[PATCH] web: Don't error about missing ssl related files.

  • Done
  • quality assurance status badge
Details
3 participants
  • julien lepiller
  • Ludovic Courtès
  • Christopher Baines
Owner
unassigned
Submitted by
Christopher Baines
Severity
normal

Debbugs page

Christopher Baines wrote 7 years ago
(address . guix-patches@gnu.org)
20171127082620.19237-1-mail@cbaines.net
Erroring here prevents doing things like building a system using nginx on a
different machine from where it's intended to be deployed, or creating
containers and VMs that use the ssl-certificate parts of the nginx
configuration, without also getting these files to exist.

* gnu/services/web.scm (emit-nginx-server-config): Don't error on missing ssl
related files.
---
gnu/services/web.scm | 10 ----------
1 file changed, 10 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 9d713003c..1af32278c 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -191,16 +191,6 @@ of index files."
(syntax-parameterize ((<> (identifier-syntax x*)))
(list tail ...))
'())))
- (for-each
- (match-lambda
- ((record-key . file)
- (if (and file (not (file-exists? file)))
- (error
- (simple-format
- #f
- "~A in the nginx configuration for the server with name \"~A\" does not exist" record-key server-name)))))
- `(("ssl-certificate" . ,ssl-certificate)
- ("ssl-certificate-key" . ,ssl-certificate-key)))
(list
" server {\n"
(and/l http-port " listen " (number->string <>) ";\n")
--
2.14.2
julien lepiller wrote 7 years ago
(address . guix-patches@gnu.org)
873b92b926e5037c904e1d0599ca6b63@lepiller.eu
Le 2017-11-27 09:26, Christopher Baines a écrit :
Toggle quote (36 lines)
> Erroring here prevents doing things like building a system using nginx
> on a
> different machine from where it's intended to be deployed, or creating
> containers and VMs that use the ssl-certificate parts of the nginx
> configuration, without also getting these files to exist.
>
> * gnu/services/web.scm (emit-nginx-server-config): Don't error on
> missing ssl
> related files.
> ---
> gnu/services/web.scm | 10 ----------
> 1 file changed, 10 deletions(-)
>
> diff --git a/gnu/services/web.scm b/gnu/services/web.scm
> index 9d713003c..1af32278c 100644
> --- a/gnu/services/web.scm
> +++ b/gnu/services/web.scm
> @@ -191,16 +191,6 @@ of index files."
> (syntax-parameterize ((<> (identifier-syntax x*)))
> (list tail ...))
> '())))
> - (for-each
> - (match-lambda
> - ((record-key . file)
> - (if (and file (not (file-exists? file)))
> - (error
> - (simple-format
> - #f
> - "~A in the nginx configuration for the server with name
> \"~A\" does not exist" record-key server-name)))))
> - `(("ssl-certificate" . ,ssl-certificate)
> - ("ssl-certificate-key" . ,ssl-certificate-key)))
> (list
> " server {\n"
> (and/l http-port " listen " (number->string <>) ";\n")

Hi, when configuring nginx for the first time, users will probably
forget to
configure ssl properly. The default is to enable ssl and find
certificates in
/etc/nginx. When these files don't exist, nginx will fail to start and
at least
one user complained it was hard to debug. This code was introduced to
prevent
such a mistake.

Maybe we should set the default to #f (but then users would have to
configure
more fields to enable https). Maybe we should add a configuration option
like
warn-only? (default to #f) to only warn about missing files. Or maybe
there's
a way to show nginx that another service is providing that file?

I agree there is an issue, but your patch feels like a regression to me
for the
documented use-cases. WDYT?
Ludovic Courtès wrote 7 years ago
(name . julien lepiller)(address . julien@lepiller.eu)(address . 29467@debbugs.gnu.org)
87vahlctq3.fsf@gnu.org
Hi,

julien lepiller <julien@lepiller.eu> skribis:

Toggle quote (27 lines)
> Le 2017-11-27 09:26, Christopher Baines a écrit :
>> Erroring here prevents doing things like building a system using
>> nginx on a
>> different machine from where it's intended to be deployed, or creating
>> containers and VMs that use the ssl-certificate parts of the nginx
>> configuration, without also getting these files to exist.
>>
>> * gnu/services/web.scm (emit-nginx-server-config): Don't error on
>> missing ssl
>> related files.
>> ---
>> gnu/services/web.scm | 10 ----------
>> 1 file changed, 10 deletions(-)
>>
>> diff --git a/gnu/services/web.scm b/gnu/services/web.scm
>> index 9d713003c..1af32278c 100644
>> --- a/gnu/services/web.scm
>> +++ b/gnu/services/web.scm
>> @@ -191,16 +191,6 @@ of index files."
>> (syntax-parameterize ((<> (identifier-syntax x*)))
>> (list tail ...))
>> '())))
>> - (for-each
>> - (match-lambda
>> - ((record-key . file)
>> - (if (and file (not (file-exists? file)))

There’s another problem: ‘file-exists?’ checks the current machine,
under the current root file system. That check doesn’t work if you do
“guix system init config.scm /some/other/root”, or if you create a
container, or with the envisioned “guix system reconfigure --remote”.

Toggle quote (10 lines)
> Hi, when configuring nginx for the first time, users will probably
> forget to
> configure ssl properly. The default is to enable ssl and find
> certificates in
> /etc/nginx. When these files don't exist, nginx will fail to start and
> at least
> one user complained it was hard to debug. This code was introduced to
> prevent
> such a mistake.

Yes, I agree that it’s nice to have early error reports.

Toggle quote (8 lines)
> Maybe we should set the default to #f (but then users would have to
> configure
> more fields to enable https). Maybe we should add a configuration
> option like
> warn-only? (default to #f) to only warn about missing files. Or maybe
> there's
> a way to show nginx that another service is providing that file?

Good questions.

We cannot check for file existence at configuration time for the reasons
above.

We cannot check for file existence at build time because certificates
may be part of the machine’s state; they are typically managed in a
stateful fashion, outside of GuixSD.

So the only option we’re left with is checking at run time, when we
start the service. But that’s something nginx already does, I think?

As for the default, I would be in favor of setting it to #f, because I
can’t really think of a default that would work for everyone.

WDYT?

Ludo’.
julien lepiller wrote 7 years ago
(address . 29467@debbugs.gnu.org)
f71e915584d672abef213ed082e52745@lepiller.eu
Le 2017-12-05 12:14, ludo@gnu.org a écrit :
Toggle quote (75 lines)
> Hi,
>
> julien lepiller <julien@lepiller.eu> skribis:
>
>> Le 2017-11-27 09:26, Christopher Baines a écrit :
>>> Erroring here prevents doing things like building a system using
>>> nginx on a
>>> different machine from where it's intended to be deployed, or
>>> creating
>>> containers and VMs that use the ssl-certificate parts of the nginx
>>> configuration, without also getting these files to exist.
>>>
>>> * gnu/services/web.scm (emit-nginx-server-config): Don't error on
>>> missing ssl
>>> related files.
>>> ---
>>> gnu/services/web.scm | 10 ----------
>>> 1 file changed, 10 deletions(-)
>>>
>>> diff --git a/gnu/services/web.scm b/gnu/services/web.scm
>>> index 9d713003c..1af32278c 100644
>>> --- a/gnu/services/web.scm
>>> +++ b/gnu/services/web.scm
>>> @@ -191,16 +191,6 @@ of index files."
>>> (syntax-parameterize ((<> (identifier-syntax x*)))
>>> (list tail ...))
>>> '())))
>>> - (for-each
>>> - (match-lambda
>>> - ((record-key . file)
>>> - (if (and file (not (file-exists? file)))
>
> There’s another problem: ‘file-exists?’ checks the current machine,
> under the current root file system. That check doesn’t work if you do
> “guix system init config.scm /some/other/root”, or if you create a
> container, or with the envisioned “guix system reconfigure --remote”.
>
>> Hi, when configuring nginx for the first time, users will probably
>> forget to
>> configure ssl properly. The default is to enable ssl and find
>> certificates in
>> /etc/nginx. When these files don't exist, nginx will fail to start and
>> at least
>> one user complained it was hard to debug. This code was introduced to
>> prevent
>> such a mistake.
>
> Yes, I agree that it’s nice to have early error reports.
>
>> Maybe we should set the default to #f (but then users would have to
>> configure
>> more fields to enable https). Maybe we should add a configuration
>> option like
>> warn-only? (default to #f) to only warn about missing files. Or maybe
>> there's
>> a way to show nginx that another service is providing that file?
>
> Good questions.
>
> We cannot check for file existence at configuration time for the
> reasons
> above.
>
> We cannot check for file existence at build time because certificates
> may be part of the machine’s state; they are typically managed in a
> stateful fashion, outside of GuixSD.
>
> So the only option we’re left with is checking at run time, when we
> start the service. But that’s something nginx already does, I think?
>
> As for the default, I would be in favor of setting it to #f, because I
> can’t really think of a default that would work for everyone.
>
> WDYT?

Having it default to #f is fine with me. Nginx does this check at
runtime
and will refuse to start if these files are missing. Keeping https-port
to 443 and certificates to #f means it will not be able to establish a
connection to the client, but the http website will be available. So
just
setting the key and the certificate to #f by default should be OK.

Toggle quote (2 lines)
>
> Ludo’.
Ludovic Courtès wrote 7 years ago
(name . julien lepiller)(address . julien@lepiller.eu)
87374l36b3.fsf@gnu.org
Hi,

julien lepiller <julien@lepiller.eu> skribis:

Toggle quote (2 lines)
> Le 2017-12-05 12:14, ludo@gnu.org a écrit :

[...]

Toggle quote (24 lines)
>> We cannot check for file existence at configuration time for the
>> reasons
>> above.
>>
>> We cannot check for file existence at build time because certificates
>> may be part of the machine’s state; they are typically managed in a
>> stateful fashion, outside of GuixSD.
>>
>> So the only option we’re left with is checking at run time, when we
>> start the service. But that’s something nginx already does, I think?
>>
>> As for the default, I would be in favor of setting it to #f, because I
>> can’t really think of a default that would work for everyone.
>>
>> WDYT?
>
> Having it default to #f is fine with me. Nginx does this check at
> runtime
> and will refuse to start if these files are missing. Keeping https-port
> to 443 and certificates to #f means it will not be able to establish a
> connection to the client, but the http website will be available. So
> just
> setting the key and the certificate to #f by default should be OK.

OK, sounds good.

Chris, can you make this change?

Thanks,
Ludo’.
Christopher Baines wrote 7 years ago
[PATCH 1/2] web: Don't error about missing ssl related files.
(address . 29467@debbugs.gnu.org)
20171209093114.5112-1-mail@cbaines.net
Erroring here prevents doing things like building a system using nginx on a
different machine from where it's intended to be deployed, or creating
containers and VMs that use the ssl-certificate parts of the nginx
configuration, without also getting these files to exist.

* gnu/services/web.scm (emit-nginx-server-config): Don't error on missing ssl
related files.
---
gnu/services/web.scm | 10 ----------
1 file changed, 10 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 9d713003c..1af32278c 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -191,16 +191,6 @@ of index files."
(syntax-parameterize ((<> (identifier-syntax x*)))
(list tail ...))
'())))
- (for-each
- (match-lambda
- ((record-key . file)
- (if (and file (not (file-exists? file)))
- (error
- (simple-format
- #f
- "~A in the nginx configuration for the server with name \"~A\" does not exist" record-key server-name)))))
- `(("ssl-certificate" . ,ssl-certificate)
- ("ssl-certificate-key" . ,ssl-certificate-key)))
(list
" server {\n"
(and/l http-port " listen " (number->string <>) ";\n")
--
2.14.2
Christopher Baines wrote 7 years ago
[PATCH 2/2] services: web: Remove default certificate and key files for nginx.
(address . 29467@debbugs.gnu.org)
20171209093114.5112-2-mail@cbaines.net
If nginx is configured with a ssl-certificate file, and ssl-certificate-key,
it will fail to start unless these exist. To avoid this happening, change the
default to #f.

* gnu/services/web.scm (<nginx-server-configuration>)
[ssl-certificate,ssl-certificate-key]: Set the defaults to #f.
* gnu/tests/web.scm (%nginx-servers): Remove redundant
nginx-server-configuration fields.
* doc/guix.texi (Web Services): Update examples and documentation.
---
doc/guix.texi | 20 ++++----------------
gnu/services/web.scm | 4 ++--
gnu/tests/web.scm | 5 +----
3 files changed, 7 insertions(+), 22 deletions(-)

Toggle diff (96 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 23ccfa2f6..35f895bb4 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -14813,10 +14813,7 @@ A simple example configuration is given below.
(server-blocks
(list (nginx-server-configuration
(server-name '("www.example.com"))
- (root "/srv/http/www.example.com")
- (https-port #f)
- (ssl-certificate #f)
- (ssl-certificate-key #f))))))
+ (root "/srv/http/www.example.com"))))))
@end example
In addition to adding server blocks to the service configuration
@@ -14826,9 +14823,6 @@ blocks, as in this example:
@example
(simple-service 'my-extra-server nginx-service-type
(list (nginx-server-configuration
- (https-port #f)
- (ssl-certificate #f)
- (ssl-certificate-key #f)
(root "/srv/http/extra-website")
(try-files (list "$uri" "$uri/index.html")))))
@end example
@@ -14873,10 +14867,7 @@ HTTPS.
(server-blocks
(list (nginx-server-configuration
(server-name '("www.example.com"))
- (root "/srv/http/www.example.com")
- (https-port #f)
- (ssl-certificate #f)
- (ssl-certificate-key #f))))))
+ (root "/srv/http/www.example.com"))))))
@end example
@item @code{upstream-blocks} (default: @code{'()})
@@ -14899,9 +14890,6 @@ requests with two servers.
(list (nginx-server-configuration
(server-name '("www.example.com"))
(root "/srv/http/www.example.com")
- (https-port #f)
- (ssl-certificate #f)
- (ssl-certificate-key #f)
(locations
(list
(nginx-location-configuration
@@ -14965,11 +14953,11 @@ Nginx will send the list of files in the directory.
A list of files whose existence is checked in the specified order.
@code{nginx} will use the first file it finds to process the request.
-@item @code{ssl-certificate} (default: @code{"/etc/nginx/cert.pem"})
+@item @code{ssl-certificate} (default: @code{#f})
Where to find the certificate for secure connections. Set it to @code{#f} if
you don't have a certificate or you don't want to use HTTPS.
-@item @code{ssl-certificate-key} (default: @code{"/etc/nginx/key.pem"})
+@item @code{ssl-certificate-key} (default: @code{#f})
Where to find the private key for secure connections. Set it to @code{#f} if
you don't have a key or you don't want to use HTTPS.
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 1af32278c..51cd9da1d 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -102,9 +102,9 @@
(try-files nginx-server-configuration-try-files
(default '()))
(ssl-certificate nginx-server-configuration-ssl-certificate
- (default "/etc/nginx/cert.pem"))
+ (default #f))
(ssl-certificate-key nginx-server-configuration-ssl-certificate-key
- (default "/etc/nginx/key.pem"))
+ (default #f))
(server-tokens? nginx-server-configuration-server-tokens?
(default #f)))
diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm
index 3fa272c67..de7ab3cd6 100644
--- a/gnu/tests/web.scm
+++ b/gnu/tests/web.scm
@@ -45,10 +45,7 @@
;; Server blocks.
(list (nginx-server-configuration
(root "/srv")
- (http-port 8042)
- (https-port #f)
- (ssl-certificate #f)
- (ssl-certificate-key #f))))
+ (http-port 8042))))
(define %nginx-os
;; Operating system under test.
--
2.14.2
Christopher Baines wrote 7 years ago
Re: [bug#29467] [PATCH] web: Don't error about missing ssl related files.
(name . Ludovic Courtès)(address . ludo@gnu.org)
874lp0dyy8.fsf@cbaines.net
Ludovic Courtès writes:

Toggle quote (36 lines)
> Hi,
>
> julien lepiller <julien@lepiller.eu> skribis:
>
>> Le 2017-12-05 12:14, ludo@gnu.org a écrit:
>
> [...]
>
>>> We cannot check for file existence at configuration time for the
>>> reasons
>>> above.
>>>
>>> We cannot check for file existence at build time because certificates
>>> may be part of the machine’s state; they are typically managed in a
>>> stateful fashion, outside of GuixSD.
>>>
>>> So the only option we’re left with is checking at run time, when we
>>> start the service. But that’s something nginx already does, I think?
>>>
>>> As for the default, I would be in favor of setting it to #f, because I
>>> can’t really think of a default that would work for everyone.
>>>
>>> WDYT?
>>
>> Having it default to #f is fine with me. Nginx does this check at
>> runtime
>> and will refuse to start if these files are missing. Keeping https-port
>> to 443 and certificates to #f means it will not be able to establish a
>> connection to the client, but the http website will be available. So
>> just
>> setting the key and the certificate to #f by default should be OK.
>
> OK, sounds good.
>
> Chris, can you make this change?

Yep, I've send some updated patches.
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlorrs9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XdDKQ/8Drn6X87Yqi9/9gn01YsREnGj4JwCEs8SCNKRDNdcn886r1Dvs+8OQwxd
wTldIN29UvBjg3EIVeJ7MKP9fRjKcz3ghJxPQ9h94C7Wx71OPZRhlB0Gr1fpXLRG
A3a6jSEKVghgrcAWGnZFuBisFGvUs26Fm3acOA6tkqM4QYrpesXeNP51ZQILjtUs
zjYp28Cij5NBJ4j4JsJvrONI/+tDd8gmxTWY/yHIz7h5+Zc7n+7uyUMr2y0MbTAP
NtOyTXiWweiwLh7mwfcE0GXo2rUImgAKKMuri8QjwujAAw8EkJcW+oy8WYW25U/R
/rlJnCwYeXXeIXvoJbZ4kYafqtBSgK+5D1zVWHo18GH9eRrShx/txA3JzWsEdkgm
+bjrYn4FcNXyb0YdGCXsFqRfCzy9aT1VQK/dV18NOd4whvyIzqCzevhz9xDI3tEc
g8HLxU5jyS78WomcnC75Wnkd0hDt85d8Hvs6pcVtOTAwSUD3SPiy1MR4/c8nwi0+
HsTdzeTH9fXSPv1Vt0toH7kKpSEOSXxtqAonAx6gapiPvrnkWCkXepqSBXD/ozEO
GF/0pc03Y0kTrK9vjw/VMmdLKeyHWqaY8rM0gpUv6Ssu4JLZVAzgm9WVaOq2DDlv
x4bS95aoBA0PQxY4Aj41twM/dWClE2sGiJt4RLgntOQ70HZbrUE=
=1q+k
-----END PGP SIGNATURE-----

Ludovic Courtès wrote 7 years ago
Re: [bug#29467] [PATCH 1/2] web: Don't error about missing ssl related files.
(name . Christopher Baines)(address . mail@cbaines.net)(address . 29467@debbugs.gnu.org)
87lgi91jlt.fsf@gnu.org
Christopher Baines <mail@cbaines.net> skribis:

Toggle quote (8 lines)
> Erroring here prevents doing things like building a system using nginx on a
> different machine from where it's intended to be deployed, or creating
> containers and VMs that use the ssl-certificate parts of the nginx
> configuration, without also getting these files to exist.
>
> * gnu/services/web.scm (emit-nginx-server-config): Don't error on missing ssl
> related files.

LGTM!
Ludovic Courtès wrote 7 years ago
Re: [bug#29467] [PATCH 2/2] services: web: Remove default certificate and key files for nginx.
(name . Christopher Baines)(address . mail@cbaines.net)(address . 29467@debbugs.gnu.org)
87h8sx1jli.fsf@gnu.org
Christopher Baines <mail@cbaines.net> skribis:

Toggle quote (10 lines)
> If nginx is configured with a ssl-certificate file, and ssl-certificate-key,
> it will fail to start unless these exist. To avoid this happening, change the
> default to #f.
>
> * gnu/services/web.scm (<nginx-server-configuration>)
> [ssl-certificate,ssl-certificate-key]: Set the defaults to #f.
> * gnu/tests/web.scm (%nginx-servers): Remove redundant
> nginx-server-configuration fields.
> * doc/guix.texi (Web Services): Update examples and documentation.

LGTM, thanks!

Ludo'.
Christopher Baines wrote 7 years ago
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 29467-done@debbugs.gnu.org)
87y3m9576n.fsf@cbaines.net
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (14 lines)
> Christopher Baines <mail@cbaines.net> skribis:
>
>> If nginx is configured with a ssl-certificate file, and ssl-certificate-key,
>> it will fail to start unless these exist. To avoid this happening, change the
>> default to #f.
>>
>> * gnu/services/web.scm (<nginx-server-configuration>)
>> [ssl-certificate,ssl-certificate-key]: Set the defaults to #f.
>> * gnu/tests/web.scm (%nginx-servers): Remove redundant
>> nginx-server-configuration fields.
>> * doc/guix.texi (Web Services): Update examples and documentation.
>
> LGTM, thanks!

Great, I've now pushed these two patches.

Thanks for reviewing :)
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlou7WBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9Xf8yhAAoc/HwrjKsIs+D9i8eRY/t/2goBWwI0UpMsHBhfTuzi7qgibu8jcyQ6xl
8HcBtJzfcP0nE7Ltn05cbm0iK9M9gA6MFcS5fcOPG8TT7hm1Y5DuOReVvQH58Xxg
SHhMN8ObjJeHjc7Is58BTpcpDkV79CcP8OBEZ7a/4b2KqgIrhsejVuFuXbpI+vdo
L6HD+r+ZdXGnvoG+hKZLKeEtEI2xRNrbXwk72j3o7nKjtBLbTkPbqhjXToOXVr+s
ijkB5j1hbVFSxCVw20Gmvh4jzxUlG8aja1iA99NQRj+/kqMlnD22Y2lfJPJHbbVn
5YNJuqXqPUFfC5um1+My//R177Gn4EHDtutGYa6gb+JGOUqk+se1WUFU8QoElQL1
BPUtZmTR3R3yV/nXeUKVk12zCCbeRGYY1ofnoc6PZk5VzaY6sFdM2JcO3FKdYGZm
rED3MDygjM/dIkPIxnE2ts0PoQOjl72/TJWPCUokPUbjI3ZCwKdamEWza68WxVNU
fUF91MbGntm/0h/vy3O9+daV9WwHMR3DOwBC5Ul5grIahBdTe0HAG3nfU/j7KcHJ
YIZNKzzJ3vbItwEJLgVoeXmQkkPU+qBXwVr3o48zbpV/CNbn/6XT0RP8O7Xm9fOv
iOH2CaipAHN+K1CuwX154fRyaR26CQ0jl7ycuHt0cLG8KBlv6R4=
=di8A
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 29467@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 29467
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help