GNU bug report logs -
#71722
[PATCH 0/2] services: Update agate-service-type to match actual agate options
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 71722 in the body.
You can then email your comments to 71722 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#71722; Package
guix-patches.
(Sat, 22 Jun 2024 19:07:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Rodion Goritskov <rodion.goritskov <at> gmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Sat, 22 Jun 2024 19:07:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hello!
This patches makes agate-service-type work again - because current version of agate present
in Guix has some options (and their logic) changed, making service-type not working.
I have checked this changes on VM and they seems to be working fine.
Rodion Goritskov (2):
services: agate: Update options for compatibility with the current
Agate version.
services: agate-service-type: Update documentation.
doc/guix.texi | 51 +++++++++++++++++++++++++++-----------------
gnu/services/web.scm | 50 ++++++++++++++++++++++++++-----------------
2 files changed, 63 insertions(+), 38 deletions(-)
base-commit: 1e336025957583fd978df49a24c6a1bb358c618d
--
2.45.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#71722; Package
guix-patches.
(Sat, 22 Jun 2024 19:37:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 71722 <at> debbugs.gnu.org (full text, mbox):
* gnu/services/web.scm (<agate-configuration>)[certs]: Add.
* gnu/services/web.scm (<agate-configuration>)[cert]: Remove.
* gnu/services/web.scm (<agate-configuration>)[key]: Remove.
* gnu/services/web.scm (<agate-configuration>)[hostname]: Change from string
to list.
* gnu/services/web.scm (<agate-configuration>)[silent?]: Remove.
* gnu/services/web.scm (<agate-configuration>)[only-tls13?]: Add.
* gnu/services/web.scm (<agate-configuration>)[central-conf?]: Add.
* gnu/services/web.scm (<agate-configuration>)[ed25519?]: Add.
* gnu/services/web.scm (<agate-configuration>)[skip-port-check?]: Add.
* gnu/services/web.scm (agate-shepherd-service): Change handling of addr and
hostname, add new options handling.
Change-Id: Ibc83a7254d1e425604d4aa0b95cbaa74fc9c72eb
---
gnu/services/web.scm | 50 +++++++++++++++++++++++++++-----------------
1 file changed, 31 insertions(+), 19 deletions(-)
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 406117c457..1ee1fff9ed 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -302,13 +302,15 @@ (define-module (gnu services web)
agate-configuration?
agate-configuration-package
agate-configuration-content
- agate-configuration-cert
- agate-configuration-key
+ agate-configuration-certs
agate-configuration-addr
agate-configuration-hostname
agate-configuration-lang
- agate-configuration-silent
+ agate-configuration-only-tls13
agate-configuration-serve-secret
+ agate-configuration-central-conf
+ agate-configuration-ed25519
+ agate-configuration-skip-port-check
agate-configuration-log-ip
agate-configuration-user
agate-configuration-group
@@ -2177,20 +2179,24 @@ (define-record-type* <agate-configuration>
(default agate))
(content agate-configuration-content
(default "/srv/gemini"))
- (cert agate-configuration-cert
- (default #f))
- (key agate-configuration-key
- (default #f))
+ (certs agate-configuration-certs
+ (default "/srv/gemini-certs"))
(addr agate-configuration-addr
(default '("0.0.0.0:1965" "[::]:1965")))
(hostname agate-configuration-hostname
- (default #f))
+ (default '()))
(lang agate-configuration-lang
(default #f))
- (silent? agate-configuration-silent
- (default #f))
+ (only-tls13? agate-configuration-only-tls13
+ (default #f))
(serve-secret? agate-configuration-serve-secret
(default #f))
+ (central-conf? agate-configuration-central-conf
+ (default #f))
+ (ed25519? agate-configuration-ed25519
+ (default #f))
+ (skip-port-check? agate-configuration-skip-port-check
+ (default #f))
(log-ip? agate-configuration-log-ip
(default #t))
(user agate-configuration-user
@@ -2202,8 +2208,10 @@ (define-record-type* <agate-configuration>
(define agate-shepherd-service
(match-lambda
- (($ <agate-configuration> package content cert key addr
- hostname lang silent? serve-secret?
+ (($ <agate-configuration> package content certs addr
+ hostname lang only-tls13?
+ serve-secret? central-conf?
+ ed25519? skip-port-check?
log-ip? user group log-file)
(list (shepherd-service
(provision '(agate))
@@ -2213,17 +2221,21 @@ (define agate-shepherd-service
#~(make-forkexec-constructor
(list #$agate
"--content" #$content
- "--cert" #$cert
- "--key" #$key
- "--addr" #$@addr
+ "--certs" #$certs
+ #$@(append-map
+ (lambda x (append '("--addr") x))
+ addr)
+ #$@(append-map
+ (lambda x (append '("--hostname") x))
+ hostname)
#$@(if lang
(list "--lang" lang)
'())
- #$@(if hostname
- (list "--hostname" hostname)
- '())
- #$@(if silent? '("--silent") '())
#$@(if serve-secret? '("--serve-secret") '())
+ #$@(if only-tls13? '("--only-tls13") '())
+ #$@(if central-conf? '("--central-conf") '())
+ #$@(if ed25519? '("--ed25519") '())
+ #$@(if skip-port-check? '("--skip-port-check") '())
#$@(if log-ip? '("--log-ip") '()))
#:user #$user #:group #$group
#:log-file #$log-file)))
--
2.45.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#71722; Package
guix-patches.
(Sat, 22 Jun 2024 19:37:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 71722 <at> debbugs.gnu.org (full text, mbox):
* doc/guix.texi: Document (agate-service-type) updated options.
Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
---
doc/guix.texi | 51 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 32 insertions(+), 19 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 0102fd0fad..c75de94486 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32734,25 +32734,30 @@ Web Services
(service agate-service-type
(agate-configuration
(content "/srv/gemini")
- (cert "/srv/cert.pem")
- (key "/srv/key.rsa")))
+ (certs "/srv/gemini-certs")))
@end lisp
The example above represents the minimal tweaking necessary to get Agate
-up and running. Specifying the path to the certificate and key is
+up and running. Specifying the path to the certificate and key directory is
always necessary, as the Gemini protocol requires TLS by default.
-To obtain a certificate and a key, you could, for example, use OpenSSL,
-running a command similar to the following example:
+If specified path is writable by Agate, and contains no valid key
+and certificate, the Agate will try to generate them on the first start.
+If specified directory is read-only - key and certificate should be pre-generated by user.
+
+To obtain a certificate and a key in a DER format, you could, for example,
+use OpenSSL, running a commands similar to the following example:
@example
-openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
- -days 3650 -nodes -subj "/CN=example.com"
+openssl genpkey -out key.der -outform DER -algorithm RSA \
+ -pkeyopt rsa_keygen_bits:4096
+openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
+ -subj "/CN=example.com"
@end example
Of course, you'll have to replace @i{example.com} with your own domain
name, and then point the Agate configuration towards the path of the
-generated key and certificate.
+directory with the generated key and certificate using the @code{certs} option.
@end defvar
@@ -32766,30 +32771,38 @@ Web Services
@item @code{content} (default: @file{"/srv/gemini"})
The directory from which Agate will serve files.
-@item @code{cert} (default: @code{#f})
-The path to the TLS certificate PEM file to be used for encrypted
-connections. Must be filled in with a value from the user.
-
-@item @code{key} (default: @code{#f})
-The path to the PKCS8 private key file to be used for encrypted
-connections. Must be filled in with a value from the user.
+@item @code{certs} (default: @file{"/srv/gemini-certs"})
+Root of the certificate directory. Must be filled in with a value from the user.
@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
A list of the addresses to listen on.
-@item @code{hostname} (default: @code{#f})
-The domain name of this Gemini server. Optional.
+@item @code{hostnames} (default: @code{'()})
+Virtual hosts for the Gemini server. If multiple values are
+specified, corresponding directory names should be present in the @code{content}
+directory. Optional.
@item @code{lang} (default: @code{#f})
RFC 4646 language code(s) for text/gemini documents. Optional.
-@item @code{silent?} (default: @code{#f})
-Set to @code{#t} to disable logging output.
+@item @code{only-tls13?} (default: @code{#f})
+Set to @code{#t} to disable support for TLSv1.2.
@item @code{serve-secret?} (default: @code{#f})
Set to @code{#t} to serve secret files (files/directories starting with
a dot).
+@item @code{central-conf?} (default: @code{#f})
+Set to @code{#t} to look for the .meta configuration file in the @code{content}
+root directory and will ignore @code{.meta} files in other directories
+
+@item @code{ed25519?} (default: @code{#f})
+Set to @code{#t} to generate keys using the Ed25519 signature algorithm
+instead of the default ECDSA.
+
+@item @code{skip-port-check?} (default: @code{#f})
+Set to @code{#t} to skip URL port check even when a @code{hostname} is specified.
+
@item @code{log-ip?} (default: @code{#t})
Whether or not to output IP addresses when logging.
--
2.45.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#71722; Package
guix-patches.
(Sat, 22 Jun 2024 19:38:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#71722; Package
guix-patches.
(Fri, 26 Jul 2024 17:02:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 71722 <at> debbugs.gnu.org (full text, mbox):
Hi Rodion,
Rodion Goritskov <rodion.goritskov <at> gmail.com> skribis:
> This patches makes agate-service-type work again - because current version of agate present
> in Guix has some options (and their logic) changed, making service-type not working.
>
> I have checked this changes on VM and they seems to be working fine.
>
> Rodion Goritskov (2):
> services: agate: Update options for compatibility with the current
> Agate version.
> services: agate-service-type: Update documentation.
I squashed the two patches (so that the doc is always consistent with
the code) and applied them.
A few things come to mind:
1. Could you come up with a system test under gnu/tests/*.scm? That
would allow us to detect breakage early on next time.
2. Though a deprecation policy has yet to be written, the idea is that
we should avoid breaking changes in user configuration as happens
when changing/removing fields in the config record.
3. The convention in Guix is to avoid abbreviations (“certificates”
rather than “certs”, etc.). I realize those were already there
though, so I thought I’d rather not ask you for extra work.
Thanks,
Ludo’.
bug closed, send any further explanations to
71722 <at> debbugs.gnu.org and Rodion Goritskov <rodion.goritskov <at> gmail.com>
Request was from
Ludovic Courtès <ludo <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Fri, 26 Jul 2024 17:04:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 24 Aug 2024 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 198 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.