From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id +GeRNo+bWmQOBAEASxT56A (envelope-from ) for ; Tue, 09 May 2023 21:14:24 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id AH22NY+bWmQ0bAEAG6o9tA (envelope-from ) for ; Tue, 09 May 2023 21:14:23 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4339729ACA for ; Tue, 9 May 2023 21:14:23 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pwSmi-0003Z3-Ag; Tue, 09 May 2023 15:14:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pwSmg-0003Yv-RJ for bug-guix@gnu.org; Tue, 09 May 2023 15:14:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pwSmg-0005nO-Id for bug-guix@gnu.org; Tue, 09 May 2023 15:14:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pwSmg-0002AS-0D for bug-guix@gnu.org; Tue, 09 May 2023 15:14:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#60657: Rethinking how service extensions work Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 09 May 2023 19:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 60657 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 60657@debbugs.gnu.org Received: via spool by 60657-submit@debbugs.gnu.org id=B60657.16836595868260 (code B ref 60657); Tue, 09 May 2023 19:14:01 +0000 Received: (at 60657) by debbugs.gnu.org; 9 May 2023 19:13:06 +0000 Received: from localhost ([127.0.0.1]:44513 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pwSlm-000299-2k for submit@debbugs.gnu.org; Tue, 09 May 2023 15:13:06 -0400 Received: from smtpmciv3.myservices.hosting ([185.26.107.239]:58532) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pwSlh-00028h-S6 for 60657@debbugs.gnu.org; Tue, 09 May 2023 15:13:05 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv3.myservices.hosting (Postfix) with ESMTP id D7B70206BB; Tue, 9 May 2023 21:12:59 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 4795680098; Tue, 9 May 2023 21:12:59 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0O9VsCco37HR; Tue, 9 May 2023 21:12:58 +0200 (CEST) Received: from [192.168.1.239] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id A8F7780097; Tue, 9 May 2023 21:12:58 +0200 (CEST) Message-ID: Date: Tue, 9 May 2023 20:12:58 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Content-Language: en-US References: <87pm9xy6xh.fsf@gnu.org> From: Bruno Victal In-Reply-To: <87pm9xy6xh.fsf@gnu.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Seal: i=1; s=key1; d=yhetil.org; t=1683659663; a=rsa-sha256; cv=none; b=A5m+0eWTJjgzCinRqlU1De0y1TcXvYNfvtkb4AwvQV1s1SWl/iC8LS5Yz2dlOvz/NQVdwx X18oMcEWjlsSBpDuoiItzmdWumByUtv/AOVSJsLBuVCkAyfed4Q4w6nYsBgCrbYtwPj2/w p2huwbE79qgSGiLTwM8u6wWDseDaY52kGOgfmclSZOpX+u1n19pwiGR8l7Q6F8T+D71DCO /ROqzedyjfZRctK04Tzz8OHEbGfpjOLBIRG8aYb5SL9OmtMn3GXKEb9GFserT5lWZqGXIO YDk+TgNv+C369qSKkCtKA5adZwQbgT7G1Wsp2UEHs66uUrHDOuy+YTyBTfGplA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1683659663; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=/D/Fp+HrC2X2VfmP1mazPtDO4E9S+vdHzSW2gTlGwiI=; b=ajK2lyAFQRD3ls2ZulCMGuw5nRCw5equkbz1oRsddiWVzYH1QQlycxU9Aw5pFtNSGyuttW 52KgfumxMb42jewbxmq+Pilx3zAR9jXVWGrPNVrs5H5oEG8Zx9uoOLQTPnGnlN+rt66cSP EYUtQ2PpfuWvM0tkWzdKQjNltSxBSQxYMhNVljzdNJ2Mreo8tZLks3V6GAc/VZGfQTY2H1 MWWMx9frszv9/GICXqxbXT0YLqI5m8poBzyI0GLv9bOpNu63J+hYk5ceBNlIL4w0GcoDng 7VztxkJJu8rngysKplScLXipLKXtCOnkDYQ+dgTRguMjK0U7nkbUwwQJlURq2Q== X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.68 X-Spam-Score: -1.68 X-Migadu-Queue-Id: 4339729ACA X-TUID: Z4q9IgP9AwjH Hi Ludo’, On 2023-02-25 17:46, Ludovic Courtès wrote: > Bruno Victal skribis: >> In [1], the issue arises from using activation-service-type to create files/directories for services >> when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service. >> 'activation-service-type' should only be used for doing things "listed on its label", that is, performing >> actions at boot-time or after a system reconfigure. > > Right. > > As we once discussed on IRC, the conclusion to me is that some of the > code currently implemented as activation snippets should rather be > implemented either as part of the ‘start’ method of the corresponding > Shepherd service, or as a one-shot Shepherd service that the main > service would depend on. I think moving them into the ‘start’ method is the best course of action. I'm considering the following changes: * Adding (gnu build activation) to %default-imported-modules + %default-modules in (gnu services shepherd). I expect that mkdir-p/perms is going to be used frequently enough, using the number of activation-service extensions in use as a rough estimate. * Refactor the activation extensions into the ‘start’ method, where it makes sense to do so. There's one issue I'm somewhat concerned about, consider the following snippet: --8<---------------cut here---------------start------------->8--- (define log-directory "/var/log") (define username "notroot") (start #~(lambda _ (mkdir-p/perms #$log-directory (getpw #$username) #o750) ...)) --8<---------------cut here---------------end--------------->8--- This is somewhat pitfall prone since you most likely don't want to chown /var/log to a non-root user. I'm unsure what's the best course to take here, would a simple file-exist? check before mkdir-p/perms be sufficient? In either case, with or without refactoring this issue is already present (but in activation-service extensions) so it's no worse than the status quo. >> (simple-service 'mount-overlayfs shepherd-root-service-type >> (list (shepherd-service (requirement '(foo-mount)) >> (provision '(overlayfs-foo)) >> (documentation "Mount OverlayFS.") >> (one-shot? #t) >> (start (let ((util-linux (@ (gnu packages linux) util-linux))) >> #~(lambda _ >> (system* #$(file-append util-linux "/bin/mount") >> "-t" "overlay" >> "-o" (string-append "noatime,nodev,noexec,ro," >> "lowerdir=" >> (string-join '("/srv/foo/overlays/top-layer" >> "/srv/foo/overlays/layer2" >> "/srv/foo/overlays/layer1" >> "/media/foo-base") ":")) >> "none" "/media/foo" ))))))) > > Note that this should prolly be declared as a ‘file-system’ rather than > as a custom service. That way, it would get a “standard” Shepherd > service. > > There are cases where we add explicit dependencies on > ‘file-system-/media/foo’ or similar. has a ‘dependencies’ > field specifically for this purpose (info "(guix) File Systems"). > > Would that work for you? Unfortunately OverlayFS is filtered out from fstab by Guix (reported #60246) and the dependencies field IMO is too restrictive, there should be a (sane) way to pass shepherd service symbols too. (for cases where a file system depends on 'networking or depends on a particular interface e.g. NFS mount that uses a IPv6 link-local address) Cheers, Bruno