From unknown Tue Jun 17 20:14:31 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#54786 <54786@debbugs.gnu.org> To: bug#54786 <54786@debbugs.gnu.org> Subject: Status: Installation tests are failing Reply-To: bug#54786 <54786@debbugs.gnu.org> Date: Wed, 18 Jun 2025 03:14:31 +0000 retitle 54786 Installation tests are failing reassign 54786 guix submitter 54786 Mathieu Othacehe severity 54786 important thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 08 05:51:13 2022 Received: (at submit) by debbugs.gnu.org; 8 Apr 2022 09:51:13 +0000 Received: from localhost ([127.0.0.1]:33982 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nclGr-00046b-3T for submit@debbugs.gnu.org; Fri, 08 Apr 2022 05:51:13 -0400 Received: from lists.gnu.org ([209.51.188.17]:52842) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nclGq-00046V-Hs for submit@debbugs.gnu.org; Fri, 08 Apr 2022 05:51:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41834) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nclGq-0003P5-7o for bug-guix@gnu.org; Fri, 08 Apr 2022 05:51:12 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:39868) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nclGp-0004pi-KM; Fri, 08 Apr 2022 05:51:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=X8z9tl0YEXbTzy28okYDsy6yEr8fFMcakZ2hqmD43HA=; b=rPsvkifeI1/zXn Ru5UGi1AO/5vY5c/vmCOCeQikZ38YSXd+SLe8PgwLfB7AfqUDZIb6Y0MV/CF7K9x7brK/uOCRbkOn g/zNZSNH6cJmeXMki1U1z1BlDH6cpZTVbl6sPHULilae/uEUz7cqSmdnvZ8Pc7gFarGJlzaERnKFq lGz5O6UkZEo7QxtEJ7Xc0GlBv6gZFNUXdDl0N7N1OL++t6ziFfnWWjLiK2YSTzctFwXTTciEdoEXs tjQ6PS1/S8A01CQCRUhySXzCKp44wHa10XQPa/3Y74iZswJElFnz51f7LILQ/6zP0Ih4LH91eGi4x IY/6YwYoxUvr+/IBrNFQ==; Received: from 71.125.192.77.rev.sfr.net ([77.192.125.71]:60936 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nclGp-0008Tc-5a; Fri, 08 Apr 2022 05:51:11 -0400 From: Mathieu Othacehe To: bug-guix@gnu.org Subject: Installation tests are failing Date: Fri, 08 Apr 2022 11:51:08 +0200 Message-ID: <87r167rjhv.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, The installation tests are failing this way: --8<---------------cut here---------------start------------->8--- conversation expecting pattern ((quote pause)) Apr 7 17:41:58 localhost installer[227]: guix system: error: failed to connect to `/var/guix/daemon-socket/socket': Connection refused --8<---------------cut here---------------end--------------->8--- this is right after the 'guix-daemon' service is restarted. It looks like this regression is introduced by the switch to the new Shepherd release. See: https://ci.guix.gnu.org/build/646754/details https://ci.guix.gnu.org/build/646759/details https://ci.guix.gnu.org/build/646766/details https://ci.guix.gnu.org/build/646773/details Thanks, Mathieu From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 08 11:10:36 2022 Received: (at submit) by debbugs.gnu.org; 8 Apr 2022 15:10:36 +0000 Received: from localhost ([127.0.0.1]:35576 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncqFw-0006ls-Kj for submit@debbugs.gnu.org; Fri, 08 Apr 2022 11:10:36 -0400 Received: from lists.gnu.org ([209.51.188.17]:49404) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncqFv-0006lj-Hh for submit@debbugs.gnu.org; Fri, 08 Apr 2022 11:10:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55810) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncqFu-0000WN-5F for bug-guix@gnu.org; Fri, 08 Apr 2022 11:10:34 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36954) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncqFt-0003HT-2Y; Fri, 08 Apr 2022 11:10:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=UufGxPXCgdGHvbDZma+NYl39O6rny3UdqumCowvcKE8=; b=iqnB4uYdHVZSA5wknBXk A3W5w0NlrHYppbNmWsnQNptMqRKj7Qtn6zLn5DkOj35fkFAYwOZhZJ2DD9/DlkAEJPN5ujbRxaiL5 nl79yfegK7FCzfMq03LDCNn2wR8UztV7IoK71oNi1+cpr0gyoG3KW8IvBgUhsOiA/diKhx8OZjX/P wEocdRS9vO24HMcJpLDBhqC4lJTt96Nt8NbJl249jX/4LXd3Zm2+qQ1eHpH4cZ0oZ59yk6U1wr2uT GECIpNwDFD0Nm9igxzsUyIURp3yJ70tvS4zWPoy262Z9HEts770bTIbGlsSz48KKaqsercURD8++t yUF6uI2Devylpw==; Received: from 71.125.192.77.rev.sfr.net ([77.192.125.71]:60958 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncqFl-0007uJ-J2; Fri, 08 Apr 2022 11:10:32 -0400 From: Mathieu Othacehe To: bug-guix@gnu.org Subject: Re: Installation tests are failing References: <87r167rjhv.fsf@gnu.org> Date: Fri, 08 Apr 2022 17:10:23 +0200 In-Reply-To: <87r167rjhv.fsf@gnu.org> (Mathieu Othacehe's message of "Fri, 08 Apr 2022 11:51:08 +0200") Message-ID: <87v8vjwqzk.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) The following tests are also failing since the Shepherd upgrade: * cgit-test (https://ci.guix.gnu.org/build/646812/details) * tailon-test (https://ci.guix.gnu.org/build/646822/details) * gitile-test (https://ci.guix.gnu.org/build/646813/details) * jami-provisioning-test (https://ci.guix.gnu.org/build/646810/details) * jami-test (https://ci.guix.gnu.org/build/646811/details) Thanks, Mathieu From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 26 04:28:01 2022 Received: (at control) by debbugs.gnu.org; 26 Apr 2022 08:28:01 +0000 Received: from localhost ([127.0.0.1]:36996 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njGYD-0000pB-66 for submit@debbugs.gnu.org; Tue, 26 Apr 2022 04:28:01 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45136) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njGYB-0000ow-JX for control@debbugs.gnu.org; Tue, 26 Apr 2022 04:27:59 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:56462) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njGY6-0005Lz-AP for control@debbugs.gnu.org; Tue, 26 Apr 2022 04:27:54 -0400 Received: from 71.125.192.77.rev.sfr.net ([77.192.125.71]:42306 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njGY5-0005N7-TY for control@debbugs.gnu.org; Tue, 26 Apr 2022 04:27:54 -0400 Date: Tue, 26 Apr 2022 10:27:51 +0200 Message-Id: <87bkwow8oo.fsf@meije.i-did-not-set--mail-host-address--so-tickle-me> To: control@debbugs.gnu.org From: Mathieu Othacehe Subject: control message for bug #54786 X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.9 (--) severity 54786 important quit From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 28 03:22:41 2022 Received: (at 54786) by debbugs.gnu.org; 28 Apr 2022 07:22:41 +0000 Received: from localhost ([127.0.0.1]:45138 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njyU5-0006yA-Dt for submit@debbugs.gnu.org; Thu, 28 Apr 2022 03:22:41 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34060) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njyU3-0006xx-MT for 54786@debbugs.gnu.org; Thu, 28 Apr 2022 03:22:40 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45270) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njyTt-0000nF-DA; Thu, 28 Apr 2022 03:22:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=tZuOUB5Y3zjnNjmWGzZbEsIhFNASZOcDNLmS37PAZbo=; b=AVCyjVlwh9+jmHz/ouDT lgeXh+P4iCcxSIWEUPBOJ9I+Eq4B8qHhJcVpO9GfIEOjrziuhDDs3zjGdn5P/lWyS3VPjaANpPxWy JPAQAzjLmg99qdmji6pk/UDrYVlM7udNSgvIxvKnL1h6JEqMxhpVfGKi+qcG0WAU9ifNZhR589HRe 4rhzNKDbFN4u4j4D/oQw8YOU0qNH9XruUE/tKrbTgaTEyaUQcDAIJHbwXGQ1hZd2GbeAHhsAgDyeQ JnGDHnChGuBAnRNV4jk3bhYzFBZPZqttIu4YIYBML4k9CCNQ4T4U690RFVMmtlJeAtm37KGgSqS+6 JG50IN7WLEs1RA==; Received: from 71.125.192.77.rev.sfr.net ([77.192.125.71]:42386 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njyTs-0007HN-Ij; Thu, 28 Apr 2022 03:22:28 -0400 From: Mathieu Othacehe To: 54786@debbugs.gnu.org Subject: Re: bug#54786: Installation tests are failing References: <87r167rjhv.fsf@gnu.org> <87v8vjwqzk.fsf@gnu.org> Date: Thu, 28 Apr 2022 09:22:26 +0200 In-Reply-To: <87v8vjwqzk.fsf@gnu.org> (Mathieu Othacehe's message of "Fri, 08 Apr 2022 17:10:23 +0200") Message-ID: <87zgk5brkd.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Those tests are still failing. It looks like most of the failures are caused by daemons started multiple times. > * cgit-test (https://ci.guix.gnu.org/build/646812/details) The nginx daemon seems to be started multiple times: --8<---------------cut here---------------start------------->8--- nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) This is the GNU system. Welcome. komputilo login: nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) nginx: [emerg] still could not bind() /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:1718: ERROR: 1. &action-exception-error: service: nginx action: start key: %exception args: ("#<&invoke-error program: \"/gnu/store/815abphg8vr8qkl8ykd8pyxp1v62c9gk-nginx-1.21.6/sbin/nginx\" arguments: (\"-c\" \"/gnu/store/rbjgg41p22lgkjwrc8inrhbmqah54cgq-nginx.conf\" \"-p\" \"/var/run/nginx\") exit-status: 1 term-signal: #f stop-signal: #f>") Tests failed, dumping log file '/gnu/store/p72g83l9nag6c830pzwgcgpnvnyr53p1-cgit-test/cgit.log'. --8<---------------cut here---------------end--------------->8--- > * gitile-test (https://ci.guix.gnu.org/build/646813/details) The nginx daemon seems to be started multiple times: --8<---------------cut here---------------start------------->8--- nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) This is the GNU system. Welcome. komputilo login: nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:19418 failed (98: Address already in use) nginx: [emerg] still could not bind() /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:1718: ERROR: 1. &action-exception-error: service: nginx action: start key: %exception args: ("#<&invoke-error program: \"/gnu/store/815abphg8vr8qkl8ykd8pyxp1v62c9gk-nginx-1.21.6/sbin/nginx\" arguments: (\"-c\" \"/gnu/store/ayafihmfwg3yw4hp8nw622g2rr9mw7vn-nginx.conf\" \"-p\" \"/var/run/nginx\") exit-status: 1 term-signal: #f stop-signal: #f>") Tests failed, dumping log file '/gnu/store/ix0hpwpr7b6zh20arig9bpg2lqzysxi7-gitile-test/gitile.log'. --8<---------------cut here---------------end--------------->8--- > * jami-provisioning-test (https://ci.guix.gnu.org/build/646810/details) > * jami-test (https://ci.guix.gnu.org/build/646811/details) Looks like those tests are failing because the daemon is started multiple times: --8<---------------cut here---------------start------------->8--- This is the GNU system. Welcome. jami login: Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 https://jami.net/ [Video support enabled] [Plugins support enabled] 12:21:08.165 os_core_unix.c !pjlib 2.11 for POSIX initialized Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 https://jami.net/ [Video support enabled] [Plugins support enabled] One does not simply initialize the client: Another daemon is detected /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:1718: ERROR: 1. &action-exception-error: service: jami action: start key: match-error args: ("match" "no matching pattern" #f) Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 https://jami.net/ [Video support enabled] [Plugins support enabled] One does not simply initialize the client: Another daemon is detected /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:1718: ERROR: 1. &action-exception-error: service: jami action: start key: match-error args: ("match" "no matching pattern" #f) Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 https://jami.net/ [Video support enabled] [Plugins support enabled] One does not simply initialize the client: Another daemon is detected /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:1718: ERROR: 1. &action-exception-error: service: jami action: start key: match-error args: ("match" "no matching pattern" #f) --8<---------------cut here---------------end--------------->8--- Thanks, Mathieu From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 28 15:19:43 2022 Received: (at 54786) by debbugs.gnu.org; 28 Apr 2022 19:19:43 +0000 Received: from localhost ([127.0.0.1]:49980 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nk9fy-0004dd-PG for submit@debbugs.gnu.org; Thu, 28 Apr 2022 15:19:42 -0400 Received: from eggs.gnu.org ([209.51.188.92]:56952) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nk9fx-0004dQ-34 for 54786@debbugs.gnu.org; Thu, 28 Apr 2022 15:19:41 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58238) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nk9fr-0005IG-T4 for 54786@debbugs.gnu.org; Thu, 28 Apr 2022 15:19:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=XUtZBeT1Nw+P+JFOnzr8udHM7kNZFiS+Bf3OO9Qx4P0=; b=qCGRk9eVcB33RbvfOc5L 01JnZmhF6Yj73con5ghWUZawROdwSiHgjH1uFvzNPqdvkqiK5s8toqkcC6sNWIA4phfw/yrBEis0Y s5wNczm7rs0to7HbeNg30SRy1srDXkLQM4lCx/PfB+/d7odHg/S25+ZYxZk6bWHXdjzJLiYR5gcEW 4MM3G90HV05ZFv6mQYvXcrcx0fYGjYPDgAuiXjdBOtGXPQHOf3ED3UwZhEFasTSFQUB1JBfynAte/ ObkzkV7v8vJa71bLFuhEUzZM59O4FrEm49Bs3Ljzz9yKHRb/SSy2x590Tm53Uafm+ZeUoN889ccj7 CsBPhqkpc3iI2g==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:52340 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nk9fr-0006bi-GK; Thu, 28 Apr 2022 15:19:35 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#54786: Installation tests are failing References: <87r167rjhv.fsf@gnu.org> <87v8vjwqzk.fsf@gnu.org> <87zgk5brkd.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 9 =?utf-8?Q?Flor=C3=A9al?= an 230 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 28 Apr 2022 21:19:33 +0200 In-Reply-To: <87zgk5brkd.fsf@gnu.org> (Mathieu Othacehe's message of "Thu, 28 Apr 2022 09:22:26 +0200") Message-ID: <87y1zpaud6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Mathieu Othacehe skribis: >> * cgit-test (https://ci.guix.gnu.org/build/646812/details) > > The nginx daemon seems to be started multiple times: I believe this is caused by a change of semantics (really: a bug) in the shepherd =E2=80=98start=E2=80=99 method in 0.9.0. Previously, =E2=80=98start=E2=80=99 would wait until the daemon was started= . If the service was being started, shepherd wouldn=E2=80=99t reply until it was done starting it. In 0.9.0, shepherd replies even while it=E2=80=99s waiting for the service = to be started. But as a consequence, it lets you start a service that is already being started, leading to this mess you reported. The proper fix is to better track the status of each service in shepherd, and to prevent double-starts. In the interim, perhaps we can work around that by using a different check to determine whether the service is running. For instance, instead of: (test-assert "nginx running" (marionette-eval '(begin (use-modules (gnu services herd)) (start-service 'nginx)) marionette)) =E2=80=A6 we=E2=80=99d write something like: (test-assert "nginx running" (wait-for-file "/var/run/nginx/pid")) Thoughts? I=E2=80=99ll give that a try. Thanks for the heads-up! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 29 15:50:19 2022 Received: (at 54786) by debbugs.gnu.org; 29 Apr 2022 19:50:19 +0000 Received: from localhost ([127.0.0.1]:55386 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nkWd9-0005Qb-AT for submit@debbugs.gnu.org; Fri, 29 Apr 2022 15:50:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:47460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nkWd7-0005QJ-FV for 54786@debbugs.gnu.org; Fri, 29 Apr 2022 15:50:17 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55938) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nkWd2-00047t-4C for 54786@debbugs.gnu.org; Fri, 29 Apr 2022 15:50:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=tZhY8rkN+oeYDwU+uc4Wu5I1wkX6HB2G6yf3u0N9sI4=; b=OXY+H+VQWLeWHNfJEK1/ krZ7ZSPfxRFSMe2h9YuON98HPGLhHCTa9NGprxvFdzN2oP6gRXd0Cwnk2vt6yMkOAyxwpQWCk9meP nzlykc7vWnEUO83/2JA2+y9qIs57g7FLFGgMuANqTJksJFgPZHWUv/jnyWLFmY6wOuzbzrrFC+x8C V8Kqi2K+H3LhSEZ3wgzIVAZRS01uEc/6fnHP0amnBoGzTBYbvXYrAydc1bcVALFUof63l5tGBlInV aP5gIHx/rlOSFHb/UvmiESiVgu3bsV5Oarkmkk+XcW39+UCtdKv/COeuFg2AWzoWoO7nIdMGYSnSC UpJXpjFrg5gmJg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:63252 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nkWd1-0008Ck-O1; Fri, 29 Apr 2022 15:50:11 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#54786: Installation tests are failing References: <87r167rjhv.fsf@gnu.org> <87v8vjwqzk.fsf@gnu.org> <87zgk5brkd.fsf@gnu.org> <87y1zpaud6.fsf@gnu.org> Date: Fri, 29 Apr 2022 21:50:09 +0200 In-Reply-To: <87y1zpaud6.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Thu, 28 Apr 2022 21:19:33 +0200") Message-ID: <87mtg3655a.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: > In the interim, perhaps we can work around that by using a different > check to determine whether the service is running. For instance, > instead of: > > (test-assert "nginx running" > (marionette-eval > '(begin > (use-modules (gnu services herd)) > (start-service 'nginx)) > marionette)) > > =E2=80=A6 we=E2=80=99d write something like: > > (test-assert "nginx running" > (wait-for-file "/var/run/nginx/pid")) I pushed something along these lines as 73eeeeafbb0765f76834b53c9fe6cf3c8f740840. I wasn=E2=80=99t able to fix the tailon test because the =E2=80=98tailon=E2= =80=99 package doesn=E2=80=99t build and I failed to address that in a timely fashion. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 30 09:02:20 2022 Received: (at 54786) by debbugs.gnu.org; 30 Apr 2022 13:02:20 +0000 Received: from localhost ([127.0.0.1]:56111 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nkmjs-00050n-4P for submit@debbugs.gnu.org; Sat, 30 Apr 2022 09:02:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58726) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nkmjq-00050a-7F for 54786@debbugs.gnu.org; Sat, 30 Apr 2022 09:02:18 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:44136) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nkmjk-0001s8-4M; Sat, 30 Apr 2022 09:02:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=ecJxUlLQwHEUzKlC1YxBu8pumw/K6P9I6ftzTxXihQE=; b=iyCDWt+M2qvKgxIk1wZf Eg83xSSFwagSnhWARx1LVNxJWC3OJSnbuKITIzVbMf5tisKVVo19dnaFSgtWx2ELG3Mgeqcvcuosz +Nc5VEBdnRsHu9pgFGfKDbfTydbMxEAB626DqmRdDA0SWNwIWLSxexRgOhhCnsef004+YfmCEV8AG frx8/tIMfDXuPvYfBQy7xaVJ7/vZ+rKWsA4JnSIyFvapoP8JkXF2B2dctB7pDom2mLc4lSFJQR19g tZ2bnzNn61u+7KhdFKzahVQG7t+UtV2VMVgnWfmRTF23sDwYqG5XC3tg3VFkVZc9ShDhy9KBQzw1+ Uca/kauuAEp2/g==; Received: from 71.125.192.77.rev.sfr.net ([77.192.125.71]:37454 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nkmji-0005Do-VO; Sat, 30 Apr 2022 09:02:11 -0400 From: Mathieu Othacehe To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#54786: Installation tests are failing References: <87r167rjhv.fsf@gnu.org> <87v8vjwqzk.fsf@gnu.org> <87zgk5brkd.fsf@gnu.org> <87y1zpaud6.fsf@gnu.org> <87mtg3655a.fsf@gnu.org> Date: Sat, 30 Apr 2022 15:02:07 +0200 In-Reply-To: <87mtg3655a.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Fri, 29 Apr 2022 21:50:09 +0200") Message-ID: <875ymqwwq8.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hey Ludo, > I pushed something along these lines as > 73eeeeafbb0765f76834b53c9fe6cf3c8f740840. Thanks for the fix! The jami and jami-provisioning tests are also broken because of what looks like to be the same issue: --8<---------------cut here---------------start------------->8--- One does not simply initialize the client: Another daemon is detected /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:1718: ERROR: 1. &action-exception-error: service: jami action: start key: match-error args: ("match" "no matching pattern" #f) Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 https://jami.net/ [Video support enabled] [Plugins support enabled] --8<---------------cut here---------------end--------------->8--- I think we don't have the right approach here: we should check that the system tests are passing before pushing series and not adapt the tests afterwards. Historically this was difficult because the system tests were often in a semi-broken state. Before the Shepherd update the tests were however all passing (modulo rare intermittent failures). As it's not always obvious what's going to break the system tests and what's not (simple package update can easily break them), it would be really nice to have mandatory commit verification. The mumi/cuirass gateway that has already been discussed could really help us here. If some people are motivated, we could split the work and introduce such a mechanism. Thanks, Mathieu From debbugs-submit-bounces@debbugs.gnu.org Sun May 01 09:26:30 2022 Received: (at 54786) by debbugs.gnu.org; 1 May 2022 13:26:30 +0000 Received: from localhost ([127.0.0.1]:59901 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nl9an-000889-Vs for submit@debbugs.gnu.org; Sun, 01 May 2022 09:26:30 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42436) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nl9al-00087u-Em for 54786@debbugs.gnu.org; Sun, 01 May 2022 09:26:28 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:37428) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nl9ag-00073p-57 for 54786@debbugs.gnu.org; Sun, 01 May 2022 09:26:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=0bKB3hUg/uju2Vfxj70iJews+mraCPVLh3qUOaGH3+Y=; b=cEEZ5jrpp9ruCby5fCKJ fpsbsjl2WcAMdQ9HQQz//BIzTNVSGvIfUDxoCJSIlxoDhc2FU954UYk4H3LrykFallQeZ0mCqvKq4 RbArbJrrlLccs1KyJoIK6NkCoKzozjV2LA6vlmCb5Z5gSTAjojiW7NPdA9KzpgN6n4mAgoTXCbUEv 4m0PSf/Fp/5kfZEcb+hNTB1us+PFgug69dasDUhoRQzbmxLwUxohRy/BIValxLx3LpeF8G9yLC4Ri 3jH7v/2cb6quFfllaK4hEko8kOpK5EtcLqIuFa3sdoFIklxbJYKHpgxH0fL9XTQkRS5mk+lT6wAa+ 3pi89HUhJOL7EQ==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38902 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nl9af-0000VW-Ne; Sun, 01 May 2022 09:26:21 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Mathieu Othacehe Subject: Re: bug#54786: Installation tests are failing References: <87r167rjhv.fsf@gnu.org> <87v8vjwqzk.fsf@gnu.org> <87zgk5brkd.fsf@gnu.org> <87y1zpaud6.fsf@gnu.org> <87mtg3655a.fsf@gnu.org> <875ymqwwq8.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 12 =?utf-8?Q?Flor=C3=A9al?= an 230 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sun, 01 May 2022 15:26:20 +0200 In-Reply-To: <875ymqwwq8.fsf@gnu.org> (Mathieu Othacehe's message of "Sat, 30 Apr 2022 15:02:07 +0200") Message-ID: <875ymp4c5f.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Mathieu Othacehe skribis: > Thanks for the fix! The jami and jami-provisioning tests are also broken > because of what looks like to be the same issue: > > One does not simply initialize the client: Another daemon is detected > /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:171= 8: ERROR: > 1. &action-exception-error: > service: jami > action: start > key: match-error > args: ("match" "no matching pattern" #f) > Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 > https://jami.net/ > [Video support enabled] > [Plugins support enabled] Yes, I noticed that, but I=E2=80=99m not sure how to apply a similar workar= ound. > I think we don't have the right approach here: we should check that the > system tests are passing before pushing series and not adapt the tests > afterwards. Yes, apologies for that. > Historically this was difficult because the system tests were often in a > semi-broken state. Before the Shepherd update the tests were however all > passing (modulo rare intermittent failures). > > As it's not always obvious what's going to break the system tests and > what's not (simple package update can easily break them), it would be > really nice to have mandatory commit verification. > > The mumi/cuirass gateway that has already been discussed could really > help us here. If some people are motivated, we could split the work and > introduce such a mechanism. Yes, I agree; an =E2=80=9Calways green=E2=80=9D =E2=80=98master=E2=80=99 br= anch would be great. Do you have milestones in mind for =E2=80=9Ccommit verification=E2=80=9D? As I see it, the difficulty is that we=E2=80=99ve been looking at a horizon= of features =C3=A0 la GitLab-CI without being quite sure how to get there (apa= rt from deploying GitLab or a similar tool, that is). A first step that comes to mind would be an easier way to set up transient jobsets for a branch (or, ideally, for an issue: the thing would apply patches and create the branch). Thoughts? (Maybe worth moving to guix-devel.) Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue May 24 23:43:36 2022 Received: (at 54786) by debbugs.gnu.org; 25 May 2022 03:43:36 +0000 Received: from localhost ([127.0.0.1]:54040 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nthvs-0005fY-8T for submit@debbugs.gnu.org; Tue, 24 May 2022 23:43:36 -0400 Received: from mail-qk1-f169.google.com ([209.85.222.169]:39838) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nthvm-0005fH-UD for 54786@debbugs.gnu.org; Tue, 24 May 2022 23:43:34 -0400 Received: by mail-qk1-f169.google.com with SMTP id 14so10372691qkl.6 for <54786@debbugs.gnu.org>; Tue, 24 May 2022 20:43:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=4DORaKH0NY7TY3IYS47c1Abnri2U7PQfapbki16QimU=; b=iY+abOHKY4iiACbxHtiXCJUvHcnQdCPxavsJvVfoKbT3ZlQ2PZUwLLqKLXABv7oe2P yHsS6xzsK8shaBepQrDkqnGSm66otTxFDCiwNu4znPiZtNjX/+zGGJajQYGedQ+KwuRV v27lj/Uw+o2uPghhX22Z1j0WlT7aiAmAlMMD7l1MX1KEDfexCPLLCvo9RMuGtFsdDX23 aesiLnRhhQ2UqZpg9c8PgGHqo+5BdIh3vEAVAr4ODQF8BSDHGUiKLrdgTny1Mt2+S0bi s2lWPNjcCddb0tfkXFnNnp/nUyGfaI9KI3AgcmGgt3jH/TiCbL6HP0PzZX0vEBxaurRU vZkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=4DORaKH0NY7TY3IYS47c1Abnri2U7PQfapbki16QimU=; b=SKtoSoWa0ZyTkxAX6H6wTknCFSGjxo18Pl+WxjuFj7kN0Un2MtZKNqRiXNBm92dz8R YfyMsf/tak3EGTBWRQSOwsn3LQR3wvRJfMjvka8/X8HVX/SzfePwJw8oyRZNU9VfE9G6 J50O7eX0yoQqkdi8C98aBbSpKyCJE+M6N8c9DE9RnK7CMMeOCeuMRgWQNDH79h+L2qbv dIsiyji47i40K7UOHyEwUcbHn5nO8eUxocKn0dIe07VPlBNjxT+yqK++5Go+phZdAApy +bgMa4DQiNiJtOVlq21clEfSqiD5AHxSLzWZhRn/HBbf2MKRI8yM9KIocfc62imlV0Lm rdQA== X-Gm-Message-State: AOAM533x4b+9wUNqwwLJeW4GH7FomSt5eeAPh77fyH+Qe0pWQWEEfORe 5+ApslqPdr+t1ITEaC+9LbJnOFKGQapvUQ== X-Google-Smtp-Source: ABdhPJxlm3LUHm7zZQmm8nqKff/UMwxGVIGlYSdgsNCo+j5ZthHI8LHJ5B7P9eYpjxukVrYDNeG1iA== X-Received: by 2002:a05:620a:3714:b0:6a5:564b:222f with SMTP id de20-20020a05620a371400b006a5564b222fmr5023908qkb.648.1653450205063; Tue, 24 May 2022 20:43:25 -0700 (PDT) Received: from hurd (dsl-157-33.b2b2c.ca. [66.158.157.33]) by smtp.gmail.com with ESMTPSA id b126-20020a379984000000b006a32c991501sm692563qke.12.2022.05.24.20.43.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 May 2022 20:43:24 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#54786: Installation tests are failing References: <87r167rjhv.fsf@gnu.org> <87v8vjwqzk.fsf@gnu.org> <87zgk5brkd.fsf@gnu.org> <87y1zpaud6.fsf@gnu.org> <87mtg3655a.fsf@gnu.org> <875ymqwwq8.fsf@gnu.org> <875ymp4c5f.fsf@gnu.org> Date: Tue, 24 May 2022 23:43:23 -0400 In-Reply-To: <875ymp4c5f.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Sun, 01 May 2022 15:26:20 +0200") Message-ID: <87a6b646qs.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54786 Cc: Mathieu Othacehe , 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Ludovic Court=C3=A8s writes: > Hi, > > Mathieu Othacehe skribis: > >> Thanks for the fix! The jami and jami-provisioning tests are also broken >> because of what looks like to be the same issue: >> >> One does not simply initialize the client: Another daemon is detected >> /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:17= 18: ERROR: >> 1. &action-exception-error: >> service: jami >> action: start >> key: match-error >> args: ("match" "no matching pattern" #f) >> Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 >> https://jami.net/ >> [Video support enabled] >> [Plugins support enabled] > > Yes, I noticed that, but I=E2=80=99m not sure how to apply a similar work= around. I tried fixing that today, but so far I've only managed to understand what seems to be going wrong, with this (not so great) workflow: 1. Add pk uses in the code. 2. $(./pre-inst-env guix system vm --no-graphic -e '(@@ (gnu tests telephony) %jami-os)' --no-offload --no-substitutes) -m 512 -nic user,model=3Dvirtio-net-pci,hostfwd=3Dtcp::10022-:22 3. ssh -o UserKnownHostsFile=3D/dev/null -o StrictHostKeyChecking=3Dno -p 10022 root@localhost and poke around with 'herd status', read /var/log/messages, experiment with dbus-send, etc. This allowed me to find out that (dbus-available-services) appears to be broken. I'm not sure why the exceptions are reported so badly by Shepherd (are exceptions raised with 'error' not handled by Shepherd or something? -- the with-retries loop should end up printing the caught exception arguments -- I would also have expected to see the backtrace somewhere. Anyway, connecting to another machine that is running the jami-service-type still (hasn't been reconfigured in a while), I could see: --8<---------------cut here---------------start------------->8--- scheme@(guix-user)> ,use (gnu build jami-service) scheme@(guix-user)> (dbus-available-services) ;;; Failed to autoload fork+exec-command in (shepherd service): ;;; no code for module (fibers) ice-9/boot-9.scm:1685:16: In procedure raise-exception: error: fork+exec-command: unbound variable --8<---------------cut here---------------end--------------->8--- Oh yes, so it now requires guile-fibers. After installing it: --8<---------------cut here---------------start------------->8--- scheme@(guix-user)> ,use (gnu build jami-service) scheme@(guix-user)> (dbus-available-services) ice-9/boot-9.scm:1685:16: In procedure raise-exception: No scheduler current; call within run-fibers instead --8<---------------cut here---------------end--------------->8--- So the users of fork+exec-command (a public API) needs to be adjusted. I suspect that's the crux of the issue here. The rest (the jami tests using Shepherd's start-service to check the service status and causing multiple starts) should be easy to workaround. To be continued... Maxim From debbugs-submit-bounces@debbugs.gnu.org Sat May 28 17:30:05 2022 Received: (at 54786) by debbugs.gnu.org; 28 May 2022 21:30:05 +0000 Received: from localhost ([127.0.0.1]:38996 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nv40a-0008Eo-Ir for submit@debbugs.gnu.org; Sat, 28 May 2022 17:30:05 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51608) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nv40X-0008Dr-BN for 54786@debbugs.gnu.org; Sat, 28 May 2022 17:30:03 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35706) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nv40S-0001m7-45; Sat, 28 May 2022 17:29:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=cALznP336b0XzYnr8OoUIaupIzl/sSXL44N3jg0JGsE=; b=kT0d84/nq5832BSr4VKV d89sr4JZxm6ny/2vHTeVTErXZzl84CLl7mvcLW9sZxFN+FGkmqGdqxT7OHlW+IMdoA8uPd00h/wQm tDG9SSiGJ9fDUM7JoFYxyh0Mmmsna1NZKEmTbCbzg8p6RgXuBnD00nNFyFLw04rkfT64dh5K8Bjkg woPswpFaU/q/amcO2K6YAsZ6guZaFTBCO+EvL6GUn/m6sSE6/WnTjsEIMvO2der1gmSjepmOSymRH FiJqXyUkt2n80Y1FOXFSgeOhMzRtc/6/CY/FByZg2IQJuquAq2qBY9xMc8x8JGBBzpAdsF6NTf+Bl Qm/bifetpcCMig==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:56035 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nv40R-0003SK-N4; Sat, 28 May 2022 17:29:55 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: bug#54786: Installation tests are failing References: <87r167rjhv.fsf@gnu.org> <87v8vjwqzk.fsf@gnu.org> <87zgk5brkd.fsf@gnu.org> <87y1zpaud6.fsf@gnu.org> <87mtg3655a.fsf@gnu.org> <875ymqwwq8.fsf@gnu.org> <875ymp4c5f.fsf@gnu.org> <87a6b646qs.fsf@gmail.com> Date: Sat, 28 May 2022 23:29:54 +0200 In-Reply-To: <87a6b646qs.fsf@gmail.com> (Maxim Cournoyer's message of "Tue, 24 May 2022 23:43:23 -0400") Message-ID: <878rql9wh9.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: Mathieu Othacehe , 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Maxim, Maxim Cournoyer skribis: > Ludovic Court=C3=A8s writes: > >> Hi, >> >> Mathieu Othacehe skribis: >> >>> Thanks for the fix! The jami and jami-provisioning tests are also broken >>> because of what looks like to be the same issue: >>> >>> One does not simply initialize the client: Another daemon is detected >>> /gnu/store/01phrvxnxrg1q0gxa35g7f77q06crf6v-shepherd-marionette.scm:1:1= 718: ERROR: >>> 1. &action-exception-error: >>> service: jami >>> action: start >>> key: match-error >>> args: ("match" "no matching pattern" #f) >>> Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 >>> https://jami.net/ >>> [Video support enabled] >>> [Plugins support enabled] >> >> Yes, I noticed that, but I=E2=80=99m not sure how to apply a similar wor= karound. > > I tried fixing that today, but so far I've only managed to understand > what seems to be going wrong, with this (not so great) workflow: While working on , I figured =E2=80=98wait-for-service=E2=80=99 could be useful for system tests that we= re previously using =E2=80=98start-service=E2=80=99 as a way to wait for a service to be = up and running. I tried the following change, which should be semantically equivalent to what was happening with the Shepherd 0.8. However, it doesn=E2=80=99t seem= to work, for reasons that escape me. Thoughts? Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/tests/telephony.scm b/gnu/tests/telephony.scm index bc464a431a..c219868859 100644 --- a/gnu/tests/telephony.scm +++ b/gnu/tests/telephony.scm @@ -145,11 +145,7 @@ (define marionette (marionette-eval '(begin (use-modules (gnu services herd)) - (match (start-service 'jami) - (#f #f) - (('service response-parts ...) - (match (assq-ref response-parts 'running) - ((pid) (number? pid)))))) + (wait-for-service 'jami #:timeout 60)) marionette)) (test-assert "service can be stopped" @@ -158,12 +154,7 @@ (define marionette (use-modules (gnu services herd) (rnrs base)) (setenv "PATH" "/run/current-system/profile/bin") - (let ((pid (match (start-service 'jami) - (#f #f) - (('service response-parts ...) - (match (assq-ref response-parts 'running) - ((pid) pid)))))) - + (let ((pid (wait-for-service 'jami))) (assert (number? pid)) (match (stop-service 'jami) @@ -193,14 +184,10 @@ (define pid (match (start-service 'jami) ;; Restart the service. (restart-service 'jami) - (define new-pid (match (start-service 'jami) - (#f #f) - (('service response-parts ...) - (match (assq-ref response-parts 'running) - ((pid) pid))))) + (define new-pid (wait-for-service 'jami)) (assert (number? new-pid)) - (not (eq? pid new-pid))) + (not (= pid new-pid))) marionette)) (unless #$provisioning? (test-skip 1)) --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue May 31 12:44:42 2022 Received: (at 54786) by debbugs.gnu.org; 31 May 2022 16:44:42 +0000 Received: from localhost ([127.0.0.1]:48761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nw4yw-0005Lu-Rp for submit@debbugs.gnu.org; Tue, 31 May 2022 12:44:42 -0400 Received: from mail-qt1-f181.google.com ([209.85.160.181]:39874) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nw4ys-0005La-OQ for 54786@debbugs.gnu.org; Tue, 31 May 2022 12:44:34 -0400 Received: by mail-qt1-f181.google.com with SMTP id x7so13706166qta.6 for <54786@debbugs.gnu.org>; Tue, 31 May 2022 09:44:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3kxxOUG0t2tFK223MBg4h62bzR5/VGuuqRqg0O1kgsE=; b=etQoUv0hWP7WDwlnrQHZEQh6FaTwyciXZfOhZNdCq/IQvxpE8riQp4qSBW/s71qOFO dwBe4V/VwJMEnp8H1kJRePS+rdqPzcIjrM5UWt0ZnPiLSO42KsjqoOE22t9PjTSs2jwD 13sKDYL7QiMMs1+57JGdYmNsmJwP/GZk6AawdzZwCVwO9IGZI7Tjcl4mNs72iZIlcXuT /KImDErxhQYYIq9cv8qXUMjM23dV1YptWWb5t07xpvrkTY6whX/z5ptFyVdwhRn28SKm LcvZmXyVx2fWE+zIfzEhwb6QwuEDJc1mFOcIyzqrgGKRJ4GZMrZPT4a3BB45G4LPF+ej ly5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3kxxOUG0t2tFK223MBg4h62bzR5/VGuuqRqg0O1kgsE=; b=k9AiZ3cLsFwyfpktIYcGJbXvSjg551BlxLlNKLfmCHayI+YnXpvanpPpYZUZr504tr NCzhR94dGxlHi9dEb0y9UE3QNaxTb+a7c8U3CDAQ9zxP7lb3FEqKUbQ1T20wYwpVWpoy eI471N+VoKwyxfg9WlNRofJWT6zGGupFeegpfwqQjtg2ojuKo+zv6xcTv8wfNBYUPXwG GOllS2mM7c15Sg2WPmvDNYf+YQc3zV8V2KELcoKRiirelEOmukFjTfH8a49rE9QHRe2U VV16lYUAKjhlYzyODMQvIvx8Bh2vrvbYgq8BzE4wxRMAik1H5KY+R8TsIHJ4DUKoJzHX ycXQ== X-Gm-Message-State: AOAM532QiEoMchJwSSOFUBpySCNkcWbSM4CzRZcnUbde4XFziwdj2i34 ghdQaWC+2ewoEYsU2Hhe1spz5k2Ud0lADg== X-Google-Smtp-Source: ABdhPJysMZGynYCEyH1VOi6O0bPZG50uB4x5SGa4f7xO/FW96A8hIWPR61yQ5A+vnAd6jRNuZD52lw== X-Received: by 2002:a05:622a:1906:b0:2fc:59eb:6d32 with SMTP id w6-20020a05622a190600b002fc59eb6d32mr22301774qtc.630.1654015463216; Tue, 31 May 2022 09:44:23 -0700 (PDT) Received: from localhost.localdomain (dsl-154-171.b2b2c.ca. [66.158.154.171]) by smtp.gmail.com with ESMTPSA id 5-20020a05620a06c500b0069fc13ce1e8sm9599995qky.25.2022.05.31.09.44.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 31 May 2022 09:44:22 -0700 (PDT) From: Maxim Cournoyer To: 54786@debbugs.gnu.org Subject: [PATCH] services: jami: Modernize to adjust to Shepherd 0.9+ changes. Date: Tue, 31 May 2022 12:44:07 -0400 Message-Id: <20220531164407.13914-1-maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <878rql9wh9.fsf@gnu.org> References: <878rql9wh9.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 1.6 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This partially fixes , allowing the 'jami' and 'jami-provisioning' system tests to pass again. In version 0.9.0, Shepherd constructors are now run concurrently, via cooperative scheduling (Guile Fibers). The Jami service previously relied on blocking sleeps while polling for D-Bus services to b [...] Content analysis details: (1.6 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.160.181 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [209.85.160.181 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (maxim.cournoyer[at]gmail.com) 1.6 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: nixo.xyz (xyz)] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, ludo@gnu.org, Maxim Cournoyer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.6 (/) This partially fixes , allowing the 'jami' and 'jami-provisioning' system tests to pass again. In version 0.9.0, Shepherd constructors are now run concurrently, via cooperative scheduling (Guile Fibers). The Jami service previously relied on blocking sleeps while polling for D-Bus services to become ready after forking a process; this wouldn't work anymore since while blocking the service process wouldn't be given the chance to finish starting. The new reliance on Fibers in Shepherd's fork+exec-command in the helper 'send-dbus' procedure also meant that it wouldn't work outside of Shepherd anymore. Finally, the 'start-service' Shepherd procedure used in the test suite would cause the Jami daemon to be spawned multiple times (a bug introduced in Shepherd 0.9.0). To fix/simplify these problems, this change does the following: 1. Use the Guile AC/D-Bus library for D-Bus communication, which simplify things, such as avoiding the need to fork 'dbus-send' processes. 2. The non-blocking 'sleep' version of Fiber is used for the 'with-retries' waiting syntax. 3. A 'dbus' package variant is used to adjust the session bus configuration, tailoring it for the use case at hand. 4. Avoid start-service in the tests, preferring 'jami-service-available?' for now. * gnu/build/jami-service.scm (parse-dbus-reply, strip-quotes) (deserialize-item, serialize-boolean, dbus-dict->alist) (dbus-array->list, parse-account-ids, parse-account-details) (parse-contacts): Delete procedures. (%send-dbus-binary, %send-dbus-bus, %send-dbus-user, %send-dbus-group) (%send-dbus-debug): Delete parameters. (jami-service-running?): New procedure. (send-dbus/configuration-manager): Rename to... (call-configuration-manager-method): ... this. Turn METHOD into a positional argument. Turn ARGUMENTS into an optional argument. Invoke `call-dbus-method' instead of `send-dbus', adjusting callers accordingly. (get-account-ids, id->account-details, id->account-details) (id->volatile-account-details, username->id, add-account remove-account) (username->contacts, remove-contact, add-contact, set-account-details) (set-all-moderators, username->all-moderators?, username->moderators) (set-moderator): Adjust accordingly. (with-retries, send-dbus, dbus-available-services) (dbus-service-available?): Move to ... * gnu/build/dbus-service.scm: ... this new module. (send-dbus): Rewrite to use the Guile AC/D-Bus library. (%dbus-query-timeout, sleep*): New variables. (%current-dbus-connection): New parameter. (initialize-dbus-connection!, argument->signature-type) (call-dbus-method): New procedures. (dbus-available-services): Adjust accordingly. * gnu/local.mk (GNU_SYSTEM_MODULES): Register new module. * gnu/packages/glib.scm (dbus-for-jami): New variable. * gnu/services/telephony.scm: (jami-configuration)[dbus]: Default to dbus-for-jami. (jami-dbus-session-activation): Write a D-Bus daemon configuration file at '/var/run/jami/session-local.conf'. (jami-shepherd-services): Add the closure of guile-ac-d-bus and guile-fibers as extensions. Adjust imported modules. Remove no longer used parameters. : Use a PID file, avoiding the need for the manual synchronization. : Set DBUS_SESSION_BUS_ADDRESS environment variable. Poll using 'jami-service-available?' instead of 'dbus-service-available?'. * gnu/tests/telephony.scm (run-jami-test): Add needed Guile extensions. Set DBUS_SESSION_BUS_ADDRESS environment variable. Adjust all tests to use 'jami-service-available?' to determine if the service is started rather than the now problematic Shepherd's 'start-service'. --- gnu/build/dbus-service.scm | 212 ++++++++++++++++ gnu/build/jami-service.scm | 390 +++++------------------------ gnu/local.mk | 1 + gnu/packages/glib.scm | 19 +- gnu/services/telephony.scm | 500 +++++++++++++++++-------------------- gnu/tests/telephony.scm | 412 +++++++++++++++--------------- 6 files changed, 726 insertions(+), 808 deletions(-) create mode 100644 gnu/build/dbus-service.scm diff --git a/gnu/build/dbus-service.scm b/gnu/build/dbus-service.scm new file mode 100644 index 0000000000..d3d8c9f716 --- /dev/null +++ b/gnu/build/dbus-service.scm @@ -0,0 +1,212 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2021, 2022 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +;;; Commentary: +;;; +;;; This module contains procedures to interact with D-Bus via the 'dbus-send' +;;; command line utility. Before using any public procedure +;;; +;;; Code: + +(define-module (gnu build dbus-service) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-19) + #:use-module (srfi srfi-26) + #:autoload (d-bus protocol connections) (d-bus-conn? + d-bus-conn-flush + d-bus-connect + d-bus-disconnect + d-bus-session-bus-address + d-bus-system-bus-address) + #:autoload (d-bus protocol messages) (MESSAGE_TYPE_METHOD_CALL + d-bus-headers-ref + d-bus-message-body + d-bus-message-headers + d-bus-read-message + d-bus-write-message + header-PATH + header-DESTINATION + header-INTERFACE + header-MEMBER + header-SIGNATURE + make-d-bus-message) + #:export (%dbus-query-timeout + + initialize-dbus-connection! + %current-dbus-connection + send-dbus + call-dbus-method + + dbus-available-services + dbus-service-available? + + sleep* + with-retries)) + +(define %dbus-query-timeout 2) ;in seconds + +;;; Use Fibers' sleep to enable cooperative scheduling in Shepherd >= 0.9.0, +;;; which is required at least for the Jami service. +(define sleep* (if (resolve-module '(fibers) #f) + (module-ref (resolve-interface '(fibers)) 'sleep) + (begin + (format #f "fibers not available -- blocking 'sleep' in use") + sleep))) + +;;; +;;; Utilities. +;;; + +(define-syntax-rule (with-retries n delay body ...) + "Retry the code in BODY up to N times until it doesn't raise an exception nor +return #f, else raise an error. A delay of DELAY seconds is inserted before +each retry." + (let loop ((attempts 0)) + (catch #t + (lambda () + (let ((result (begin body ...))) + (if (not result) + (error "failed attempt" attempts) + result))) + (lambda args + (if (< attempts n) + (begin + (sleep* delay) ;else wait and retry + (loop (+ 1 attempts))) + (error "maximum number of retry attempts reached" + body ... args)))))) + + +;;; +;;; Low level wrappers above AC/D-Bus. +;;; + +;; The active D-Bus connection (a parameter) used by the other procedures. +(define %current-dbus-connection (make-parameter #f)) + +(define* (initialize-dbus-connection! + #:key (address (or (d-bus-session-bus-address) + (d-bus-system-bus-address)))) + "Initialize the D-Bus connection. ADDRESS should be the address of the D-Bus +session, e.g. \"unix:path=/var/run/dbus/system_bus_socket\", the default value +if ADDRESS is not provided and DBUS_SESSION_BUS_ADDRESS is not set. Return +the initialized D-Bus connection." + ;; Clear current correction if already active. + (when (d-bus-conn? (%current-dbus-connection)) + (d-bus-disconnect (%current-dbus-connection))) + + (let ((connection (d-bus-connect address))) + (%current-dbus-connection connection) ;update connection parameter + (call-dbus-method "Hello")) ;initial handshake + + (%current-dbus-connection)) + +(define* (send-dbus message #:key + (connection (%current-dbus-connection)) + timeout) + "Send a D-Bus MESSAGE to CONNECTION and return the body of its reply. Up to +READ-RETRIES replies are read until a matching reply is found, else an error +is raised. MESSAGE is to be constructed with `make-d-bus-message'. When the +body contains a single element, it is returned directly, else the body +elements are returned as a list. TIMEOUT is a timeout value in seconds." + (let ((serial (d-bus-write-message connection message)) + (start-time (current-time time-monotonic)) + (timeout* (or timeout %dbus-query-timeout))) + (d-bus-conn-flush connection) + (let retry () + (when (> (time-second (time-difference (current-time time-monotonic) + start-time)) + timeout*) + (error 'dbus "fail to get reply in timeout" timeout*)) + (let* ((reply (d-bus-read-message connection)) + (reply-headers (d-bus-message-headers reply)) + (reply-serial (d-bus-headers-ref reply-headers 'REPLY_SERIAL)) + (error-name (d-bus-headers-ref reply-headers 'ERROR_NAME)) + (body (d-bus-message-body reply))) + ;; Validate the reply matches the message. + (when error-name + (error 'dbus "method failed with error" error-name body)) + ;; Some replies do not include a serial header, such as the for the + ;; org.freedesktop.DBus NameAcquired one. + (if (and reply-serial (= serial reply-serial)) + (match body + ((x x* ..1) ;contains 2 ore more elements + body) + ((x) + x) ;single element; return it directly + (#f #f)) + (retry)))))) + +(define (argument->signature-type argument) + "Infer the D-Bus signature type from ARGUMENT." + ;; XXX: avoid ..1 when using vectors due to a bug (?) in (ice-9 match). + (match argument + ((? boolean?) "b") + ((? string?) "s") + (#((? string?) (? string?) ...) "as") + (#(((? string?) . (? string?)) + ((? string?) . (? string?)) ...) "a{ss}") + (_ (error 'dbus "no rule to infer type from argument" argument)))) + +(define* (call-dbus-method method + #:key + (path "/org/freedesktop/DBus") + (destination "org.freedesktop.DBus") + (interface "org.freedesktop.DBus") + (connection (%current-dbus-connection)) + arguments + timeout) + "Call the D-Bus method specified by METHOD, PATH, DESTINATION and INTERFACE. +The currently active D-Bus CONNECTION is used unless explicitly provided. +Method arguments may be provided via ARGUMENTS sent as the message body. +TIMEOUT limit the maximum time to allow for the reply. Return the body of the +reply." + (let ((message (make-d-bus-message + MESSAGE_TYPE_METHOD_CALL 0 #f '() + `#(,(header-PATH path) + ,(header-DESTINATION destination) + ,(header-INTERFACE interface) + ,(header-MEMBER method) + ,@(if arguments + (list (header-SIGNATURE + (string-join + (map argument->signature-type arguments) + ""))) + '())) + arguments))) + (send-dbus message #:connection connection #:timeout timeout))) + + +;;; +;;; Higher-level, D-Bus procedures. +;;; + +(define (dbus-available-services) + "Return the list of available (acquired) D-Bus services." + (let ((names (vector->list (call-dbus-method "ListNames")))) + ;; Remove entries such as ":1.7". + (remove (cut string-prefix? ":" <>) names))) + +(define (dbus-service-available? service) + "Predicate to check for the D-Bus SERVICE availability." + (member service (dbus-available-services))) + +;; Local Variables: +;; eval: (put 'with-retries 'scheme-indent-function 2) +;; End: diff --git a/gnu/build/jami-service.scm b/gnu/build/jami-service.scm index ddfc8cf937..0ceb03eb02 100644 --- a/gnu/build/jami-service.scm +++ b/gnu/build/jami-service.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2021 Maxim Cournoyer +;;; Copyright © 2021, 2022 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,16 +24,16 @@ ;;; Code: (define-module (gnu build jami-service) + #:use-module (gnu build dbus-service) #:use-module (ice-9 format) #:use-module (ice-9 match) - #:use-module (ice-9 peg) #:use-module (ice-9 rdelim) #:use-module (ice-9 regex) - #:use-module (rnrs io ports) - #:autoload (shepherd service) (fork+exec-command) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) - #:export (account-fingerprint? + #:export (jami-service-available? + + account-fingerprint? account-details->recutil get-accounts get-usernames @@ -51,43 +51,12 @@ (define-module (gnu build jami-service) set-all-moderators set-moderator username->all-moderators? - username->moderators - - dbus-available-services - dbus-service-available? - - %send-dbus-binary - %send-dbus-bus - %send-dbus-user - %send-dbus-group - %send-dbus-debug - send-dbus - - with-retries)) + username->moderators)) ;;; ;;; Utilities. ;;; -(define-syntax-rule (with-retries n delay body ...) - "Retry the code in BODY up to N times until it doesn't raise an exception -nor return #f, else raise an error. A delay of DELAY seconds is inserted -before each retry." - (let loop ((attempts 0)) - (catch #t - (lambda () - (let ((result (begin body ...))) - (if (not result) - (error "failed attempt" attempts) - result))) - (lambda args - (if (< attempts n) - (begin - (sleep delay) ;else wait and retry - (loop (+ 1 attempts))) - (error "maximum number of retry attempts reached" - body ... args)))))) - (define (alist->list alist) "Flatten ALIST into a list." (append-map (match-lambda @@ -104,212 +73,34 @@ (define (account-fingerprint? val) (and (string? val) (regexp-exec account-fingerprint-rx val))) - -;;; -;;; D-Bus reply parser. -;;; - -(define (parse-dbus-reply reply) - "Return the parse tree of REPLY, a string returned by the 'dbus-send' -command." - ;; Refer to 'man 1 dbus-send' for the grammar reference. Note that the - ;; format of the replies doesn't match the format of the input, which is the - ;; one documented, but it gives an idea. For an even better reference, see - ;; the `print_iter' procedure of the 'dbus-print-message.c' file from the - ;; 'dbus' package sources. - (define-peg-string-patterns - "contents <- header (item / container (item / container*)?) - item <-- WS type WS value NL - container <- array / dict / variant - array <-- array-start (item / container)* array-end - dict <-- array-start dict-entry* array-end - dict-entry <-- dict-entry-start item item dict-entry-end - variant <-- variant-start item - type <-- 'string' / 'int16' / 'uint16' / 'int32' / 'uint32' / 'int64' / - 'uint64' / 'double' / 'byte' / 'boolean' / 'objpath' - value <-- (!NL .)* NL - header < (!NL .)* NL - variant-start < WS 'variant' - array-start < WS 'array [' NL - array-end < WS ']' NL - dict-entry-start < WS 'dict entry(' NL - dict-entry-end < WS ')' NL - DQ < '\"' - WS < ' '* - NL < '\n'*") - - (peg:tree (match-pattern contents reply))) - -(define (strip-quotes text) - "Strip the leading and trailing double quotes (\") characters from TEXT." - (let* ((text* (if (string-prefix? "\"" text) - (string-drop text 1) - text)) - (text** (if (string-suffix? "\"" text*) - (string-drop-right text* 1) - text*))) - text**)) - -(define (deserialize-item item) - "Return the value described by the ITEM parse tree as a Guile object." - ;; Strings are printed wrapped in double quotes (see the print_iter - ;; procedure in dbus-print-message.c). - (match item - (('item ('type "string") ('value value)) - (strip-quotes value)) - (('item ('type "boolean") ('value value)) - (if (string=? "true" value) - #t - #f)) - (('item _ ('value value)) - value))) - -(define (serialize-boolean bool) - "Return the serialized format expected by dbus-send for BOOL." - (format #f "boolean:~:[false~;true~]" bool)) - -(define (dict->alist dict-parse-tree) - "Translate a dict parse tree to an alist." - (define (tuples->alist tuples) - (map (lambda (x) (apply cons x)) tuples)) - - (match dict-parse-tree - ('dict - '()) - (('dict ('dict-entry keys values) ...) - (let ((keys* (map deserialize-item keys)) - (values* (map deserialize-item values))) - (tuples->alist (zip keys* values*)))))) - -(define (array->list array-parse-tree) - "Translate an array parse tree to a list." - (match array-parse-tree - ('array - '()) - (('array items ...) - (map deserialize-item items)))) - - -;;; -;;; Low-level, D-Bus-related procedures. -;;; +(define (validate-fingerprint fingerprint) + "Validate that fingerprint is 40 characters long." + (unless (account-fingerprint? fingerprint) + (error "Account fingerprint is not valid:" fingerprint))) -;;; The following parameters are used in the jami-service-type service -;;; definition to conveniently customize the behavior of the send-dbus helper, -;;; even when called indirectly. -(define %send-dbus-binary (make-parameter "dbus-send")) -(define %send-dbus-bus (make-parameter #f)) -(define %send-dbus-user (make-parameter #f)) -(define %send-dbus-group (make-parameter #f)) -(define %send-dbus-debug (make-parameter #f)) - -(define* (send-dbus #:key service path interface method - bus - dbus-send - user group - timeout - arguments) - "Return the response of DBUS-SEND, else raise an error. Unless explicitly -provided, DBUS-SEND takes the value of the %SEND-DBUS-BINARY parameter. BUS -can be used to specify the bus address, such as 'unix:path=/var/run/jami/bus'. -Alternatively, the %SEND-DBUS-BUS parameter can be used. ARGUMENTS can be -used to pass input values to a D-Bus method call. TIMEOUT is the amount of -time to wait for a reply in milliseconds before giving up with an error. USER -and GROUP allow choosing under which user/group the DBUS-SEND command is -executed. Alternatively, the %SEND-DBUS-USER and %SEND-DBUS-GROUP parameters -can be used instead." - (let* ((command `(,(if dbus-send - dbus-send - (%send-dbus-binary)) - ,@(if (or bus (%send-dbus-bus)) - (list (string-append "--bus=" - (or bus (%send-dbus-bus)))) - '()) - "--print-reply" - ,@(if timeout - (list (format #f "--reply-timeout=~d" timeout)) - '()) - ,(string-append "--dest=" service) ;e.g., cx.ring.Ring - ,path ;e.g., /cx/ring/Ring/ConfigurationManager - ,(string-append interface "." method) - ,@(or arguments '()))) - (temp-port (mkstemp! (string-copy "/tmp/dbus-send-output-XXXXXXX"))) - (temp-file (port-filename temp-port))) - (dynamic-wind - (lambda () - (let* ((uid (or (and=> (or user (%send-dbus-user)) - (compose passwd:uid getpwnam)) -1)) - (gid (or (and=> (or group (%send-dbus-group)) - (compose group:gid getgrnam)) -1))) - (chown temp-port uid gid))) - (lambda () - (let ((pid (fork+exec-command command - #:user (or user (%send-dbus-user)) - #:group (or group (%send-dbus-group)) - #:log-file temp-file))) - (match (waitpid pid) - ((_ . status) - (let ((exit-status (status:exit-val status)) - (output (call-with-port temp-port get-string-all))) - (if (= 0 exit-status) - output - (error "the send-dbus command exited with: " - command exit-status output))))))) - (lambda () - (false-if-exception (delete-file temp-file)))))) - -(define (parse-account-ids reply) - "Return the Jami account IDs from REPLY, which is assumed to be the output -of the Jami D-Bus `getAccountList' method." - (array->list (parse-dbus-reply reply))) - -(define (parse-account-details reply) - "Parse REPLY, which is assumed to be the output of the Jami D-Bus -`getAccountDetails' method, and return its content as an alist." - (dict->alist (parse-dbus-reply reply))) - -(define (parse-contacts reply) - "Parse REPLY, which is assumed to be the output of the Jamid D-Bus -`getContacts' method, and return its content as an alist." - (match (parse-dbus-reply reply) - ('array - '()) - (('array dicts ...) - (map dict->alist dicts)))) +(define (jami-service-available?) + "Whether the Jami D-Bus service was acquired by the D-Bus daemon." + (unless (%current-dbus-connection) + (initialize-dbus-connection!)) + (dbus-service-available? "cx.ring.Ring")) ;;; -;;; Higher-level, D-Bus-related procedures. +;;; Bindings for the Jami D-Bus API. ;;; -(define (validate-fingerprint fingerprint) - "Validate that fingerprint is 40 characters long." - (unless (account-fingerprint? fingerprint) - (error "Account fingerprint is not valid:" fingerprint))) - -(define (dbus-available-services) - "Return the list of available (acquired) D-Bus services." - (let ((reply (parse-dbus-reply - (send-dbus #:service "org.freedesktop.DBus" - #:path "/org/freedesktop/DBus" - #:interface "org.freedesktop.DBus" - #:method "ListNames")))) - ;; Remove entries such as ":1.7". - (remove (cut string-prefix? ":" <>) - (array->list reply)))) - -(define (dbus-service-available? service) - "Predicate to check for the D-Bus SERVICE availability." - (member service (dbus-available-services))) - -(define* (send-dbus/configuration-manager #:key method arguments timeout) - "Query the Jami D-Bus ConfigurationManager service." - (send-dbus #:service "cx.ring.Ring" - #:path "/cx/ring/Ring/ConfigurationManager" - #:interface "cx.ring.Ring.ConfigurationManager" - #:method method - #:arguments arguments - #:timeout timeout)) +(define* (call-configuration-manager-method method #:optional arguments + #:key timeout) + "Query the Jami D-Bus ConfigurationManager interface with METHOD applied to +ARGUMENTS. TIMEOUT can optionally be provided as a value in seconds." + (unless (%current-dbus-connection) + (initialize-dbus-connection!)) + (call-dbus-method method + #:path "/cx/ring/Ring/ConfigurationManager" + #:destination "cx.ring.Ring" + #:interface "cx.ring.Ring.ConfigurationManager" + #:arguments arguments + #:timeout timeout)) ;;; The following methods are for internal use; they make use of the account ;;; ID, an implementation detail of Jami the user should not need to be @@ -317,22 +108,17 @@ (define* (send-dbus/configuration-manager #:key method arguments timeout) (define (get-account-ids) "Return the available Jami account identifiers (IDs). Account IDs are an implementation detail used to identify the accounts in Jami." - (parse-account-ids - (send-dbus/configuration-manager #:method "getAccountList"))) + (vector->list (call-configuration-manager-method "getAccountList"))) (define (id->account-details id) "Retrieve the account data associated with the given account ID." - (parse-account-details - (send-dbus/configuration-manager - #:method "getAccountDetails" - #:arguments (list (string-append "string:" id))))) + (vector->list (call-configuration-manager-method "getAccountDetails" + (list id)))) (define (id->volatile-account-details id) "Retrieve the account data associated with the given account ID." - (parse-account-details - (send-dbus/configuration-manager - #:method "getVolatileAccountDetails" - #:arguments (list (string-append "string:" id))))) + (vector->list (call-configuration-manager-method "getVolatileAccountDetails" + (list id)))) (define (id->account id) "Retrieve the complete account data associated with the given account ID." @@ -362,8 +148,8 @@ (define (username->id username) '())))) (get-account-ids)))) (or (assoc-ref %username-to-id-cache username) - (let ((message (format #f "Could not retrieve a local account ID\ - for ~:[username~;fingerprint~]" (account-fingerprint? username)))) + (let ((message (format #f "no account ID for ~:[username~;fingerprint~]" + (account-fingerprint? username)))) (error message username)))) (define (account->username account) @@ -400,27 +186,21 @@ (define (add-account archive) should *not* be encrypted with a password. Return the username associated with the account." (invalidate-username-to-id-cache!) - (let ((reply (send-dbus/configuration-manager - #:method "addAccount" - #:arguments (list (string-append - "dict:string:string:Account.archivePath," - archive - ",Account.type,RING"))))) + (let ((id (call-configuration-manager-method + "addAccount" (list `#(("Account.archivePath" . ,archive) + ("Account.type" . "RING")))))) ;; The account information takes some time to be populated. - (let ((id (deserialize-item (parse-dbus-reply reply)))) - (with-retries 20 1 - (let ((username (id->username id))) - (if (string-null? username) - #f - username)))))) + (with-retries 20 1 + (let ((username (id->username id))) + (if (and=> username (negate string-null?)) + username + #f))))) (define (remove-account username) "Delete the Jami account associated with USERNAME, the account 40 characters fingerprint or a registered username." (let ((id (username->id username))) - (send-dbus/configuration-manager - #:method "removeAccount" - #:arguments (list (string-append "string:" id)))) + (call-configuration-manager-method "removeAccount" (list id))) (invalidate-username-to-id-cache!)) (define* (username->contacts username) @@ -430,15 +210,16 @@ (define* (username->contacts username) fingerprint or a registered username. The contacts returned are represented using their 40 characters fingerprint." (let* ((id (username->id username)) - (reply (send-dbus/configuration-manager - #:method "getContacts" - #:arguments (list (string-append "string:" id)))) - (all-contacts (parse-contacts reply)) + ;; The contacts are returned as "aa{ss}", that is, an array of arrays + ;; containing (string . string) pairs. + (contacts (map vector->list + (vector->list (call-configuration-manager-method + "getContacts" (list id))))) (banned? (lambda (contact) (and=> (assoc-ref contact "banned") (cut string=? "true" <>)))) - (banned (filter banned? all-contacts)) - (not-banned (filter (negate banned?) all-contacts)) + (banned (filter banned? contacts)) + (not-banned (filter (negate banned?) contacts)) (fingerprint (cut assoc-ref <> "id"))) (values (map fingerprint not-banned) (map fingerprint banned)))) @@ -449,27 +230,20 @@ (define* (remove-contact contact username #:key ban?) username). When BAN? is true, also mark the contact as banned." (validate-fingerprint contact) (let ((id (username->id username))) - (send-dbus/configuration-manager - #:method "removeContact" - #:arguments (list (string-append "string:" id) - (string-append "string:" contact) - (serialize-boolean ban?))))) + (call-configuration-manager-method "removeContact" (list id contact ban?)))) (define (add-contact contact username) "Add CONTACT, the 40 characters public key fingerprint of a contact, to the account of USERNAME (either a fingerprint or a registered username)." (validate-fingerprint contact) (let ((id (username->id username))) - (send-dbus/configuration-manager - #:method "addContact" - #:arguments (list (string-append "string:" id) - (string-append "string:" contact))))) + (call-configuration-manager-method "addContact" (list id contact)))) (define* (set-account-details details username #:key timeout) "Set DETAILS, an alist containing the key value pairs to set for the account of USERNAME, a registered username or account fingerprint. The value of the parameters not provided are unchanged. TIMEOUT is a value in milliseconds to -pass to the `send-dbus/configuration-manager' procedure." +pass to the `call-configuration-manager-method' procedure." (let* ((id (username->id username)) (current-details (id->account-details id)) (updated-details (map (match-lambda @@ -477,52 +251,29 @@ (define* (set-account-details details username #:key timeout) (or (and=> (assoc-ref details key) (cut cons key <>)) (cons key value)))) - current-details)) - ;; dbus-send does not permit sending null strings (it throws a - ;; "malformed dictionary" error). Luckily they seem to have the - ;; semantic of "default account value" in Jami; so simply drop them. - (updated-details* (remove (match-lambda - ((_ . value) - (string-null? value))) - updated-details))) - (send-dbus/configuration-manager - #:timeout timeout - #:method "setAccountDetails" - #:arguments - (list (string-append "string:" id) - (string-append "dict:string:string:" - (string-join (alist->list updated-details*) - ",")))))) + current-details))) + (call-configuration-manager-method + "setAccountDetails" (list id (list->vector updated-details)) + #:timeout timeout))) (define (set-all-moderators enabled? username) "Set the 'AllModerators' property to enabled? for the account of USERNAME, a registered username or account fingerprint." (let ((id (username->id username))) - (send-dbus/configuration-manager - #:method "setAllModerators" - #:arguments - (list (string-append "string:" id) - (serialize-boolean enabled?))))) + (call-configuration-manager-method "setAllModerators" (list id enabled?)))) (define (username->all-moderators? username) "Return the 'AllModerators' property for the account of USERNAME, a registered username or account fingerprint." - (let* ((id (username->id username)) - (reply (send-dbus/configuration-manager - #:method "isAllModerators" - #:arguments - (list (string-append "string:" id))))) - (deserialize-item (parse-dbus-reply reply)))) + (let ((id (username->id username))) + (call-configuration-manager-method "isAllModerators" (list id)))) (define (username->moderators username) "Return the moderators for the account of USERNAME, a registered username or account fingerprint." - (let* ((id (username->id username)) - (reply (send-dbus/configuration-manager - #:method "getDefaultModerators" - #:arguments - (list (string-append "string:" id))))) - (array->list (parse-dbus-reply reply)))) + (let* ((id (username->id username))) + (vector->list (call-configuration-manager-method "getDefaultModerators" + (list id))))) (define (set-moderator contact enabled? username) "Set the moderator flag to ENABLED? for CONTACT, the 40 characters public @@ -530,11 +281,8 @@ (define (set-moderator contact enabled? username) username or account fingerprint." (validate-fingerprint contact) (let* ((id (username->id username))) - (send-dbus/configuration-manager #:method "setDefaultModerator" - #:arguments - (list (string-append "string:" id) - (string-append "string:" contact) - (serialize-boolean enabled?))))) + (call-configuration-manager-method "setDefaultModerator" + (list id contact enabled?)))) (define (disable-account username) "Disable the account known by USERNAME, a registered username or account @@ -543,7 +291,7 @@ (define (disable-account username) ;; Waiting for the reply on this command takes a very ;; long time that trips the default D-Bus timeout value ;; (25 s), for some reason. - #:timeout 60000)) + #:timeout 60)) (define (enable-account username) "Enable the account known by USERNAME, a registered username or account @@ -581,7 +329,3 @@ (define sorted-account-details (fold alist-delete account-details first-items)))) (string-join (map pair->recutil-property sorted-account-details) "\n")) - -;; Local Variables: -;; eval: (put 'with-retries 'scheme-indent-function 2) -;; End: diff --git a/gnu/local.mk b/gnu/local.mk index 93b4902151..7d5bef19c9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -716,6 +716,7 @@ GNU_SYSTEM_MODULES = \ %D%/build/bootloader.scm \ %D%/build/chromium-extension.scm \ %D%/build/cross-toolchain.scm \ + %D%/build/dbus-service.scm \ %D%/build/image.scm \ %D%/build/jami-service.scm \ %D%/build/file-systems.scm \ diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 30e5433776..93526fa29f 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2017 Petter ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2018 Alex Vong -;;; Copyright © 2019, 2021 Maxim Cournoyer +;;; Copyright © 2019, 2021, 2022 Maxim Cournoyer ;;; Copyright © 2019 Giacomo Leidi ;;; Copyright © 2019, 2020, 2021 Marius Bakke ;;; Copyright © 2020 Nicolò Balzarotti @@ -176,6 +176,23 @@ (define dbus shared NFS home directories.") (license license:gpl2+))) ; or Academic Free License 2.1 +;;; This variant is used for the Jami service: it provides an entry point to +;;; further customize the configuration of the D-Bus instance run by the +;;; jami-dbus-session service. +(define-public dbus-for-jami + (hidden-package + (package/inherit dbus + (name "dbus-for-jami") + (arguments + (substitute-keyword-arguments (package-arguments dbus) + ((#:phases phases) + `(modify-phases ,phases + (add-after 'unpack 'customize-config + (lambda _ + (substitute* "bus/session.conf.in" + (("@SYSCONFDIR_FROM_PKGDATADIR@/dbus-1/session-local.conf") + "/var/run/jami/session-local.conf"))))))))))) + (define glib (package (name "glib") diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm index d8ebc7b39d..3b397054a8 100644 --- a/gnu/services/telephony.scm +++ b/gnu/services/telephony.scm @@ -26,6 +26,7 @@ (define-module (gnu services telephony) #:use-module (gnu packages admin) #:use-module (gnu packages certs) #:use-module (gnu packages glib) + #:use-module (gnu packages guile-xyz) #:use-module (gnu packages jami) #:use-module (gnu packages telephony) #:use-module (guix deprecation) @@ -231,7 +232,7 @@ (define-configuration/no-serialization jami-configuration (file-like libjami) "The Jami daemon package to use.") (dbus - (file-like dbus) + (file-like dbus-for-jami) "The D-Bus package to use to start the required D-Bus session.") (nss-certs (file-like nss-certs) @@ -284,7 +285,20 @@ (define (jami-dbus-session-activation config) #~(begin (use-modules (gnu build activation)) (let ((user (getpwnam "jami"))) - (mkdir-p/perms "/var/run/jami" user #o700))))) + (mkdir-p/perms "/var/run/jami" user #o700) + ;; Customize the D-Bus policy to allow 'root' to access other users' + ;; session bus. Also modify the location of the written PID file, + ;; from the default '/var/run/dbus/pid' location. This file is only + ;; honored by the 'dbus-for-jami' package variant. + (call-with-output-file "/var/run/jami/session-local.conf" + (lambda (port) + (format port "\ + + /var/run/jami/pid + + + +~%"))))))) (define (jami-shepherd-services config) "Return a running the Jami daemon." @@ -292,26 +306,27 @@ (define (jami-shepherd-services config) (nss-certs (jami-configuration-nss-certs config)) (dbus (jami-configuration-dbus config)) (dbus-daemon (file-append dbus "/bin/dbus-daemon")) - (dbus-send (file-append dbus "/bin/dbus-send")) (accounts (jami-configuration-accounts config)) (declarative-mode? (not (eq? 'disabled accounts)))) - (with-imported-modules (source-module-closure - '((gnu build jami-service) - (gnu build shepherd) - (gnu system file-systems))) - - (define list-accounts-action - (shepherd-action - (name 'list-accounts) - (documentation "List the available Jami accounts. Return the account + (with-extensions (list guile-packrat ;used by guile-ac-d-bus + guile-ac-d-bus + ;; Fibers is needed to provide the non-blocking + ;; variant of the 'sleep' procedure. + guile-fibers) + (with-imported-modules (source-module-closure + '((gnu build dbus-service) + (gnu build jami-service) + (gnu build shepherd) + (gnu system file-systems))) + + (define list-accounts-action + (shepherd-action + (name 'list-accounts) + (documentation "List the available Jami accounts. Return the account details alists keyed by their account username.") - (procedure - #~(lambda _ - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) + (procedure + #~(lambda _ ;; Print the accounts summary or long listing, according to ;; user-provided option. (let* ((usernames (get-usernames)) @@ -341,39 +356,31 @@ (define disabled? accounts) (display "\n"))) ;; Return the account-details-list alist. - (map cons usernames accounts))))))) + (map cons usernames accounts)))))) - (define list-account-details-action - (shepherd-action - (name 'list-account-details) - (documentation "Display the account details of the available Jami + (define list-account-details-action + (shepherd-action + (name 'list-account-details) + (documentation "Display the account details of the available Jami accounts in the @code{recutils} format. Return the account details alists keyed by their account username.") - (procedure - #~(lambda _ - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) + (procedure + #~(lambda _ (let* ((usernames (get-usernames)) (accounts (map-in-order username->account usernames))) (for-each (lambda (account) (display (account-details->recutil account)) (display "\n\n")) accounts) - (map cons usernames accounts))))))) + (map cons usernames accounts)))))) - (define list-contacts-action - (shepherd-action - (name 'list-contacts) - (documentation "Display the contacts for each Jami account. Return + (define list-contacts-action + (shepherd-action + (name 'list-contacts) + (documentation "Display the contacts for each Jami account. Return an alist containing the contacts keyed by the account usernames.") - (procedure - #~(lambda _ - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) + (procedure + #~(lambda _ (let* ((usernames (get-usernames)) (contacts (map-in-order username->contacts usernames))) (for-each (lambda (username contacts) @@ -381,19 +388,15 @@ (define list-contacts-action username) (format #t "~{ - ~a~%~}~%" contacts)) usernames contacts) - (map cons usernames contacts))))))) + (map cons usernames contacts)))))) - (define list-moderators-action - (shepherd-action - (name 'list-moderators) - (documentation "Display the moderators for each Jami account. Return + (define list-moderators-action + (shepherd-action + (name 'list-moderators) + (documentation "Display the moderators for each Jami account. Return an alist containing the moderators keyed by the account usernames.") - (procedure - #~(lambda _ - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) + (procedure + #~(lambda _ (let* ((usernames (get-usernames)) (moderators (map-in-order username->moderators usernames))) @@ -406,12 +409,12 @@ (define list-moderators-action (format #t "Moderators for account ~a:~%" username) (format #t "~{ - ~a~%~}~%" moderators)))) usernames moderators) - (map cons usernames moderators))))))) + (map cons usernames moderators)))))) - (define add-moderator-action - (shepherd-action - (name 'add-moderator) - (documentation "Add a moderator for a given Jami account. The + (define add-moderator-action + (shepherd-action + (name 'add-moderator) + (documentation "Add a moderator for a given Jami account. The MODERATOR contact must be given as its 40 characters fingerprint, while the Jami account can be provided as its registered USERNAME or fingerprint. @@ -420,21 +423,17 @@ (define add-moderator-action @end example Return the moderators for the account known by USERNAME.") - (procedure - #~(lambda (_ moderator username) - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) + (procedure + #~(lambda (_ moderator username) (set-all-moderators #f username) (add-contact moderator username) (set-moderator moderator #t username) - (username->moderators username)))))) + (username->moderators username))))) - (define ban-contact-action - (shepherd-action - (name 'ban-contact) - (documentation "Ban a contact for a given or all Jami accounts, and + (define ban-contact-action + (shepherd-action + (name 'ban-contact) + (documentation "Ban a contact for a given or all Jami accounts, and clear their moderator flag. The CONTACT must be given as its 40 characters fingerprint, while the Jami account can be provided as its registered USERNAME or fingerprint, or omitted. When the account is omitted, CONTACT is banned @@ -443,31 +442,22 @@ (define ban-contact-action @example herd ban-contact jami 1dbcb0f5f37324228235564b79f2b9737e9a008f [username] @end example") - (procedure - #~(lambda* (_ contact #:optional username) - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) + (procedure + #~(lambda* (_ contact #:optional username) (let ((usernames (or (and=> username list) (get-usernames)))) (for-each (lambda (username) (set-moderator contact #f username) (remove-contact contact username #:ban? #t)) - usernames))))))) + usernames)))))) - (define list-banned-contacts-action - (shepherd-action - (name 'list-banned-contacts) - (documentation "List the banned contacts for each accounts. Return + (define list-banned-contacts-action + (shepherd-action + (name 'list-banned-contacts) + (documentation "List the banned contacts for each accounts. Return an alist of the banned contacts, keyed by the account usernames.") - (procedure - #~(lambda _ - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) - + (procedure + #~(lambda _ (define banned-contacts (let ((usernames (get-usernames))) (map cons usernames @@ -484,183 +474,157 @@ (define banned-contacts username) (format #t "~{ - ~a~%~}~%" banned)))) banned-contacts) - banned-contacts))))) + banned-contacts)))) - (define enable-account-action - (shepherd-action - (name 'enable-account) - (documentation "Enable an account. It takes USERNAME as an argument, + (define enable-account-action + (shepherd-action + (name 'enable-account) + (documentation "Enable an account. It takes USERNAME as an argument, either a registered username or the fingerprint of the account.") - (procedure - #~(lambda (_ username) - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) - (enable-account username)))))) - - (define disable-account-action - (shepherd-action - (name 'disable-account) - (documentation "Disable an account. It takes USERNAME as an + (procedure + #~(lambda (_ username) + (enable-account username))))) + + (define disable-account-action + (shepherd-action + (name 'disable-account) + (documentation "Disable an account. It takes USERNAME as an argument, either a registered username or the fingerprint of the account.") - (procedure - #~(lambda (_ username) - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) - (disable-account username)))))) - - (list (shepherd-service - (documentation "Run a D-Bus session for the Jami daemon.") - (provision '(jami-dbus-session)) - (modules `((gnu build shepherd) - (gnu build jami-service) - (gnu system file-systems) - ,@%default-modules)) - ;; The requirement on dbus-system is to ensure other required - ;; activation for D-Bus, such as a /etc/machine-id file. - (requirement '(dbus-system syslogd)) - (start - #~(lambda args - (define pid - ((make-forkexec-constructor/container - (list #$dbus-daemon "--session" - "--address=unix:path=/var/run/jami/bus" - "--nofork" "--syslog-only" "--nopidfile") - #:mappings (list (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/jami") - (target source) - (writable? #t))) - #:user "jami" - #:group "jami" - #:environment-variables - ;; This is so that the cx.ring.Ring service D-Bus - ;; definition is found by dbus-send. - (list (string-append "XDG_DATA_DIRS=" - #$jamid "/share"))))) - - ;; XXX: This manual synchronization probably wouldn't be - ;; needed if we were using a PID file, but providing it via a - ;; customized config file with would not override - ;; the one inherited from the base config of D-Bus. - (let ((sock (socket PF_UNIX SOCK_STREAM 0))) - (with-retries 20 1 (catch 'system-error - (lambda () - (connect sock AF_UNIX - "/var/run/jami/bus") - (close-port sock) - #t) - (lambda args - #f)))) - - pid)) - (stop #~(make-kill-destructor))) - - (shepherd-service - (documentation "Run the Jami daemon.") - (provision '(jami)) - (actions (list list-accounts-action - list-account-details-action - list-contacts-action - list-moderators-action - add-moderator-action - ban-contact-action - list-banned-contacts-action - enable-account-action - disable-account-action)) - (requirement '(jami-dbus-session)) - (modules `((ice-9 format) - (ice-9 ftw) - (ice-9 match) - (ice-9 receive) - (srfi srfi-1) - (srfi srfi-26) - (gnu build jami-service) - (gnu build shepherd) - (gnu system file-systems) - ,@%default-modules)) - (start - #~(lambda args - (define (delete-file-recursively/safe file) - ;; Ensure we're not deleting things outside of - ;; /var/lib/jami. This prevents a possible attack in case - ;; the daemon is compromised and an attacker gains write - ;; access to /var/lib/jami. - (let ((parent-directory (dirname file))) - (if (eq? 'symlink (stat:type (stat parent-directory))) - (error "abnormality detected; unexpected symlink found at" - parent-directory) - (delete-file-recursively file)))) - - (when #$declarative-mode? - ;; Clear the Jami configuration and accounts, to enforce the - ;; declared state. - (catch #t - (lambda () - (for-each (cut delete-file-recursively/safe <>) - '("/var/lib/jami/.cache/jami" - "/var/lib/jami/.config/jami" - "/var/lib/jami/.local/share/jami" - "/var/lib/jami/accounts"))) - (lambda args - #t)) - ;; Copy the Jami account archives from somewhere readable - ;; by root to a place only the jami user can read. - (let* ((accounts-dir "/var/lib/jami/accounts/") - (pwd (getpwnam "jami")) - (user (passwd:uid pwd)) - (group (passwd:gid pwd))) - (mkdir-p accounts-dir) - (chown accounts-dir user group) - (for-each (lambda (f) - (let ((dest (string-append accounts-dir - (basename f)))) - (copy-file f dest) - (chown dest user group))) - '#$(and declarative-mode? - (map jami-account-archive accounts))))) - - ;; Start the daemon. - (define daemon-pid - ((make-forkexec-constructor/container - '#$(jami-configuration->command-line-arguments config) - #:mappings - (list (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/lib/jami") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/run/jami") - (target source) - (writable? #t)) - ;; Expose TLS certificates for GnuTLS. - (file-system-mapping - (source #$(file-append nss-certs "/etc/ssl/certs")) - (target "/etc/ssl/certs"))) - #:user "jami" - #:group "jami" - #:environment-variables - (list (string-append "DBUS_SESSION_BUS_ADDRESS=" - "unix:path=/var/run/jami/bus") - ;; Expose TLS certificates for OpenSSL. - "SSL_CERT_DIR=/etc/ssl/certs")))) - - (parameterize ((%send-dbus-binary #$dbus-send) - (%send-dbus-bus "unix:path=/var/run/jami/bus") - (%send-dbus-user "jami") - (%send-dbus-group "jami")) + (procedure + #~(lambda (_ username) + (disable-account username))))) + + (list (shepherd-service + (documentation "Run a D-Bus session for the Jami daemon.") + (provision '(jami-dbus-session)) + (modules `((gnu build shepherd) + (gnu build dbus-service) + (gnu build jami-service) + (gnu system file-systems) + ,@%default-modules)) + ;; The requirement on dbus-system is to ensure other required + ;; activation for D-Bus, such as a /etc/machine-id file. + (requirement '(dbus-system syslogd)) + (start + #~(make-forkexec-constructor/container + (list #$dbus-daemon "--session" + "--address=unix:path=/var/run/jami/bus" + "--syslog-only") + #:pid-file "/var/run/jami/pid" + #:mappings + (list (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/jami") + (target source) + (writable? #t))) + #:user "jami" + #:group "jami" + #:environment-variables + ;; This is so that the cx.ring.Ring service D-Bus + ;; definition is found by dbus-daemon. + (list (string-append "XDG_DATA_DIRS=" #$jamid "/share")))) + (stop #~(make-kill-destructor))) + + (shepherd-service + (documentation "Run the Jami daemon.") + (provision '(jami)) + (actions (list list-accounts-action + list-account-details-action + list-contacts-action + list-moderators-action + add-moderator-action + ban-contact-action + list-banned-contacts-action + enable-account-action + disable-account-action)) + (requirement '(jami-dbus-session)) + (modules `((ice-9 format) + (ice-9 ftw) + (ice-9 match) + (ice-9 receive) + (srfi srfi-1) + (srfi srfi-26) + (gnu build dbus-service) + (gnu build jami-service) + (gnu build shepherd) + (gnu system file-systems) + ,@%default-modules)) + (start + #~(lambda args + (define (delete-file-recursively/safe file) + ;; Ensure we're not deleting things outside of + ;; /var/lib/jami. This prevents a possible attack in case + ;; the daemon is compromised and an attacker gains write + ;; access to /var/lib/jami. + (let ((parent-directory (dirname file))) + (if (eq? 'symlink (stat:type (stat parent-directory))) + (error "abnormality detected; unexpected symlink found at" + parent-directory) + (delete-file-recursively file)))) + + (when #$declarative-mode? + ;; Clear the Jami configuration and accounts, to enforce the + ;; declared state. + (catch #t + (lambda () + (for-each (cut delete-file-recursively/safe <>) + '("/var/lib/jami/.cache/jami" + "/var/lib/jami/.config/jami" + "/var/lib/jami/.local/share/jami" + "/var/lib/jami/accounts"))) + (lambda args + #t)) + ;; Copy the Jami account archives from somewhere readable + ;; by root to a place only the jami user can read. + (let* ((accounts-dir "/var/lib/jami/accounts/") + (pwd (getpwnam "jami")) + (user (passwd:uid pwd)) + (group (passwd:gid pwd))) + (mkdir-p accounts-dir) + (chown accounts-dir user group) + (for-each (lambda (f) + (let ((dest (string-append accounts-dir + (basename f)))) + (copy-file f dest) + (chown dest user group))) + '#$(and declarative-mode? + (map jami-account-archive accounts))))) + + ;; Start the daemon. + (define daemon-pid + ((make-forkexec-constructor/container + '#$(jami-configuration->command-line-arguments config) + #:mappings + (list (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/lib/jami") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/run/jami") + (target source) + (writable? #t)) + ;; Expose TLS certificates for GnuTLS. + (file-system-mapping + (source #$(file-append nss-certs "/etc/ssl/certs")) + (target "/etc/ssl/certs"))) + #:user "jami" + #:group "jami" + #:environment-variables + (list (string-append "DBUS_SESSION_BUS_ADDRESS=" + "unix:path=/var/run/jami/bus") + ;; Expose TLS certificates for OpenSSL. + "SSL_CERT_DIR=/etc/ssl/certs")))) + + (setenv "DBUS_SESSION_BUS_ADDRESS" + "unix:path=/var/run/jami/bus") ;; Wait until the service name has been acquired by D-Bus. - (with-retries 20 1 - (dbus-service-available? "cx.ring.Ring")) + (with-retries 20 1 (jami-service-available?)) (when #$declarative-mode? ;; Provision the accounts via the D-Bus API of the daemon. @@ -717,17 +681,17 @@ (define (archive-name->username archive) (map-in-order (cut jami-account-moderators <>) accounts)) '#$(and declarative-mode? - (map-in-order jami-account->alist accounts)))))) - - ;; Finally, return the PID of the daemon process. - daemon-pid)) - (stop - #~(lambda (pid . args) - (kill pid SIGKILL) - ;; Wait for the process to exit; this prevents overlapping - ;; processes when issuing 'herd restart'. - (waitpid pid) - #f))))))) + (map-in-order jami-account->alist accounts))))) + + ;; Finally, return the PID of the daemon process. + daemon-pid)) + (stop + #~(lambda (pid . args) + (kill pid SIGKILL) + ;; Wait for the process to exit; this prevents overlapping + ;; processes when issuing 'herd restart'. + (waitpid pid) + #f)))))))) (define jami-service-type (service-type diff --git a/gnu/tests/telephony.scm b/gnu/tests/telephony.scm index bc464a431a..16ee313f69 100644 --- a/gnu/tests/telephony.scm +++ b/gnu/tests/telephony.scm @@ -20,6 +20,7 @@ (define-module (gnu tests telephony) #:use-module (gnu) #:use-module (gnu packages) #:use-module (gnu packages guile) + #:use-module (gnu packages guile-xyz) #:use-module (gnu tests) #:use-module (gnu system vm) #:use-module (gnu services) @@ -125,221 +126,204 @@ (define username (assoc-ref %jami-account-content-sexp "Account.username")) (define test - (with-imported-modules (source-module-closure - '((gnu build marionette) - (gnu build jami-service))) - #~(begin - (use-modules (rnrs base) - (srfi srfi-11) - (srfi srfi-64) - (gnu build marionette) - (gnu build jami-service)) - - (define marionette - (make-marionette (list #$vm))) - - (test-runner-current (system-test-runner #$output)) - (test-begin "jami") - - (test-assert "service is running" - (marionette-eval - '(begin - (use-modules (gnu services herd)) - (match (start-service 'jami) - (#f #f) - (('service response-parts ...) - (match (assq-ref response-parts 'running) - ((pid) (number? pid)))))) - marionette)) - - (test-assert "service can be stopped" - (marionette-eval - '(begin - (use-modules (gnu services herd) - (rnrs base)) - (setenv "PATH" "/run/current-system/profile/bin") - (let ((pid (match (start-service 'jami) - (#f #f) - (('service response-parts ...) - (match (assq-ref response-parts 'running) - ((pid) pid)))))) - - (assert (number? pid)) - - (match (stop-service 'jami) - (services ;a list of service symbols - (member 'jami services))) - ;; Sometimes, the process still appear in pgrep, even - ;; though we are using waitpid after sending it SIGTERM - ;; in the service; use retries. + (with-extensions (list guile-packrat ;used by guile-ac-d-bus + guile-ac-d-bus + ;; Fibers is needed to provide the non-blocking + ;; variant of the 'sleep' procedure. + guile-fibers) + (with-imported-modules (source-module-closure + '((gnu build marionette) + (gnu build dbus-service) + (gnu build jami-service))) + #~(begin + (use-modules (rnrs base) + (srfi srfi-11) + (srfi srfi-64) + (gnu build marionette) + (gnu build dbus-service) + (gnu build jami-service)) + + (setenv "DBUS_SESSION_BUS_ADDRESS" "unix:path=/var/run/jami/bus") + + (define marionette + (make-marionette (list #$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "jami") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu build jami-service)) + (jami-service-available?)) + marionette)) + + (test-assert "service can be stopped" + (marionette-eval + '(begin + (use-modules (gnu build jami-service) + (gnu services herd) + (rnrs base)) + (assert (jami-service-available?)) + + (stop-service 'jami) + + (with-retries 20 1 (not (jami-service-available?)))) + marionette)) + + (test-assert "service can be restarted" + (marionette-eval + '(begin + (use-modules (gnu build dbus-service) + (gnu build jami-service) + (gnu services herd) + (rnrs base) ) + ;; Start the service. + (start-service 'jami) + (with-retries 20 1 (jami-service-available?)) + ;; Restart the service. + (restart-service 'jami) + (with-retries 20 1 (jami-service-available?))) + marionette)) + + (unless #$provisioning? (test-skip 1)) + (test-assert "jami accounts provisioning, account present" + (marionette-eval + '(begin + (use-modules (gnu build dbus-service) + (gnu services herd) + (rnrs base)) + ;; Accounts take some time to appear after being added. (with-retries 20 1 - (not (zero? (status:exit-val - (system* "pgrep" "jamid"))))))) - marionette)) - - (test-assert "service can be restarted" - (marionette-eval - '(begin - (use-modules (gnu services herd) - (rnrs base)) - ;; Start and retrieve the current PID. - (define pid (match (start-service 'jami) - (#f #f) - (('service response-parts ...) - (match (assq-ref response-parts 'running) - ((pid) pid))))) - (assert (number? pid)) - - ;; Restart the service. - (restart-service 'jami) - - (define new-pid (match (start-service 'jami) - (#f #f) - (('service response-parts ...) - (match (assq-ref response-parts 'running) - ((pid) pid))))) - (assert (number? new-pid)) - - (not (eq? pid new-pid))) - marionette)) - - (unless #$provisioning? (test-skip 1)) - (test-assert "jami accounts provisioning, account present" - (marionette-eval - '(begin - (use-modules (gnu services herd) - (rnrs base)) - ;; Accounts take some time to appear after being added. - (with-retries 20 1 - (with-shepherd-action 'jami ('list-accounts) results + (with-shepherd-action 'jami ('list-accounts) results + (let ((account (assoc-ref (car results) #$username))) + (assert (string=? #$username + (assoc-ref account + "Account.username"))))))) + marionette)) + + (unless #$provisioning? (test-skip 1)) + (test-assert "jami accounts provisioning, allowed-contacts" + (marionette-eval + '(begin + (use-modules (gnu services herd) + (rnrs base) + (srfi srfi-1)) + + ;; Public mode is disabled. + (with-shepherd-action 'jami ('list-account-details) + results (let ((account (assoc-ref (car results) #$username))) - (assert (string=? #$username + (assert (string=? "false" (assoc-ref account - "Account.username"))))))) - marionette)) - - (unless #$provisioning? (test-skip 1)) - (test-assert "jami accounts provisioning, allowed-contacts" - (marionette-eval - '(begin - (use-modules (gnu services herd) - (rnrs base) - (srfi srfi-1)) - - ;; Public mode is disabled. - (with-shepherd-action 'jami ('list-account-details) - results - (let ((account (assoc-ref (car results) #$username))) - (assert (string=? "false" - (assoc-ref account - "DHT.PublicInCalls"))))) - - ;; Allowed contacts match those declared in the configuration. - (with-shepherd-action 'jami ('list-contacts) results - (let ((contacts (assoc-ref (car results) #$username))) - (assert (lset= string-ci=? contacts '#$%allowed-contacts))))) - marionette)) - - (unless #$provisioning? (test-skip 1)) - (test-assert "jami accounts provisioning, moderators" - (marionette-eval - '(begin - (use-modules (gnu services herd) - (rnrs base) - (srfi srfi-1)) - - ;; Moderators match those declared in the configuration. - (with-shepherd-action 'jami ('list-moderators) results - (let ((moderators (assoc-ref (car results) #$username))) - (assert (lset= string-ci=? moderators '#$%moderators)))) - - ;; Moderators can be added via the Shepherd action. - (with-shepherd-action 'jami - ('add-moderator "cccccccccccccccccccccccccccccccccccccccc" - #$username) results - (let ((moderators (car results))) - (assert (lset= string-ci=? moderators - (cons "cccccccccccccccccccccccccccccccccccccccc" - '#$%moderators)))))) - marionette)) - - (unless #$provisioning? (test-skip 1)) - (test-assert "jami service actions, ban/unban contacts" - (marionette-eval - '(begin - (use-modules (gnu services herd) - (rnrs base) - (srfi srfi-1)) - - ;; Globally ban a contact. - (with-shepherd-action 'jami - ('ban-contact "1dbcb0f5f37324228235564b79f2b9737e9a008f") _ - (with-shepherd-action 'jami ('list-banned-contacts) results - (every (match-lambda - ((username . banned-contacts) - (member "1dbcb0f5f37324228235564b79f2b9737e9a008f" - banned-contacts))) - (car results)))) - - ;; Ban a contact for a single account. - (with-shepherd-action 'jami - ('ban-contact "dddddddddddddddddddddddddddddddddddddddd" - #$username) _ - (with-shepherd-action 'jami ('list-banned-contacts) results - (every (match-lambda - ((username . banned-contacts) - (let ((found? (member "dddddddddddddddddddddddddddddddddddddddd" - banned-contacts))) - (if (string=? #$username username) - found? - (not found?))))) - (car results))))) - marionette)) - - (unless #$provisioning? (test-skip 1)) - (test-assert "jami service actions, enable/disable accounts" - (marionette-eval - '(begin - (use-modules (gnu services herd) - (rnrs base)) - - (with-shepherd-action 'jami - ('disable-account #$username) _ - (with-shepherd-action 'jami ('list-accounts) results - (let ((account (assoc-ref (car results) #$username))) - (assert (string= "false" - (assoc-ref account "Account.enable")))))) - - (with-shepherd-action 'jami - ('enable-account #$username) _ - (with-shepherd-action 'jami ('list-accounts) results - (let ((account (assoc-ref (car results) #$username))) - (assert (string= "true" - (assoc-ref account "Account.enable"))))))) - marionette)) - - (unless #$provisioning? (test-skip 1)) - (test-assert "jami account parameters" - (marionette-eval - '(begin - (use-modules (gnu services herd) - (rnrs base) - (srfi srfi-1)) - - (with-shepherd-action 'jami ('list-account-details) results - (let ((account-details (assoc-ref (car results) - #$username))) - (assert (lset<= - equal? - '(("Account.hostname" . - "bootstrap.me;fallback.another.host") - ("Account.peerDiscovery" . "false") - ("Account.rendezVous" . "true") - ("RingNS.uri" . "https://my.name.server")) - account-details))))) - marionette)) - - (test-end)))) + "DHT.PublicInCalls"))))) + + ;; Allowed contacts match those declared in the configuration. + (with-shepherd-action 'jami ('list-contacts) results + (let ((contacts (assoc-ref (car results) #$username))) + (assert (lset= string-ci=? contacts '#$%allowed-contacts))))) + marionette)) + + (unless #$provisioning? (test-skip 1)) + (test-assert "jami accounts provisioning, moderators" + (marionette-eval + '(begin + (use-modules (gnu services herd) + (rnrs base) + (srfi srfi-1)) + + ;; Moderators match those declared in the configuration. + (with-shepherd-action 'jami ('list-moderators) results + (let ((moderators (assoc-ref (car results) #$username))) + (assert (lset= string-ci=? moderators '#$%moderators)))) + + ;; Moderators can be added via the Shepherd action. + (with-shepherd-action 'jami + ('add-moderator "cccccccccccccccccccccccccccccccccccccccc" + #$username) results + (let ((moderators (car results))) + (assert (lset= string-ci=? moderators + (cons "cccccccccccccccccccccccccccccccccccccccc" + '#$%moderators)))))) + marionette)) + + (unless #$provisioning? (test-skip 1)) + (test-assert "jami service actions, ban/unban contacts" + (marionette-eval + '(begin + (use-modules (gnu services herd) + (rnrs base) + (srfi srfi-1)) + + ;; Globally ban a contact. + (with-shepherd-action 'jami + ('ban-contact "1dbcb0f5f37324228235564b79f2b9737e9a008f") _ + (with-shepherd-action 'jami ('list-banned-contacts) results + (every (match-lambda + ((username . banned-contacts) + (member "1dbcb0f5f37324228235564b79f2b9737e9a008f" + banned-contacts))) + (car results)))) + + ;; Ban a contact for a single account. + (with-shepherd-action 'jami + ('ban-contact "dddddddddddddddddddddddddddddddddddddddd" + #$username) _ + (with-shepherd-action 'jami ('list-banned-contacts) results + (every (match-lambda + ((username . banned-contacts) + (let ((found? (member "dddddddddddddddddddddddddddddddddddddddd" + banned-contacts))) + (if (string=? #$username username) + found? + (not found?))))) + (car results))))) + marionette)) + + (unless #$provisioning? (test-skip 1)) + (test-assert "jami service actions, enable/disable accounts" + (marionette-eval + '(begin + (use-modules (gnu services herd) + (rnrs base)) + + (with-shepherd-action 'jami + ('disable-account #$username) _ + (with-shepherd-action 'jami ('list-accounts) results + (let ((account (assoc-ref (car results) #$username))) + (assert (string= "false" + (assoc-ref account "Account.enable")))))) + + (with-shepherd-action 'jami + ('enable-account #$username) _ + (with-shepherd-action 'jami ('list-accounts) results + (let ((account (assoc-ref (car results) #$username))) + (assert (string= "true" + (assoc-ref account "Account.enable"))))))) + marionette)) + + (unless #$provisioning? (test-skip 1)) + (test-assert "jami account parameters" + (marionette-eval + '(begin + (use-modules (gnu services herd) + (rnrs base) + (srfi srfi-1)) + + (with-shepherd-action 'jami ('list-account-details) results + (let ((account-details (assoc-ref (car results) + #$username))) + (assert (lset<= + equal? + '(("Account.hostname" . + "bootstrap.me;fallback.another.host") + ("Account.peerDiscovery" . "false") + ("Account.rendezVous" . "true") + ("RingNS.uri" . "https://my.name.server")) + account-details))))) + marionette)) + + (test-end))))) (gexp->derivation (if provisioning? "jami-provisioning-test" @@ -357,7 +341,3 @@ (define %test-jami-provisioning (name "jami-provisioning") (description "Provisioning test for the jami service.") (value (run-jami-test #:provisioning? #t)))) - -;; Local Variables: -;; eval: (put 'with-retries 'scheme-indent-function 2) -;; End: -- 2.36.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 01 05:54:23 2022 Received: (at 54786) by debbugs.gnu.org; 1 Jun 2022 09:54:23 +0000 Received: from localhost ([127.0.0.1]:49761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwL3X-0006lI-F2 for submit@debbugs.gnu.org; Wed, 01 Jun 2022 05:54:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48148) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwL3S-0006l1-Sj for 54786@debbugs.gnu.org; Wed, 01 Jun 2022 05:54:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58858) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nwL3N-0003Rm-Ip; Wed, 01 Jun 2022 05:54:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=2gPzJcOwol8BMNV8G0w02uI86lzmugwJp6VdEJzKKUU=; b=TXKGbajbexTCq0Dqp3Hq IKinsJxPIgipLEd3p6if4I0AFvggbhToI8rLtW+6mqBR+dqdhtGRt9IcyaR+6xzsmZqzXTLNSciRf DEqtVU0+fD22bQPfFyFsGwShSvBprSm1pYBg5HazM/S9sQlf/Bf4b8xk/VgHqh0uK+wgFMCN1A/5/ NKN2v8LMSSPE8yKi6zr5yelU4HuJqc7YLT29JMGcSNKJ49inPDwA7oSNhiPRPDbXN1H7qzn5rKold 8QWauykUFVsM7PyvfDIpGdtY1+kTQf0PB+YAKBarRatFFKMLxs2Cej959hfu2WA/K8eVPNSpXvY3U D31sK7wu0/yBSQ==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59482 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nwL3L-0007z5-JN; Wed, 01 Jun 2022 05:54:13 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> Date: Wed, 01 Jun 2022 11:54:09 +0200 In-Reply-To: <20220531164407.13914-1-maxim.cournoyer@gmail.com> (Maxim Cournoyer's message of "Tue, 31 May 2022 12:44:07 -0400") Message-ID: <87o7zcwvy6.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Maxim, Maxim Cournoyer skribis: > gnu/build/dbus-service.scm | 212 ++++++++++++++++ > gnu/build/jami-service.scm | 390 +++++------------------------ > gnu/local.mk | 1 + > gnu/packages/glib.scm | 19 +- > gnu/services/telephony.scm | 500 +++++++++++++++++-------------------- > gnu/tests/telephony.scm | 412 +++++++++++++++--------------- > 6 files changed, 726 insertions(+), 808 deletions(-) > create mode 100644 gnu/build/dbus-service.scm Before going further, I=E2=80=99d like to understand: this does more than j= ust fix the Jami system tests, right? It would have been nice to have surgical changes to =E2=80=9Cjust=E2=80=9D = fix the tests, along the lines of , possibly followed by a rework of the whole machinery, if that=E2=80=99s possible. Besides, I think we should talk to Jami upstream (which shouldn=E2=80=99t b= e too hard :-)). It doesn=E2=80=99t seem reasonable to me to have 800+ lines of = code in the distro to start one service. Usually the =E2=80=98start=E2=80=99 an= d =E2=80=98stop=E2=80=99 methods are between 2 and 10 lines of code. What do you think is missing upstream so that starting Jami is simpler? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 01 09:10:44 2022 Received: (at 54786) by debbugs.gnu.org; 1 Jun 2022 13:10:44 +0000 Received: from localhost ([127.0.0.1]:50001 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwO7X-0002h9-Hl for submit@debbugs.gnu.org; Wed, 01 Jun 2022 09:10:43 -0400 Received: from mail-qt1-f169.google.com ([209.85.160.169]:41892) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwO7T-0002go-JC for 54786@debbugs.gnu.org; Wed, 01 Jun 2022 09:10:42 -0400 Received: by mail-qt1-f169.google.com with SMTP id x20so1075958qtp.8 for <54786@debbugs.gnu.org>; Wed, 01 Jun 2022 06:10:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=DcZIpGEOWfdxnELt1b62WU5tDcLBJAPMwLeFIAEgHrw=; b=mTYPLJgJ5EVqLbCa+ycAU3Pw586cT3u4yCb5QvaYl1hU9MDqd+Ms3AUipOrMLuCIOH wYG5yJ+QX021jw0ZM/AfeXcFAC9yDNfjyXVZt60OvDe2YUp9FQw06HVZEf+i/EhDzS99 e74qK4C3t2gHbVSRMTg38nYZjAMlN5gCm9qalWu3WM9WBRZ2ktQU2CNrYbYIrpyaiM8W 9s1OjY7Ax9tT8wAEh49Pa0mCNB87pqOAjrl+Ovr4Fn1QxJZYoVeRHCUDTQIdE6uvsVtV +IV27gMd8kh0Oo60f3uPslgFrV1g60jLdrm5yKZFFhax17+I33hDOZmQ/oMlYSW60xrz HLjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=DcZIpGEOWfdxnELt1b62WU5tDcLBJAPMwLeFIAEgHrw=; b=mlvxV9HCfgs1ySGbgPZG8v5JbFx3yTH+Y8M28ZUdMfeda5j96AEMwSO0nLlwOY3n1M RJn/dc80wsRZjF3lo7oiD5zfACUEzzyz+wgnd0F+oRCYWyrMhrYA0L4X/6TQ1N8scz/X M/klxD9edaOnfrmuyI1ct21POvZhKIzNhFOEa6BmK4nXtiOuYO06c0BYjrlp0JImAhAb qy2H8KrRfgRMPlIJA8TfZ893BzC+zKNEbPk1bsqLs/uQvyerDC18D4WWr0iTrzXTo1ca MWr65q6akb+x+Bi58k+PtOCvVnjx9+q+4vJ2rBIQpbOgVFIVfPOWApvv7fQwGjlipQnL onGg== X-Gm-Message-State: AOAM530hayFzfoJgl50b/gcPaoElMogKMB0uzPAydZXwwr9zJsmwZABC ZUe9/ZK/KJQIMQiuDDSTtQo= X-Google-Smtp-Source: ABdhPJx9xRVnsBlGCcuiniUlQF3hFKKwuZ6OFOfhi/bF4+ucW4zBLpLd/4fz4BzPaesDyZgSb5g2wg== X-Received: by 2002:a05:622a:118f:b0:2f9:2187:c9d with SMTP id m15-20020a05622a118f00b002f921870c9dmr44627062qtk.538.1654089034013; Wed, 01 Jun 2022 06:10:34 -0700 (PDT) Received: from hurd (dsl-154-171.b2b2c.ca. [66.158.154.171]) by smtp.gmail.com with ESMTPSA id y14-20020a05622a164e00b00304c13ec6c8sm1212323qtj.30.2022.06.01.06.10.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jun 2022 06:10:33 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> Date: Wed, 01 Jun 2022 09:10:31 -0400 In-Reply-To: <87o7zcwvy6.fsf_-_@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s?= =?utf-8?Q?=22's?= message of "Wed, 01 Jun 2022 11:54:09 +0200") Message-ID: <878rqgr0l4.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludovic, Ludovic Court=C3=A8s writes: > Hi Maxim, > > Maxim Cournoyer skribis: > >> gnu/build/dbus-service.scm | 212 ++++++++++++++++ >> gnu/build/jami-service.scm | 390 +++++------------------------ >> gnu/local.mk | 1 + >> gnu/packages/glib.scm | 19 +- >> gnu/services/telephony.scm | 500 +++++++++++++++++-------------------- >> gnu/tests/telephony.scm | 412 +++++++++++++++--------------- >> 6 files changed, 726 insertions(+), 808 deletions(-) >> create mode 100644 gnu/build/dbus-service.scm > > Before going further, I=E2=80=99d like to understand: this does more than= just > fix the Jami system tests, right? > > It would have been nice to have surgical changes to =E2=80=9Cjust=E2=80= =9D fix the > tests, along the lines of , > possibly followed by a rework of the whole machinery, if that=E2=80=99s > possible. It's not really possible unfortunately, because the rework from talking to the D-Bus API via the 'dbus-send' binary to using Guile AC/D-bus was needed or at least simplified fixing the issues. Going back trying to make it work the way it was would be new work that'd end up being scrapped anyway with a subsequent commit making use of the Guile D-Bus library, so I'm not interested in pursuing it. > Besides, I think we should talk to Jami upstream (which shouldn=E2=80=99t= be too > hard :-)). It doesn=E2=80=99t seem reasonable to me to have 800+ lines o= f code > in the distro to start one service. Usually the =E2=80=98start=E2=80=99 = and =E2=80=98stop=E2=80=99 > methods are between 2 and 10 lines of code. > > What do you think is missing upstream so that starting Jami is > simpler? 1) Lack of D-Bus support in Shepherd to easily start D-Bus services. The upstream systemd service definition for the Jami daemon (jamid) is this: --8<---------------cut here---------------start------------->8--- # net.jami.daemon.service [D-BUS Service] Name=3Dcx.ring.Ring Exec=3D@LIBDIR@/jamid --8<---------------cut here---------------end--------------->8--- But that's nearly not where the complexity of our jami-service-type lies. Rather, it's in the following: 2) The lack of a way to declaratively configure Jami and the need to use D-Bus API to issue commands to Jami non-interactively. For example, to have Jami import an account it's necessary to go via either a) the GUI or b) the D-Bus API The Jami service in Guix makes use of b), which introduces the need for some Scheme bindings wrapping the low-level D-Bus interface. Perhaps such bindings could live in Jami itself. The second point (2) could be addressed upstream, but since it's a rather niche use case (the common use case is simply running the client GUI), is already achievable via D-Bus, and would probably require a considerable amount of work in Jami itself, I think we can keep it as is for now, as a Guix System exclusive feature ;-). Note that even if Jami could be configured via configuration files, we'd still want to be able to communicate with it via D-Bus to maintain the possible actions currently available in our Shepherd service (listing/enabling/disable accounts, etc.), so it'd only really help to reduce the start slot, and that's it. We'd still need most of the D-Bus bindings, so it wouldn't help that much anyway. I hope that clarifies how our jami-service-type is both complex but also unique. Happy video-conferencing! Maxim From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 02 09:13:39 2022 Received: (at 54786) by debbugs.gnu.org; 2 Jun 2022 13:13:40 +0000 Received: from localhost ([127.0.0.1]:53109 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwkdv-0004mI-Iy for submit@debbugs.gnu.org; Thu, 02 Jun 2022 09:13:39 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43126) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwkdq-0004m1-Cp for 54786@debbugs.gnu.org; Thu, 02 Jun 2022 09:13:38 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57132) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nwkdl-0006ZY-3p; Thu, 02 Jun 2022 09:13:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=RfbXeSsCU3h0TMtE8PaFzAKW9Q++84dmVUlf8GdsGl8=; b=SyeVRT9LYSyIv+iJyF5r Hz8up88Lqg5RCeT+yeSCfbcs1tbDZz3EmE4tBOe+5X3pORLpWA2lELFfDhz3s4z1nROIi/L/FuRQ4 BWwv/2zv4cSj8YW6IsD+GZcBkgSHVH7pmlWkJkXxB/+OnVDm7Lp6o34eEnEMYah1PF8yoivwPyInX 7wnyoWPesW1ftPtFloP/BXVixkZHDeNA/MbJ/kbMl3WB5BGvmWmSs0tQHbWhvZnIl8NmIjam3T1nY W14eRYoml4Q5dkmZsa9jm1OcJqYn3XPwgptrWh9Cik+eQzjyDouIn/Cqcc8ZshR/n+OurnXu1xOWv ss4upYK/mVAT4g==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:56242 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nwkdk-0006eR-LH; Thu, 02 Jun 2022 09:13:28 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 14 Prairial an 230 de la =?utf-8?Q?R=C3=A9v?= =?utf-8?Q?olution=2C?= jour de l'Acacia X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 02 Jun 2022 15:13:26 +0200 In-Reply-To: <878rqgr0l4.fsf@gmail.com> (Maxim Cournoyer's message of "Wed, 01 Jun 2022 09:10:31 -0400") Message-ID: <8735gnqkcp.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Maxim, Maxim Cournoyer skribis: > Ludovic Court=C3=A8s writes: [...] >> Before going further, I=E2=80=99d like to understand: this does more tha= n just >> fix the Jami system tests, right? >> >> It would have been nice to have surgical changes to =E2=80=9Cjust=E2=80= =9D fix the >> tests, along the lines of , >> possibly followed by a rework of the whole machinery, if that=E2=80=99s >> possible. > > It's not really possible unfortunately, because the rework from talking > to the D-Bus API via the 'dbus-send' binary to using Guile AC/D-bus was > needed or at least simplified fixing the issues. So am I right that the =E2=80=9Cissues=E2=80=9D were not specifically relat= ed to the Shepherd 0.9.0 switch, or at least not just to that? (Just to make sure I understand the context.) >> Besides, I think we should talk to Jami upstream (which shouldn=E2=80=99= t be too >> hard :-)). It doesn=E2=80=99t seem reasonable to me to have 800+ lines = of code >> in the distro to start one service. Usually the =E2=80=98start=E2=80=99= and =E2=80=98stop=E2=80=99 >> methods are between 2 and 10 lines of code. >> >> What do you think is missing upstream so that starting Jami is >> simpler? > > 1) Lack of D-Bus support in Shepherd to easily start D-Bus services. > The upstream systemd service definition for the Jami daemon (jamid) is > this: > > # net.jami.daemon.service > [D-BUS Service] > Name=3Dcx.ring.Ring > Exec=3D@LIBDIR@/jamid > > But that's nearly not where the complexity of our jami-service-type > lies. But that should be fine: we have dozens of D-Bus services that happily get started by dbus-daemon. > Rather, it's in the following: > > 2) The lack of a way to declaratively configure Jami and the need to use > D-Bus API to issue commands to Jami non-interactively. For example, to > have Jami import an account it's necessary to go via either > > a) the GUI or > b) the D-Bus API > > The Jami service in Guix makes use of b), which introduces the need for > some Scheme bindings wrapping the low-level D-Bus interface. Perhaps > such bindings could live in Jami itself. > > The second point (2) could be addressed upstream, but since it's a > rather niche use case (the common use case is simply running the client > GUI), is already achievable via D-Bus, and would probably require a > considerable amount of work in Jami itself, I think we can keep it as is > for now, as a Guix System exclusive feature ;-). Note that even if Jami > could be configured via configuration files, we'd still want to be able > to communicate with it via D-Bus to maintain the possible actions > currently available in our Shepherd service (listing/enabling/disable > accounts, etc.), so it'd only really help to reduce the start slot, and > that's it. We'd still need most of the D-Bus bindings, so it wouldn't > help that much anyway. Ah I see. > I hope that clarifies how our jami-service-type is both complex but also > unique. Sure, the ability to configure Jami in a declarative and stateless fashion is a plus, that=E2=80=99s really cool. Longer-term I think this should go in Jami proper though. It=E2=80=99s gre= at that Guix has an edge over the competition :-), but having to maintain it is less nice. Also, in more concrete terms: one goal of the least-authority work at is to remove =E2=80=98make-forkexec-constructor/container=E2=80=99 and the whole (gnu bu= ild shepherd) module. Jami is one of its last remaining users (adjusting it felt like beyond my abilities, precisely because it=E2=80=99s much more complex than = the other services I adjusted). Could you take a look at that eventually, once this patch has been reviewed? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 02 13:25:10 2022 Received: (at 54786) by debbugs.gnu.org; 2 Jun 2022 17:25:10 +0000 Received: from localhost ([127.0.0.1]:54543 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwoZI-00081D-A0 for submit@debbugs.gnu.org; Thu, 02 Jun 2022 13:25:10 -0400 Received: from mail-qk1-f176.google.com ([209.85.222.176]:46046) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwoZD-00080c-Vq for 54786@debbugs.gnu.org; Thu, 02 Jun 2022 13:25:07 -0400 Received: by mail-qk1-f176.google.com with SMTP id x75so728422qkb.12 for <54786@debbugs.gnu.org>; Thu, 02 Jun 2022 10:25:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=bVLJBtojytgsfxyU0gynshP7AydmIhQ7uHNF/U25XGI=; b=QCeTQoj6P/agjQ+b8ILbrxdjwe9UtJOPYnjRhQcOTnQ4V/BlAt2q54lRga0KpXtbhi 7t82aJ69jgwXq3su0IE9wO3fP0/mi8EkIdyN/fJvFUWHt/oVNX9RaT9HdpWvb7H7Zh3I lNAe4h0Spt2yxYh4b2Dwa/9iT+szeZecwRYLIWyeMDkv7tYjzyAJtKUgxnXIWGo00q/J 6nz236bXdtZU7K+sxO4HNEx4GSRg/9u2zXg73ArIpw0v+DCl3JGXczkwcn4xTtLr+UPA /z4ngl6JgI4n02XOzAiW2cp4Ai12U4JMPq5IYj6U6xAjmRD5BMz6gPFeKNJPYqEEL9Ce XpOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=bVLJBtojytgsfxyU0gynshP7AydmIhQ7uHNF/U25XGI=; b=DvZEGeTqVOzkBi6omVDj5tn01HmxBqKvhhuz9N0GYbCtN42ADWHEB+qdZuqCUyweQJ 4GzeWkVD9Y5s7aYFDKJra6rZfT4x4zC2rHpn4PXug6qGtn8t4hOnOe1jc0UGDJuH/sVF 7UDoJpcTlE3fIXk0XslKqQ6Pda3kFa43Jl0vUs2olA+ebyrpjMOCo04ip9tRNzmM8pAe HDNCqMvxp+cREiVYgrVaqnb7pDBsx95iyz6CHYgqpuaGsn1RVlZDkW5qnOU/wOMgL/Fx W6hpYwrD/37o4uYtWzxnqbR0HzVUDMbmNmerKnxkVLNzhCJnt7r1FUmCYmexgv3sC+uh 3P4w== X-Gm-Message-State: AOAM530L2jWsOn7GlhSIYk8RVsAEHGf7UHbbNoAWjhB2PGy/bT14oq+6 BesGLlwAvLURuFDYC9d0xRByZvQnDJ09N6dv X-Google-Smtp-Source: ABdhPJzuth4OCVF8NAQjsMgJEv9KZRSd5AIZ2jpAet+heF51wXoFjJRk5GHlbMTXuna42HJTL9sU8g== X-Received: by 2002:a05:620a:4152:b0:6a5:8ae2:da8e with SMTP id k18-20020a05620a415200b006a58ae2da8emr4199935qko.116.1654190698117; Thu, 02 Jun 2022 10:24:58 -0700 (PDT) Received: from hurd (dsl-158-168.b2b2c.ca. [66.158.158.168]) by smtp.gmail.com with ESMTPSA id e123-20020a378281000000b0069fe1dfbeffsm3485800qkd.92.2022.06.02.10.24.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Jun 2022 10:24:56 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> <8735gnqkcp.fsf@gnu.org> Date: Thu, 02 Jun 2022 13:24:54 -0400 In-Reply-To: <8735gnqkcp.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Thu, 02 Jun 2022 15:13:26 +0200") Message-ID: <877d5zx9jt.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludovic, Ludovic Court=C3=A8s writes: > Hi Maxim, > > Maxim Cournoyer skribis: > >> Ludovic Court=C3=A8s writes: > > [...] > >>> Before going further, I=E2=80=99d like to understand: this does more th= an just >>> fix the Jami system tests, right? >>> >>> It would have been nice to have surgical changes to =E2=80=9Cjust=E2=80= =9D fix the >>> tests, along the lines of , >>> possibly followed by a rework of the whole machinery, if that=E2=80=99s >>> possible. >> >> It's not really possible unfortunately, because the rework from talking >> to the D-Bus API via the 'dbus-send' binary to using Guile AC/D-bus was >> needed or at least simplified fixing the issues. > > So am I right that the =E2=80=9Cissues=E2=80=9D were not specifically rel= ated to the > Shepherd 0.9.0 switch, or at least not just to that? (Just to make sure > I understand the context.) I tried capturing the issue in the commit message, but I'll provide another more hands-on view: the Jami service was broken due to changes in Shepherd 0.9.0 that caused the blocking sleeps + concurrent make+forkexec-constructor/container and fork+exec-command combination used to not work anymore. This problem can be manually observed by spawning a VM with the Jami service: $(guix system vm --no-graphic -e '(@@ (gnu tests telephony) %jami-os)') -m = 512 Then you'll see the service doesn't even start: --8<---------------cut here---------------start------------->8--- root@jami ~# herd status [...] Stopped: - jami [...] root@jami ~# pgrep jamid 192 root@jami ~# killall jamid root@jami ~# herd start jami Jami Daemon 11.0.0, by Savoir-faire Linux 2004-2019 https://jami.net/ [Video support enabled] [Plugins support enabled] 12:53:47.144 os_core_unix.c !pjlib 2.11 for POSIX initialized herd: exception caught while executing 'start' on service 'jami': Throw to key `match-error' with args `("match" "no matching pattern" #f)'. --8<---------------cut here---------------end--------------->8--- I've ran this: herd start jami& strace -p1 -f -s800 -o strace.out Attached is the last 10% of the gzip'd file. I couldn't explain this failure very clearly, but when I tried investigating it was failing on the '(dbus-service-available? "cx.ring.Ring")' call, if I recall correctly. --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=strace.out.gz Content-Transfer-Encoding: base64 Content-Description: shepherd pid1 strace H4sICBvvmGIAA3N0cmFjZS5vdXQA7F1rd9s4kv3ev4LrPdsjd/tBFvj0tDOt2LLjbUf2ysomWSur pkXKUixTCkn5leS/L0BSEp+QYJenc2YdnYQCCFYBqItCARdUiKFIkuTeub0bt7a2felNt4Nw7Lvb 1w99+UH3QbnXHpxbmyjX93BpXVia1Ze/6Ka16VxMg01lS4EtkLcvht52lBG4nrO2IZ3jiVrb3KSp 3ak3vNuZ2OFgd/vG9rf9qbf92b4ebtN7caGJP/TCTd+djO7jDMcNwt2xf7nV912XJq7C8WRr/3Vc fpve2E7d2J7dKHtg63gYhE372g3WPm1I8p3Rd3SlRzTbUWRp+xdJkWiVpF+216VdSf6JRF164V/V mu+Oj9elqj+07J1i6Y4sz565vrYn0UMbkqlYsCGdtk7a3Vajvv8t+va+ddRubEhv66fd09bRf9fb jW/se7150vz49uTd2Ya0qdD6RdWglXRpFcHRF/LtXs8NAmpmN+xtj5ytYLw18d3R2Gb93Oqe/MGe 3FSkRvOk0WxLteZYCqa9gdQfjlxp7EvO0Hd71KT364lA37Wd0dC7oiIn/ri3Hbij/jYFU9TDWABQ ZUtnFTNmzRhPXM8Oa/V292B/7/3+U3QtOqJn9was3ifd1v5J8/jjt5Pu3vFJ40Njj+kmiWrPve0H oU0/NUL10vJfg7B7PXbc3bPu0UGrcfhNVlV1Q6K5wfDB3VUAVHlD2tra+r4h0Ro33p62P3ZP6+03 abCkDJ88MLd8xtwbEinYlyzs2xuNA7dGqiGXUonYiaPhBfub5NG+JEv7kQEn6sGOYhiN44MOdBT6 kQsf0pFf0UtyS+oQQ0vf/z1b3OwQXe5oRTm/s3tyx4ufIKwEURdyO2qJ6tU+hBhLcyCbnCld1JOo BbHLcqYdUAnrnsqMasWL1gLk2740xzxMGyqbqlapx9dJh4CRNhDNUPkZHTDY36xU2h3A7+TZ7URx jZpFS4ulGRo/g/7pZJQUMlg9sh81d40qmm3OSllMVeZTyCjoPqMdp4XOX6H6NKeaYSY3Cpdk7P8t fTObyg/O/0q06blaYX1yQJJb2dY9CsJQ6LSSrLz/CxO0AXVV0bfL2bN6UqQWP/M/ScFOVkCzMDRz Lfs5B+e5i9nJ3nBm7VKS+kD8LZgLJskDSUUP4st/xMVkOZH2Jr4czdolJ8WpV0+M+WlWE11PlBEt 75tBnVWOkPykQWYjFHSY1VZVZ6L0mU1A1nMPenF6jU7UNPgiwCYrekmmqwmbr3Q1nrGS+kjJk4nM w+a7xIQKrcUCtGG+9oUSObOziMekE70JBpisGqopEHxomrYIPoilyAREog9iES0TeBajzf1G82MS iBaCEQNywez8jsncyIYEqqLraiGwZeFBUdPB0YfGfpnOO5cKyyiOxJcqvriIFJu6rOjcdlVrU628 ukhoqTonbqdI+F6tWHPyip3KdjoQKaYjSVwvfwEBzxBgypZ6cWF/0S9HF7apDxRH7X1W9LuBM9T7 V/B5tHnZ620q8hbZkjeT8JL9pbndgEWYynNFmB2ZObPU/VyESZ0fcx9QJioXZKqRh+o8Pcik7n6T n7E8xFw+q+cy1js36TbmktUa5438PVuenyRyLpwrZCwJLDugyd8zMmlGBxRtaR7R5HzUrMqF4IIf XTJ/ntXOHHxBU0ke5EPKQsbSGJM24Eu+RfwMhOjyn6I0H1eCoR5ne295hqLmbFnM+bHiy0cj+UMW OB/yOCpUg8xl5XogCW3+Lb7Icu7RV/FlI5u7v2JzF1aG+UIZ1Nya/ev8xvyppOxdfJnOC+QDLZgr BMhJ/d/5Q0mLjuNLe5avJDYfxJdJfLnMSvnbXMrc98wjUlDnTUpU/D2+4AeWN/l+LpQoDywtVY/3 04TiyuymliwbutiulkxUix9/8eJKzawKe7Q4vKNNIsWASzSsJPlwS6uM8/RepFfRiak+MqxU1Ly6 SGipOgMzrFSMvGJDfoYYTxvArfplaA2ulC8PD5dD5ZbiHuR7JxgNPV8NNi9pRNfbhC1CZvFdj8V2 +mNjO5IbEYXdQyvtEnOB3V0U1ZGijFlYx3wD/brbkX/rLCZ+tVQYP8lcYmGfLptRmPRntxN9f35l S935h588zcrKJaVs8snRKtuBJVpm8inJWh6xStny3CQx2BofVH7W8pg12uHLzPvLc0bRZoXKyahW nIiRahngSSYvyebEk6xwtolHxCLWP88zQv+84iU7BPKzSTFnWZx6moU4P7lkAC2NiaE4xJbn5EZC fmDkB4SRzRc0Yr4FUGjTkhD8OfuzEHjrctalrJKz0etUpn6wmHuV6OzF41d9Xjz+i8fP9OqLxy8m Xzx+VuFf7PHFbEdUOUtAFzKKa22DLQx1NTq5Yqqc9f5iHyyz4oeEr+Os6Iu7An/P90K+wHwfJVVT RsiYasQ16byKLvpUSVc0rYt9Zi5uLp+tzC0lmlvnU6swl6WYsm4wcmPJpsPLnL3S52XOfpmzM736 MmcXky9zdlbh/885O72NbaqyKZuP3ceWLb1ig1e+MOP9ZKKoplKk8EV3sgFyW7yxgjLVSt+KTw6A oZuVJ0+XbSnr+b3zWGzpZrZqJWdBtMccViiovsi3NVZQrroft1VVjUdspHPPSUSif4A99Ek4YCEQ 20mXn+2UBJ1YrtL3c67qTcToVR+R8KNv/06/rXWeuJdOiJwLWYo5y+I0FiC38lQ9P+M0KzGXRI/W 1DlHWZGxPFL7M1uem2Sn50iOCynLwz0FAlquUYWMZSHaXXRWMiXzLiK3eRmD/PEAIh/ydebPfrAI BUiOnmd52gp5CMc/8hHT0ownhm0fstL4SbForXDK5LnbVgihaBWy9uGnCYNbVmZJ1o8VRj1ikMSL l6ySQk7e3ee3NwSOQGBuiTzqBC7bEjEseNYtEVPTn7glosiyaYq9XGQuOwbLC1+NyvDViI9DaAZR n366V8/HrkbVuQjZtEtDyScdw4iFlqqzUI9h5I8Vx+LLFUOyPCBg4satsehHxK3P8LKibKiplxX9 3qA78XvhqFZv7b3pnjVohHy2kSqsKaacAfrEH4duLyysNPKndLgPzYzMXjtc9ZnZ+RyhZxyRZ1RZ F9ZAZK0Mrplnpl72FDmJO4y9hLieM3jght1w6HRtx/HZa6QpQ6haVJo6M0NJlfbHF1PqrEbDIMyU 1qMhm66Hz1zapd0Lh2OvdnZ02Gq/PWoyB2h3B7bnjFx/N+UNdJsKoLeu7eBq9/xT9L0/si+D3bM6 beJZ+6TVaH2j36mko+bBSVSA1pktqVKCTMMxZeo5ExDz69NVKqtjqCtWh32vt9oINWNv2zJ1rG7d d83Xxyd7f2xI51G3Sayyn0ofnvij4fUwpJMYrXHr+OjtUbtLq8SejUt/ZQW6vam/y0DziyIDHTdR 3rV9t8ue0NUurfhR86j98ftT33dmz7A8M36fo/KZ6H7yzKUb0v6aDp3auWUatJnpy3oWsXHZy7is EheaX3Jlg3HvyqXL8APanUcfNqQz2qO0b+iAefst+p6snhOXNVtA98aex8YcidHRt6+Ho/vduZRg 6nWjl9bXim+tU/sqVroL+z2POjsq6aB72GgflHQl6w6QahG4opX9+9Z68eEz9vBGcp+u+6nHjQCy nu0al3Uiz1y0RxelWf949rVb3lLalnMaXEi7ryT4lEHceDSqnX/tO7v0OffG9cJg9/Tk+PjkXfs7 tcRsBlCkeSE/X2p97lE8JxzH4ReLoeizb88OaevoGGjWj2cQjuUVn6m/a7+RGh/ajRYtzF50MonR 8TselQTAEQWwpClHzaQlmwqnKaxU+rX5qE4nf0iuDpbdV4jq9C31wgS3bxDN1m2abbq21p9VUY4J OmKs3LHc6lT1bLNxeNI+opN1ZNbuwX6iX7F4vW09XxfVD1uNfGVmnaFoz9sZrxvUSSc6DU77l9nk qPntKbW5Di6jUUevXTYEd2PVs+TI9XblODkc3+yef6X/di/swN1dGyXLodwixZsnlTFbpSSLrNLf xJivYBT2dcbUlf1KRmrVs3pZEpdNavDGHY3G80USawdrHHUs1L+kmpW6J7MeTZrO0hCnqFsOfWqN RdfEEzKbVNNmjMwA5qrwBS0J2VdCcO/mKZaLd2IXpoquu1lzJN22o2xZs6Wm1lGmKZvTVbrC3l9Q 4i43BEyTFT7qqJkKzd94UGY7jAJoegRC+nGS/QpLvfdlOvRdZ16kujfQmp+CHPM+OdQpfNQxxO1F /8QxRALCdFY00+gyBzsx2sufZL/ZUj+s09iv1nKD8dTvuVLoXk/Gvu3TWVqaevaNPRzZFyP3eRxL 0t+zt3KeFwrJhs78R3nm94VdVdrJEP1ZnQzRf1wnw16Hn/WwmJvJjzOwA8FhBvMXPR8xKnNZ89+G SZxF727LH3qXWy36z0KhtlAzmY4C1546w/HWmevfuP6sOcaizCkrU2dllKwy8k/yCor6z/MKqT1I pWQP8ujg5BvbiFjsQS5/C+zWH4ZuJO3aDQdjhzYjnPqeFA4pVBVdUxXTAtPcMlXVAoj8El0Kl4FA 2nwlsR/1Gno2W5fvRiCgD/hDe7RLpOinv7pJEjqexPaQfPteOo++M58XMjhIndIf+eqsFYrFKCvN p1Ar5mfwVrxdjrjycmnUlVeAJPmfovCUgBJvJs9WPu7dMOxe+uPppFa+tKal/5GU/fXXX6PyriPd DsOBJLOcn5So1G/UvNKtPQxVia27r13n1fnX90cHjQ9H7cZ+LViXfv5Zes9SZ+16+90Zy9ml1mdj QY6j5PVkYygWGEX2kOxwx7/tVVzlJmXj/UjgbEguyk695JfIwuvJ4vfDNsfTcDINNz/8Aa/rsr62 nnqiZCsl2UiJPej5m3en0lGzLdE141tp783x/qf5fkosYRLQAdgL9ZpKS5P5nkuylxLeUDT2mBug 3zz2dbanI/029fpDbxgMaJfTDn71E1HVWWfPhM77ez3bXqnWpkOHtms9eWpeC7pGOzcraiEvasHm l+jP94V98KWWtVGftdFls2CXwWqBKjb76exVUXm2qxuVXxRlNSlKTcFUoOfip0rOXpSj5+N/vlUa zbXUpspeq1Fv02vjwx5bBupxpYEkklOOdIb1IpuzsieNZVKP4F5F4mjZs0bjj+7eu1ZmaCzKpvSn W8d+784LAjrKe4MtOjH1V3jZV1FnNZPTtSnpOyZ9YlPxTuXBEx2KFdShsoMyFTFl3vHfdB8xibM+ Omu0K/oo8kSRcn88DnfudmT6ObsP6Bwp2c41Q1no2+HY39mOCqTO5TiWdX9185nYdw8PQ+f+Mrh2 rh/u7IE6urlz9MHtJg2wBpvalrJlRr9nyJIdzxtfjJ17qkjXNKLuWJaxs7PtjT3qe6lSL6MBRsPA vBr4zpX88PD5IdDunaHpB9pA7+u3n31jMxjYzvh2U92ytgOmwhuPxpdDr+NdTod3F9PhiE6jskKV WZa1w7b15Z1Dekd6zW5J7+g8KUnKTrQtSWOC8B5fOUTKzSrl8KzKSaTcqFJOnlW5GinXq5Srz6pc i5RrVcq1RyuPCfzZz3Gy4ZiZpnVYZZr+yxxTFAs9h1+iY/m53VLHux247igZzB1vSi0ZJKOLuZWo bQngO14Y3if463gODYbpJJZAouNdXbvXUUKliaE3SW4RmroZOu44SgFNRTFqlFKYCjd03JsoyWoz ipSZVqQguIoSrCb90XgyiZSbrCI9xx9H2kxWldCeuFEiqsdNfEPdybirjYz/yKRIJqVmUlompWdS RiZlZlJWOkXXsItxRCsXj58fqnpBMHCibmP2unaDwL50aawSZTGjMW4pSjCbpX46l0L0EUO13xuM b70o4KD2ZP8o61VlL+mijksnrRR3l0bcK4Thw4lbO2dDRiefqnjEFce32BK3KLMs2HuMzKcvTqip PbfWG1D0dGntelfJxlC8+0B9X7PR3XtzdLxP/WCj3mof7X9LZ1IHxbKoYiZ8Q4oFhUNnEsZMtaMr rtvXbSUmRA2Yw4Yxkaxzq3jMKBRfkJjMG6+XPJziMROHnWUyM4gmJesNA6TygwizqkPmIALMpZUI Sy0zojKla4wM0h6zuHjfmk1NyfKifnraaO6zBYYqV7VwtUql26cuPeEDybCC2jlFtPqJVW4+XZaU zR+YiDGTPjDBELzP7LnspETxTAQ1V5/07fhMBNc0cZ9XdAOd5UkWZhyunVHtpiorC6DObRPbhH45 rrcOGwdHx431FR3B41d9enbVx4VC2hbzrsifXWF9qimOo614dqV5sne8T5OnS8xjrnNQQf3V84Di Ka17SoOoE/7XahCbTf4VWlRxQKps0uQ6lGj0Lff1JUrp7PW2fra60sIAnklb7JBxpvy0d18W3c3n xYBGbNzWP6Ii8dPRhnGNsJesuC2NK1Hpr1lQkbRs4Az92tr2WmXTUvNWySm35gnz08VjbrkTbmp0 5O17sU8r9tBzmkumfLps2vamo1Fq5ZmW7kwnwKpZLT9fk3wMzivLAUK+DmyCqRQdH6ial2UkJae+ sEBYtDANWAPPywLzRR2ec1ug0jYrbQsU6oeyLRBLXW1bIPFrL9sCL9sC+NsCj5o42JHa4m7AjzSs l9MQjx3XS2gIlIH9QkO80BAvNMTqNMSjnNg0cmLGcie26ltRovsrcVlNoGzxrER12cqGlZQ1Bcpa AmUVTthcKMsJbAtlV7JxUnbJ6ZFMWY7hCmU5hiuU5RiuUJZjuEJZjuEKZTmGK6wbBOwGAnYDAbst O/WTKStgNxCwGwjYDQTsBgJ2AwG7EQG7EQG7EQG7EQG7EQG7EQG7EQG7EQG7EQG7EQG7qQJ2UwXs pgrYTRWwmypgN1XAbqqA3VQBu6kCdlMF7KYJ2E0TsJsmYDdNwG6agN00AbtpAnbTBOymCdhNE7Cb LmA3XcBu/NiTncd+Xd8/kGqvbSf+T3UdN+j5wwmNfNezggSMqnONKqKUa3ERQQJw0LlwEFHKxYqI IC6QBAQZXJSJCOJCUEQQFj4NLj5FBGGB18ACr8EFr4ggLGQbWMg2sJBtYiG7eg9RVBAWsk0sZJtY yDaxkG1iIbt600RUEBayTSxkW1jItrCQbWEh28JCtoWFbAsL2SUvET1SEBayLSxkW1jIVip+YuUR gqqhLSiIxyILCaqGtqCgamgLCqqGtqCgamgLCqqGtqCgamgLCqqGtpggzjazoCAsZHM2qAUFYSGb s7UtKAgL2ZxNcUFBWMjmbKcLCsJCNmcjXlAQFrI5W/iCgrCQzdn8FxSEhWwObSAoCAvZHMJBUBAW sjlUhaAgLGRzSA5BQVjI5tAjgoKwkM0hVgQFYSGbQ8kICsJCNofMERSEhWwODSQoCAvZHAJJUBAW sjnUk6AgLGRzSCtBQVjI5tBdgoKwkM0hygQFYSGbQ7EJCsJCNoecExSEhWwOrScoCAvZHEJQUBAW sjlUoqAgLGRzeEZBQVjI5vCMgoKwkM0hIQUFYSGbQ0IKCsJCNoeEFBSEhWwOCSkoCAvZHBJSUBAW sjkkpKAgLGRzSEhBQVjI5pCQgoKwkM0hIQUFYSGbQ0IKCsJCNoeEFBSEhWwOCSkoCAvZHBJSUBAW sjkkpKAgLGRzSEhBQVjI5pCQgoKQkA1YHCRgcZCAxUECFgcJWBwkYHGQgMVBAhYHCVgcJGBxkIDF QQIWBwlYHCRgcZCAxUECFgcJWBwkYHGQgMVBAhYHCVgcJGBxkIDFQQIWBwlYHCRgcZCAxUECFgcJ WBwkYHGQgMVBAhYHCVgcJGBxkIDFQQIWBwlYHCRgcZCAxUECFgcJWBwkYHGQgMVBAhYHCVgcJGBx kIDFQQIWBwlYHCRgcZCAxUECFgcJWBwkYHGQgMVBAhYHCVgcJGBxkIDFQQIWBwlYHCRgcZCAxUEC FgcJWBwkYHGQgMVBAhYHCVgcJGBxkIDFQQIWBwlYHCRgcZCAxUECFgcJWBwkYHGQgMVBAhYHCVgc JGBxkIDFQQIWBwlYHCRgcZCAxUECFgcJWBwkYHGQgMVBAhYHCVgcJGBxkIDFQQIWBwlYHCRgcZCA xUECFgdJsDhIgsVBEiwOkmBxkASLgyT/x969dqeN5GkAf7+fQus522N3+yKp7j1Ntt0xdth2sNcm m2RNlhYgbDoYCAjHuX33qZLERRISxn7ck3PW4SSgUqlKKpVKf+knCMogCcogCcogCcogCcogCcog CcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcog CcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcog CcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcog CcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcog CcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogCcogKcogKcogKcogKcogKcogKcog KcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcog KcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcog KcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcog KcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcog KcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogKcogGcog GcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcog GcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcog GcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcog GcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcog GcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcogGcog GcogGcogGcogGcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcog OcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcog OcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcog OcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcog OcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcogOcog OcogOcogOcogOcogOcogOcogOcogOcogOcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcog BcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcog BcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcog BcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcogBcog BcogxYMMklKd7Zfd3V1rOPZ7fivg1sgfT6799rOtREG2tVnrXvuDSZCuXlm/TPqdbr87vvLbli7q WVzstMRNtW1dyHfbVvXV8fH03y/BTWPst0r2tqU/9c1HZsd/vkWZlpQbVhyublj70nVduwFRZCpQ ZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQ ZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpQZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpR ZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpR ZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpR ZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpRZCpR ZCpRZCpRX9uUqK9tSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRB SpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBSpRBKpRBKpRBKpRBKpRB KpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRB KpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRB KpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRB KpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRB KpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRBKpRB KpRBOnY+Qq5bUG7XXreg3K69bkG5XXvdgnK79roF5XbtdQvK7drrFpTbtdctKLdrr1tQbtdes6B8 hFy3IFTPzkfIdQtC9ex8hFy3IFTPzkfIdQtC9ex8hFy3IFTPzkfIdQtC9ex8hFy3oIf2bP/Wb934 mxt7l/3J3ljP8PeuP3fsz3zkOp/Y5/ZHjzjXn9xL1VRMdewPXKqddnMy3nF2HXfXtfea3f5emDD2 ++2NbesCV9TGzo6eKk363dufh15wVdq78UZ7o0l/70/vurun50WZhqNuP9gZ+cPepyhBb2ZQGowu dzsj39cT74PBcPfgtyj/np6xtzBjbzpj2QK7x91xUPWu/fHGu23LvhWdNndahHnKsa29Hy3H0qtk /bi3pdvbjpu0OXq/aX4pKjfkMHlvnZbv62giXub62htuRr9BJR3lblunZye1xll5/+Br+On1WaVW 3rZe7p82Ts8q/7NfK381n/erJ9W3L09enW/rva3XL1wNvZKkyTzbbs7L91otfzzWu9kPWnu99u54 sDsc+b2BZ9r5rHHy+1bcYaon5WrN2qwOrPGkdRX1msHIandHfkvv0k/TfjPyvXav23+vixyOBq29 sd/r7OnOFLYwqgNQ28SkJUtMN2Mw9PtesLlfaxwePH998JC65g3R8lpXZr1PGmcHJ9Xjt19PGs+P T8pvys9N3SSuuu9/7IwDT782ia5X5/8yDhrXg7ZfOm9UDs/KR19tSum2pVPH3c9+yXFdam+bnwj7 tm3pNS6/PK29bZzu114sdpaFHR8vMNvzid29bZHM/pXz/RuNB/nXJtZClcBG7HWb5m+cptuSrGxH 03HCFqw7QpSPD+tu3dEvO/MidfuZfotnWXUi2OL8X5PZZZ1wu86y5fxq5tn1frQEMTkInZdbp0uq vtuLELEyxU1OTiudryehmWJXpUzqLiWmeXIT8iueb63rprd9ZYo8WtxRyan8Knn0PqwTVyzuIJ1A ixPqrjB/k6Xq5nCLG3k6O654U+8WtlisTmDFCfpPPVFJJsGsR/JFU+/hiiY3505JpqrEK5OQqftc NxwL2v+Kqk9TVZs+kzoKVyQc/H1xZnIqfXD+d1wbT60V6pXqSPZZcuvu1YXdTKMtSUqPf0Hc21w9 VIWfLqfL8jjLZrTM/8YZ68kCqplDM7VlP6S682yI+Tk5oz3dLideHzf6NJ4VTOIF4hU9jN7+I8pm 23FpL6K3ynS77Di7HtXjnfluuiacx5URlh6bXTpdOULSJw0yPUJd7k7XltJpUXy6T1ybpxbsR9Mb +kStgy/zEFXJvMWnq6E5X3EanbHi9bHiJeMyj6qv4l3o6LWYd9ogvfaZHKndbiIeqU/00g3/m4KS nloj+GCMzYMPouNT4q4TfRBFWCLwzEabB+Xq2zgQTQUjquOJVDA7m9M0v6C6bbnU4ZxmAlsTHmRr Oqy8KR8sq/PWD+/ALVQcFr+04o4dViy5vkgu3K782qhKVxcWuqQ6HY5F27lO+J5fMWsnK46LX16x CCvWR9L69RZfQIhHCDBtRZtN7wO/7DU9ya+cNm396fDbq3aXd967f/Z2LlutHcfeJbv2Thxemr86 tTE2EabzWBFm3TaD2cL8VISpBz8zfLjLikoFmTQcoeoPDzL1cL9TnLA6xFx9Vk8lbNVvFrcxNZlf 42wjf03mL54kdiqcyySsCCzrLrO/JcrUCXXXYSvTCLPTUTO1M8FFcXRpxvNk7WaAz9S0JM1Nh5SZ hJUxpt6AD+ktKk4ARJd/SaXpuNIV9DjZeqsTHJral9mU7yu+vHdPfpPsOG/S/SizGmRWVqoF4tDm 36M3204t+ix6206mHtxxc+d72Z1dKLs0dc3+ZTZjtlSc9zZ6m8wypAMtd1ah66ZK/b/ZQvEWHUdv tWm6E+/zq+htGL1dJkv5+6yU2dgzi0hdOtukuIp/RG/4wPIm3c6ZHMsDS0V5dD9trbgyeVNLBwV8 vbtaNqGqOP4qiitlOy+8U1F4pzeJZAOudcNKko7zVE6cpyNdJ6zX4UTSe4aVDk1XFxa6vDpkWOmI TMXsEWI8duV+pB+66uq98+Hz58uu81H3e9f+1B73uv0RHe9c6oiutePuEjKN71omtuP3je1I6ojI 3D1Ui0NiKrC7DaM6ki1jGtaZsUF/LNXtX+rzEz9dWljxpBkSM/fpkgmZk/50dlzfH1/Mpe7sVTx5 miwrNWklJx8crZo7sIQlTj5LklZHrFYyf+EkEeYa36XFSatj1vAOX+K8vzqlF96soAUJ+RXHxVib iY5nyaJJc048SRZubuKR9SLWPy4Shf7xvmiyTtz02SSbsipOPU128eLJFQfQypjYzR5iq1NSR0L6 wEgfECKZvuZOTG+Bm9mmFSH4Y7ZnJvDmdnJIuUvKdqueO/Wdxdx3ic6eRvy819OI/zTiJ1r1acTP Tj6N+MkK/8Uj/nr7jlA7CdCZhOy1tjAXhubbZiXzseB6f34fLHHF78ZeV3BFn70r8I90K6QzzO6j LKypAZnwt4JL+mPBis7b1Flc0cW6zGs6xM3KN1fm4W/J6Cs4976W5UibC4MbK246PJ2z7/R6Omc/ nbMTrfp0zs5OPp2zkxX+/zxnL97GltSWtrzvfex2q5lzg7ftt6P7ycSh0skS/rp3svVRk7zFG1Ww 9N6y60dPDriCy9wnT1fdUuaZe+du+sHm2Rzhx8+CsPs8rJCpupne1qiCpVVLGm0rpeIeN9ILnpOI i/4O7qEPgysTApk76fajPSWhTyzvF+enhqoXoejlPyIxCj/9TX/aqD/wXjohdipkyaasitNMgHyW pvrihNNkialJeLRGZ0aZk7A6Uvsjmb9w0jw9R1IWsiwN+xSIy1IblUlYFaLdhs9KLpR5G+J2UcJV +vEAYh8V15l+9sNEKC5J8bxJY3dIAzz+kY6YViY8MGx7kyyteHK9aC3zlMljb1smhNKrkNw/xdPE dLdkmUuSvq8w6h4HSXTxkqwkk5Ie7tO3N9Z4BAJ5S+ReT+CaWyLhf5v8iLdEwv9W50G3RMwXiOV6 Xy6Sqx6DLQpfvdzwtRk9DsEEoQ9/upenY9dm3nMR7WZnaSj5oMcwokKXVteCPoaRfqw4Kn55xSK+ PCCuxMatUdH3iFvxX1bUHUwtfFlx1LpqDEetoLe5f/b8ReO8rCPk8+2FzJ4j7URHH44Ggd8KMlca 6ad0Chea7mTztcO7LjN9PmeNZWaPit9tGWrz9Wsg3rLumlhm0k8+RS6jBjNfQtxK7fCxHzSCbrvh tdsj8zXShR1Bo99U1IOZcBdyjwbNiR6set1xkMjNw0N2cT1GZki79FpBd9DfPK8cndVeVqpmAPQa V16/3fNHpYXRgHu6AD3r2hu/L128Cz93et7luHS+rzfxvHZyVj77qj/rkirVw5Mwg15nc0m1WFCr LW09csaduHh9Gk7u6gh6x9Uxn/fPaoA1M9+2NdWZdWu8qv52fPL8923rImw2y6zsu6ULD0e97nU3 0CcxvcZnx5WXlVpDr5JZNsr9xWRotCajkuk0Pzq2q4+bMO3auy2ZJTht6BWvVCu1t98e+n1ns4xO a9udvF9UCZeJ5sfLXPqBbq9Jt715oaTQm7n4tpXssVHeyyivE2WavaXyjget976+DD/UzVl5s22d 6xbVbaMPmJdfw8/x1XM8ZE0voFuDft8ccyTqHR3vutv7VJqVMp70G+GX1jey31rX+9f8uMF8FTqt vh7sdEmHjaNy7XBJU5rmcK3NsHOFV/avz7ayC5+bhbfj+fq6X4+4YQfZSjaNbxqxaHfpFp3nNu3T 96795Vuqt+VCBxdW6Znlvkv0uEGvt3nxpdMu6eX8G78fjEunJ8fHJ69q3/SemJ4BHGuWaZTOtTUb UfrtYBCFXyaG0su+PD/SW6ePger+8bQLR+Vll9l/VXthld/Uymc6s/mikySiPqr3dUmuW1CU667Y lEo13pIdp2BTTK7Fr82H63Tyu+VzV3kdh9B2R9GmdP2OIMzjnk6Wvsc601W0I6Aj4s4NW7g6eS1b LR+d1Cr6ZB3u1sbhQVy/o4paWz1eE+0fnZXTKzNtDIc9bmP8VtaDdFynKNj+VfukUv36kLW5Hl+G R51+b5hDsBRVPZ3s+f2SHU12Bzeliy/630bTG/uljV58OZS6SOnPJp2BuUqJL7KW/ibG7ArGMR+n UrfsVzIWrnrunpdEeeM1eOH3eoPZRZLZDrNxemDR48vCZi3Ms02Lxptupt1oSg/LwUjvjXnTRCdk c1Jd3I3hbnDlXbuvy+KQ/U49uHXzkD0X3Ymd76rwvZTcHXGz/ezsqum1OKs7k4V9rq/SHfP9BSdq crHGrkkW3qvTxArNvvHgTO8wrtGb7tFDOtGk+RWW/daHSXfkt2dZ8lsDtvkLXc6MPqle5xT3OtPj nof/RDFE3AkXk8IzDbcL+k7U25cvaX6zZf9oX8d+m2f+eDAZtXwr8K+Hg5E30mdpa9L3brxuz2v2 /McZWOLeMP1WzuN2hfiGzuxHeWbz1x6qFgcZwh91kCH8+x1kzNfhpy283jAzHQWmx5nrjdc8zNzZ Fz3vcVSmkma/DRMPFq3b3VG3f7l7pv+ZV8jm1QwnvbHvTdrdwe65P7rxR9PNEfM8pybPvsnjJCv7 q0YFh/51o8LCPUhnyT3IyuHJV3MjYn4PcvW3wD6OuoEflnbtB1eDtt6MYDLqW0FXd1WHM+pI5Sp7 12E2UzIcl/Sl8LJOYO08M79dFnT7nrkuL4WdQC8w6nq9ErHCn/5qxJNuvW+Ze0gj75N1EX42Y15g uoNVX/ojX/WNTLaoly1N110tm57ob9nZy3vc8nyLvW75CkxX7F0YnhLXiW4mT698/Ntu0LgcDSbD zZwfvitZ/xnn/emnn8L8ftv62A2uLNuk/JsT5vpF717ro9cNqGWuu6/99rOLL68rh+U3lVr5YHO8 Zf3wg/XaTJ3X9muvzk1KSe99cyzYUZS8Fd8YigoMI3s3vsMd/bZX9io3zhvdjyz4P7YW8k768S+R BdfD+e+H7QwmwXAS7Lx5+18vnXJ1Y2thiSW3UuIbKdEIevHi1alVqdYsfc340nr+T/bu/qlxI03g +O/3V/im6m6ZLV7sfm9uJ7WzA5NMLYE5hmySi3PE2AY8gCHYzABJ/vdtybKxbKtNM9+5S20lVGIk t59uqR+1Wvoo+KudrR8n91NGEa4G4QBsD82KCqXl5J5LcS9l+CFkYzsbBsJv/ezX8T2d2l9u+se9 fm9wGnZ52MFf/JtUaryzx0En+/t5eXtrKwfh0Anb9bz41KQV4RrtB1fRivpDK7LzS/5PpDVm3Jpu dr46zBLgof+z85TJ/qfO+vj+a17+oWjWkt/7Nk6ld0JrRp9a8MzG4qzbE/84udx9NnUz5tX+9suD 8Lr93avs8tGMdqGQReSpAXh8jMwr0KNH4FHMMJJ0z/Jwoey77e2/H776Zr90SD2Unap/euuyv5PX HwzC6NA+XQ8ntONH/E/CDTVuWX26NQv2XRb9qhXCdyofWDFqvoEZ0lXsoFJDXD322PD0PsoijvfR u+2Din2Uj2B55deXl8PN2816+Hl3Nwjn1lqrc5Fl2fC6Nby83tzIC0w9z9Px/u7sw3vZur2/73Xu TgYXnYv729apOv9w2zGnH9fCxOx0Ta831l3+dxCzxWa/f3l02bkLFRmtpdr03m5ubvQv+2HMDpX2 SzWI897AnZ1ed87q9/fv7wf6rtNz1wN9ao7Nx/fXdm1w2upcflxT635jkFXRvzy/POn1m/2Tm97t 0U3vPJx+641Qmfd+M3uqq775ZXin9rfsrdo34fxaqzU289uZYS4xvOMrF3nlrqpy8Vkrl3nltqpy +VkrV3nlpqpy9Vkr13nluqpy/eTKR/A//jOe2eFYOr1HvpHn9zAw5XOozzEuhWP5cw9Lzf7H0273 vDiYm/2b0JOD4ujKhpV824qEb/aHw7si/5r9TphEh5NYkRLN/tlF9yJfUGGh178q3pJh6UOv073M l0RYyue2+VIjq6I77HQ/5ItZa87zypzPKxic5QtZS47PL6+u8spd1pB25/oyr81lTRm2rrr5Qt6O D6M31GZpuFotjR+lJVlaUqUlXVoypSVbWnKlJT+9FK59H46j0LjR8fO7at5gcNrJd1vWXxfdwaB1 0g1zlXxV1mmZSeULWZ9N/cndkKJPOFSP26eXH/v5hCP0Z/af2b+Y/VD2JFwMRhnqUfP1hTP1R0zf e1fdlR+yQ8boH6v88ZHHd9ql8XxMDcX89Iua0NX97kr7NGTPYWhd+6y4oTS6axHGvt3tw1dfvdnZ CuPg9sv9gzdbv06vDANUtipUnAVfrY0CDXudq+FIuDum0e0em1ZjBKlWTtImE8xs51b5Zz4Vf8DP bDR+vuDDU/5ZDNhlAS1ltF5wnWJlbfEDDOOmi9IDDHISTUYvM/IyC68xSpn2lIuLb/fHp6bi8uLl 27fbu1vZBYaqV23h4xo1vX2Rw3+qbHZYiZUfwuGvfswaNzldLig7+6DFKGemH7TIMngr689lT1jM P0sRuutYHrdGz1JEu2a0zyt2QzjL63Ka6WiO3jpVbzwk6qRvRn0Sftl5uf/l9us3O9vPHzkQPP2q Lws3ddUXTYXpvpjsitlnXrJ9qhudjn7kMy+7e692tsLi2yXd455HsiKMV58nKT5l6z5lg8Ig/K+1 QdnZ5F9hiyoerFp00owOKPnRt3ysX1BpOHt9/fLd4yudO4DH0R7u10VO+dOj+7LZ3eS8OAgztujW P6Eho0/nN5pXQkVLtnTUiMrxOptUFFt22uldrzzbeBb56q/JeWvB03G7e9k4Pf943MyTcSp/VO63 +X1a/R140zUvOOWHy6aN/s35+dSV53T0zs2VyJoZ+469ckuqv0Rvvmz19+TVZtuQnWAiX4jTmC6b 4WakveIhw/IL00G2gT8smpg/tOFz3hao7JtH3RaYax9yW2AU9XG3BYpx7Y/bAn/cFuBvCzzpxJE9 ihv5otrfwWG9nCGeelwvYQjkwP6DIf5giD8Y4vEM8aRB7CYfxCJflDhzTyhh3vW4+yujstVf+Dtf tvo7fefLVn9t73zZ6m/mnS9b/eW7C+aqkWnzXNnIxHaubGRiO1d2yVMnpbKPyp2ibKTj5spGOm6u bKTj5spGOm6ubKTj5q4bEvqt+ms0F5RN6LdlTwuVyib0m0joN5HQbyKh30RCv4mEfpMJ/SYT+k0m 9JtM6DeZ0G8yod9kQr/JhH6TCf0mE/pNJfSbSug3ldBvKqHfVEK/qYR+Uwn9phL6TSX0m0roN53Q bzqh33RCv+mEftMJ/aYT+k0n9JtO6Ded0G86od9MQr+ZhH4zCf1mEvotPqdd+tXQU4ESOtUkdKqJ dmpKA6M9nhIomg4JgWw0V1ICRRMpJVA0y1ICRVMwJRCVnzaanymBosmbEojKbEtltqUy21GZXX0n MDUQldmOymxHZbajMttRmV196yM1EJXZjspsT2W2pzLbU5ntqcz2VGZ7KrMX/C9ETwxEZbanMttT md2o+AMrTwhUndqJgWIWnBSoOrUTA1WndmKg6tRODFSd2omBqlM7MVB1aicGqk7ttECRm8WJgajM jtxmTgxEZXbkBnViICqzI7e2EwNRmR25KZ4YiMrsyO30xEBUZkduxCcGojI7cgs/MRCV2ZGb/4mB qMyOsEFiICqzI+CQGIjK7AhVJAaiMjuCHImBqMyO8EhiICqzI7CSGIjK7AjJJAaiMjuCOYmBqMyO MFBiICqzI4CUGIjK7Ag9JQaiMjuCVomBqMyOcFdiICqzI1CWGIjK7AixJQaiMjuCc4mBqMyOsF5i ICqzIyCYGIjK7AglJgaiMjvijImBqMyOIGRiICqzIwiZGIjK7AhCJgaiMjuCkImBqMyOIGRiICqz IwiZGIjK7AhCJgaiMjuCkImBqMyOIGRiICqzIwiZGIjK7AhCJgaiMjuCkImBqMyOIGRiICqzIwiZ GIjK7AhCJgaiMjuCkImBoMwWlEEKyiAFZZCCMkhBGaSgDFJQBikogxSUQQrKIAVlkIIySEEZpKAM UlAGKSiDFJRBCsogBWWQgjJIQRmkoAxSUAYpKIMUlEEKyiAFZZCCMkhBGaSgDFJQBikogxSUQQrK IAVlkIIySEEZpKAMUlAGKSiDFJRBCsogBWWQgjJIQRmkoAxSUAYpKIMUlEEKyiAFZZCCMkhBGaSg DFJQBikogxSUQQrKIAVlkIIySEEZpKAMUlAGKSiDFJRBCsogBWWQgjJIQRmkoAxSUAYpKIMUlEEK yiAFZZCCMkhBGaSgDFJQBikogxSUQQrKIAVlkIIySEEZpKAMUlAGKSiDFJRBCsogBWWQgjJIQRmk oAxSUAYpKIMUlEEKyiAFZZCCMkhJGaSkDFJSBikpg5SUQUrKICVlkJIySEkZpKQMUlIGKSmDlJRB SsogJWWQkjJISRmkpAxSUgYpKYOUlEFKyiAlZZCSMkhJGaSkDFJSBikpg5SUQUrKICVlkJIySEkZ pKQMUlIGKSmDlJRBSsogJWWQkjJISRmkpAxSUgYpKYOUlEFKyiAlZZCSMkhJGaSkDFJSBikpg5SU QUrKICVlkJIySEkZpKQMUlIGKSmDlJRBSsogJWWQkjJISRmkpAxSUgYpKYOUlEFKyiAlZZCSMkhJ GaSkDFJSBikpg5SUQUrKICVlkJIySEkZpKQMUlIGKSmDlJRBSsogJWWQkjJISRmkpAxSUgYpKYOU lEFKyiAlZZCSMkhJGaSkDFJSBikpg1SUQSrKIBVlkIoySEUZpKIMUlEGqSiDVJRBKsogFWWQijJI RRmkogxSUQapKINUlEEqyiAVZZCKMkhFGaSiDFJRBqkog1SUQSrKIBVlkIoySEUZpKIMUlEGqSiD VJRBKsogFWWQijJIRRmkogxSUQapKINUlEEqyiAVZZCKMkhFGaSiDFJRBqkog1SUQSrKIBVlkIoy SEUZpKIMUlEGqSiDVJRBKsogFWWQijJIRRmkogxSUQapKINUlEEqyiAVZZCKMkhFGaSiDFJRBqko g1SUQSrKIBVlkIoySEUZpKIMUlEGqSiDVJRBKsogFWWQijJIRRmkogxSUQapKINUlEEqyiAVZZCK MkhFGaSiDFJRBqkog1SUQSrKIBVlkIoySE0ZpKYMUlMGqSmD1JRBasogNWWQmjJITRmkpgxSUwap KYPUlEFqyiA1ZZCaMkhNGaSmDFJTBqkpg9SUQWrKIDVlkJoySE0ZpKYMUlMGqSmD1JRBasogNWWQ mjJITRmkpgxSUwapKYPUlEFqyiA1ZZCaMkhNGaSmDFJTBqkpg9SUQWrKIDVlkJoySE0ZpKYMUlMG qSmD1JRBasogNWWQmjJITRmkpgxSUwapKYPUlEFqyiA1ZZCaMkhNGaSmDFJTBqkpg9SUQWrKIDVl kJoySE0ZpKYMUlMGqSmD1JRBasogNWWQmjJITRmkpgxSUwapKYPUlEFqyiA1ZZCaMkhNGaSmDFJT Bqkpg9SUQWrKIDVlkJoySE0ZpKYMUlMGqSmDNJRBGsogDWWQhjJIQxmkoQzSUAZpKIM0lEEayiAN ZZCGMkhDGaShDNJQBmkogzSUQRrKIA1lkIYySEMZpKEM0lAGaSiDNJRBGsogDWWQhjJIQxmkoQzS UAZpKIM0lEEayiANZZCGMkhDGaShDNJQBmkogzSUQRrKIA1lkIYySEMZpKEM0lAGaSiDNJRBGsog DWWQhjJIQxmkoQzSUAZpKIM0lEEayiANZZCGMkhDGaShDNJQBmkogzSUQRrKIA1lkIYySEMZpKEM 0lAGaSiDNJRBGsogDWWQhjJIQxmkoQzSUAZpKIM0lEEayiANZZCGMkhDGaShDNJQBmkogzSUQRrK IA1lkIYySEMZpKEM0lAGaSiDNJRBGsogDWWQhjJISxmkpQzSUgZpKYO0lEFayiAtZZCWMkhLGaSl DNJSBmkpg7SUQVrKIC1lkJYySEsZpKUM0lIGaSmDtJRBWsogLWWQljJISxmkpQzSUgZpKYO0lEFa yiAtZZCWMkhLGaSlDNJSBmkpg7SUQVrKIC1lkJYySEsZpKUM0lIGaSmDtJRBWsogLWWQljJISxmk pQzSUgZpKYO0lEFayiAtZZCWMkhLGaSlDNJSBmkpg7SUQVrKIC1lkJYySEsZpKUM0lIGaSmDtJRB WsogLWWQljJISxmkpQzSUgZpKYO0lEFayiAtZZCWMkhLGaSlDNJSBmkpg7SUQVrKIC1lkJYySEsZ pKUM0lIGaSmDtJRBWsogLWWQljJISxmkpQzSUgZpKYN0lEE6yiAdZZCOMkhHGaSjDNJRBukog3SU QTrKIB1lkI4ySEcZpKMM0lEG6SiDdJRBOsogHWWQjjJIRxmkowzSUQbpKIN0lEE6yiAdZZCOMkhH GaSjDNJRBukog3SUQTrKIB1lkI4ySEcZpKMM0lEG6SiDdJRBOsogHWWQjjJIRxmkowzSUQbpKIN0 lEE6yiAdZZCOMkhHGaSjDNJRBukog3SUQTrKIB1lkI4ySEcZpKMM0lEG6SiDdJRBOsogHWWQjjJI RxmkowzSUQbpKIN0lEE6yiAdZZCOMkhHGaSjDNJRBukog3SUQTrKIB1lkI4ySEcZpKMM0lEG6SiD dJRBOsogHWWQjjJIRxmkowzSUQbpKIN0lEE6yiAdZZCOMkhPGaSnDNJTBukpg/SUQXrKID1lkJ4y SE8ZpKcM0lMG6SmD9JRBesogPWWQnjJITxmkpwzSUwbpKYP0lEF6yiA9ZZCeMkhPGaSnDNJTBukp g/SUQXrKID1lkJ4ySE8ZpKcM0lMG6SmD9JRBesogPWWQnjJITxmkpwzSUwbpKYP0lEF6yiA9ZZCe MkhPGaSnDNJTBukpg/SUQXrKID1lkJ4ySE8ZpKcM0lMG6SmD9JRBesogPWWQnjJITxmkpwzSUwbp KYP0lEF6yiA9ZZCeMkhPGaSnDNJTBukpg/SUQXrKID1lkJ4ySE8ZpKcM0lMG6SmD9JRBesogPWWQ njJITxmkpwzSUwbpKYP0lEF6yiA9ZZCeMkhPGaSnDNJTBukpg2zUqxEyNVBlaqcGqkzt1ECVqZ0a qDK1UwNVpnZqoMrUTg1UmdqpgSpTOzVQZWonBqpGyNRAVGZXI2RqICqzqxEyNRCV2dUImRqIyuxq hEwNRGV2NUKmBqIyuxohUwN9amZ3b7vtD92VZxsn/ZuNQXiju3Fxf1y/N9eicafvOx9bsnFxJ078 kdf+uP6zcX6tc3QzWGusN8S6qG8c9fob+YpBt995tlr7gQv1bG0tLL246fduN69aw9MXGx9a1xvX N/2N962L3kZ4b1To6rrXH65dd6/O70YrwmYOX1xen6wfX3e7YeFseHm1vvW3UfmN8MbG1Bsb4zcW fWB9pzcY7rYuuoNnP67W6rf2uGMabalb8qhe2/hzrVELTar9eeN52N/1YpceXZ+t7H6zs1M55cjK 3rZNNpkoPnJx0brKP7Nacw0vVmtv9/cODve3X279mv/27f6bg+3V2tcv3x6+3X/zj5cH279mv7/c 3dv9/uu9b96ths4OzctbEdrYasi2kd2H+K12uzsYhF7uDtsb5531weX61XX3/LKV7eb9w72/Py/y ZXdve/egtrJ7WRvctE9HSXN5Xev0rrvt0KN347S57rY6573+WQh5dX3Z3hh0z483Qi7lO5jqf1XP pqQvana8GZdX3X5ruPLy4PD11qtvtz6lrocd0W61T7N27x3ub+3t7nz/697hq5297e+2X2V1y6Lq fvfj8WDYCj8rMtQbyv8yGB5eXHa6L94dvnm9v/3lr3Wl1GotrB307rsvGkKo+mptfX39t9VaaPH2 128Pvj98+/Lgq+lcmer44gOTni9192pNzvXv0UP/joaD6kuT2lSV4E487x1l/xbrwr6US/djljj5 Hmw2rN3eed0UzUb4qc/9yGb9i/BSvFVrSqun3/9rubhrSlNv6vk4f83eqzf7o0/IrIRUD3GbakHV j/uR0i5dI8qL40of2inVXNhla26aQsls91SuqK74YWuFmN32pWvcl9MdVV6qrtKMXq+aUtjpDgor VHxFU9js33LUsDtEfCeP3y4qXgndoqfDhhU6viL80yxVMrcia0f5R8285g0tb86jVmVVlX7mVszV /S7sOD3s/H9U/Xam6ixnZo7CJSu2/jT9Znlp9uD876I2M9Mq6mcmker75a17UgqLuZ22YNXs+Dcs sk2EoSr/7WT8WVMUWRl95n+Kgs1ygN25Q3Nmy/5zJp0nQ8xm+Y3OeLsaRXvE6LfBJLAsPlA09PXo 5T9Gxer1ItpXo5c34+2qF8XDqF505o/jlhhTVCb17Ngs1LhxUs6eNOT4CBVGjFur1DiUGfeJqJuZ D/ZHy8/CiTpMvrJnqF5kL8Xp6io7Xxk1OmMV7akVnyxifrn7TdGFjdCKh6QdzrZ+rsRMt2czHhdO 9E7kf/b/RVhKmHxorR8mH9I36lKkzD6kl7o08ZyfbW5t735fTERnJyO605qZzE7e6brwzmpNqIYx am5im00P5mt6/ea77a1Fdd528xtwUxXn4RdVbITMK3YmXCNHt6u6NuVnqhsFXVidHG1nyvS9umLd ma1YVm6nbOUVhyMpvd74BUTrM0ww614dHbV+NifnRy1nThsd1X7fMLennZ45PhPvz9dO2u21Rn1d rtfXiull9m9YezjIZpiNzzXDbNazwWzq/ZkZZhj8suFDLAo1M8lU+QjV/PRJZhju1+Irlk8xl5/V Z1Y8b36Y3saZxeoaJxv513L5+KKsz0zn5lYsmVg2ha7/VooZVjRFQy9dJ3V9dtas6nOTi/jsMhvP y7VnA/xcTQvWidkp5dyKpXPMsAE/z25RfAUwu/w/qXR2Xims2invveUrGmqmL+fX/L7ml0/O5O/K ifPdbB7NNUNOYs3sgWJq8++jl3p95qNfjF5Wy2u3Hrm5D70sJhfKQs1cs/8yeWPyqaLs7ejlZlJg dqIlJhUKMRP1fycfKrZoZ/RyMF7fKPr8dPRyNXo5KUf50yTKZOyZzEiFmmxSUcV/jV74ieWH2f08 V2LxxNIrM7qfljSvLN/UqtetSburVZfKx+dfsXllu141r2yPpndhk+T8hCt1Wilnp5Xtqnme7qi8 3kaYkaknTisbara6POji6shpZcPOVew+wxxPn4qP6ueePz1r/Hx/f9JrfAx5L+p3ncF5r3+tBmsn YUbXXhPrUo7nd+1sbmeeOreTM0fE3N1DPz0kzkzsbvNZnZyPMZ7WZWND+PVFs/6X5sOJXy0MFl/M hsS5+3TlFXMn/fHbRX0//ZJd6k5+4otvy7FmFmvlxU+erWZ3YKUunXwWrFo+Y62Vy0cXpc2u8YWK r1o+Z83v8JXO+8vXnOc3K1RkRXXFRZjaSinxai62mJ0T98rBs5t4Mm3G+tMPpaA/ncUWm1LMnk3m 1yybp74tp/g/2bv35qaRNYHD/++ncLFVp5IzwNh9F3syWzkQIDUQ2CTszBahsiZ2Eg+OnfWF28x8 9+2WbEe+qJ0Ov5ylzmaogUhpvy2pX7Vb/Uh2fHHNCbR2TCyWT7H1axbOhMUTY/GEsPPrExtxcQ/E 0j6tGYLf5vFcGnib+nyXcp0190+OKpe+szH3dUZndz1+1Z+7Hv+ux587qnc9/vLiXY8/X+H/cY+f 1nZS1ecBemnF8rW2DReG4WGzrfBj5Hr/ah5s7opfTLwuckW/PCvwb4tHYbHAbB6ltKUBZPKPCt7y P0Y29OqYNsobWq4r/Jl2cbP44co8/ygZfwUnbmpZDVc3NuDGmkmHu/fsa/25e8++e8+eO6p379nL i3fv2fMV/v98zy5PYztVd3V303lsedqumOBVol7MJ8uGco1lwk+dyRZiYYq3qGDl3HJ+B3J4l7bG Vd55um5K2SzNnS/d2Dz7zfvG5F4QfZObFZaqfr+4r0UFq6u2xb4qZW8wkR67T6II/R3MoV+OzsMQ KMyk12/tLgn/xvKh/PuFrup5LnrVt0gM8p/+1f907+gb59KlrC8MWZbXrBunhQHy/iLVx1e8no+4 sIiP1tTMKCtWrB+p/fd8+ehiuHtOLljIqnXsXSBCL+zU0op1Q7TP+b2SpZifc9yOrThfvD1A1p/F 61y89yOMUIRc4PmwTl9jHXD7x+KIae2Kbxy2/TofLb6YNlpbusvktvdtaQjlN2G+feLLMqTbfMwV q76vYdQNTpLi4mW+kqU1i9394vRGwi0Q5JTIje7ADVMi+bcm3+KUSP6tOt80JRKeH3ZpDxe5dbfB xoavrarhq2wXt0NoK9W3391rFsZzRfSV9Z6KlUPJb7oNowi6ujr0NozF24qL8Ksrbk4uD6Rw7Li1 CH2DcestPKwoWyelhxUHJ+fHl4OTUXdje//x8+ODHT9CPrhfKtxquPpcol8O+qP2yWjpSmPxLp3o i6aNHB47vO5rpvfnpLxmeqv49V6j6ia9BtNala5zrxn35u8if18csPAQ4uZCgw/bo+NRp3XcbLUG 4THSUkOo4iMVfWdmZan0oP9+7Durbmc4mitt8lO2vB2D0KWdNU9GnX5v42D32f7hy9290AE2j8+b vVa3Pdgq9Qam6QP4X100hx+23r7Lfz7tNs+GWwfbfhcPDl/t7+z/4X/2kXb3nr7KC/htDpdU5UCn vtl8zzlJ4vj2HDcqN8eqa25O+Hl7/xDYsvC0bagubNvxm72/v3j1+Of7tbf5YauFjX238sWXg27n ojPyb2J+i/df7L7cPTz2mxReW5T+PRQ4PhkPtkLS/LVRF/68ydddND9vhVcYdew3fHdv9/C//vzG x53DS/wqJyo/TiV/iSt1x2ftkT9a405r423mrN/J8j+b8/lalD0ryjaKQrN/FsoO+ycf2v4i/Kk/ mLu/3q8d+OPpj4w/XV7+kf88uXaedFjTJD/p93rhjJNFbpw2LzrdL1uzKMNx7zh/Yv3e8iPrvnXD JxtcbcLpSc93dT7S0+NnO4dPVxzIcDREbSNPrfy6/pf9zeUXH4QX35/83l/1+/42T4/N+UPTDgcx 1lj+iF6VDsen17xor95Tvy9v/dCitvVTTbyby7d+t7vx9vfT1pZ/Xftjuzcabr1+9eLFqzeHf/qW mPb/jdqs0GCx1OasP+m1Rv1i8BVGUP61Lw+e+b3zZ8De9otpAhfxll+z/ebweW3n18OdfV84PObk pD0aHPV8JCEioYRYsyu7e5M9edCI7EooVX5oPt+mVz/X2kZkzdOGVK3TTL13on1qpW6apl/t2k19 Ot3EesFz0l77wEY3p+rI7u08e3W469+q82Y9fvpkUn8jix3t7PYO0faz/Z3FjZkejIa+3YPx9x3f RU/qtJH9X9cmu3t/fMvWXAzP8rPO/3scTsGtourpYrfd26oXi53+x623v/u/j983h+2te93JxdDC JUpvttjoh2uUySXWyg/EmF2/NMKPU6db9REZpWue65eVRdnJFjxvd7v92SVS2I+wc75j8f1LabdK v6uHIzrZ9bAsiiXfLY8GvjWuDk3xdhzeUsvNmDeDcNdNX6EnA/ZrZfDJx29puWIe9qqp8n+35ptj ctgeNR5m08tRfdQYl9rcX6M3wtMLjeKQ24SmmQ/ePVJzGzR73qExnV9MyKYbZMhpsRg+gmX75H/G nUG7NStSfTSw3S+lXOh9FrKuEc+6kHGP87+KMcQkCcur8ncaU4/kTpHtq18ZPrFl+9m2H/lt7LeH /fHgpF0btS8u+4PmwL9L18a95sdmp9t8323fTscyyYbpMzm3mwqT6ZzZJ/LMfp/cVZU7GWlutZOR 5vvtZMLD8NMjnNbNTHuB6XkmmsPE00zMHvNMPCtnHwMz6RlOPj8cdHpnD/f9XxUncVGNvqrmctwd tpvjVqf/8KA9+NgeTHfHXpV5HcpshzKN+frlP6hXaKh/XK9QmoFsrJiB3H366o8wDXE1A7n+GbBP g86onUe7aI/O+y2/G6PxoFcbdXyqNoxWDZeJrPFQGVc3jbxf8hfCq5Kg9uCn8MFlo06vGa7Kt/JW 9S8YdJrdLVnLP/freLIojnq1MIM0aH6pvc1/Dn3eKGRI7WjlJ3wd3VsqVmTZ8vq5VFv5Mp9ty+tX Z9zqcuWsW71hcrL+XT48laJRTCVPr3zanzuj47NBf3y5UXlp/e+Tsj/88ENevt2qfeqMzmv1sOZf Gnmpv/nmrX1qdkaqFq67L9qtn97+/svu051fdw93nmwMN2t/+Uvtl7B0cLh9+OYgrNnyrR/OhXox St6cTAsVAfORvZjMbxef7LV8lTspW8xGRr5gq1R23Jt8Dtno4vLq08Me9Mejy/Howa+vxH+e9ffu bZZescLdV7/29cuT/zD2XumS+vH+zvah/3fn18fhIsAUHbaY7mPpNJru6fJM/rXPoyKmz4f2hzyc L3uws/Pz8eM3+5urj0Wp/vLehc866w2Hvo1Pzh/6bun0Gg96NtR0y+prjl2Iftn04VuVNx0Yu7yB xlYeoLkN8b3DNY9RiDg9Rgc7hxXHKM/DvPJBvz969PlR3f85+DL0PWSt2bro9PzwYtAc9QePfswL lO7JaGXZlw8ff5PNz1+/dlpfzoYXrYuvn5vnqvvxc8ucf3rg317PH+iHjYcu/yy7sHjU6/Xf91tf fEVGa6keZZl99OjHXr/nzzxfaW+uBtHtDN2H80HrQ/3r19++DvWXVscNhvrcnJpPvw3sg+F5s9X/ 9EA9zH4chip6/W7/rNM76p2NO5/fjztd34nWG76yLMsehTtz6o+e+d/U/h5+VXvje8larfEon5Ty 7wijL3zlIq/cVVUubrVymVduqyqXt1q5yis3VZWrW61c55Xrqsr1jSsv8Hb6UYzhdJzrpCPfPPI9 dEz5O+Ft9Ev+XL7tbumo9+m83e5OTuaj3ti35HBydoVuJd+3ScIf9UajL5P8O+q1/FDIv4lNUuKo 9+GifZEvKL/Q6V1OfiX90sdOq93Pl4Rfykco+VIjVNEetdof88WwNd28MpflFQw/5AthS067/cvL vHIXNuSkNejntbmwKaPmZTtfyLfjY/EL9Wiuu7o/13/MLcm5JTW3pOeWzNySnVtyc0tZeclfwVyd R37jivPnu9q84fC8lR+20F7+unfYPGv7sUq+KjRakIV8IbRZ6WNTfYre4FQ9PTnvf+rlAw7fnuGv xQ89vip75of0UUwoJ/gyX03x6vmb17XdvcPa4c7+y9rj5y+evKtY6cpn12Xnsr3xNpwyxr1buQkr +5+V53faBc5yTAfFrD5IxcX9+qPim7rX3jg599lz7Lfu5MNkWqC49vR9397O8ePnuy+e+H5wZ3v/ cPfJH+WVvoMKq3zFIfj9WhFo1GldjgqlbJlGu31qmo2Cw6yapU1wqHBwqxTLb2OZsEJvvLnixSXF mnTY8441l9HV3w/xjeP9X/an7xaTEf/269c7e0/CmF/Va38b907DQPHcXzn5Fv3JX0+p2mr5nh4v MSffarYLcjlY6QKs2PTZFdjmwh4aN38A3ezoV21iHjWvuSLo0gaq6AbmFUdCfXaq3rhq9tlhLQ6n /+HF9v6znae7L3Y2q08rYmdCbyE23vpeTb0LDTwbBawou3gPQHEqlO8BCCfmk5Cm6/B/mfl9QpzK 02bB/NFje3UkZrsHXU2GA7v+anJFZ+RPzpfbB1V9drSdyge1tD/z91WEg6MbrZa+5n0Ve68ev3ji F1+vOc5uM9K8fjdup3W/Ze++ZYd82/xz7VBIsn+GPaq4eSd1/FPuno2N9iHz9V5N5a0dR+RTfxu+ Jqb79W+Nw3UjxTCYmOzaeasz2Lj3473ItzbNOvYVdzbtvQrvKMu3Ni3c1aTy25z+XD6o1V9fVq55 xbjCXy792Bt3u6UrznL01vhShM2MfT3a/JZUf//ZctnqrzirLW5DeAOIfJdJo1w20FRke8VVC+cX pMOwg29XDcivtuE2pwMq2+Za0wFL24dMBxRRrzcdMOkv7qYD7qYD+OmA+XeO+MXT1WntO+7Id4x+ B6f1en646Xm9hh+QE/uOH+744Y4frs8PN+rExnknFvmOu4VpmYRxV/UXuS6Xrf6u1uWy1V/Hulw2 chiWykYmzZbKVn9v6oqxamTYvFQ2MrBdKhsZ2C6VXXPPwFzZSMMtlY003FLZSMMtlb1W/k7Krpnt nCsbabil64aEdqv+BsQVZRPabd29HnNlE9pNJLSbSGg3kdBuIqHdREK7yYR2kwntJhPaTSa0m0xo N5nQbjKh3WRCu8mEdpMJ7aYS2k0ltJtKaDeV0G4qod1UQruphHZTCe2mEtpNJbSbTmg3ndBuOqHd dEK76YR20wntphPaTSe0m05oN53Qbiah3UxCu5mEdjMJ7WYS2s0ktJtJaLf4uHrtNwuXAiU0qok2 akKlNtriKYGi6ZASKJorKYGiiZQSKJplKYGiKZgSKJqfKYGo5LXR5E0JRGW2ozK7ej4vNRCV2Y7K bEdltqMy21GZXT2BkRqIymxHZXZGZXZGZXZGZXZGZXZGZXZGZfaKxzhuGIjK7IzK7IzK7EbVh1yk B6pO7cRAMdFNClSd2omBqlM7MVB1aicGqk7txEDVqZ0YqDq1EwNVp3ZaoMiUb2IgKrMjk8WJgajM jkwzJwaiMjsyQZ0YiMrsyNR2YiAqsyOT4omBqMyOTKcnBqIyOzIRnxiIyuzIFH5iICqzI5P/iYGo zI6wQWIgKrMj4JAYiMrsCFUkBqIyO4IciYGozI7wSGIgKrMjsJIYiMrsCMkkBqIyO4I5iYGozI4w UGIgKrMjgJQYiMrsCD0lBqIyO4JWiYGozI5wV2IgKrMjUJYYaMVN/lKFAvk9+JfDdrd9MjIrb8PP H7s77Fy0++PRNOx17txft3159dOaN7L7tbdu9tGjk/vuRx+Ph+2T8FSS/6kXfgwfcZT/N/mI06pH C6b7TZ2IES5MCxSxxMRA1IkYUcjEQNSJGPHLxEDUiRiRz8RA1FtMhEUTA1GZHTHTxEBUZkfMNDEQ ldkRM00MRGV2xEwTA1GZHTHTxEBUZkfMNDEQldkRM00MRGV2xEwTA1GZHTHTxEBUZkfMNDEQldkR M00MRGV2xEwTA1GZHTHTxEBUZkfMNDEQldkRM00MBGW2oMhUUGQqKDIVFJkKikwFRaaCIlNBkamg yFRQZCooMhUUmQqKTAVFpoIiU0GRqaDIVFBkKigyFRSZCopMBUWmgiJTQZGpoMhUUGQqKDIVFJkK ikwFRaaCIlNBkamgyFRQZCooMhUUmQqKTAVFpoIiU0GRqaDIVFBkKigyFRSZCopMBUWmgiJTQZGp oMhUUGQqKDIVFJkKikwFRaaCIlNBkamgyFREHjxMDERlNmWQgjJIQRmkoAxSUAYpKIMUlEEKyiAF ZZCCMkhBGaSgDFJQBikogxSUQQrKIAVlkIIySEEZpKAMUlAGKSiDFJRBCsogBWWQgjJIQRmkoAxS UAYpKIMUlEEKyiAFZZCCMkhBGaSgDFJQBikogxSUQQrKIAVlkJIySEkZpKQMUlIGKSmDlJRBSsog JWWQkjJISRmkpAxSUgYpKYOUlEFKyiAlZZCSMkhJGaSkDFJSBikpg5SUQUrKICVlkJIySEkZpKQM UlIGKSmDlJRBSsogJWWQUopVT6WY2uT5knb4xuvj8D0SV187Eb7p2vj/J990Pf34L+R5lFDxVZ3h iZT40yWSok9J0aek6FNS9Ckp+pQUfUqKPiVFn5KiT0nRp6ToU1L0KSn6lBR9Soo+JUWfkqJPSdGn pOhTUvQpKfqUFH1Kij4lRZ+Sok9J0aek6FNS9Ckp+pQUfUqKPiVFn5KiT0nRp6ToU1L0KSn6lBR9 Soo+JUWfkqJPSdGnpOhTUvQpKfqUFH1Kij4lRZ+Sok9J0aek6FNS9Ckp+pQUfUqKPiVFn5KiT0nR p6ToU1L0KSn6lBR9Soo+JUWfkqJPSdGnpOhTUfSpKPpUFH0qij4VRZ+Kok9F0aei6FNR9Kko+lQU fSqKPhVFn4qiT0XRp6LoU1H0qSj6VBR9Koo+FUWfiqJPRdGnouhTUfSpKPpUFH0qij4VRZ+Kok9F 0aei6FNRj18qyiAVZZCKMkhFGaSiDFJRBqkog1SUQSrKIBVlkIoySEUZpKIMUlEGqSiDVJRBKsog FWWQijJIRRmkogxSUQapKINUlEEqyiAVZZCKMkhFGaSiDFJRBqkog1SUQSrKIBVlkIoySEUZpKIM UlEGqSiDVJRBKsogFWWQijJIRRmkogxSUQapKINUlEEqyiAVZZCKMkhFGaSiDFJRBqkog1SUQSrK IBVlkIoySEUZpKIMUlEGqSiDVJRBKsogFWWQijJITRmkpgxSUwapKYPUlEFqyiA1ZZCaMkhNGaSm DFJTBqkpg9SUQWrKIDVlkJoySE0ZpKYMUlMGqSmD1JRBasogNWWQmjJITRmkpgxSUwapKYPUlEFq yiA1ZZCaMkhNGaSmDFJTBqkpg9SUQWrKIDVlkJoySE0ZpKYMUlMGqSmD1JRBasogNWWQmjJITRmk pgxSUwapKYPUlEFqyiA1ZZCaMkhNGaSmDFJTBqkpg9SUQWrKIDVlkJoySE0ZpKYMUlMGqSmD1JRB asogNWWQmjJITRmkpgxSUwapKYPUlEFqyiA1ZZCaMkhNGaSmDFJTBqkpg9SUQWrKIDVlkJoySE0Z pKYMUlMGqSmD1JRBasogNWWQmjJITRmkpgxSUwapKYM0lEEayiANZZCGMkhDGaShDNJQBmkogzSU QRrKIA1lkIYySEMZpKEM0lAGaSiDNJRBGsogDWWQhjJIQxmkoQzSUAZpKIM0lEEayiANZZCGMkhD GaShDNJQBmkogzSUQRrKIA1lkIYySEMZpKEM0lAGaSiDNJRBGsogDWWQhjJIQxmkoQzSUAZpKIM0 lEEayiANZZCGMkhDGaShDNJQBmkogzSUQRrKIA1lkIYySEMZpKEM0lAGaSiDNJRBGsogDWWQhjJI QxmkoQzSUAZpKIM0lEEayiANZZCGMkhDGaShDNJQBmkogzSUQRrKIA1lkIYySEMZpKEM0lAGaSiD NJRBGsogDWWQhjJIQxmkoQzSUAZpKIM0lEEayiANZZCGMkhLGaSlDNJSBmkpg7SUQVrKIC1lkJYy SEsZpKUM0lIGaSmDtJRBWsogLWWQljJISxmkpQzSUgZpKYO0lEFayiAtZZCWMkhLGaSlDNJSBmkp g7SUQVrKIC1lkJYySEsZpKUM0lIGaSmDtJRBWsogLWWQljJISxmkpQzSUgZpKYO0lEFayiAtZZCW MkhLGaSlDNJSBmkpg7SUQVrKIC1lkJYySEsZpKUM0lIGaSmDtJRBWsogLWWQljJISxmkpQzSUgZp KYO0lEFayiAtZZCWMkhLGaSlDNJSBmkpg7SUQVrKIC1lkJYySEsZpKUM0lIGaSmDtJRBWsogLWWQ ljJISxmkpQzSUgZpKYO0lEFayiAtZZCWMkhLGaSlDNJSBmkpg3SUQTrKIB1lkI4ySEcZpKMM0lEG 6SiDdJRBOsogHWWQjjJIRxmkowzSUQbpKIN0lEE6yiAdZZCOMkhHGaSjDNJRBukog3SUQTrKIB1l kI4ySEcZpKMM0lEG6SiDdJRBOsogHWWQjjJIRxmkowzSUQbpKIN0lEE6yiAdZZCOMkhHGaSjDNJR Bukog3SUQTrKIB1lkI4ySEcZpKMM0lEG6SiDdJRBOsogHWWQjjJIRxmkowzSUQbpKIN0lEE6yiAd ZZCOMkhHGaSjDNJRBukog3SUQTrKIB1lkI4ySEcZpKMM0lEG6SiDdJRBOsogHWWQjjJIRxmkowzS UQbpKIN0lEE6yiAdZZCOMkhHGaSjDNJRBukog3SUQTrKIB1lkI4yyIwyyIwyyIwyyIwyyIwyyIwy yIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwy yIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwy yIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwyyIwy yIwyyIwyyIwyyP9l7+rf2sax9e/7V/iyz50NMyHYlvyh2Ul3mBIoz9DAQrrTuaQ3YxIHMg1JmjiU lvZ/v5LtGH/KUnAqcYf6KbZlWXqlc3T0SjpWUFVrkKiqNUhU1RokqmoNElW1BomqWoNEVa1BoqrW IFFVa5CoqjVIVNUaJKpqDRJVtQaJqlqDRFWtQaKq1iBRVWuQqKo1SFTVGiSqag0SVbUGiapag0RV rUGiqtYgUVVrkKiqNUhU1RokqmoNElW1BomqWoNEVa1BoqrWIFFVa5CoqjVITS1ehORNqFC1eRMq VG3ehApVmzehQtXmTahQtXkTKlRt3oQKVZs3oULV5k2oULU5EypehORNqCrNLl6E5E2oKs0uXoTk TagqzS5ehORNqCrNLl6E5E2oKs0uXoTkTagqzS5ehORN6LGa7d65/Vu3trV7NVnuLvADd/fm81D9 bM517ZPxefDRAdrNJ/0KXSIDDdUPpo12BpfLxY7W0PSGru5ejia7fsDCnQy26spFdUlt7ezgu+Zy Mrr7ceZ4183dW2e+O19Odv90bka7+FkQaTYfTbyduTsbfwoCcDG95nR+1RjOXRffvPems8b+L0H8 XfxgN/Zgd/Ug74XG8WjhtZ0bd7H1rq6od9ZwYGqXuM91L1Vl93tFUzAk5fvdbVzfalill/P3tfab 4+NCykHi3g10nMzqlZsbZ+a/U1dsDel15fTspNM7a+3tf/Gvfjs76rTqyuu9097p2dF/9jqtL+R6 r33S/v31yZvzOhY2huejwBgtFw11YD2k7/T77mKBpex6/d3xoLGYNmZzdzx1SDWf9U5+3Q71pX3S aneUWnuqLJb960BppnNlMJq7fSzRTyu1mbvOYDyavMdJzubT/u7CHQ93sS75FVyV/KFKKGlTsVbF mM7ciePV9jq9g/2Xv+0/Jq+Hiug7/WuC+6R3tn/SPv79y0nv5fFJ623rJckbhFlP3I/DhefgowZw vjj+/cLr3UwHbvO8d3Rw1jr8okII6woOXYw+u01N16FaVxqNxte6ghG3Xp92fu+d7nVexXUlJvjw hUjyCXHXFZCRL3yQb2AOiocmSizLCitxPLok/8MwXJegtB6J4vg12NUsq3V80NW7Gj7UzAG66gt8 Ch8pXWAZ8ec/J6PbXWCqXSObzs/kmdqdBG8AEgPAh3S7MCdrtgMAqzRET96uMn3AiYWYTqQsZNnV ISDVUxhQnPFDaXU9XfbSEPswLqjkXXGWZnCedYFuxQWEAyA9oKtb5H8yVVwdOr2SV4/DjGtYLEY8 WRxg0APwv24ik0wAwZE8YOrsA00WhymIZJU4MgGZvM9xxRneQETWp6msic6kWmFJwP4/4g+Td+nG +e8wNzOFqqojpUjqWbJ0a6mwnqm0nKC0/fNCbcM2Pri6Wr1rhlFqwTv/E0bsJhNoZ5pmqmTfpdQ5 MjE/Jh8MVuXSQjx6cLWIEgbhCyHQg+D030E0zJOCiK+C09GqXGoYHVv1UJjvVkhMM8wMGGnbrMMV OADSnQZYtVDd1FdoIVwlZa5koqtm6sVJcL+FO2pMvogPVZOcwu5qRvorEwY9VohHCd8M0zxsvwlF qGEUD0rrpdFnYqTEThiPjTt6W/e3/W/iOw7yYRjGA/kASFOBzsM+AAJGgnhm2eZ+q/17SETTZEQb gBSZjZ64ZM6sruhQM02YIbaEHmRzOjh629rPy/PO9SfgYhn7yedlrGt9P2PbxGNkarmKc4MolV2Q aG52ICgnD30vztgYpDMGheUEwM8YtyT+fOkDCLABgqkieHnpfDCvxpeObV5rA9j/UzPvrgcjc/he /3O8c9Xv72hqAzTUnZBekv84tLcgDFPbFMPsqsSYxZ6nGCY2fsR86HlJpUgm9C1U9/EkE5v7HXpA OcUs79VTAdvd23gZU7fFOUaF/DkZn34L1BSdywSUEMuubqhfE2nigK6uGaVhwFDTrBmqGXJBZ5fE nidzJwY+k1NOmJ6mlJmAUo6JC/AhXSJ6QAXs8ptkmuaVugWPk7VXHqDBlCyzIXLxy7U1+W1Scd6m 9SgDA0RppWogpDb/FZxUNfXqi+BUT4buMxb3Qcp6NFDWYWrMfh89iN4K494Fp2UUIU209ChDXU+l +r/RS2GJjoNTZxWuhTK/Dk6z4HSVTOUfUSqR7YkYqQ6jIoVZ/DM4VU8sb9P1nImRTywRNIP5NC5e mZzUUlXL5JvVUgFEdP5F45WXqIhXXgb0DhcJZAkXL60EaVp5WcTztP7Az1czgQ3XpJUaTGfnJ5qb 3aBKWqlZ6YwH2gY4nnGtf4QfRuj6vfbh8+erkfYR672ufhosxqPJHC52rjCj6+/oDQBW/K5PuJ25 LrcDqRaRmT1EcZOYInZ3PqsD2TRWtI7YBnzZ7Ko/dR86fpibGP2WmMTMPF0yINPprx6H+f1xT4a6 0UG/PU2mlbpVkrePZqtkBhYYic4nJ6icsSrJ+NRbrBY4AR3Sg8o5qz/Dl+j3y0PG/mQFpAQUZxwm o9QSiqfYtFvSJ54kEyeTeICPsf5xkUj0j/e02y7Q071JNqSMp54mVZx+W9KASjmxnm1i5SGplpBu GOkGYSXDOYWYLoGeKVMJBd9kfWaIt6kmTQpLSL3fLbyTjHOzsLNni190PFv8Z4ufqNVni5+9fbb4 yQwFW3w+2QGoJhegMwHZsbZFBobkY7MmuaSM9x/mwRIjfj1cr6OM6LOzAv9M10I6QjSPEkNKFmT8 rYKb+JIC9KFOtTjQeF7kWJm4KH0yMve3ksEjOH3dtSzNVk2LLG6UTDo899lMx3Of/dxnJ2r1uc/O 3j732ckM/5p9dnwa24aqrdprzmO7w6FVMMGraiiYTwYatLXsEj7vTDZuNckp3iCD3Lllwwk8B3TL tAs9T8umlM3M3LmfbG6GjhP6ghjrOCtksr5MlzXIIH+5QA3KCqG1xkQ6zU8iSFqCOfSZd00oEJlJ VzfmJYE7lvfx5ylT9cpf0St2kZj7V3/HV1vdR86lA6CmKEs2pIynEYJ8ll6qpwecJlNM3VbO1mC0 RlkQUM7U/kjGp94S7zmQWgvJC6vWC0Q3UoXKBJRRtDvfVzKW5p2/uE0LuE67BwD1kJ5n2veDMBQd pJbnSZjBEFaB+0eaMZUGPJK2vU2mRr/lY2sZL5NNly1DoTCEpHzo94CoWzLNnCC5aNQajSQYvCQz yYSkzX16eoPDBaLKKZG1PHDJlIj/q8kbnBLxf1XnUVMi5Pthm+/jIrvMDZZGXwcF9BU/CdwhDAvA x3v3mkk+F6aem697mUslH+OGESaam92wUjcMlM54WODdi5+AcHgAdLtS3homvQZvrf5jRSxoI/ax 4rx/3ZvN+964tnf28lXvvIUZ8nk9FtnUbDWh6LP51HP7XmakkfbSob0UCZl8dsj4TuSfw/POylWc 7R2omvw5mGaeuibeWU6SXuQwqDDyEeJ2SuAL1+t5o0HPGQzm5DPSmCBgsKUiNmYWjMWeTy+X2FiN RwsvEdv0m2wcx5yYtCun742mk9r50eFZ5/VRmxhAp3ftTAZjd96MWQPTwQngRzfO4n3z4p1/PRw7 V4vm+R4u4nnn5Kx19gVf45SO2gcnfgSMmQypYgm59sBWseUMlZiOp6cVwrEgIxxyvXfWqQAZ+dqW ZEew9d60fzk+eflrXbnwq00hYN/lvjybj0c3Iw93Yhjx2fHR66NOD0Mi7wax70mEXn85bxKl+V5T ddxu/LAb565J3jBhDwM/ah91fv/6yM+dySs4CPYLt1PxX4ExJ7wr18O1tRwNahfItnAh46ftpL4G ca+CuFoQKTql4i6m/fcuHoQf4Mo8eltXznF94prBzeX1F/86HDuHBms1fO5PJxPS4kCgG0PnZjT+ 1IxSWSwnPf+L9a3sJ+tYumRngwcIw/4Emzqc0kHvsNU5yKlIUhu6UvNVyx/X/3a2nX35nLxcD5/j UT+2t756bCerxiWVSBMWrtGH2KR+Js6Nm19SXJYLTC2U5gtFf5fQt+l4XLu4Hw6a+D331p14i+bp yfHxyZvOVyyJlf3XlCjSPB1rO7Ink4E3DcgXYVD43dfnh7h0uAW0945XChykl31n703nldJ622md 4cjkMycbWN15d4JT0nVKUrpeUpSjdliSHY1SFBIr/tG8j+nkV8U1deQMNQAHQwQvbd0dWsBwTAcH 265jDFcQ1WB5DljMFUuFU1Sz7dbhSecId9W+WHsH+2H+GqLVNtpcFe0dnrXSYFaVoRmbrYxfWthE h3lalPKXyeSo/eUxaG4WV36rw+ceaYLNIOvV7didNNXgdjS9bV7c47+9S2fhNrfG4WAoNUSZRLfa lIxRwiFW7oYY0fhFI5erdbq8LTJiYx72uCCIGyJ45Y7H02iIRMpBCocNC7YvsWLFnqmkRsOik3s9 uMNm2ZtjaTxUTdAdky41LkZfDLrNqr66ERJ2Jg3u3z5GcsE87IOo/HMzKY6w2n7UGmg1y2d0tWVM 5niMrpGvF7Sgyi0O0SQTH3dhAlD0vYO2yplDm9bQkGFwS7Zg2et/WI7m7iCKUlwblRU/pnLE+qS0 TqNrHdG4l/6fgEOEShgP8nsaU6XoTqDt+W+SHVv2Dvcw86uduYvpct53Fc+9mU3nzhz30spy4tw6 o7FzOXY3Y1hCbVh9k7NZVQinc6IdeaLn3KYqbmSAuVEjA0x5jQz5GH5Vw3xmZmUFVu1MdxaczUyP PvPkbJXRNjChZejfNeajyVXjDP95SN14SHO2HC9cZzkYTRvn7vzWna+wWw9xTkmcPRJHKyp3lD/4 RlZBg9/OKsRmILWcGcijg5MvZBriYQay/Buwj/OR5/qp3bje9XSAi+Et5xPFG2FV1UwDajbSkdaw kaoB5NslPBDOUwJl5wXZuMwbTRwyKm/6csEvzEfOuAkUf9+vXnirdycKmUGaO5+UC/+a2DyPaIjS zd3hq7uViRZoWTY8oWrZx/nKlh8vrnC5AFAegED9gvB3Pj0FuhZMJa9GPu7dyOtdzafLWa1waP2v MO4PP/zgx3cHyseRd62oJORvmh/rJyxe5aMz8qBCxt037uDFxf1vRwett0ed1n5tsa18953yG7k7 7+x13pyTkCaWPmkLasCSt8NpoSBBn9nr4fx2sLNXdpQbxg1mIyk/sBWLu5yE+5B5N7OH3cN2pktv tvR23p6+7v/btLa2Y28EmkkGf1s1X3mUGhbUAqsWofU1Utyxp/x9iK/d+Xw6j06xWMEE0Y5713dn 5ArLyJl7ChnkKzeO17/eCd/pbvm33S0svsk0eEaEOXM8z51PcDjOaBtnhTu0hXPlLpQaviUjr3Cs A+1kpRRvZBwrokt6mx4RX03DVX5xH/YjraAjqSsD3Nab90ugNzUsraUJ8fkrkZ0djaTjYoP0ZmzC hgUhbsmczdjSN92M9URrWW0op9kgLF7M8MX9MPzd4aZ9Z0yKWf5ZLIAIrgyimqNqBk4Td3j6jmru qDomBT+q2o9AU75xlRKtAoF0gSpFBcSFTKxZYMw0WbCxKB0GECznGaaMsKNGQNTfr14oTfUGjZL8 aiGmO0bG4DD3E8U7qWfjFm+WHosbYDBLjJ7ZAAhols3bQuGmjR7k5y5ZZrGylTrQv6m+WGvYyg1I QpytLKoARQJbScHGoquibCUj7KjtiLKVjDjTbdnf3yPc2ENCuJFtkbBaKV2QydMFFf90RjZu8a9j ZLogu6QLshqWZloa5DV8poTDZx/XpofVBZ0cGT9/S41Ea3RyG5C1uE6uqAIUCTo5CjaW1iCqk2OE HbVOUdaYEacsnRxHtZpPoFoLrSlRW8tXW0tW3CnrThD7NW1IWdPCaQ8FJ4X22Dy0p/j3ubJxi3+C K017gFpCe1BD1W3b5l01sCwJaU+19MaSmfYAbQ3aswFZC6M9hRWgiKc9NGwsrUEQ7WGFLZr2sOKU hPbwaINMdIIHtxx0gkeBrSegwKJpDw1nMe3xKQcr7QHFP2+bjVv8C7YZ2qPTaY+lNgCwgGnxdoX2 pmmPLSsdkoP2AH7aswlZi6M9RRWgSEB7KNhYWoMo2sMIO2qdoqwxB06h9IwRpyz0jENrpaJnHLgl oWccCiyU9lBwUmiPzkN7mFzPwrhMvnsBhhLnMktrmIaFT7xdIdo07UHPtIemkWt4vW1C1uJoj8Re bzRsLK1BFO3h8HpDIq0xB06htIcRpyy0h0NrpaI9HLgloT0cCiyU9qzlXgp43EsBh3spYHcvBSXu pZbeQKZpmCZnV2ir/98XuWxVatqzhgPrJmQtjvZI7MBKw8bSGkTRHg5PS6F04mk5sPJog1R0ggO3 JHSCXYED6y65AgunPWu5NAMel2bA4dIM2F2aQYlLswUbuoV0g3cGwNY2THvsoskW0XRIEtqzhkvz JmQtjvZI7NJMw8bSGkTRHnZPS1sTaY2fiOs1K05Z6NkTdWnmwS0JPXsiLs00nBTaw+PSDDhcmgG7 SzMscWm2jIZpAKDxfu5vb3oHBVt/pj0UjYRruDRvQtbCaE9hBSjiaQ8NG0trEER7WGFHrVOQNebA KZT2sOKUhPbwaK1MtIcHtxy0h0eBRdIeGs5i2gN5XJpXm77n/cvEZXdphmUuzWYDmSrUDN6uEEi4 yOXj+ovQnnVcmjcga3G0R2KXZho2ltYgivY8EVdhVpyy0An2arWFdnJP1KWZB7cktOeJuDTTcFJo D49LM+RwaYbsLs2wzKXZbuiWZkDej5rtjW8dJ3pWx87bu04e2rOOS/MGZC2O9kjs0kzDxtIaRNGe J+IqzIpTFtrzRF2FeXBLQifyEes5CmyL3F2RA6dY2kPBSaE9PC7NkMOlGbK7NMMyl2bUMFUTmdwz AJve7d8u2mxfNB2ShPbke5vpVNqzAVmLoz1FFaBIQHso2Fhagyjawwg7ap2irDE7TrH0jBGnLPSM Q2ulomccuCWhZxwKLJT2UHBSaA+PSzPkcGmG7C7NsMSl2VYbSLMs/q5w07s023nbLT/Tnkgj873N qLRnE7IWR3uKKkCRgPZQsLG0BlG0hxF21DpFWWN2nGJpDyNOWWgPh9ZKRXs4cEtCezgUWCjtoeCk 0B4el2bI4dIM2V2ajRKXZltvAFWDFrebq4y7NPu4/hq0x8j3NqPTng3IWhjtKawARTztoWFjaQ2C aA8rbNF0ghWnJHSCo1ptkXsH82itTLSHB7cctIenoYmkPTScxbTH4HFpNjhcmg12l2ajxKXZBg1T 0xDSebvCje/SLHpWxy7aJloO2pPvbUanPRuQtTjaU1QBigS0h4KNpTWIoj2MsIXTHkacstAeDm2Q ik5w4JaETrArsC1ym3GehiaU9lBwUmgPj0uzweHSbLC7NBslLs02bCBdM/hnADa9S7P9vEszVSOL vM2+sazF0R6Ku51w2sPosigb7eHwCBW5SzMHTrH0jBGnLPSMQ2ulomccuCWhZ0/EpZmGk0J7eFya DQ6XZoPdpdkocWm2zYYOVAh4f6cJybhLs4/rL0J71nBp3oSsxdEeiV2aadhYWoMo2vNEXIVZccpC J9irFYncO5hHa6WiPU/OpZmnoQmlPWu5NBs8Ls0Gh0uzwe7SbJS5NFsNA1iqzvuDBWjTuzQLn9VB ctOedVyaNyBrcbRHYpdmGjaW1iCK9jwRV2FWnLLQnifqKsyDWxI6wa7ASOQ24zwNTSjtWcul2eBx aTY4XJoNdpdms8yl2W7YECKd198DbXqXZvS8SzNNI811XJo3IGthtKewAhTxtIeGjaU1CKI9rLCj 1inIGnPgFErPWHFKQs94tFYmesaDWw56xqPAImkPDWcx7TF5XJpNDpdmk92l2SxxaUZqQzNUA9m8 XeGmd2lGedstP9OeSCPXcGnehKzF0R6JXZpp2Fhagyjaw+5piYRa4yfies2KUxba80Rdr3lwS0J7 nohLMw0nhfbwuDSbHC7NJrtLs1ni0oy0BjRt1eT9eUok4y7NPq6/CO1Zw6V5E7IWR3skdmmmYWNp DaJozxNxFWbFKQudYK9WJHLvYB6tlYr2PDmXZp6GJpT2rOXSbPK4NJtQ+Wk5GY4mo8W1OyBQXvwN QIif/4SvldnCHbt9z8QpL5Y37uDFdjItpdbBBZ0uve3wrdULNVRXLux3daX95vh49ffeu8VdV7+p 1hV8NSGXhhr++xpEyqIJ0PpofMi5UPJKxu6AbVqlJM1GqgZ4f14BbXpPaeFzUKhoU2s5SJq9Fkmr XNbiSFpRBSgSkDQKNpbWIIqkMcIWTtIYccpC0ji0QSryw4FbEvLDrsDoKSiwcJJGwUkhaRYPSWNy qg7jMnkt+Rg0sizY1bWumjjC+/+EFwCALkhFedxhpe69SlPnPkjvrPsmD59WonVGHqztaFjid9Zw 2DfRcGjadr+u/NY+ebXXPgzY6nZelZI3BqbmWH3VJCuvfuJB9e9oSmvvcO+ordTO3MV0Oe+7iufe zKZzZz4af1KWE+fWGY2dy7G7HSbrzqbjca/vjWsaqCut05Pj497LznHv9QnWZZLdvXvrTrxF0390 1P7in8/2X705DS5P2q3zVyedujLADaF5vwR6k7y2NCE+f/2aKALR+KvZfNq/cf5vxdkawZ7u8U4+ /s7esPZ7NNBQBU+/EIUQ1yBfBWcPHxdgA98C2QSIa0GhB3buYO9bGJuYwVyDcDncPdFAKwzNQKFs AM33EPVInrQcbH7UHA250ZAbDbkhEnIKNimpJYnJcLcAAJD2Zq6PuAUA --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable [...] >>> What do you think is missing upstream so that starting Jami is >>> simpler? >> >> 1) Lack of D-Bus support in Shepherd to easily start D-Bus services. >> The upstream systemd service definition for the Jami daemon (jamid) is >> this: >> >> # net.jami.daemon.service >> [D-BUS Service] >> Name=3Dcx.ring.Ring >> Exec=3D@LIBDIR@/jamid >> >> But that's nearly not where the complexity of our jami-service-type >> lies. > > But that should be fine: we have dozens of D-Bus services that happily > get started by dbus-daemon. I guess that works (minus races like we've had with elogind) if the other services are also D-Bus services sharing the same bus. But here the code talking with Jami are in the Shepherd service actions and more critically in the start slot itself -- so it's important the D-Bus service has been acquired and ready to service D-Bus calls otherwise they'd fail (that's what the loop polling for (jami-service-available?) ensures). >> Rather, it's in the following: >> >> 2) The lack of a way to declaratively configure Jami and the need to use >> D-Bus API to issue commands to Jami non-interactively. For example, to >> have Jami import an account it's necessary to go via either >> >> a) the GUI or >> b) the D-Bus API >> >> The Jami service in Guix makes use of b), which introduces the need for >> some Scheme bindings wrapping the low-level D-Bus interface. Perhaps >> such bindings could live in Jami itself. >> >> The second point (2) could be addressed upstream, but since it's a >> rather niche use case (the common use case is simply running the client >> GUI), is already achievable via D-Bus, and would probably require a >> considerable amount of work in Jami itself, I think we can keep it as is >> for now, as a Guix System exclusive feature ;-). Note that even if Jami >> could be configured via configuration files, we'd still want to be able >> to communicate with it via D-Bus to maintain the possible actions >> currently available in our Shepherd service (listing/enabling/disable >> accounts, etc.), so it'd only really help to reduce the start slot, and >> that's it. We'd still need most of the D-Bus bindings, so it wouldn't >> help that much anyway. > > Ah I see. > >> I hope that clarifies how our jami-service-type is both complex but also >> unique. > > Sure, the ability to configure Jami in a declarative and stateless > fashion is a plus, that=E2=80=99s really cool. > > Longer-term I think this should go in Jami proper though. It=E2=80=99s g= reat > that Guix has an edge over the competition :-), but having to maintain > it is less nice. Perhaps with the Scheme bindings introduced by Olivier for the Jami tests (that work via an embedded libguile), it could be possible to add the ability to pass an init script to 'jamid' at launch time, which would automate importing the account. Proper 'Scheme' bindings would be nice though, and I'd like to look into the feasibility to add these via Swig. Food for thought. > Also, in more concrete terms: one goal of the least-authority work at > is to remove > =E2=80=98make-forkexec-constructor/container=E2=80=99 and the whole (gnu = build shepherd) > module. Jami is one of its last remaining users (adjusting it felt like > beyond my abilities, precisely because it=E2=80=99s much more complex tha= n the > other services I adjusted). > > Could you take a look at that eventually, once this patch has been > reviewed? I reviewed how that works, and it'd be easy; I just didn't see the incentive yet (there's no composition needed for the service, and it'd make the definition slightly less readable). If you tell me mark+forkexec-constructor/container is going the way of the Dodo though, that's a good enough incentive :-). Thanks for having a look! Maxim --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 02 16:44:16 2022 Received: (at 54786) by debbugs.gnu.org; 2 Jun 2022 20:44:16 +0000 Received: from localhost ([127.0.0.1]:54675 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwrfz-0004r3-NI for submit@debbugs.gnu.org; Thu, 02 Jun 2022 16:44:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38316) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nwrfu-0004ql-Qe for 54786@debbugs.gnu.org; Thu, 02 Jun 2022 16:44:14 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40138) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nwrfp-0006jm-6B; Thu, 02 Jun 2022 16:44:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=jrXNK6Ioote5WwYZX2wT0WQZOm0emmvz+EYP1KCf5nE=; b=arFQydA7qCUZDtSdHeuJ IErr25AytoyZ2tq3NNEWbTqLNANkE7vb+WNBI5vCKfSYxhRJs5I+MFJ1KU73bdx1qITa7jw3NXyRA 559X/Yh2kjK0ZCKXavztXKdfdZHWkomFscCopddeHh04HITXWdV6M+J9zbqe2HkcouiB/Gxo5Wr1a PwAXSSn8ROOme2j4xQStPjR16MpJLSP7/gkP3ah3jozKNydCCFnJT2LytQ/3a3vdDGyoRrzHNsqOW yMjtI3cUMGXha2vNnheY0dMYCypFsa1OcAMNJBIrsTne8dXa03R6wrmer16nJtnUxCuECExPD8EBA 7mHuWjrL80zEUA==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=47202 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nwrfm-0002CN-Mo; Thu, 02 Jun 2022 16:44:03 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> <8735gnqkcp.fsf@gnu.org> <877d5zx9jt.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 14 Prairial an 230 de la =?utf-8?Q?R=C3=A9v?= =?utf-8?Q?olution=2C?= jour de l'Acacia X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 02 Jun 2022 22:43:58 +0200 In-Reply-To: <877d5zx9jt.fsf@gmail.com> (Maxim Cournoyer's message of "Thu, 02 Jun 2022 13:24:54 -0400") Message-ID: <87v8tilrsh.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Howdy! Maxim Cournoyer skribis: > I tried capturing the issue in the commit message, but I'll provide > another more hands-on view: the Jami service was broken due to changes > in Shepherd 0.9.0 that caused the blocking sleeps + concurrent > make+forkexec-constructor/container and fork+exec-command combination > used to not work anymore. OK. Thanks for sharing the strace log; at first sight I don=E2=80=99t see = any clear clue, but hey, maybe it=E2=80=99s fine to leave that as a mystery sin= ce there=E2=80=99s another solution. [...] >> Longer-term I think this should go in Jami proper though. It=E2=80=99s = great >> that Guix has an edge over the competition :-), but having to maintain >> it is less nice. > > Perhaps with the Scheme bindings introduced by Olivier for the Jami > tests (that work via an embedded libguile), it could be possible to add > the ability to pass an init script to 'jamid' at launch time, which > would automate importing the account. Proper 'Scheme' bindings would be > nice though, and I'd like to look into the feasibility to add these via > Swig. Food for thought. Sounds fun. (BTW, I=E2=80=99d recommend against SWIG: it=E2=80=99s not =E2= =80=9Cpretty=E2=80=9D, leaves a lot of work to do, including wrapping the generated wrappers and debugging memory management issue. Using the FFI provides more flexibility and is much more fun IMO.) >> Also, in more concrete terms: one goal of the least-authority work at >> is to remove >> =E2=80=98make-forkexec-constructor/container=E2=80=99 and the whole (gnu= build shepherd) >> module. Jami is one of its last remaining users (adjusting it felt like >> beyond my abilities, precisely because it=E2=80=99s much more complex th= an the >> other services I adjusted). >> >> Could you take a look at that eventually, once this patch has been >> reviewed? > > I reviewed how that works, and it'd be easy; I just didn't see the > incentive yet (there's no composition needed for the service, and it'd > make the definition slightly less readable). If you tell me > mark+forkexec-constructor/container is going the way of the Dodo though, > that's a good enough incentive :-). Awesome. :-) Thanks for explaining! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 04 00:37:44 2022 Received: (at 54786) by debbugs.gnu.org; 4 Jun 2022 04:37:44 +0000 Received: from localhost ([127.0.0.1]:57392 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nxLXk-0000Wn-3s for submit@debbugs.gnu.org; Sat, 04 Jun 2022 00:37:44 -0400 Received: from mail-qt1-f178.google.com ([209.85.160.178]:42909) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nxLXi-0000Wb-3M for 54786@debbugs.gnu.org; Sat, 04 Jun 2022 00:37:43 -0400 Received: by mail-qt1-f178.google.com with SMTP id p8so7062373qtx.9 for <54786@debbugs.gnu.org>; Fri, 03 Jun 2022 21:37:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=VU1OD1zBx/gwl4iYH0VrHzA7El6pY/HND9RPJcxKeE8=; b=EQfY2tKZ6d02zD6PxkI7NOjveZQpFacgWimLBhjOlqf+JmCCiWB5od1j2sHJhRkuiO wzSNQU+9XF67qmZrdIyGS5CBRmMaCvKDO1EJPC6qMwOkFky0+yotgnAzC1Yt88Hlvumx 6fntgUuCr7UPjA14n1a2r5dY2vvZUSWG3FrzHBYEjU2ar7yDUYI62JjLNnyt3KM1rVus KeGqMlCffCc4Hks7BH73NgP+2g7G84E+F7F9yw2amBP8SnkpBqgUaEGFgClgp1z/0HgY B9Y0WKwkFiusDA7EsNKSv0IxI7BzL+nUZYJvy8gsLMEWeNHcAPnU2PiKJIurPYvoZ/sW eBtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=VU1OD1zBx/gwl4iYH0VrHzA7El6pY/HND9RPJcxKeE8=; b=pSd9J0ChNaNX/skXsayED1cSmyLJCnZmtq8Ddt79jnA4r9N/Kn8KEMqLp28rk5wnSs QUgSYEFN0Ow30X5HfSNEDe0a6JxIcps0TJ05vCoMTy8cwpMqIMplcITqAhg4/zN8Ukt+ eam7Jt7sjKgLEQmmdYu0XimrDcsWhvi9Ee/ml0PNPv6+Iy7TUiiw9y5EZRlP2+qcFgP1 kMW7J7bn+u/YXAC++iPO1gd4jkRgCZDJ8Pli9AE2NddzR1LyUrsZ2qmXQZfpke+Jzkib wYmEVSRX9sbxHMIAks3DmgHi/j1jRUPCEVw9uycEmK0ZWVQMTFtCX3kdjtPibmXOrClp Hn1w== X-Gm-Message-State: AOAM530Nbf3IK7h3OhdzWFlR8m4QGgE91khYpWcxloeNC9nDuUwymSNE btDq8+rZ2ttKDM1SBIIn1WY= X-Google-Smtp-Source: ABdhPJxlGrdGmoZjmM3yHcArL3P2xl7OQta+EwZJAkVN0EBYn5j/NET7j63bsSzHJw2bVslFJYzVqg== X-Received: by 2002:a05:622a:1895:b0:304:8024:332d with SMTP id v21-20020a05622a189500b003048024332dmr10533507qtc.682.1654317456511; Fri, 03 Jun 2022 21:37:36 -0700 (PDT) Received: from hurd (dsl-10-134-175.b2b2c.ca. [72.10.134.175]) by smtp.gmail.com with ESMTPSA id t14-20020ac8760e000000b00304e2e4bf1esm1590335qtq.88.2022.06.03.21.37.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Jun 2022 21:37:34 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> <8735gnqkcp.fsf@gnu.org> <877d5zx9jt.fsf@gmail.com> <87v8tilrsh.fsf@gnu.org> Date: Sat, 04 Jun 2022 00:37:33 -0400 In-Reply-To: <87v8tilrsh.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Thu, 02 Jun 2022 22:43:58 +0200") Message-ID: <874k11ujqq.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludovic! Ludovic Court=C3=A8s writes: > Howdy! > > Maxim Cournoyer skribis: [...] >> I reviewed how that works, and it'd be easy; I just didn't see the >> incentive yet (there's no composition needed for the service, and it'd >> make the definition slightly less readable). If you tell me >> mark+forkexec-constructor/container is going the way of the Dodo though, >> that's a good enough incentive :-). That turns out to be bit problematic; dbus-daemon must not run in its own user namespace (CLONE_NEWUSER) as it wants to validate user/group IDs. That's probably the reason it was working with 'make-forkexec-constructor/container', as this was dropping the user and net namespaces, contrary to least-authority, which uses them all. The problem then seems to be that since we need CAP_SYS_ADMIN when dropping the user namespace, as CLONE_NEWUSER is what gives us superpowers. Per 'man user_namespaces': The child process created by clone(2) with the CLONE_NEWUSER flag starts out with a complete set of capabilities in the new user namespace. Which means that if we combine something like (untested): --8<---------------cut here---------------start------------->8--- (make-forkexec-constructor (least-authority (list (file-append coreutils "/bin/true")) (mappings (delq 'user %namespaces)) #:user "nobody" #:group "nobody")) --8<---------------cut here---------------end--------------->8--- the make-forkexec-constructor will switch to the non-privileged user before the clone call is made, and it will fail with EPERM. When using 'make-forkexec-constructor/container', the clone(2) call happens before switching user, thus as 'root' in Shepherd, which explains why it works. I'm not sure how it could be fixed; it seems the user changing business would need to be handled by the least-authority-wrapper code? And the make-forkexec-constructor would probably need to detect that command is a pola wrapper and then avoid changing the user/group itself to not interfere. To be continued! Maxim From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 07 10:01:06 2022 Received: (at 54786) by debbugs.gnu.org; 7 Jun 2022 14:01:06 +0000 Received: from localhost ([127.0.0.1]:41028 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nyZla-0002XL-2F for submit@debbugs.gnu.org; Tue, 07 Jun 2022 10:01:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59370) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nyZlX-0002Wc-R0 for 54786@debbugs.gnu.org; Tue, 07 Jun 2022 10:01:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36284) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nyZlR-0006Ss-HE; Tue, 07 Jun 2022 10:00:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=wLcdn/q3ElBmO5rmBo9gdoM4iKrzhEK0nxio6dgYfS8=; b=RtAtZ2w4k4F8ybjs/owh A8EGmfNHSP7HgRzgoa6tFiecP+qWiMEUT/WBNtaqDhhON+Ttb3vAhHX0zl+VRmbi/8DkXQsbUH/ke 3ZzxqZTJ/KTmApDrOz5qEAe/aLa+VV8iJQe/ODMbLFysN3+eRLGJDER4oX6NNYhdgXuOGuwfYFmZf V/SKZdphBU/Kez2vCtv4f3W+EzsyFlkre6KpFTRxI13pXll+XKDxUvRYpS/xG/0VF6/LNRi3SZp5l a1y6Poe4pnf/HZ1bq7Ibj9zeCHKaheIGKj1fOD+x3WYyLVmYkgTCAOG/Vr4ml9ASizzy+rm6x1L7w m/hh01nyN92GvQ==; Received: from [193.50.110.183] (port=38722 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nyZlQ-00078e-ND; Tue, 07 Jun 2022 10:00:57 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxim Cournoyer Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> <8735gnqkcp.fsf@gnu.org> <877d5zx9jt.fsf@gmail.com> <87v8tilrsh.fsf@gnu.org> <874k11ujqq.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Nonidi 19 Prairial an 230 de la =?utf-8?Q?R=C3=A9vol?= =?utf-8?Q?ution=2C?= jour du Tilleul X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 07 Jun 2022 16:00:54 +0200 In-Reply-To: <874k11ujqq.fsf@gmail.com> (Maxim Cournoyer's message of "Sat, 04 Jun 2022 00:37:33 -0400") Message-ID: <877d5sbmjt.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Maxim Cournoyer skribis: > Ludovic Court=C3=A8s writes: [...] >>> I reviewed how that works, and it'd be easy; I just didn't see the >>> incentive yet (there's no composition needed for the service, and it'd >>> make the definition slightly less readable). If you tell me >>> mark+forkexec-constructor/container is going the way of the Dodo though, >>> that's a good enough incentive :-). > > That turns out to be bit problematic; dbus-daemon must not run in its > own user namespace (CLONE_NEWUSER) as it wants to validate user/group > IDs. That's probably the reason it was working with > 'make-forkexec-constructor/container', as this was dropping the user and > net namespaces, contrary to least-authority, which uses them all. > > The problem then seems to be that since we need CAP_SYS_ADMIN when > dropping the user namespace, as CLONE_NEWUSER is what gives us > superpowers. Per 'man user_namespaces': > > The child process created by clone(2) with the CLONE_NEWUSER flag starts > out with a complete set of capabilities in the new user namespace. > > Which means that if we combine something like (untested): > > (make-forkexec-constructor > (least-authority > (list (file-append coreutils "/bin/true")) > (mappings (delq 'user %namespaces)) > #:user "nobody" > #:group "nobody")) > > the make-forkexec-constructor will switch to the non-privileged user > before the clone call is made, and it will fail with EPERM. > > When using 'make-forkexec-constructor/container', the clone(2) call > happens before switching user, thus as 'root' in Shepherd, which > explains why it works. Damnit, that=E2=80=99s right. For example the result of: (lower-object (least-authority-wrapper (file-append coreutils "/bin/unam= e") #:namespaces (delq 'user %namespa= ces))) won=E2=80=99t run as an unprivileged user: --8<---------------cut here---------------start------------->8--- $ $(guix build /gnu/store/hy8rd8p8pid67ac27dwm63svl5bqn0a1-pola-wrapper.drv) substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... 10= 0.0% substitute: updating substitutes from 'https://guix.bordeaux.inria.fr'... 1= 00.0% The following derivations will be built: /gnu/store/hy8rd8p8pid67ac27dwm63svl5bqn0a1-pola-wrapper.drv /gnu/store/bd63i07rvvsw7xgsig0cbdsw7fpznd1k-references.drv building /gnu/store/bd63i07rvvsw7xgsig0cbdsw7fpznd1k-references.drv... successfully built /gnu/store/bd63i07rvvsw7xgsig0cbdsw7fpznd1k-references.d= rv building /gnu/store/hy8rd8p8pid67ac27dwm63svl5bqn0a1-pola-wrapper.drv... successfully built /gnu/store/hy8rd8p8pid67ac27dwm63svl5bqn0a1-pola-wrapper= .drv Backtrace: 5 (primitive-load "/gnu/store/ifsh87aifh2k8pqzhkjxncq3vskpwx3l-p= ola-wrapper") In ice-9/eval.scm: 191:35 4 (_ #f) In gnu/build/linux-container.scm: 300:8 3 (call-with-temporary-directory #) 397:16 2 (_ "/tmp/guix-directory.K9gBNH") 239:7 1 (run-container "/tmp/guix-directory.K9gBNH" (#< d= evice: "/gnu/store/jkjs0inmzhj4vsvclbf08nmh0shm7lrf-attr-2.5=E2=80=A6> =E2= =80=A6) =E2=80=A6) In guix/build/syscalls.scm: 1099:12 0 (_ 1845624849) guix/build/syscalls.scm:1099:12: In procedure clone: 1845624849: Operation = not permitted --8<---------------cut here---------------end--------------->8--- > I'm not sure how it could be fixed; it seems the user changing business > would need to be handled by the least-authority-wrapper code? And the > make-forkexec-constructor would probably need to detect that command is > a pola wrapper and then avoid changing the user/group itself to not > interfere. I think we would add #:user and #:group to =E2=80=98least-authority-wrapper= =E2=80=99 and have it call setuid/setgid. =E2=80=98make-forkexec-constructor=E2=80=99 do= esn=E2=80=99t need to be modified, but the user simply won=E2=80=99t pass #:user and #:group to i= t. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 07 20:58:38 2022 Received: (at 54786) by debbugs.gnu.org; 8 Jun 2022 00:58:38 +0000 Received: from localhost ([127.0.0.1]:41944 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nyk1t-0000d7-JS for submit@debbugs.gnu.org; Tue, 07 Jun 2022 20:58:38 -0400 Received: from mailout.easymail.ca ([64.68.200.34]:45640) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nyk1r-0000ct-2q for 54786@debbugs.gnu.org; Tue, 07 Jun 2022 20:58:37 -0400 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id AD13261328; Wed, 8 Jun 2022 00:58:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bokr.com; s=easymail; t=1654649909; bh=yAFgcas4v//bGlAEPgEBML+mkPIbU0ytt54IrMnRLlk=; h=From:Date:To:Cc:Subject:References:In-Reply-To:From; b=TKo9ze/vhoJBHGWRf1D5Nmp29WNmqOiXnw3YfGJWI+pSy3RzTVcGEZCJPPxf5oo3I BKZPgrveVSHYZoTpdpDZWXLl1sDI8uW9Op5OsLQCDU5oayvNkh22cciACIwwmUO87X EeRLjLfTnCu0Q21Es75hIXPJvBwpHLyAZW5l7MsBCh/cnK+fqv10xu8MZyYZ4xcaRK V0pXrvF0fKwFEHIgI+rFz1gRCkX0A/aUcV6GDSv5n7qwnDJHd/k7wCR0fkF7/urbs7 OSupHyzqYDDSyVLrf4+ETRtRyzpjMqC2CLK2kxle3hfJT+ayoXX+YDtBAsya5Kj8o4 dXQppvu6320pw== X-Virus-Scanned: Debian amavisd-new at emo09-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo09-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MJeEBwBM99e8; Wed, 8 Jun 2022 00:58:29 +0000 (UTC) Received: from localhost (m90-129-217-247.cust.tele2.se [90.129.217.247]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id AA37760E12; Wed, 8 Jun 2022 00:58:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bokr.com; s=easymail; t=1654649909; bh=yAFgcas4v//bGlAEPgEBML+mkPIbU0ytt54IrMnRLlk=; h=From:Date:To:Cc:Subject:References:In-Reply-To:From; b=TKo9ze/vhoJBHGWRf1D5Nmp29WNmqOiXnw3YfGJWI+pSy3RzTVcGEZCJPPxf5oo3I BKZPgrveVSHYZoTpdpDZWXLl1sDI8uW9Op5OsLQCDU5oayvNkh22cciACIwwmUO87X EeRLjLfTnCu0Q21Es75hIXPJvBwpHLyAZW5l7MsBCh/cnK+fqv10xu8MZyYZ4xcaRK V0pXrvF0fKwFEHIgI+rFz1gRCkX0A/aUcV6GDSv5n7qwnDJHd/k7wCR0fkF7/urbs7 OSupHyzqYDDSyVLrf4+ETRtRyzpjMqC2CLK2kxle3hfJT+ayoXX+YDtBAsya5Kj8o4 dXQppvu6320pw== From: bokr@bokr.com Date: Wed, 8 Jun 2022 02:58:09 +0200 To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#54786: Installation tests are failing Message-ID: <20220608005809.GA2794@LionPure> References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> <8735gnqkcp.fsf@gnu.org> <877d5zx9jt.fsf@gmail.com> <87v8tilrsh.fsf@gnu.org> <874k11ujqq.fsf@gmail.com> <877d5sbmjt.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <877d5sbmjt.fsf@gnu.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, Maxim Cournoyer , 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, tl;dr: I hope there will be a security team discussing whether/how this kind of privileged execution interval could be exploited, and how to prevent such. E.g., could something that stealthily gets put in a finalizer for some innocent object be waiting to notice that it is running privileged, and do the next step in a dirty-work chain that sets things up nicely for e.g. remote DDOS control? Or is the independent FLOSS development process and its quality control being sabotaged stealthily with injections of "innocent mistakes" and (ultimately) trivial time-wasting bugs, making FLOSS projects look "not ready for production use" ? (despite the increasing evidence to the contrary) BTW, I think a minimalist/MES/RISCV team would be interesting! Regards, Bengt Richter On +2022-06-07 16:00:54 +0200, Ludovic Courtès wrote:gets\ > Hi! > > Maxim Cournoyer skribis: > > > Ludovic Courtès writes: > > [...] > > >>> I reviewed how that works, and it'd be easy; I just didn't see the > >>> incentive yet (there's no composition needed for the service, and it'd > >>> make the definition slightly less readable). If you tell me > >>> mark+forkexec-constructor/container is going the way of the Dodo though, > >>> that's a good enough incentive :-). > > > > That turns out to be bit problematic; dbus-daemon must not run in its > > own user namespace (CLONE_NEWUSER) as it wants to validate user/group > > IDs. That's probably the reason it was working with > > 'make-forkexec-constructor/container', as this was dropping the user and > > net namespaces, contrary to least-authority, which uses them all. > > > > The problem then seems to be that since we need CAP_SYS_ADMIN when > > dropping the user namespace, as CLONE_NEWUSER is what gives us > > superpowers. Per 'man user_namespaces': > > > > The child process created by clone(2) with the CLONE_NEWUSER flag starts > > out with a complete set of capabilities in the new user namespace. > > > > Which means that if we combine something like (untested): > > > > (make-forkexec-constructor > > (least-authority > > (list (file-append coreutils "/bin/true")) > > (mappings (delq 'user %namespaces)) > > #:user "nobody" > > #:group "nobody")) > > > > the make-forkexec-constructor will switch to the non-privileged user > > before the clone call is made, and it will fail with EPERM. > > > > When using 'make-forkexec-constructor/container', the clone(2) call > > happens before switching user, thus as 'root' in Shepherd, which > > explains why it works. > > Damnit, that’s right. For example the result of: > > (lower-object (least-authority-wrapper (file-append coreutils "/bin/uname") > #:namespaces (delq 'user %namespaces))) > > won’t run as an unprivileged user: > > --8<---------------cut here---------------start------------->8--- > $ $(guix build /gnu/store/hy8rd8p8pid67ac27dwm63svl5bqn0a1-pola-wrapper.drv) > substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% > substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... 100.0% > substitute: updating substitutes from 'https://guix.bordeaux.inria.fr'... 100.0% > The following derivations will be built: > /gnu/store/hy8rd8p8pid67ac27dwm63svl5bqn0a1-pola-wrapper.drv > /gnu/store/bd63i07rvvsw7xgsig0cbdsw7fpznd1k-references.drv > building /gnu/store/bd63i07rvvsw7xgsig0cbdsw7fpznd1k-references.drv... > successfully built /gnu/store/bd63i07rvvsw7xgsig0cbdsw7fpznd1k-references.drv > building /gnu/store/hy8rd8p8pid67ac27dwm63svl5bqn0a1-pola-wrapper.drv... > successfully built /gnu/store/hy8rd8p8pid67ac27dwm63svl5bqn0a1-pola-wrapper.drv > Backtrace: > 5 (primitive-load "/gnu/store/ifsh87aifh2k8pqzhkjxncq3vskpwx3l-pola-wrapper") > In ice-9/eval.scm: > 191:35 4 (_ #f) > In gnu/build/linux-container.scm: > 300:8 3 (call-with-temporary-directory #) > 397:16 2 (_ "/tmp/guix-directory.K9gBNH") > 239:7 1 (run-container "/tmp/guix-directory.K9gBNH" (#< device: "/gnu/store/jkjs0inmzhj4vsvclbf08nmh0shm7lrf-attr-2.5…> …) …) > In guix/build/syscalls.scm: > 1099:12 0 (_ 1845624849) > > guix/build/syscalls.scm:1099:12: In procedure clone: 1845624849: Operation not permitted > --8<---------------cut here---------------end--------------->8--- > > > I'm not sure how it could be fixed; it seems the user changing business > > would need to be handled by the least-authority-wrapper code? And the > > make-forkexec-constructor would probably need to detect that command is > > a pola wrapper and then avoid changing the user/group itself to not > > interfere. > > I think we would add #:user and #:group to ‘least-authority-wrapper’ and > have it call setuid/setgid. ‘make-forkexec-constructor’ doesn’t need to > be modified, but the user simply won’t pass #:user and #:group to it. > > Thanks, > Ludo’. > > > From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 11 00:18:28 2022 Received: (at 54786) by debbugs.gnu.org; 11 Jun 2022 04:18:28 +0000 Received: from localhost ([127.0.0.1]:51662 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzsZw-0005aY-AL for submit@debbugs.gnu.org; Sat, 11 Jun 2022 00:18:28 -0400 Received: from mail-qt1-f179.google.com ([209.85.160.179]:43722) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzsZs-0005aF-VQ for 54786@debbugs.gnu.org; Sat, 11 Jun 2022 00:18:27 -0400 Received: by mail-qt1-f179.google.com with SMTP id hh4so679087qtb.10 for <54786@debbugs.gnu.org>; Fri, 10 Jun 2022 21:18:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=dwkgjgr5z643hERklhT4OIo7YnjXKawZU1dz9He29X8=; b=WvllOTeD/JC1c3XLStTwmm0cyUrFDNyFnTqSZNKwQxDgd1Lyt7tgKIWTYs4VlBj6zY bhbWt8SXaxojYY68766UOEbsHDylgHOY2YdT+E0pmoD2koIE8pwZt+YHOgbVCWeyt3cU KcHIbkqiXAyQXJG+GCRtrsFuerhByW4z7L1Fo7vIJCkBbh7xckeLY6vJPqAUla3JUCgW m6jy2iivWP2ae9k4EePuwUEjwhA9ywf5+x/gaIH82xnOe6RuxM0Q9cJz4A3GVv1QTCQa mw39CNDtZM9eXBEUI9ZDRlM0jcVvZsV/nvyrwa6LTvgM8uqU58Nr77xRFN9GQijddu0w Uivg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=dwkgjgr5z643hERklhT4OIo7YnjXKawZU1dz9He29X8=; b=KTFZWi2eMQkDjhOcEYp+tGPRarmKp0obRR8qSErlL/7gdJ+gNW21JigxNT1Z3OXhRl TjQRt/5xUBEtGCyyj/UbXaIgMTr6r1uOtmR01mVeFLG5NEX3ZhC2+gO9KPg0nWt4QwDp +BC/mhrkGad2UKO7JUcpeaiZi9lhk0Mu8JByXwMQSJ7FfMxKKj6Q9SgHpbPG9KjYzxqI yiIaYZgis/p1GzDDogsouiYxHintj37xx8l3ekLLlfXPAKdAbedhIIWO4thdCYPQuDvq mJa1B0EBlA6x495Ah2MuTMncAJmmpBoh9eQia/MgTZW6YwS04+xBkQC5PWBfudqt8Nqj dYQg== X-Gm-Message-State: AOAM532fuiAObjXuNTGphe9D3+r3q1jikYqxirA/w21Xvvv5kiJGats1 Co42PmPRxlelK8lSXZnL+WSpgITgKy9Aww== X-Google-Smtp-Source: ABdhPJx2KwGSAp8ruVobp5d/zBePYrMjuvplg/n+jJE66hJZLG3+Iq/h5bYh3TcCRus4FxwFL+dAuQ== X-Received: by 2002:a05:622a:15c7:b0:304:ec84:7718 with SMTP id d7-20020a05622a15c700b00304ec847718mr24907838qty.585.1654921098702; Fri, 10 Jun 2022 21:18:18 -0700 (PDT) Received: from hurd (dsl-155-254.b2b2c.ca. [66.158.155.254]) by smtp.gmail.com with ESMTPSA id c7-20020a05620a268700b006a6f57fe2e1sm1100639qkp.98.2022.06.10.21.18.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jun 2022 21:18:18 -0700 (PDT) From: Maxim Cournoyer To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> <8735gnqkcp.fsf@gnu.org> <877d5zx9jt.fsf@gmail.com> <87v8tilrsh.fsf@gnu.org> <874k11ujqq.fsf@gmail.com> <877d5sbmjt.fsf@gnu.org> Date: Sat, 11 Jun 2022 00:18:16 -0400 In-Reply-To: <877d5sbmjt.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Tue, 07 Jun 2022 16:00:54 +0200") Message-ID: <87h74rg7ef.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54786 Cc: othacehe@gnu.org, 54786@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludo, Ludovic Court=C3=A8s writes: [...] >> When using 'make-forkexec-constructor/container', the clone(2) call >> happens before switching user, thus as 'root' in Shepherd, which >> explains why it works. > > Damnit, that=E2=80=99s right. For example the result of: > > (lower-object (least-authority-wrapper (file-append coreutils "/bin/un= ame") > #:namespaces (delq 'user %names= paces))) > > won=E2=80=99t run as an unprivileged user: [...] > I think we would add #:user and #:group to =E2=80=98least-authority-wrapp= er=E2=80=99 and > have it call setuid/setgid. =E2=80=98make-forkexec-constructor=E2=80=99 = doesn=E2=80=99t need to > be modified, but the user simply won=E2=80=99t pass #:user and #:group to= it. OK! I'll adjust the jami-service-type when we get around to implement the above; for now I've pushed my proposed fix which still uses 'make-forkexec-constructor/container' as 85b4dabd94d53f8179f31a42046cd83fc3a352fc. Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 09 10:20:42 2022 Received: (at 54786-done) by debbugs.gnu.org; 9 Aug 2022 14:20:42 +0000 Received: from localhost ([127.0.0.1]:44414 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLQ66-0002NC-1H for submit@debbugs.gnu.org; Tue, 09 Aug 2022 10:20:42 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57854) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLQ62-0002Mv-7F for 54786-done@debbugs.gnu.org; Tue, 09 Aug 2022 10:20:40 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:39582) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oLQ5w-0000l6-7X; Tue, 09 Aug 2022 10:20:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=Z2zIM6RfehXBCjA60vZV14mRRUGZChKRXx173jXt3G4=; b=cMeynciTFI9IgbO8Dj2o OTMIoopqtIZjrudNTQ7JuYtAT6TWaZK4tBxoA5sZENJ3KQP+mPWFrY3tj20syY+2YwQPSvZFWpzqB WSss5nm8dabAT+KZMa97E2t/lDH+8Xg6IekopIrYs5+a6b7MeSq3+J9tGQfboimCcg/GdqfV83/8u t3anVSCrIyM+KQ4ucb2hxBVglTj3FqIFXOlOKBgtkI6SM7U0iglhSTxGqmVvtVlN4rKdnXnr/NGzQ sZ8bsxGI+8A4G42s38UW1TdTgymuYLjV6PHlC7Bk7SQKINN1CwzbBd8ZrDp1ylzhukUGrLKs3dfK8 +WGiWRc0p1E4Qg==; Received: from 2a02-8429-81d2-3d01-94c9-8097-ea5c-2775.rev.sfr.net ([2a02:8429:81d2:3d01:94c9:8097:ea5c:2775]:54190 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oLQ5v-0001bA-OM; Tue, 09 Aug 2022 10:20:31 -0400 From: Mathieu Othacehe To: Maxim Cournoyer Subject: Re: bug#54786: Installation tests are failing References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> <8735gnqkcp.fsf@gnu.org> <877d5zx9jt.fsf@gmail.com> <87v8tilrsh.fsf@gnu.org> <874k11ujqq.fsf@gmail.com> <877d5sbmjt.fsf@gnu.org> <87h74rg7ef.fsf@gmail.com> Date: Tue, 09 Aug 2022 16:20:28 +0200 In-Reply-To: <87h74rg7ef.fsf@gmail.com> (Maxim Cournoyer's message of "Sat, 11 Jun 2022 00:18:16 -0400") Message-ID: <875yj15wib.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54786-done Cc: 54786-done@debbugs.gnu.org, Ludovic =?utf-8?Q?Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Closing as all the installation tests are now fixed. Thanks to everyone involved :) Mathieu From unknown Tue Jun 17 20:14:31 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 07 Sep 2022 11:24:11 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator