[PATCH 0/2] services: Update agate-service-type to match actual agate options

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Rodion Goritskov
Owner
unassigned
Submitted by
Rodion Goritskov
Severity
normal
R
R
Rodion Goritskov wrote on 22 Jun 21:03 +0200
(address . guix-patches@gnu.org)(name . Rodion Goritskov)(address . rodion.goritskov@gmail.com)
cover.1719082137.git.rodion.goritskov@gmail.com
Hello!

This patches makes agate-service-type work again - because current version of agate present
in Guix has some options (and their logic) changed, making service-type not working.

I have checked this changes on VM and they seems to be working fine.

Rodion Goritskov (2):
services: agate: Update options for compatibility with the current
Agate version.
services: agate-service-type: Update documentation.

doc/guix.texi | 51 +++++++++++++++++++++++++++-----------------
gnu/services/web.scm | 50 ++++++++++++++++++++++++++-----------------
2 files changed, 63 insertions(+), 38 deletions(-)


base-commit: 1e336025957583fd978df49a24c6a1bb358c618d
--
2.45.1
R
R
Rodion Goritskov wrote on 22 Jun 21:33 +0200
[PATCH 1/2] services: agate: Update options for compatibility with the current Agate version.
(address . 71722@debbugs.gnu.org)(name . Rodion Goritskov)(address . rodion.goritskov@gmail.com)
258b03236418dc733802f4834f02565755063e76.1719082137.git.rodion.goritskov@gmail.com
* gnu/services/web.scm (<agate-configuration>)[certs]: Add.
* gnu/services/web.scm (<agate-configuration>)[cert]: Remove.
* gnu/services/web.scm (<agate-configuration>)[key]: Remove.
* gnu/services/web.scm (<agate-configuration>)[hostname]: Change from string
to list.
* gnu/services/web.scm (<agate-configuration>)[silent?]: Remove.
* gnu/services/web.scm (<agate-configuration>)[only-tls13?]: Add.
* gnu/services/web.scm (<agate-configuration>)[central-conf?]: Add.
* gnu/services/web.scm (<agate-configuration>)[ed25519?]: Add.
* gnu/services/web.scm (<agate-configuration>)[skip-port-check?]: Add.
* gnu/services/web.scm (agate-shepherd-service): Change handling of addr and
hostname, add new options handling.

Change-Id: Ibc83a7254d1e425604d4aa0b95cbaa74fc9c72eb
---
gnu/services/web.scm | 50 +++++++++++++++++++++++++++-----------------
1 file changed, 31 insertions(+), 19 deletions(-)

Toggle diff (99 lines)
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 406117c457..1ee1fff9ed 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -302,13 +302,15 @@ (define-module (gnu services web)
agate-configuration?
agate-configuration-package
agate-configuration-content
- agate-configuration-cert
- agate-configuration-key
+ agate-configuration-certs
agate-configuration-addr
agate-configuration-hostname
agate-configuration-lang
- agate-configuration-silent
+ agate-configuration-only-tls13
agate-configuration-serve-secret
+ agate-configuration-central-conf
+ agate-configuration-ed25519
+ agate-configuration-skip-port-check
agate-configuration-log-ip
agate-configuration-user
agate-configuration-group
@@ -2177,20 +2179,24 @@ (define-record-type* <agate-configuration>
(default agate))
(content agate-configuration-content
(default "/srv/gemini"))
- (cert agate-configuration-cert
- (default #f))
- (key agate-configuration-key
- (default #f))
+ (certs agate-configuration-certs
+ (default "/srv/gemini-certs"))
(addr agate-configuration-addr
(default '("0.0.0.0:1965" "[::]:1965")))
(hostname agate-configuration-hostname
- (default #f))
+ (default '()))
(lang agate-configuration-lang
(default #f))
- (silent? agate-configuration-silent
- (default #f))
+ (only-tls13? agate-configuration-only-tls13
+ (default #f))
(serve-secret? agate-configuration-serve-secret
(default #f))
+ (central-conf? agate-configuration-central-conf
+ (default #f))
+ (ed25519? agate-configuration-ed25519
+ (default #f))
+ (skip-port-check? agate-configuration-skip-port-check
+ (default #f))
(log-ip? agate-configuration-log-ip
(default #t))
(user agate-configuration-user
@@ -2202,8 +2208,10 @@ (define-record-type* <agate-configuration>
(define agate-shepherd-service
(match-lambda
- (($ <agate-configuration> package content cert key addr
- hostname lang silent? serve-secret?
+ (($ <agate-configuration> package content certs addr
+ hostname lang only-tls13?
+ serve-secret? central-conf?
+ ed25519? skip-port-check?
log-ip? user group log-file)
(list (shepherd-service
(provision '(agate))
@@ -2213,17 +2221,21 @@ (define agate-shepherd-service
#~(make-forkexec-constructor
(list #$agate
"--content" #$content
- "--cert" #$cert
- "--key" #$key
- "--addr" #$@addr
+ "--certs" #$certs
+ #$@(append-map
+ (lambda x (append '("--addr") x))
+ addr)
+ #$@(append-map
+ (lambda x (append '("--hostname") x))
+ hostname)
#$@(if lang
(list "--lang" lang)
'())
- #$@(if hostname
- (list "--hostname" hostname)
- '())
- #$@(if silent? '("--silent") '())
#$@(if serve-secret? '("--serve-secret") '())
+ #$@(if only-tls13? '("--only-tls13") '())
+ #$@(if central-conf? '("--central-conf") '())
+ #$@(if ed25519? '("--ed25519") '())
+ #$@(if skip-port-check? '("--skip-port-check") '())
#$@(if log-ip? '("--log-ip") '()))
#:user #$user #:group #$group
#:log-file #$log-file)))
--
2.45.1
R
R
Rodion Goritskov wrote on 22 Jun 21:33 +0200
[PATCH 2/2] services: agate-service-type: Update documentation.
(address . 71722@debbugs.gnu.org)(name . Rodion Goritskov)(address . rodion.goritskov@gmail.com)
60dbc3caee3fc6038fceeeb5ca677cf1d626c8a7.1719082137.git.rodion.goritskov@gmail.com
* doc/guix.texi: Document (agate-service-type) updated options.

Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
---
doc/guix.texi | 51 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 32 insertions(+), 19 deletions(-)

Toggle diff (95 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 0102fd0fad..c75de94486 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32734,25 +32734,30 @@ Web Services
(service agate-service-type
(agate-configuration
(content "/srv/gemini")
- (cert "/srv/cert.pem")
- (key "/srv/key.rsa")))
+ (certs "/srv/gemini-certs")))
@end lisp
The example above represents the minimal tweaking necessary to get Agate
-up and running. Specifying the path to the certificate and key is
+up and running. Specifying the path to the certificate and key directory is
always necessary, as the Gemini protocol requires TLS by default.
-To obtain a certificate and a key, you could, for example, use OpenSSL,
-running a command similar to the following example:
+If specified path is writable by Agate, and contains no valid key
+and certificate, the Agate will try to generate them on the first start.
+If specified directory is read-only - key and certificate should be pre-generated by user.
+
+To obtain a certificate and a key in a DER format, you could, for example,
+use OpenSSL, running a commands similar to the following example:
@example
-openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
- -days 3650 -nodes -subj "/CN=example.com"
+openssl genpkey -out key.der -outform DER -algorithm RSA \
+ -pkeyopt rsa_keygen_bits:4096
+openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
+ -subj "/CN=example.com"
@end example
Of course, you'll have to replace @i{example.com} with your own domain
name, and then point the Agate configuration towards the path of the
-generated key and certificate.
+directory with the generated key and certificate using the @code{certs} option.
@end defvar
@@ -32766,30 +32771,38 @@ Web Services
@item @code{content} (default: @file{"/srv/gemini"})
The directory from which Agate will serve files.
-@item @code{cert} (default: @code{#f})
-The path to the TLS certificate PEM file to be used for encrypted
-connections. Must be filled in with a value from the user.
-
-@item @code{key} (default: @code{#f})
-The path to the PKCS8 private key file to be used for encrypted
-connections. Must be filled in with a value from the user.
+@item @code{certs} (default: @file{"/srv/gemini-certs"})
+Root of the certificate directory. Must be filled in with a value from the user.
@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
A list of the addresses to listen on.
-@item @code{hostname} (default: @code{#f})
-The domain name of this Gemini server. Optional.
+@item @code{hostnames} (default: @code{'()})
+Virtual hosts for the Gemini server. If multiple values are
+specified, corresponding directory names should be present in the @code{content}
+directory. Optional.
@item @code{lang} (default: @code{#f})
RFC 4646 language code(s) for text/gemini documents. Optional.
-@item @code{silent?} (default: @code{#f})
-Set to @code{#t} to disable logging output.
+@item @code{only-tls13?} (default: @code{#f})
+Set to @code{#t} to disable support for TLSv1.2.
@item @code{serve-secret?} (default: @code{#f})
Set to @code{#t} to serve secret files (files/directories starting with
a dot).
+@item @code{central-conf?} (default: @code{#f})
+Set to @code{#t} to look for the .meta configuration file in the @code{content}
+root directory and will ignore @code{.meta} files in other directories
+
+@item @code{ed25519?} (default: @code{#f})
+Set to @code{#t} to generate keys using the Ed25519 signature algorithm
+instead of the default ECDSA.
+
+@item @code{skip-port-check?} (default: @code{#f})
+Set to @code{#t} to skip URL port check even when a @code{hostname} is specified.
+
@item @code{log-ip?} (default: @code{#t})
Whether or not to output IP addresses when logging.
--
2.45.1
L
L
Ludovic Courtès wrote on 26 Jul 19:01 +0200
Re: [bug#71722] [PATCH 0/2] services: Update agate-service-type to match actual agate options
(name . Rodion Goritskov)(address . rodion.goritskov@gmail.com)(address . 71722@debbugs.gnu.org)
87plr0ay0i.fsf@gnu.org
Hi Rodion,

Rodion Goritskov <rodion.goritskov@gmail.com> skribis:

Toggle quote (10 lines)
> This patches makes agate-service-type work again - because current version of agate present
> in Guix has some options (and their logic) changed, making service-type not working.
>
> I have checked this changes on VM and they seems to be working fine.
>
> Rodion Goritskov (2):
> services: agate: Update options for compatibility with the current
> Agate version.
> services: agate-service-type: Update documentation.

I squashed the two patches (so that the doc is always consistent with
the code) and applied them.

A few things come to mind:

1. Could you come up with a system test under gnu/tests/*.scm? That
would allow us to detect breakage early on next time.

2. Though a deprecation policy has yet to be written, the idea is that
we should avoid breaking changes in user configuration as happens
when changing/removing fields in the config record.

3. The convention in Guix is to avoid abbreviations (“certificates”
rather than “certs”, etc.). I realize those were already there
though, so I thought I’d rather not ask you for extra work.

Thanks,
Ludo’.
L
L
Ludovic Courtès wrote on 26 Jul 19:03 +0200
control message for bug #71722
(address . control@debbugs.gnu.org)
87o76kaxwj.fsf@gnu.org
close 71722
quit
?
Your comment

This issue is archived.

To comment on this conversation send an email to 71722@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 71722
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch