: Maxime Devos @ 2022-04-09 9:19 UTC (permalink / raw)
To: Ludovic Courtès, 54811
[-- Attachment #1: Type: text/plain, Size: 385 bytes --]
Ludovic Courtès schreef op za 09-04-2022 om 11:12 [+0200]:
> publish: Support systemd-style socket activation.
Does this imply that, at least when avahi/--advertise isn't used,
"guix publish" can be run in a container without network access,
in a container that only has access to /gnu/store, the private/public
key and wherever the nars are stored?
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 2/3] publish: Support systemd-style socket activation.
2022-04-09 9:13 ` [bug#54811] [PATCH 2/3] publish: Support systemd-style socket activation Ludovic Courtès
@ 2022-04-09 9:20 ` Maxime Devos
2022-04-14 12:51 ` bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Ludovic Courtès
0 siblings, 1 reply; 22+ messages in thread
From: Maxime Devos @ 2022-04-09 9:20 UTC (permalink / raw)
To: Ludovic Courtès, 54811
[-- Attachment #1: Type: text/plain, Size: 351 bytes --]
Ludovic Courtès schreef op za 09-04-2022 om 11:13 [+0200]:
> + "If this program is being spawned through systemd-style \"socket
> +activation\", whereby the listening socket is passed as file descriptor 3,
> +return the corresponding socket."
And if it isn't, what is returned then?
"Otherwise, return #false."
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 3/3] daemon: Support systemd-style socket activation.
2022-04-09 9:13 ` [bug#54811] [PATCH 3/3] daemon: Support systemd-style socket activation Ludovic Courtès
@ 2022-04-09 9:29 ` Maxime Devos
2022-04-09 20:28 ` [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Ludovic Courtès
0 siblings, 1 reply; 22+ messages in thread
From: Maxime Devos @ 2022-04-09 9:29 UTC (permalink / raw)
To: Ludovic Courtès, 54811
[-- Attachment #1: Type: text/plain, Size: 293 bytes --]
Ludovic Courtès schreef op za 09-04-2022 om 11:13 [+0200]:
> + if (getEnv ("LISTEN_PID") == std::to_string (getpid ()))
I thought it was name getenv, and not getEnv, and C strings cannot be
meaningfully compared with == (pointer equality), or is thi a C++-ism?
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-09 9:29 ` Maxime Devos
@ 2022-04-09 20:28 ` Ludovic Courtès
0 siblings, 0 replies; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-09 20:28 UTC (permalink / raw)
To: Maxime Devos; +Cc: 54811
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op za 09-04-2022 om 11:13 [+0200]:
>> + if (getEnv ("LISTEN_PID") == std::to_string (getpid ()))
>
> I thought it was name getenv, and not getEnv, and C strings cannot be
> meaningfully compared with == (pointer equality), or is thi a C++-ism?
Yes, this is the equality operator on std::string. Also, ‘getEnv’
always returns a string, possibly empty (a flaky but good-enough
interface.)
Ludo’.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-09 9:19 ` Maxime Devos
@ 2022-04-09 20:30 ` Ludovic Courtès
2022-04-09 20:49 ` Maxime Devos
0 siblings, 1 reply; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-09 20:30 UTC (permalink / raw)
To: Maxime Devos; +Cc: 54811
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op za 09-04-2022 om 11:12 [+0200]:
>> publish: Support systemd-style socket activation.
>
> Does this imply that, at least when avahi/--advertise isn't used,
> "guix publish" can be run in a container without network access,
> in a container that only has access to /gnu/store, the private/public
> key and wherever the nars are stored?
I don’t think it makes any difference. Or am I misunderstanding?
Ludo’.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-09 20:30 ` Ludovic Courtès
@ 2022-04-09 20:49 ` Maxime Devos
2022-04-10 17:34 ` Ludovic Courtès
0 siblings, 1 reply; 22+ messages in thread
From: Maxime Devos @ 2022-04-09 20:49 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 54811
[-- Attachment #1: Type: text/plain, Size: 724 bytes --]
Ludovic Courtès schreef op za 09-04-2022 om 22:30 [+0200]:
> Maxime Devos <maximedevos@telenet.be> skribis:
>
> > Ludovic Courtès schreef op za 09-04-2022 om 11:12 [+0200]:
> > > publish: Support systemd-style socket activation.
> >
> > Does this imply that, at least when avahi/--advertise isn't used,
> > "guix publish" can be run in a container without network access,
> > in a container that only has access to /gnu/store, the private/public
> > key and wherever the nars are stored?
>
> I don’t think it makes any difference. Or am I misunderstanding?
Is ‘it’ = ‘the new socket activation support’, or ‘the avahi/--
advertise option being enabled or not’?
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-09 20:49 ` Maxime Devos
@ 2022-04-10 17:34 ` Ludovic Courtès
2022-04-10 17:43 ` Maxime Devos
0 siblings, 1 reply; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-10 17:34 UTC (permalink / raw)
To: Maxime Devos; +Cc: 54811
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op za 09-04-2022 om 22:30 [+0200]:
>> Maxime Devos <maximedevos@telenet.be> skribis:
>>
>> > Ludovic Courtès schreef op za 09-04-2022 om 11:12 [+0200]:
>> > > publish: Support systemd-style socket activation.
>> >
>> > Does this imply that, at least when avahi/--advertise isn't used,
>> > "guix publish" can be run in a container without network access,
>> > in a container that only has access to /gnu/store, the private/public
>> > key and wherever the nars are stored?
>>
>> I don’t think it makes any difference. Or am I misunderstanding?
>
> Is ‘it’ = ‘the new socket activation support’, or ‘the avahi/--
> advertise option being enabled or not’?
“It” referred to the long condition you wrote. :-)
One thing is sure: when ‘--advertise’ is used, we shouldn’t use socket
activation or nothing will be advertised. Is that what you mean?
Ludo’.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-10 17:34 ` Ludovic Courtès
@ 2022-04-10 17:43 ` Maxime Devos
2022-04-11 9:48 ` Ludovic Courtès
0 siblings, 1 reply; 22+ messages in thread
From: Maxime Devos @ 2022-04-10 17:43 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 54811
[-- Attachment #1: Type: text/plain, Size: 2011 bytes --]
Ludovic Courtès schreef op zo 10-04-2022 om 19:34 [+0200]:
> Maxime Devos <maximedevos@telenet.be> skribis:
>
> > Ludovic Courtès schreef op za 09-04-2022 om 22:30 [+0200]:
> > > Maxime Devos <maximedevos@telenet.be> skribis:
> > >
> > > > Ludovic Courtès schreef op za 09-04-2022 om 11:12 [+0200]:
> > > > > publish: Support systemd-style socket activation.
> > > >
> > > > Does this imply that, at least when avahi/--advertise isn't used,
> > > > "guix publish" can be run in a container without network access,
> > > > in a container that only has access to /gnu/store, the private/public
> > > > key and wherever the nars are stored?
> > >
> > > I don’t think it makes any difference. Or am I misunderstanding?
> >
> > Is ‘it’ = ‘the new socket activation support’, or ‘the avahi/--
> > advertise option being enabled or not’?
>
> “It” referred to the long condition you wrote. :-)
>
> One thing is sure: when ‘--advertise’ is used, we shouldn’t use socket
> activation or nothing will be advertised. Is that what you mean?
No, how would socket activation prevent advertising? How would guile-
avahi even know that we are doing socket activation?
What I mean was:
* if guile-avahi sends messages to the network by itself,
then it cannot be run inside a networkless container,
otherwise only the container's loopback would receive them.
* if guile-avahi talks to some daemon via a unix domain socket,
then no problem
* IIUC, previously, "guix publish" could not be run inside a network
container, because it tried to listen by itself (and listening
to a container's own loopback isn't useful).
* but in case of socket activation, this problem disappears
* bonus: except possibly for the secret key material, "guix publish"
does not have to be started as root anymore even if uses a
reserved port such as port 80 (assuming socket activation is used).
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-10 17:43 ` Maxime Devos
@ 2022-04-11 9:48 ` Ludovic Courtès
2022-04-11 10:06 ` Maxime Devos
` (2 more replies)
0 siblings, 3 replies; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-11 9:48 UTC (permalink / raw)
To: Maxime Devos; +Cc: 54811
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op zo 10-04-2022 om 19:34 [+0200]:
[...]
>> One thing is sure: when ‘--advertise’ is used, we shouldn’t use socket
>> activation or nothing will be advertised. Is that what you mean?
>
> No, how would socket activation prevent advertising?
As currently implemented in the Shepherd, socket activation means that
the process is started lazily, the first time a connection request is
made. If the ‘guix publish’ process isn’t started, then DNS-SD
publication doesn’t happen.
> How would guile- avahi even know that we are doing socket activation?
>
> What I mean was:
>
> * if guile-avahi sends messages to the network by itself,
> then it cannot be run inside a networkless container,
> otherwise only the container's loopback would receive them.
>
> * if guile-avahi talks to some daemon via a unix domain socket,
> then no problem
Guile-Avahi talks to avahi-daemon over a Unix-domain socket;
avahi-daemon then does the actual mDNS/DNS-SD publication.
> * IIUC, previously, "guix publish" could not be run inside a network
> container, because it tried to listen by itself (and listening
> to a container's own loopback isn't useful).
>
> * but in case of socket activation, this problem disappears
Well, shepherd, as an ordinary process in the container, would also try
to listen by itself. But I think that’s fine; worst thing is nobody
ever connects to that socket, but that’s ok, no?
> * bonus: except possibly for the secret key material, "guix publish"
> does not have to be started as root anymore even if uses a
> reserved port such as port 80 (assuming socket activation is used).
But it does need to access the secret key…
Ludo’.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-11 9:48 ` Ludovic Courtès
@ 2022-04-11 10:06 ` Maxime Devos
2022-04-11 20:33 ` Ludovic Courtès
2022-04-11 10:08 ` Maxime Devos
2022-04-11 10:10 ` Maxime Devos
2 siblings, 1 reply; 22+ messages in thread
From: Maxime Devos @ 2022-04-11 10:06 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 54811
[-- Attachment #1: Type: text/plain, Size: 686 bytes --]
Ludovic Courtès schreef op ma 11-04-2022 om 11:48 [+0200]:
> > * bonus: except possibly for the secret key material, "guix
> > publish"
> > does not have to be started as root anymore even if uses a
> > reserved port such as port 80 (assuming socket activation is
> > used).
>
> But it does need to access the secret key…
The ‘guix publish’ could be run as a separate, say, guix-publish user,
and the secret key could be made readable to guix-publish.
Alternatively, the shepherd could open the secret key file on behalf of
‘guix publish’ and send it together with the listening socket to ‘guix
publish’.
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-11 9:48 ` Ludovic Courtès
2022-04-11 10:06 ` Maxime Devos
@ 2022-04-11 10:08 ` Maxime Devos
2022-04-11 20:34 ` Ludovic Courtès
2022-04-11 10:10 ` Maxime Devos
2 siblings, 1 reply; 22+ messages in thread
From: Maxime Devos @ 2022-04-11 10:08 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 54811
[-- Attachment #1: Type: text/plain, Size: 869 bytes --]
Ludovic Courtès schreef op ma 11-04-2022 om 11:48 [+0200]:
> > * IIUC, previously, "guix publish" could not be run inside a
> > network
> > container, because it tried to listen by itself (and listening
> > to a container's own loopback isn't useful).
> >
> > * but in case of socket activation, this problem disappears
>
> Well, shepherd, as an ordinary process in the container,
I meant running ‘guix publish’ inside a container, not shepherd as a
whole in a container. Basically, make-forkexec-constructor/container,
but for socket activation.
> would also try to listen by itself. But I think that’s fine; worst
> thing is nobody ever connects to that socket, but that’s ok, no?
If nobody every connects to the socket of ‘guix publish’, then ‘guix
publish’ is useless.
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-11 9:48 ` Ludovic Courtès
2022-04-11 10:06 ` Maxime Devos
2022-04-11 10:08 ` Maxime Devos
@ 2022-04-11 10:10 ` Maxime Devos
2 siblings, 0 replies; 22+ messages in thread
From: Maxime Devos @ 2022-04-11 10:10 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 54811
[-- Attachment #1: Type: text/plain, Size: 738 bytes --]
Ludovic Courtès schreef op ma 11-04-2022 om 11:48 [+0200]:
> > > One thing is sure: when ‘--advertise’ is used, we shouldn’t use
> > > socket
> > > activation or nothing will be advertised. Is that what you mean?
> >
> > No, how would socket activation prevent advertising?
>
> As currently implemented in the Shepherd, socket activation means
> that
> the process is started lazily, the first time a connection request is
> made. If the ‘guix publish’ process isn’t started, then DNS-SD
> publication doesn’t happen.
Right, the DNS-SD publication would only happen when ‘guix publish’ is
contacted directly, e.g. somebody doing "guix build --substitute-
urls=http://...".
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-11 10:06 ` Maxime Devos
@ 2022-04-11 20:33 ` Ludovic Courtès
2022-04-12 8:42 ` Maxime Devos
2022-04-12 8:48 ` Maxime Devos
0 siblings, 2 replies; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-11 20:33 UTC (permalink / raw)
To: Maxime Devos; +Cc: 54811
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op ma 11-04-2022 om 11:48 [+0200]:
>> > * bonus: except possibly for the secret key material, "guix
>> > publish"
>> > does not have to be started as root anymore even if uses a
>> > reserved port such as port 80 (assuming socket activation is
>> > used).
>>
>> But it does need to access the secret key…
>
> The ‘guix publish’ could be run as a separate, say, guix-publish user,
> and the secret key could be made readable to guix-publish.
That doesn’t sound reasonable.
> Alternatively, the shepherd could open the secret key file on behalf of
> ‘guix publish’ and send it together with the listening socket to ‘guix
> publish’.
Sure, that’s feasible, but that’d require a custom protocol that I’d
rather avoid.
As things are now, ‘guix publish’ drops privileges as soon as it has
opened the signing key anyway.
Ludo’.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-11 10:08 ` Maxime Devos
@ 2022-04-11 20:34 ` Ludovic Courtès
0 siblings, 0 replies; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-11 20:34 UTC (permalink / raw)
To: Maxime Devos; +Cc: 54811
Maxime Devos <maximedevos@telenet.be> skribis:
> I meant running ‘guix publish’ inside a container, not shepherd as a
> whole in a container. Basically, make-forkexec-constructor/container,
> but for socket activation.
Oh, I see; that’s future work (the existing
‘make-forkexec-constructor/container’ is not composable, we need
something else.)
Ludo’.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-11 20:33 ` Ludovic Courtès
@ 2022-04-12 8:42 ` Maxime Devos
2022-04-12 10:15 ` Ludovic Courtès
2022-04-12 8:48 ` Maxime Devos
1 sibling, 1 reply; 22+ messages in thread
From: Maxime Devos @ 2022-04-12 8:42 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 54811
[-- Attachment #1: Type: text/plain, Size: 1076 bytes --]
Ludovic Courtès schreef op ma 11-04-2022 om 22:33 [+0200]:
> > Alternatively, the shepherd could open the secret key file on
> > behalf of
> > ‘guix publish’ and send it together with the listening socket to
> > ‘guix
> > publish’.
>
> Sure, that’s feasible, but that’d require a custom protocol that I’d
> rather avoid.
I don't think it does, as long as we are using Shepherd and not SystemD
(I don't think that SystemD supports opening regular files instead of
sockets?), we could just
* extend 'endpoint->listening-socket' (in Shepherd) to allow opening
regular files (and not only actual sockets)
* in 'systemd-socket' (in (guix scripts publish)), expect two startup
file descriptors instead of one startup file descriptor, and return
both (the first one is the actual listening socket, the second one
the secret key file)
* modify 'guix-publish' appropriately
* modify the guix-publish service to pass the file descriptor of the
secret key file in addition to listening socket.
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-11 20:33 ` Ludovic Courtès
2022-04-12 8:42 ` Maxime Devos
@ 2022-04-12 8:48 ` Maxime Devos
1 sibling, 0 replies; 22+ messages in thread
From: Maxime Devos @ 2022-04-12 8:48 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 54811
[-- Attachment #1: Type: text/plain, Size: 1149 bytes --]
Ludovic Courtès schreef op ma 11-04-2022 om 22:33 [+0200]:
> > Ludovic Courtès schreef op ma 11-04-2022 om 11:48 [+0200]:
> > > > * bonus: except possibly for the secret key material, "guix
> > > > publish"
> > > > does not have to be started as root anymore even if uses
> > > > a
> > > > reserved port such as port 80 (assuming socket activation
> > > > is
> > > > used).
> > >
> > > But it does need to access the secret key…
> >
> > The ‘guix publish’ could be run as a separate, say, guix-publish
> > user,
> > and the secret key could be made readable to guix-publish.
>
> That doesn’t sound reasonable.
Why not? ‘guix publish’ needs read access to the secret key anyway.
Though then (if done with chown) ‘guix publish’ could modify the secret
key file, so maybe instead of making it ‘owned’ by the 'guix-publish'
user, maybe just set an ACL to allow read access from ‘guix-publish’
but not write access?
Though that seems to be more complex than just letting ‘guix publish’
open the file and change users by itself, so maybe not.
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-12 8:42 ` Maxime Devos
@ 2022-04-12 10:15 ` Ludovic Courtès
0 siblings, 0 replies; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-12 10:15 UTC (permalink / raw)
To: Maxime Devos; +Cc: 54811
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op ma 11-04-2022 om 22:33 [+0200]:
>> > Alternatively, the shepherd could open the secret key file on
>> > behalf of
>> > ‘guix publish’ and send it together with the listening socket to
>> > ‘guix
>> > publish’.
>>
>> Sure, that’s feasible, but that’d require a custom protocol that I’d
>> rather avoid.
>
> I don't think it does, as long as we are using Shepherd and not SystemD
> (I don't think that SystemD supports opening regular files instead of
> sockets?), we could just
>
> * extend 'endpoint->listening-socket' (in Shepherd) to allow opening
> regular files (and not only actual sockets)
> * in 'systemd-socket' (in (guix scripts publish)), expect two startup
> file descriptors instead of one startup file descriptor, and return
> both (the first one is the actual listening socket, the second one
> the secret key file)
We could, but like I wrote, I’d rather stick to the existing systemd (or
inetd) protocol, especially since this extension wouldn’t buy us much IMO.
Ludo’.
^ permalink raw reply [flat|nested] 22+ messages in thread
* bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon'
2022-04-09 9:20 ` Maxime Devos
@ 2022-04-14 12:51 ` Ludovic Courtès
0 siblings, 0 replies; 22+ messages in thread
From: Ludovic Courtès @ 2022-04-14 12:51 UTC (permalink / raw)
To: Maxime Devos; +Cc: 54811-done
Hi,
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op za 09-04-2022 om 11:13 [+0200]:
>> + "If this program is being spawned through systemd-style \"socket
>> +activation\", whereby the listening socket is passed as file descriptor 3,
>> +return the corresponding socket."
>
> And if it isn't, what is returned then?
>
> "Otherwise, return #false."
I fixed that and pushed:
5f74169e8e daemon: Support systemd-style socket activation.
b9233cb9a8 publish: Support systemd-style socket activation.
17c6d00b57 publish: Use SRFI-71 instead of SRFI-11.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2022-04-14 12:54 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-04-09 9:12 [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Ludovic Courtès
2022-04-09 9:13 ` [bug#54811] [PATCH 1/3] publish: Use SRFI-71 instead of SRFI-11 Ludovic Courtès
2022-04-09 9:13 ` [bug#54811] [PATCH 2/3] publish: Support systemd-style socket activation Ludovic Courtès
2022-04-09 9:20 ` Maxime Devos
2022-04-14 12:51 ` bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Ludovic Courtès
2022-04-09 9:13 ` [bug#54811] [PATCH 3/3] daemon: Support systemd-style socket activation Ludovic Courtès
2022-04-09 9:29 ` Maxime Devos
2022-04-09 20:28 ` [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Ludovic Courtès
2022-04-09 9:19 ` Maxime Devos
2022-04-09 20:30 ` Ludovic Courtès
2022-04-09 20:49 ` Maxime Devos
2022-04-10 17:34 ` Ludovic Courtès
2022-04-10 17:43 ` Maxime Devos
2022-04-11 9:48 ` Ludovic Courtès
2022-04-11 10:06 ` Maxime Devos
2022-04-11 20:33 ` Ludovic Courtès
2022-04-12 8:42 ` Maxime Devos
2022-04-12 10:15 ` Ludovic Courtès
2022-04-12 8:48 ` Maxime Devos
2022-04-11 10:08 ` Maxime Devos
2022-04-11 20:34 ` Ludovic Courtès
2022-04-11 10:10 ` Maxime Devos
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.