Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at 71722) by debbugs.gnu.org; 26 Jul 2024 17:01:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jul 26 13:01:28 2024
Received: from localhost ([127.0.0.1]:39964 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sXOJr-0005sY-W7
for submit <at> debbugs.gnu.org; Fri, 26 Jul 2024 13:01:28 -0400
Received: from eggs.gnu.org ([209.51.188.92]:44040)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1sXOJp-0005sL-LA
for 71722 <at> debbugs.gnu.org; Fri, 26 Jul 2024 13:01:26 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1sXOJa-0006KC-Vl; Fri, 26 Jul 2024 13:01:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=h/mC1TDCRlI2NhITmw4e3GlYRyT4umq/DXcq6NcM6Sc=; b=rm5EXf5J9TEorIbs9aai
n3jrOk4H/iRQveH9CYNOYlg4TO1AnMb3F1tZN+3mKJhQG6B5mCvH7x51HBXfG0QThwbg+N9XuFvQN
+j+nGky9hiwhEAqucDqIU5S/8NPtPRfgKMfMPwpUwWOo4WRkgBzrutmULNWsQF3GqGLvN1pbdfcBa
aSEZRf7bXUQ96sgd0jzB3cGboxWh9HgZUDPo+WcsrOBwxIzJ6FpbBV0rt06RpyLqWaZhrI1lVAvUk
iktu6yvWraJioHMvBFbtm+SGxzF2O7LWtfnhTV3aPUSgl49r786a+11LMIxTFQfTVraIMR/cd2rGw
2t+NUsI3yUSfdw==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Rodion Goritskov <rodion.goritskov@HIDDEN>
Subject: Re: [bug#71722] [PATCH 0/2] services: Update agate-service-type to
match actual agate options
In-Reply-To: <cover.1719082137.git.rodion.goritskov@HIDDEN> (Rodion
Goritskov's message of "Sat, 22 Jun 2024 23:03:48 +0400")
References: <cover.1719082137.git.rodion.goritskov@HIDDEN>
Date: Fri, 26 Jul 2024 19:01:01 +0200
Message-ID: <87plr0ay0i.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 71722
Cc: 71722 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Rodion,
Rodion Goritskov <rodion.goritskov@HIDDEN> skribis:
> This patches makes agate-service-type work again - because current versio=
n of agate present
> in Guix has some options (and their logic) changed, making service-type n=
ot working.
>
> I have checked this changes on VM and they seems to be working fine.
>
> Rodion Goritskov (2):
> services: agate: Update options for compatibility with the current
> Agate version.
> services: agate-service-type: Update documentation.
I squashed the two patches (so that the doc is always consistent with
the code) and applied them.
A few things come to mind:
1. Could you come up with a system test under gnu/tests/*.scm? That
would allow us to detect breakage early on next time.
2. Though a deprecation policy has yet to be written, the idea is that
we should avoid breaking changes in user configuration as happens
when changing/removing fields in the config record.
3. The convention in Guix is to avoid abbreviations (=E2=80=9Ccertificate=
s=E2=80=9D
rather than =E2=80=9Ccerts=E2=80=9D, etc.). I realize those were alre=
ady there
though, so I thought I=E2=80=99d rather not ask you for extra work.
Thanks,
Ludo=E2=80=99.
guix-patches@HIDDEN:bug#71722; Package guix-patches.
Full text available.
Received: (at 71722) by debbugs.gnu.org; 22 Jun 2024 19:37:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jun 22 15:37:44 2024
Received: from localhost ([127.0.0.1]:57821 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sL6YS-0001RS-8a
for submit <at> debbugs.gnu.org; Sat, 22 Jun 2024 15:37:44 -0400
Received: from mail-ed1-f41.google.com ([209.85.208.41]:61766)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rodion.goritskov@HIDDEN>) id 1sL6YP-0001RD-NV
for 71722 <at> debbugs.gnu.org; Sat, 22 Jun 2024 15:37:42 -0400
Received: by mail-ed1-f41.google.com with SMTP id
4fb4d7f45d1cf-57d1012e52fso3515824a12.3
for <71722 <at> debbugs.gnu.org>; Sat, 22 Jun 2024 12:37:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1719084995; x=1719689795; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=N1aXpfejDC0OoBW0DuXaBkhE9Tl2WF+PbORDgm0v8lI=;
b=WPKBQ+dDEEb/A6D68SjyZy6VRtW87oZlUA8CdOBfxXDSbQCEWCliw4TvEM9casau9w
+lJS8lAlMP/044fIGbEDjVGL4BFC4zjGDgCYUmZ5DD4BQNc6KMRmoC4ByTjItrcHCtx+
7Gh4rcPSBaqN48EtMVqeQ2SJTrM4xyu4UqEKrx2Vh0LBxK6UpL+HkyRO5wANAuUUSfIa
tTI0n1v7kb7yk7ehhnmF0Vhlxx+fEzqFDb7MyCyA+SNeI4ULwrQOlPEq+tYlZXeTSb4c
l3ij1gnSH3fgY7KYWZPuadmDrwr/Txi/8koZF2rSwNBldrCSyGzaDtqLIEhqqUESKjxj
Iu9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1719084995; x=1719689795;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=N1aXpfejDC0OoBW0DuXaBkhE9Tl2WF+PbORDgm0v8lI=;
b=Rdgyc+HuceWcdkRtqwxjjIhFwz3wA6/W7tBR0inpPJEUWSE/BDclqUXaUrOVJSY6Tu
Pb691cJ1P4a/wiHPytEneZgSxsJO8IfL7I/TjQiOFQ0/ZP1A5i9WuzT5mA9MX0EmwxM0
I6P/v9LQUi6T92QpN42A6zYKv/k6u3jPZAVhWYuahgNUBnUP/bq6vVdbDY41GyIh9/ls
tZouPwFjoPVVOMUGk5qWwhTuYMqp4n23BspatRvM/fkRBd8qqzym2FIwlOnEczzibE4x
/horFGAXwtMZxYCKAN73Hg8zew/1NYyj7ClSJVAHgr7saPLp+OnGOqg6tzqFq1TTmLzZ
ieYw==
X-Gm-Message-State: AOJu0YyjYNQtFQrr1ee8t1DPXYrQ/tMjR0r+t0BtNdG9AoWxyVPYl7Hz
TGBNJAmOw8ESqicqDaRpbvdD6vk3ab9LqIGVhzUuyg16aTjeWupokmvekw==
X-Google-Smtp-Source: AGHT+IEd05W2V78xhC4stBg3Ai+cQqzrI2PBHcbCFRkmSSHNjOkvX9wT5U/zodG8lfQahfMQnKT7fg==
X-Received: by 2002:a5d:4a47:0:b0:35f:22e4:fb58 with SMTP id
ffacd0b85a97d-366e9463f42mr319110f8f.8.1719084930568;
Sat, 22 Jun 2024 12:35:30 -0700 (PDT)
Received: from bumblebee-mighty.lan ([92.51.75.166])
by smtp.gmail.com with ESMTPSA id
ffacd0b85a97d-366389b8ab0sm5433576f8f.27.2024.06.22.12.35.29
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 22 Jun 2024 12:35:30 -0700 (PDT)
From: Rodion Goritskov <rodion.goritskov@HIDDEN>
To: 71722 <at> debbugs.gnu.org
Subject: [PATCH 2/2] services: agate-service-type: Update documentation.
Date: Sat, 22 Jun 2024 23:33:55 +0400
Message-ID: <60dbc3caee3fc6038fceeeb5ca677cf1d626c8a7.1719082137.git.rodion.goritskov@HIDDEN>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <cover.1719082137.git.rodion.goritskov@HIDDEN>
References: <cover.1719082137.git.rodion.goritskov@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 71722
Cc: Rodion Goritskov <rodion.goritskov@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
* doc/guix.texi: Document (agate-service-type) updated options.
Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
---
doc/guix.texi | 51 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 32 insertions(+), 19 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 0102fd0fad..c75de94486 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32734,25 +32734,30 @@ Web Services
(service agate-service-type
(agate-configuration
(content "/srv/gemini")
- (cert "/srv/cert.pem")
- (key "/srv/key.rsa")))
+ (certs "/srv/gemini-certs")))
@end lisp
The example above represents the minimal tweaking necessary to get Agate
-up and running. Specifying the path to the certificate and key is
+up and running. Specifying the path to the certificate and key directory is
always necessary, as the Gemini protocol requires TLS by default.
-To obtain a certificate and a key, you could, for example, use OpenSSL,
-running a command similar to the following example:
+If specified path is writable by Agate, and contains no valid key
+and certificate, the Agate will try to generate them on the first start.
+If specified directory is read-only - key and certificate should be pre-generated by user.
+
+To obtain a certificate and a key in a DER format, you could, for example,
+use OpenSSL, running a commands similar to the following example:
@example
-openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
- -days 3650 -nodes -subj "/CN=example.com"
+openssl genpkey -out key.der -outform DER -algorithm RSA \
+ -pkeyopt rsa_keygen_bits:4096
+openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
+ -subj "/CN=example.com"
@end example
Of course, you'll have to replace @i{example.com} with your own domain
name, and then point the Agate configuration towards the path of the
-generated key and certificate.
+directory with the generated key and certificate using the @code{certs} option.
@end defvar
@@ -32766,30 +32771,38 @@ Web Services
@item @code{content} (default: @file{"/srv/gemini"})
The directory from which Agate will serve files.
-@item @code{cert} (default: @code{#f})
-The path to the TLS certificate PEM file to be used for encrypted
-connections. Must be filled in with a value from the user.
-
-@item @code{key} (default: @code{#f})
-The path to the PKCS8 private key file to be used for encrypted
-connections. Must be filled in with a value from the user.
+@item @code{certs} (default: @file{"/srv/gemini-certs"})
+Root of the certificate directory. Must be filled in with a value from the user.
@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
A list of the addresses to listen on.
-@item @code{hostname} (default: @code{#f})
-The domain name of this Gemini server. Optional.
+@item @code{hostnames} (default: @code{'()})
+Virtual hosts for the Gemini server. If multiple values are
+specified, corresponding directory names should be present in the @code{content}
+directory. Optional.
@item @code{lang} (default: @code{#f})
RFC 4646 language code(s) for text/gemini documents. Optional.
-@item @code{silent?} (default: @code{#f})
-Set to @code{#t} to disable logging output.
+@item @code{only-tls13?} (default: @code{#f})
+Set to @code{#t} to disable support for TLSv1.2.
@item @code{serve-secret?} (default: @code{#f})
Set to @code{#t} to serve secret files (files/directories starting with
a dot).
+@item @code{central-conf?} (default: @code{#f})
+Set to @code{#t} to look for the .meta configuration file in the @code{content}
+root directory and will ignore @code{.meta} files in other directories
+
+@item @code{ed25519?} (default: @code{#f})
+Set to @code{#t} to generate keys using the Ed25519 signature algorithm
+instead of the default ECDSA.
+
+@item @code{skip-port-check?} (default: @code{#f})
+Set to @code{#t} to skip URL port check even when a @code{hostname} is specified.
+
@item @code{log-ip?} (default: @code{#t})
Whether or not to output IP addresses when logging.
--
2.45.1
guix-patches@HIDDEN:bug#71722; Package guix-patches.
Full text available.
Received: (at 71722) by debbugs.gnu.org; 22 Jun 2024 19:36:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jun 22 15:36:39 2024
Received: from localhost ([127.0.0.1]:57788 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sL6XO-0001PE-MB
for submit <at> debbugs.gnu.org; Sat, 22 Jun 2024 15:36:39 -0400
Received: from mail-wr1-f51.google.com ([209.85.221.51]:61682)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rodion.goritskov@HIDDEN>) id 1sL6XN-0001Oy-3j
for 71722 <at> debbugs.gnu.org; Sat, 22 Jun 2024 15:36:37 -0400
Received: by mail-wr1-f51.google.com with SMTP id
ffacd0b85a97d-364b2f92388so2044583f8f.2
for <71722 <at> debbugs.gnu.org>; Sat, 22 Jun 2024 12:36:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1719084931; x=1719689731; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=N1aXpfejDC0OoBW0DuXaBkhE9Tl2WF+PbORDgm0v8lI=;
b=foqA3VrJdFO9ga0IAFeMEWbVLMCxjLb9Hs5jrb9KiHoEuicYuxw9rK+uKSeDiirjqj
smW6AFqzUWFN1WCurnAci1dpUJ5P/CmydZoKyH4UJz2TVWllHOWfiAQJSFm6psYGoEGT
/EHSRd7cg6aEq/A+TObToxZJXuKqrP0ZyZJdPTm7KMLG6oXuqrdnLhfeh6Si7MIeVRth
D4OCeyC0R8U1cdwGqkW/w6KVbKM0GvAf5/cZORV9G3DUGdH3vUACFGiWAQRyHCqGuTch
TgncfLtq78rYQdqDDgKzOrc9BSMyKZH28ZufSOhnQrfWfVPVjS3KBdr2wslqVNxPtyaM
KuMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1719084931; x=1719689731;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=N1aXpfejDC0OoBW0DuXaBkhE9Tl2WF+PbORDgm0v8lI=;
b=eoMh/iv9eeh9LBdLDDWO8MW2dR0N6eiMZpA2sMuSpLoPt3XHJ+u/WqRJOS4nu5NTLN
/0jfKx+MtoVS9Cvw+Ff5pvSzmnNhU+GvojYmzz/QyoYG7/QfrOL72XxzpxpDXKxxRpYo
nqQx/cmlYcP5kmrZojw+qrHDdtBSv+xsNiCRHg3kSZymSDy0+uklFyegMCcUeqMGLfjh
Wtm5aNqllmmF/UKBTRHWsuDihWsXhRZOXNBHkgUM/jKbRvKHeQ/vvqhsrQulUwfU/NOs
2mrt3AGGmfZ6y6KGKIrMvdUaI6d00YxnTDg25j4YZRFM4MS+fwSkB4OVhusFLqPGHCic
LZbw==
X-Gm-Message-State: AOJu0YzkJ5t9yZ1XSQuiNP46nx1Jkf05dPDS1AozBhzofkgMfanE9BrY
Tm/NydGC5WkwDbgvdR5SZzRFtlg6R0WZpKkElGiJrDJafN00HIR5gWF1sQ==
X-Google-Smtp-Source: AGHT+IEd05W2V78xhC4stBg3Ai+cQqzrI2PBHcbCFRkmSSHNjOkvX9wT5U/zodG8lfQahfMQnKT7fg==
X-Received: by 2002:a5d:4a47:0:b0:35f:22e4:fb58 with SMTP id
ffacd0b85a97d-366e9463f42mr319110f8f.8.1719084930568;
Sat, 22 Jun 2024 12:35:30 -0700 (PDT)
Received: from bumblebee-mighty.lan ([92.51.75.166])
by smtp.gmail.com with ESMTPSA id
ffacd0b85a97d-366389b8ab0sm5433576f8f.27.2024.06.22.12.35.29
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 22 Jun 2024 12:35:30 -0700 (PDT)
From: Rodion Goritskov <rodion.goritskov@HIDDEN>
To: 71722 <at> debbugs.gnu.org
Subject: [PATCH 2/2] services: agate-service-type: Update documentation.
Date: Sat, 22 Jun 2024 23:33:55 +0400
Message-ID: <60dbc3caee3fc6038fceeeb5ca677cf1d626c8a7.1719082137.git.rodion.goritskov@HIDDEN>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <cover.1719082137.git.rodion.goritskov@HIDDEN>
References: <cover.1719082137.git.rodion.goritskov@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 71722
Cc: Rodion Goritskov <rodion.goritskov@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
* doc/guix.texi: Document (agate-service-type) updated options.
Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
---
doc/guix.texi | 51 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 32 insertions(+), 19 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 0102fd0fad..c75de94486 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32734,25 +32734,30 @@ Web Services
(service agate-service-type
(agate-configuration
(content "/srv/gemini")
- (cert "/srv/cert.pem")
- (key "/srv/key.rsa")))
+ (certs "/srv/gemini-certs")))
@end lisp
The example above represents the minimal tweaking necessary to get Agate
-up and running. Specifying the path to the certificate and key is
+up and running. Specifying the path to the certificate and key directory is
always necessary, as the Gemini protocol requires TLS by default.
-To obtain a certificate and a key, you could, for example, use OpenSSL,
-running a command similar to the following example:
+If specified path is writable by Agate, and contains no valid key
+and certificate, the Agate will try to generate them on the first start.
+If specified directory is read-only - key and certificate should be pre-generated by user.
+
+To obtain a certificate and a key in a DER format, you could, for example,
+use OpenSSL, running a commands similar to the following example:
@example
-openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
- -days 3650 -nodes -subj "/CN=example.com"
+openssl genpkey -out key.der -outform DER -algorithm RSA \
+ -pkeyopt rsa_keygen_bits:4096
+openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
+ -subj "/CN=example.com"
@end example
Of course, you'll have to replace @i{example.com} with your own domain
name, and then point the Agate configuration towards the path of the
-generated key and certificate.
+directory with the generated key and certificate using the @code{certs} option.
@end defvar
@@ -32766,30 +32771,38 @@ Web Services
@item @code{content} (default: @file{"/srv/gemini"})
The directory from which Agate will serve files.
-@item @code{cert} (default: @code{#f})
-The path to the TLS certificate PEM file to be used for encrypted
-connections. Must be filled in with a value from the user.
-
-@item @code{key} (default: @code{#f})
-The path to the PKCS8 private key file to be used for encrypted
-connections. Must be filled in with a value from the user.
+@item @code{certs} (default: @file{"/srv/gemini-certs"})
+Root of the certificate directory. Must be filled in with a value from the user.
@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
A list of the addresses to listen on.
-@item @code{hostname} (default: @code{#f})
-The domain name of this Gemini server. Optional.
+@item @code{hostnames} (default: @code{'()})
+Virtual hosts for the Gemini server. If multiple values are
+specified, corresponding directory names should be present in the @code{content}
+directory. Optional.
@item @code{lang} (default: @code{#f})
RFC 4646 language code(s) for text/gemini documents. Optional.
-@item @code{silent?} (default: @code{#f})
-Set to @code{#t} to disable logging output.
+@item @code{only-tls13?} (default: @code{#f})
+Set to @code{#t} to disable support for TLSv1.2.
@item @code{serve-secret?} (default: @code{#f})
Set to @code{#t} to serve secret files (files/directories starting with
a dot).
+@item @code{central-conf?} (default: @code{#f})
+Set to @code{#t} to look for the .meta configuration file in the @code{content}
+root directory and will ignore @code{.meta} files in other directories
+
+@item @code{ed25519?} (default: @code{#f})
+Set to @code{#t} to generate keys using the Ed25519 signature algorithm
+instead of the default ECDSA.
+
+@item @code{skip-port-check?} (default: @code{#f})
+Set to @code{#t} to skip URL port check even when a @code{hostname} is specified.
+
@item @code{log-ip?} (default: @code{#t})
Whether or not to output IP addresses when logging.
--
2.45.1
guix-patches@HIDDEN:bug#71722; Package guix-patches.
Full text available.
Received: (at 71722) by debbugs.gnu.org; 22 Jun 2024 19:36:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jun 22 15:36:28 2024
Received: from localhost ([127.0.0.1]:57781 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sL6XE-0001Om-4q
for submit <at> debbugs.gnu.org; Sat, 22 Jun 2024 15:36:28 -0400
Received: from mail-wm1-f53.google.com ([209.85.128.53]:55418)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rodion.goritskov@HIDDEN>) id 1sL6XC-0001OX-74
for 71722 <at> debbugs.gnu.org; Sat, 22 Jun 2024 15:36:26 -0400
Received: by mail-wm1-f53.google.com with SMTP id
5b1f17b1804b1-4217136a74dso25295795e9.2
for <71722 <at> debbugs.gnu.org>; Sat, 22 Jun 2024 12:36:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1719084920; x=1719689720; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=DEZXbW9enrhmkK05bukDIGTMvHGu0wGW1/6B+pOS7Jo=;
b=l1SmSi/HVtufRsa11SMwQXGVPFGdf1/s6+abIpA5ZN8U/YJrSSeQPyoSU94rtpZLWc
J+GgevysznJoVcpaXsR7ATmNCeXJnT030xnQ50KdAZkNakO9gxxxRnTp6ZleyA+pPu3K
5DuY7VbAZxKI7Es97YSMAL8n0nmXbsF50Ha7ZhKH3UOvhNVjYbth+Wy3bnI+ScnEkItm
4uTFI/gK+WL7VE9Ohgb1441582QIHT6XREg8YxPLnQ5iyeLSMinwjbD8ADS9Mmc2VVKt
CFO06vGkEYtQeCm5gIXPchIRYQU9HZJxMwwLQ9CO2m3A+rkqePDBlY5V3aK9xn5BSwE4
DI5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1719084920; x=1719689720;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=DEZXbW9enrhmkK05bukDIGTMvHGu0wGW1/6B+pOS7Jo=;
b=pWtF0dhtRgPbWznqryAmZXRBl8CVYvzzvg5ZKJL3o6Xpc0/TvKkBOqMPJ9+gDrey1I
KrFwCgBFlBShIL07rJUzH6utakONFcpReBkLdO9pnfH3u8iUzGcDlKpm8a/8GOM+A7XD
LdR3PQ/py/C+1He/88w+uENyvkO/o4Zf2VlILDd2phRGMYqY7619wrXppQy74zC5b6v9
VwjbQoS+hC07Bcp5YdtDYmtQWL+U+H0y5fhKarshbyxvAjSHFI9cabDOsBKUVpsVDVXp
IUOsoUMk7pVlU3RgHYox9Bw6e3s5XXQypSS6C+nXnCNQgPgBRmydG26Vmr5uMQdrZIOp
+GPg==
X-Gm-Message-State: AOJu0YyCkHGf2YVPV4a3elWUsd9vp7tg0vPkb/KPU6VZIUGH18/oiy9u
a6xdTMsytEUaGM9bOxHw8gZgZMvVJLOd6nemKw3tj8Tr/LJ0oedKLU4lVA==
X-Google-Smtp-Source: AGHT+IELER+RrEr/4D5Nty3aT/dYtBFQ8CJyc6y0G2QX40PA3OtNJBrTZBa9Ik8efgXShcxyeROy+g==
X-Received: by 2002:a5d:59a8:0:b0:365:aad:2f5f with SMTP id
ffacd0b85a97d-366e9569f3fmr450734f8f.29.1719084918857;
Sat, 22 Jun 2024 12:35:18 -0700 (PDT)
Received: from bumblebee-mighty.lan ([92.51.75.166])
by smtp.gmail.com with ESMTPSA id
ffacd0b85a97d-366389b8ab0sm5433576f8f.27.2024.06.22.12.35.17
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 22 Jun 2024 12:35:18 -0700 (PDT)
From: Rodion Goritskov <rodion.goritskov@HIDDEN>
To: 71722 <at> debbugs.gnu.org
Subject: [PATCH 1/2] services: agate: Update options for compatibility with
the current Agate version.
Date: Sat, 22 Jun 2024 23:33:54 +0400
Message-ID: <258b03236418dc733802f4834f02565755063e76.1719082137.git.rodion.goritskov@HIDDEN>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <cover.1719082137.git.rodion.goritskov@HIDDEN>
References: <cover.1719082137.git.rodion.goritskov@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 71722
Cc: Rodion Goritskov <rodion.goritskov@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
* gnu/services/web.scm (<agate-configuration>)[certs]: Add.
* gnu/services/web.scm (<agate-configuration>)[cert]: Remove.
* gnu/services/web.scm (<agate-configuration>)[key]: Remove.
* gnu/services/web.scm (<agate-configuration>)[hostname]: Change from string
to list.
* gnu/services/web.scm (<agate-configuration>)[silent?]: Remove.
* gnu/services/web.scm (<agate-configuration>)[only-tls13?]: Add.
* gnu/services/web.scm (<agate-configuration>)[central-conf?]: Add.
* gnu/services/web.scm (<agate-configuration>)[ed25519?]: Add.
* gnu/services/web.scm (<agate-configuration>)[skip-port-check?]: Add.
* gnu/services/web.scm (agate-shepherd-service): Change handling of addr and
hostname, add new options handling.
Change-Id: Ibc83a7254d1e425604d4aa0b95cbaa74fc9c72eb
---
gnu/services/web.scm | 50 +++++++++++++++++++++++++++-----------------
1 file changed, 31 insertions(+), 19 deletions(-)
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 406117c457..1ee1fff9ed 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -302,13 +302,15 @@ (define-module (gnu services web)
agate-configuration?
agate-configuration-package
agate-configuration-content
- agate-configuration-cert
- agate-configuration-key
+ agate-configuration-certs
agate-configuration-addr
agate-configuration-hostname
agate-configuration-lang
- agate-configuration-silent
+ agate-configuration-only-tls13
agate-configuration-serve-secret
+ agate-configuration-central-conf
+ agate-configuration-ed25519
+ agate-configuration-skip-port-check
agate-configuration-log-ip
agate-configuration-user
agate-configuration-group
@@ -2177,20 +2179,24 @@ (define-record-type* <agate-configuration>
(default agate))
(content agate-configuration-content
(default "/srv/gemini"))
- (cert agate-configuration-cert
- (default #f))
- (key agate-configuration-key
- (default #f))
+ (certs agate-configuration-certs
+ (default "/srv/gemini-certs"))
(addr agate-configuration-addr
(default '("0.0.0.0:1965" "[::]:1965")))
(hostname agate-configuration-hostname
- (default #f))
+ (default '()))
(lang agate-configuration-lang
(default #f))
- (silent? agate-configuration-silent
- (default #f))
+ (only-tls13? agate-configuration-only-tls13
+ (default #f))
(serve-secret? agate-configuration-serve-secret
(default #f))
+ (central-conf? agate-configuration-central-conf
+ (default #f))
+ (ed25519? agate-configuration-ed25519
+ (default #f))
+ (skip-port-check? agate-configuration-skip-port-check
+ (default #f))
(log-ip? agate-configuration-log-ip
(default #t))
(user agate-configuration-user
@@ -2202,8 +2208,10 @@ (define-record-type* <agate-configuration>
(define agate-shepherd-service
(match-lambda
- (($ <agate-configuration> package content cert key addr
- hostname lang silent? serve-secret?
+ (($ <agate-configuration> package content certs addr
+ hostname lang only-tls13?
+ serve-secret? central-conf?
+ ed25519? skip-port-check?
log-ip? user group log-file)
(list (shepherd-service
(provision '(agate))
@@ -2213,17 +2221,21 @@ (define agate-shepherd-service
#~(make-forkexec-constructor
(list #$agate
"--content" #$content
- "--cert" #$cert
- "--key" #$key
- "--addr" #$@addr
+ "--certs" #$certs
+ #$@(append-map
+ (lambda x (append '("--addr") x))
+ addr)
+ #$@(append-map
+ (lambda x (append '("--hostname") x))
+ hostname)
#$@(if lang
(list "--lang" lang)
'())
- #$@(if hostname
- (list "--hostname" hostname)
- '())
- #$@(if silent? '("--silent") '())
#$@(if serve-secret? '("--serve-secret") '())
+ #$@(if only-tls13? '("--only-tls13") '())
+ #$@(if central-conf? '("--central-conf") '())
+ #$@(if ed25519? '("--ed25519") '())
+ #$@(if skip-port-check? '("--skip-port-check") '())
#$@(if log-ip? '("--log-ip") '()))
#:user #$user #:group #$group
#:log-file #$log-file)))
--
2.45.1
guix-patches@HIDDEN:bug#71722; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 22 Jun 2024 19:06:07 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jun 22 15:06:06 2024
Received: from localhost ([127.0.0.1]:56887 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sL63q-0000QT-Lj
for submit <at> debbugs.gnu.org; Sat, 22 Jun 2024 15:06:06 -0400
Received: from lists.gnu.org ([209.51.188.17]:33534)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rodion.goritskov@HIDDEN>) id 1sL63o-0000QG-Tx
for submit <at> debbugs.gnu.org; Sat, 22 Jun 2024 15:06:05 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <rodion.goritskov@HIDDEN>)
id 1sL63o-000235-Ka
for guix-patches@HIDDEN; Sat, 22 Jun 2024 15:06:04 -0400
Received: from mail-wm1-x32e.google.com ([2a00:1450:4864:20::32e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <rodion.goritskov@HIDDEN>)
id 1sL63m-0002yI-3f
for guix-patches@HIDDEN; Sat, 22 Jun 2024 15:06:04 -0400
Received: by mail-wm1-x32e.google.com with SMTP id
5b1f17b1804b1-42108856c33so24211505e9.1
for <guix-patches@HIDDEN>; Sat, 22 Jun 2024 12:06:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1719083159; x=1719687959; darn=gnu.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=oDODCEV8jZ0E13Tribw8ylOpwc/vKThVQVHitaMv3wA=;
b=Aa8hMJB7DYYjbeKBXrYb9SG3QzzMu0MAT99W5BsgwyciJiIi1kcE7Qj9H/WJ+MCsVJ
yti+wktw6u27gFsOxy76XQTzRnqFzDJ+odZsI3scye2AtLMgNNT05ehGNhZ2s7dTTUiZ
5nQHACri30ybH9M60Gko9Zro6znkY16ed1GJgp5zAhdm3pkqD+YhwxgrwKA4D1RsCU/g
IIAJNB3MbmqwL9w0nc6fhy7SS0eXWlMfMmotgflUkjJfxL3MV8kfhay4D7e0CKP5n9XL
5U/cCiP+/nKuHNqZ7zFa/YvTPivGjMuNlYIB6rAMIMSyPGXHNziF1uKS4AvDeYd3tKeu
TnbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1719083159; x=1719687959;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=oDODCEV8jZ0E13Tribw8ylOpwc/vKThVQVHitaMv3wA=;
b=uK9dMQBM6JkiwLNRo3+DGZOv+CyKVLfRMaxD1KXyGCUpF9F0J4x/L3Qveht5I27blK
bcGCOFrcYoK5TdmjHMZEq1XAjwe+Waug+M3IUouOXjH8jMOn5izOP3MKpX20/YUxd6jH
p7NNMJqUuBZh0LAqprAdEYCOvkGJjnh0kEduhhtdETBheVIfcwKDg/ciobFeTNKU5qWQ
DRBivukwgmJ+I+jSfrkbZ4M1sqYNW2QSckSdS43Oa0BCwhkSm4e2XLiONAlmwzz+3RSJ
//uGVqoBvmCgJCOoHitmBxw6OPYXvgLNf84gIh/1Ny7NynWuKDQ0Vwb3FI2FEGVS5ICc
9D5Q==
X-Gm-Message-State: AOJu0Yy0JxIkf/96u2vLbDKpBhx8PBmCAXZHdrvc7Vyp5xTuioFdgqig
R8E1uQ8M2CAlwDdypTjL2lqnx02UeWZtKkFrVGZ8MhJHOhmMZ/W/ZzC9hQ==
X-Google-Smtp-Source: AGHT+IG11kt6yL1N6yYN8dC0P5vUQ0bVe6Him0GMJkwL/HIOOEP9HfAGjv79SvFA8QfyfwcmjAUtug==
X-Received: by 2002:a05:600c:4f45:b0:422:eee2:572c with SMTP id
5b1f17b1804b1-424893f126amr14664525e9.8.1719083158288;
Sat, 22 Jun 2024 12:05:58 -0700 (PDT)
Received: from bumblebee-mighty.lan ([92.51.75.166])
by smtp.gmail.com with ESMTPSA id
ffacd0b85a97d-366389b85cesm5513071f8f.46.2024.06.22.12.05.57
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 22 Jun 2024 12:05:57 -0700 (PDT)
From: Rodion Goritskov <rodion.goritskov@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/2] services: Update agate-service-type to match actual agate
options
Date: Sat, 22 Jun 2024 23:03:48 +0400
Message-ID: <cover.1719082137.git.rodion.goritskov@HIDDEN>
X-Mailer: git-send-email 2.45.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::32e;
envelope-from=rodion.goritskov@HIDDEN; helo=mail-wm1-x32e.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
Cc: Rodion Goritskov <rodion.goritskov@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Hello!
This patches makes agate-service-type work again - because current version of agate present
in Guix has some options (and their logic) changed, making service-type not working.
I have checked this changes on VM and they seems to be working fine.
Rodion Goritskov (2):
services: agate: Update options for compatibility with the current
Agate version.
services: agate-service-type: Update documentation.
doc/guix.texi | 51 +++++++++++++++++++++++++++-----------------
gnu/services/web.scm | 50 ++++++++++++++++++++++++++-----------------
2 files changed, 63 insertions(+), 38 deletions(-)
base-commit: 1e336025957583fd978df49a24c6a1bb358c618d
--
2.45.1
Rodion Goritskov <rodion.goritskov@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#71722; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.