Received: (at 63877) by debbugs.gnu.org; 19 Oct 2023 14:42:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Oct 19 10:42:00 2023
Received: from localhost ([127.0.0.1]:37409 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qtUDo-00019i-2s
for submit <at> debbugs.gnu.org; Thu, 19 Oct 2023 10:42:00 -0400
Received: from smtpm1.myservices.hosting ([185.26.105.232]:38314)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mirai@HIDDEN>) id 1qtUDl-00019Y-Pz
for 63877 <at> debbugs.gnu.org; Thu, 19 Oct 2023 10:41:59 -0400
Received: from mail1.netim.hosting (unknown [185.26.106.173])
by smtpm1.myservices.hosting (Postfix) with ESMTP id B00FE2023A;
Thu, 19 Oct 2023 16:41:28 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by mail1.netim.hosting (Postfix) with ESMTP id E438980099;
Thu, 19 Oct 2023 16:32:40 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting
Received: from mail1.netim.hosting ([127.0.0.1])
by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id Fzffnv2mtbct; Thu, 19 Oct 2023 16:32:40 +0200 (CEST)
Received: from [192.168.1.116] (unknown [10.192.1.83])
(Authenticated sender: lumen@HIDDEN)
by mail1.netim.hosting (Postfix) with ESMTPSA id 2883E80098;
Thu, 19 Oct 2023 16:32:40 +0200 (CEST)
Message-ID: <7be3201e-af9b-4ad0-81d6-44ab316d2162@HIDDEN>
Date: Thu, 19 Oct 2023 15:32:39 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v2] gnu: services: web: Allow specifying extra php-fpm
environment variables.
To: Timo Wilken <guix@HIDDEN>
References: <e02dd0f19603c3e0090137ace5a407dd448e0d88.1685887116.git.guix@HIDDEN>
<c3959254-e0bb-381d-2794-026d77fd080d@HIDDEN>
<CW9AEBJE8HPR.3SM3M2A289DNG@HIDDEN>
Content-Language: en-US
From: Bruno Victal <mirai@HIDDEN>
In-Reply-To: <CW9AEBJE8HPR.3SM3M2A289DNG@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 63877
Cc: 63877 <at> debbugs.gnu.org, =?UTF-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Timo,
On 2023-10-15 21:54, Timo Wilken wrote:
> Hi Bruno, (hi Ludo'), thank you for your detailed feedback and sorry for not
> responding earlier!
>
> On Mon Jun 5, 2023 at 5:44 AM CEST, Bruno Victal wrote:
>> Ungexp-ing lists can be rather tricky [...]
>>
>> You need to quote the list [...]
>
> I was thinking of something closer to the example I added to doc/guix.texi in
> my patch. The gexp would not be a list directly, but instead be some code that
> would produce a list when evaluated, e.g.:
>
> --8<---------------cut here---------------start------------->8---
> #~(list (string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs"))))
> --8<---------------cut here---------------end--------------->8---
>
> That would let you refer to store paths in variable values, instead of being
> limited to literal strings.
Right, I can see that it is indeed useful to accept a G-Exp instead.
> As far as I know, the following throws an error, and `file-append' instead of
> `string-append' wouldn't work because of the `"SSL_CERT_DIR="' prefix, right?
>
> --8<---------------cut here---------------start------------->8---
> #~(#$(string-append "SSL_CERT_DIR=" nss-certs "/etc/ssl/certs"))))
> --8<---------------cut here---------------end--------------->8---
This ungexp doesn't work because it's “too wide”, in fact the bug
in [1] was caused by a very similar snippet.
Furthermore this would still run into the ungexp pitfall of being
interpreted as a procedure call since you now have:
--8<---------------cut here---------------start------------->8---
…
#:environment-variables (append ("SSL_CERT_DIR=<garbage-here>…" …)
(default-environment-variables))
…
--8<---------------cut here---------------end--------------->8---
You could try using a list gexps/strings like this:
--8<---------------cut here---------------start------------->8---
(list #~(string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs")
"FOO=bar"
(string-append "BAR=" 999))
--8<---------------cut here---------------end--------------->8---
Although your G-Exp idea might be better as it obviates the
need to do things like '#$ (by using #~(list …) or #~'("foo" …)).
[1]: <https://issues.guix.gnu.org/65383>
--
Furthermore, I consider that nonfree software must be eradicated.
Cheers,
Bruno.
guix-patches@HIDDEN:bug#63877; Package guix-patches.
Full text available.Received: (at 63877) by debbugs.gnu.org; 15 Oct 2023 20:55:04 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Oct 15 16:55:04 2023 Received: from localhost ([127.0.0.1]:54220 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1qs88d-0007FH-Lv for submit <at> debbugs.gnu.org; Sun, 15 Oct 2023 16:55:03 -0400 Received: from mx1.mythic-beasts.com ([2a00:1098:0:86:1000:0:2:1]:44529) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <timo@HIDDEN>) id 1qs88Z-0007Eh-Ic for 63877 <at> debbugs.gnu.org; Sun, 15 Oct 2023 16:55:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=twilken.net ; s=mythic-beasts-k1; h=From:Subject:To:Date; bh=k7A6NJKCay06GHLiIAj4NQOQ9gtN+8vXwR418wSJJf4=; b=KmnpP4DRVT0ptSge2ydXelCoKl E36DqEkK4fjNhI75IDPj/e/yBoB7x/AjSHUBy9BDfyyQL8tj4LHKE4xwALi0XOO2sKko82HL2kl+c zFSEs6RRx3RFJqpQXzaMWXE8J9EL0aF4nlZqFQ/YXHomS32JX64VVi3mOFQEVW0B7fvgqVhHgp2xr pQVhKv64LS++3jLyh/1YT06M3g9LoafhmDHwSyEG+ODYf9NQZyj0FGjH+AQINe6pZwQc+2h5wovmw r801M+YGPdahvOzTg4B+lrz7oxwdCaemFx17DP0HZykG6LkQLSPT+jUI8iE+ZD8lJfrU0VIsNLkLu qdDnvipQ==; Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <timo@HIDDEN>) id 1qs880-00BFT4-Ej; Sun, 15 Oct 2023 21:54:24 +0100 Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sun, 15 Oct 2023 22:54:06 +0200 To: "Bruno Victal" <mirai@HIDDEN>, =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Subject: Re: [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables. From: "Timo Wilken" <guix@HIDDEN> Message-Id: <CW9AEBJE8HPR.3SM3M2A289DNG@HIDDEN> X-Mailer: aerc 0.15.2 References: <e02dd0f19603c3e0090137ace5a407dd448e0d88.1685887116.git.guix@HIDDEN> <c3959254-e0bb-381d-2794-026d77fd080d@HIDDEN> In-Reply-To: <c3959254-e0bb-381d-2794-026d77fd080d@HIDDEN> X-BlackCat-Spam-Score: 7 X-Spam-Status: No, score=0.7 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 63877 Cc: 63877 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Bruno, (hi Ludo'), thank you for your detailed feedback and sorry for no= t responding earlier! On Mon Jun 5, 2023 at 5:44 AM CEST, Bruno Victal wrote: > Ungexp-ing lists can be rather tricky [...] > > You need to quote the list [...] I was thinking of something closer to the example I added to doc/guix.texi = in my patch. The gexp would not be a list directly, but instead be some code t= hat would produce a list when evaluated, e.g.: --8<---------------cut here---------------start------------->8--- #~(list (string-append "SSL_CERT_DIR=3D" #$nss-certs "/etc/ssl/certs")))) --8<---------------cut here---------------end--------------->8--- That would let you refer to store paths in variable values, instead of bein= g limited to literal strings. As far as I know, the following throws an error, and `file-append' instead = of `string-append' wouldn't work because of the `"SSL_CERT_DIR=3D"' prefix, ri= ght? --8<---------------cut here---------------start------------->8--- #~(#$(string-append "SSL_CERT_DIR=3D" nss-certs "/etc/ssl/certs")))) --8<---------------cut here---------------end--------------->8--- If you have any ideas on a better way to do this, let me know! > Bonus points if you can write a small system test for this. (see > gnu/tests/web.scm for inspiration) > For our purposes, a pair of HTTP servers where one of them uses a > self-signed certificate will suffice. Thanks for the pointer! I'll try to get something basic working along the lines of the php-fpm tests already there, and send a PATCH v3 soon. I was thinking of only verifying that an arbitrary sentinel variable is set, and = not bother to test SSL_*-related behaviour, but I can try to get the latter working if you think that would be better.
guix-patches@HIDDEN:bug#63877; Package guix-patches.
Full text available.Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at 63877) by debbugs.gnu.org; 1 Jul 2023 14:41:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jul 01 10:41:09 2023
Received: from localhost ([127.0.0.1]:58468 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qFbme-00047t-Pe
for submit <at> debbugs.gnu.org; Sat, 01 Jul 2023 10:41:09 -0400
Received: from eggs.gnu.org ([209.51.188.92]:39670)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1qFbmc-00047X-P5
for 63877 <at> debbugs.gnu.org; Sat, 01 Jul 2023 10:41:07 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1qFbmW-0003zt-Og; Sat, 01 Jul 2023 10:41:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
From; bh=a6YhyTeXqE4/KdzY0EWuyx7MySd6Z2HM+omvacVHGgk=; b=Ehegan8DbaDYpEepmRDb
AE6XiCUEwTiQtQDG9kIvDv4LQYf3Q3vzM4rRurahxIIMdVCSWEQk7x5jRlKpT0W+ye2HSf3b13FZ5
aaBmOoUKlf3Vk4vCsigFsR8gbGMlN3rj2fBpNjO24gbqRPjfqUmW9hjF5kELFO+Uba7fZ0d/TNKaD
4BWxc41h5MNJASzA+/0KSOhhPtsJl3R0qqTDVdvb1iwCznnnYkUrYNaAwHncH613LXpYcjWa1tBmE
WOn6JW+UeCcQR2YSSQBXIIY6ZwlptBBpPfW/CWEKJo+KSDY9OPXcwTZ8CwvC6Y0XYRdI9F2Ch+x+J
HJkvRNTe6q987g==;
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1qFbmW-0000WZ-CK; Sat, 01 Jul 2023 10:41:00 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Bruno Victal <mirai@HIDDEN>
Subject: Re: bug#63877: [PATCH] gnu: services: web: Set SSL_CERT_DIR in
php-fpm environment.
References: <e02dd0f19603c3e0090137ace5a407dd448e0d88.1685887116.git.guix@HIDDEN>
<c3959254-e0bb-381d-2794-026d77fd080d@HIDDEN>
Date: Sat, 01 Jul 2023 16:40:59 +0200
In-Reply-To: <c3959254-e0bb-381d-2794-026d77fd080d@HIDDEN> (Bruno
Victal's message of "Mon, 5 Jun 2023 04:44:37 +0100")
Message-ID: <87zg4fy9s4.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 63877
Cc: 63877 <at> debbugs.gnu.org, Timo Wilken <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Timo,
Did you have a chance to look into implementing Bruno=E2=80=99s suggestions?
https://issues.guix.gnu.org/63877
Ludo=E2=80=99.
Bruno Victal <mirai@HIDDEN> skribis:
> On 2023-06-04 14:59, Timo Wilken wrote:
>> @@ -1096,6 +1100,9 @@ (define php-fpm-shepherd-service
>> #$@(if php-ini-file
>> `("-c" ,php-ini-file)
>> '()))
>> + #:environment-variables
>> + (append #$environment-variables
>> + (default-environment-variables))
>
> Ungexp-ing lists can be rather tricky since your snippet will expand to:
>
> ...
> #:environment-variables (append ("FOO=3Dbar" ...)
> (default-environment-variables))
> ...
>
>
> Which is interpreted as a procedure call. (and results in a hanged shephe=
rd)
>
> You need to quote the list here:
>
> #:environment-variables (append '#$environment-variables
> (default-environment-variables))
>
> Bonus points if you can write a small system test for this. (see
> gnu/tests/web.scm for inspiration)
> For our purposes, a pair of HTTP servers where one of them uses a
> self-signed certificate will suffice.
guix-patches@HIDDEN:bug#63877; Package guix-patches.
Full text available.
Received: (at 63877) by debbugs.gnu.org; 5 Jun 2023 03:52:06 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jun 04 23:52:06 2023
Received: from localhost ([127.0.0.1]:47669 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1q61GI-00037a-BP
for submit <at> debbugs.gnu.org; Sun, 04 Jun 2023 23:52:06 -0400
Received: from smtpm5.myservices.hosting ([185.26.105.236]:43618)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mirai@HIDDEN>) id 1q61GG-00037R-5F
for 63877 <at> debbugs.gnu.org; Sun, 04 Jun 2023 23:52:05 -0400
Received: from mail1.netim.hosting (unknown [185.26.106.173])
by smtpm5.myservices.hosting (Postfix) with ESMTP id 1140120D25;
Mon, 5 Jun 2023 05:52:01 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by mail1.netim.hosting (Postfix) with ESMTP id 1999B80097;
Mon, 5 Jun 2023 05:44:39 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting
Received: from mail1.netim.hosting ([127.0.0.1])
by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id oFBD1LC2XNHk; Mon, 5 Jun 2023 05:44:38 +0200 (CEST)
Received: from [192.168.1.116] (unknown [10.192.1.83])
(Authenticated sender: lumen@HIDDEN)
by mail1.netim.hosting (Postfix) with ESMTPSA id 9285B80060;
Mon, 5 Jun 2023 05:44:38 +0200 (CEST)
Message-ID: <c3959254-e0bb-381d-2794-026d77fd080d@HIDDEN>
Date: Mon, 5 Jun 2023 04:44:37 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.11.2
Subject: Re: [PATCH v2] gnu: services: web: Allow specifying extra php-fpm
environment variables.
Content-Language: en-US
To: Timo Wilken <guix@HIDDEN>
References: <e02dd0f19603c3e0090137ace5a407dd448e0d88.1685887116.git.guix@HIDDEN>
From: Bruno Victal <mirai@HIDDEN>
In-Reply-To: <e02dd0f19603c3e0090137ace5a407dd448e0d88.1685887116.git.guix@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.1 (-)
X-Debbugs-Envelope-To: 63877
Cc: 63877 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.1 (--)
On 2023-06-04 14:59, Timo Wilken wrote:
> @@ -1096,6 +1100,9 @@ (define php-fpm-shepherd-service
> #$@(if php-ini-file
> `("-c" ,php-ini-file)
> '()))
> + #:environment-variables
> + (append #$environment-variables
> + (default-environment-variables))
Ungexp-ing lists can be rather tricky since your snippet will expand to:
--8<---------------cut here---------------start------------->8---
...
#:environment-variables (append ("FOO=bar" ...)
(default-environment-variables))
...
--8<---------------cut here---------------end--------------->8---
Which is interpreted as a procedure call. (and results in a hanged shepherd)
You need to quote the list here:
--8<---------------cut here---------------start------------->8---
#:environment-variables (append '#$environment-variables
(default-environment-variables))
--8<---------------cut here---------------end--------------->8---
Bonus points if you can write a small system test for this. (see
gnu/tests/web.scm for inspiration)
For our purposes, a pair of HTTP servers where one of them uses a
self-signed certificate will suffice.
--
Furthermore, I consider that nonfree software must be eradicated.
Cheers,
Bruno.
guix-patches@HIDDEN:bug#63877; Package guix-patches.
Full text available.
Received: (at 63877) by debbugs.gnu.org; 4 Jun 2023 13:59:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jun 04 09:59:35 2023
Received: from localhost ([127.0.0.1]:46814 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1q5oGc-0002bw-GV
for submit <at> debbugs.gnu.org; Sun, 04 Jun 2023 09:59:34 -0400
Received: from mx2.mythic-beasts.com ([46.235.227.24]:39303)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <guix@HIDDEN>) id 1q5oGa-0002bg-5M
for 63877 <at> debbugs.gnu.org; Sun, 04 Jun 2023 09:59:33 -0400
Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
(envelope-from <guix@HIDDEN>)
id 1q5oGT-00AVTe-Rt; Sun, 04 Jun 2023 14:59:26 +0100
From: Timo Wilken <guix@HIDDEN>
To: 63877 <at> debbugs.gnu.org
Subject: [PATCH v2] gnu: services: web: Allow specifying extra php-fpm
environment variables.
Date: Sun, 4 Jun 2023 15:59:03 +0200
Message-Id: <e02dd0f19603c3e0090137ace5a407dd448e0d88.1685887116.git.guix@HIDDEN>
X-Mailer: git-send-email 2.40.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BlackCat-Spam-Score: 9
X-Spam-Status: No, score=0.9
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 63877
Cc: mirai@HIDDEN, Timo Wilken <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For
this, they need to know where the system CA certificates are, so SSL_CERT_DIR
needs to be set.
This can be accomplished by the user using the new environment-variables field
of <php-fpm-configuration>.
This field is empty by default to preserve the existing behaviour of php-fpm.
* gnu/services/web.scm (<php-fpm-configuration>): Add environment-variables field.
(php-fpm-shepherd-service): Use the new field.
* doc/guix.texi (Web Services): Document the new field.
---
> How about exposing this as a new environment-variable record field à la
> mpd-configuration (gnu services audio)?
Hi Bruno, that's a good point!
I've added a new field instead where the user can specify arbitrary
environment variables. I've left it empty by default so there's no added
dependency on any package, and documented my intended use case in the info
manual instead.
Caveat: I haven't tested this "live" yet.
doc/guix.texi | 12 ++++++++++++
gnu/services/web.scm | 11 +++++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 7f8d8d66e9..441867afee 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30994,6 +30994,18 @@ Web Services
An optional override of the default php settings.
It may be any ``file-like'' object (@pxref{G-Expressions, file-like objects}).
You can use the @code{mixed-text-file} function or an absolute filepath for it.
+@item @code{environment-variables} (default @code{#~(list)})
+A gexp (@pxref{G-Expressions}) which produces a list of strings
+representing environment variable assignments.
+These environment variables are set for the php-fpm process.
+This can be used to, for example, point php-fpm at the CA certificates
+in the @code{nss-certs} package from @code{(gnu packages certs)}:
+@lisp
+(php-fpm-configuration
+ ;; @dots{}
+ (environment-variables
+ #~(list (string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs"))))
+@end lisp
For local development it is useful to set a higher timeout and memory
limit for spawned php processes. This be accomplished with the
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 45897d7d6f..1c496d5946 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -16,6 +16,7 @@
;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton <brown121407@HIDDEN>
;;; Copyright © 2022 Simen Endsjø <simendsjo@HIDDEN>
;;; Copyright © 2023 Bruno Victal <mirai@HIDDEN>
+;;; Copyright © 2023 Timo Wilken <guix@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -974,7 +975,9 @@ (define-record-type* <php-fpm-configuration> php-fpm-configuration
(file php-fpm-configuration-file ;#f | file-like
(default #f))
(php-ini-file php-fpm-configuration-php-ini-file ;#f | file-like
- (default #f)))
+ (default #f))
+ (environment-variables php-fpm-configuration-environment-variables ;gexp producing list-of-strings
+ (default #~(list))))
(define-record-type* <php-fpm-dynamic-process-manager-configuration>
php-fpm-dynamic-process-manager-configuration
@@ -1081,7 +1084,8 @@ (define php-fpm-shepherd-service
(match-lambda
(($ <php-fpm-configuration> php socket user group socket-user socket-group
pid-file log-file pm display-errors
- timezone workers-log-file file php-ini-file)
+ timezone workers-log-file file php-ini-file
+ environment-variables)
(list (shepherd-service
(provision '(php-fpm))
(documentation "Run the php-fpm daemon.")
@@ -1096,6 +1100,9 @@ (define php-fpm-shepherd-service
#$@(if php-ini-file
`("-c" ,php-ini-file)
'()))
+ #:environment-variables
+ (append #$environment-variables
+ (default-environment-variables))
#:pid-file #$pid-file))
(stop #~(make-kill-destructor)))))))
base-commit: 66c9b82fed3c59ee07187898592c688c82fed273
--
2.40.1
guix-patches@HIDDEN:bug#63877; Package guix-patches.
Full text available.Received: (at 63877) by debbugs.gnu.org; 3 Jun 2023 22:19:01 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jun 03 18:19:01 2023 Received: from localhost ([127.0.0.1]:44462 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1q5ZaP-0007oK-C9 for submit <at> debbugs.gnu.org; Sat, 03 Jun 2023 18:19:01 -0400 Received: from smtpm4.myservices.hosting ([185.26.105.235]:42998) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mirai@HIDDEN>) id 1q5ZaM-0007o8-Lc for 63877 <at> debbugs.gnu.org; Sat, 03 Jun 2023 18:18:59 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm4.myservices.hosting (Postfix) with ESMTP id B8C3920C80; Sun, 4 Jun 2023 00:18:57 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 0DED480097; Sun, 4 Jun 2023 00:18:57 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 37HNox9YgHDZ; Sun, 4 Jun 2023 00:18:56 +0200 (CEST) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@HIDDEN) by mail1.netim.hosting (Postfix) with ESMTPSA id 949A580060; Sun, 4 Jun 2023 00:18:56 +0200 (CEST) Message-ID: <a3fc717c-ac12-b70d-c153-ac08ef7c486c@HIDDEN> Date: Sat, 3 Jun 2023 23:18:51 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 Subject: Re: [bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment. Content-Language: en-US To: Timo Wilken <guix@HIDDEN> References: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@HIDDEN> From: Bruno Victal <mirai@HIDDEN> In-Reply-To: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@HIDDEN> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: 63877 Cc: 63877 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.1 (--) Hi Timo, On 2023-06-03 19:25, Timo Wilken wrote: > Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For > this, they need to know where the system CA certificates are. > > * gnu/services/web.scm (php-fpm-shepherd-service): Set SSL_CERT_DIR > environment variable. > --- > > This solution adds a dependency from the resulting Shepherd service to the > nss-certs package, which weighs 0.3 MiB. An alternative solution might be to > set SSL_CERT_DIR=/etc/ssl/certs instead and rely on nss-certs being installed > system-wide. How about exposing this as a new environment-variable record field à la mpd-configuration (gnu services audio)? Forcing the service to use a specific package seems overly rigid since it would make it impossible to specify alternate/custom certificates or nss-certs package variants. -- Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno.
guix-patches@HIDDEN:bug#63877; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 3 Jun 2023 18:25:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jun 03 14:25:49 2023
Received: from localhost ([127.0.0.1]:44282 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1q5Vwj-0001gZ-AI
for submit <at> debbugs.gnu.org; Sat, 03 Jun 2023 14:25:49 -0400
Received: from lists.gnu.org ([209.51.188.17]:49502)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <guix@HIDDEN>) id 1q5Vwg-0001gO-Fq
for submit <at> debbugs.gnu.org; Sat, 03 Jun 2023 14:25:47 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <guix@HIDDEN>) id 1q5Vwg-0003gc-A7
for guix-patches@HIDDEN; Sat, 03 Jun 2023 14:25:46 -0400
Received: from mx1.mythic-beasts.com ([2a00:1098:0:86:1000:0:2:1])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <guix@HIDDEN>) id 1q5Vwe-0000kD-EP
for guix-patches@HIDDEN; Sat, 03 Jun 2023 14:25:46 -0400
Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.3) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
(envelope-from <guix@HIDDEN>)
id 1q5Vwc-00Fdc8-FC; Sat, 03 Jun 2023 19:25:42 +0100
From: Timo Wilken <guix@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment.
Date: Sat, 3 Jun 2023 20:25:12 +0200
Message-Id: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@HIDDEN>
X-Mailer: git-send-email 2.40.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BlackCat-Spam-Score: 9
X-Spam-Status: No, score=0.9
Received-SPF: pass client-ip=2a00:1098:0:86:1000:0:2:1;
envelope-from=guix@HIDDEN; helo=mx1.mythic-beasts.com
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
Cc: Timo Wilken <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For
this, they need to know where the system CA certificates are.
* gnu/services/web.scm (php-fpm-shepherd-service): Set SSL_CERT_DIR
environment variable.
---
This solution adds a dependency from the resulting Shepherd service to the
nss-certs package, which weighs 0.3 MiB. An alternative solution might be to
set SSL_CERT_DIR=/etc/ssl/certs instead and rely on nss-certs being installed
system-wide.
gnu/services/web.scm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 45897d7d6f..e46710a040 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -16,6 +16,7 @@
;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton <brown121407@HIDDEN>
;;; Copyright © 2022 Simen Endsjø <simendsjo@HIDDEN>
;;; Copyright © 2023 Bruno Victal <mirai@HIDDEN>
+;;; Copyright © 2023 Timo Wilken <guix@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -1096,6 +1097,12 @@ (define php-fpm-shepherd-service
#$@(if php-ini-file
`("-c" ,php-ini-file)
'()))
+ #:environment-variables
+ (cons*
+ ;; Needed by e.g. Nextcloud to make HTTPS requests.
+ (string-append
+ "SSL_CERT_DIR=" #$(file-append nss-certs "/etc/ssl/certs"))
+ (default-environment-variables))
#:pid-file #$pid-file))
(stop #~(make-kill-destructor)))))))
base-commit: 66c9b82fed3c59ee07187898592c688c82fed273
--
2.40.1
Timo Wilken <guix@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#63877; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.