From unknown Fri Jun 20 07:17:30 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#54811 <54811@debbugs.gnu.org> To: bug#54811 <54811@debbugs.gnu.org> Subject: Status: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Reply-To: bug#54811 <54811@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:17:30 +0000 retitle 54811 [PATCH 0/3] Support socket activation in 'guix publish' and '= guix-daemon' reassign 54811 guix-patches submitter 54811 Ludovic Court=C3=A8s severity 54811 normal tag 54811 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 05:13:00 2022 Received: (at submit) by debbugs.gnu.org; 9 Apr 2022 09:13:00 +0000 Received: from localhost ([127.0.0.1]:36701 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd79Q-0008Kh-94 for submit@debbugs.gnu.org; Sat, 09 Apr 2022 05:13:00 -0400 Received: from lists.gnu.org ([209.51.188.17]:56396) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd79O-0008KZ-T3 for submit@debbugs.gnu.org; Sat, 09 Apr 2022 05:12:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53700) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nd79N-0007TC-5q for guix-patches@gnu.org; Sat, 09 Apr 2022 05:12:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:46932) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nd79M-0003ew-Hr; Sat, 09 Apr 2022 05:12:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=iyDQr30hf+yNZ9wTWnJKDk2zro/6JdWT8lNcYM6ovII=; b=nGwzl976dnnrwO svpPrOTNmZP8VQ8kcaEesXj3Ip4utOpulnmnSxVoKwdaSbOQPBqIn0v4I8MySbbsYmu75Rw+liQId So74i+NCFb85HTIHTJK5+ySfZ5FyEYhuEFOz+a+MUMlrlm3Sy9v8K5bzg7/iaU1el6w4dXgQ1ohzR UQgK5Ssu7rPbexYVlXmYQpsWyi5eokV9x/u1SY0pFqLek2EEQM8OfkkRU/6ltWRoYJbvYKfgJNa+f H1IBSExh0spemZKA1vOPdq2jhUJNrdd5o4d9UMB0YEdUMuUIvmlKfhx6qaNTo9x9O6mVCCiHxnlAW uCaT+XZv3Uj59BvS2ygQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:50256 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nd79M-0005uf-3D; Sat, 09 Apr 2022 05:12:56 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' Date: Sat, 9 Apr 2022 11:12:46 +0200 Message-Id: <20220409091246.6979-1-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! Now that we have this fancy new Shepherd, we can have our daemons started lazily via “socket activation” like all the cool kids have been doing. :-) Next steps: update the ‘guix’ package, update the .service files, and update (gnu services base) (I’m not entirely sure we can start ‘guix-daemon’ via socket activation though due to the container shenanigans in there.) Thoughts? Ludo’. Ludovic Courtès (3): publish: Use SRFI-71 instead of SRFI-11. publish: Support systemd-style socket activation. daemon: Support systemd-style socket activation. doc/guix.texi | 11 ++++++++- guix/scripts/publish.scm | 39 +++++++++++++++++++++++++------- nix/nix-daemon/guix-daemon.cc | 42 ++++++++++++++++++++++++++++++----- 3 files changed, 78 insertions(+), 14 deletions(-) base-commit: 0996d48d0e79a360e0d5583b812cd565f62ca32e -- 2.35.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 05:13:55 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 09:13:56 +0000 Received: from localhost ([127.0.0.1]:36713 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7AH-0008My-Tx for submit@debbugs.gnu.org; Sat, 09 Apr 2022 05:13:55 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60498) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7AG-0008Mg-II for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 05:13:52 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:46960) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nd7AB-0003kD-Ay; Sat, 09 Apr 2022 05:13:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=SryT9h6F89eVe/pvqBP8Y9PIeGCaGEY6hWVl1LI1CLQ=; b=cnL9fjk6yvSJu9 B7Sy+O8Za5J6I1gdHMbUaDDDR80Fi6H1i2UZibJe2RJgui7RhQbN5KhvlLzxT0xFNd2k8x1n27/Ii D2L38dP6gqHhR3V5sJB2crzztdvlU+1xJv8ExGQiT0qap8t4FqxXYIGFHcWDInpZ297Xh0FCGjS91 Uvm/dCWWz/f0naPMm6e5ixW3ojE9m4euQSWhz4jZ1H7fDuiU2kn3Q7zIUEXLDjS8tD4/BsqBGsWif t/UbjiHHC9AltQnRWWZ3O+uGdPdhaeIRv8uIhBSBc3DaKW49AmJeHOEV7E+EEBtfEl3Ta6G5O/65J rb4u7sVP4LXB0KPsTF7w==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:58682 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nd7AA-00086k-V0; Sat, 09 Apr 2022 05:13:47 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 54811@debbugs.gnu.org Subject: [PATCH 1/3] publish: Use SRFI-71 instead of SRFI-11. Date: Sat, 9 Apr 2022 11:13:38 +0200 Message-Id: <20220409091340.7013-1-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/scripts/publish.scm (make-request-handler): Use 'let' instead of 'let-values'. --- guix/scripts/publish.scm | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index 870dfc11e9..d6eb65d912 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -36,11 +36,11 @@ (define-module (guix scripts publish) #:use-module (srfi srfi-2) #:use-module (srfi srfi-9) #:use-module (srfi srfi-9 gnu) - #:use-module (srfi srfi-11) #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) #:use-module (srfi srfi-37) + #:use-module (srfi srfi-71) #:use-module (web http) #:use-module (web request) #:use-module (web response) @@ -1190,8 +1190,7 @@ (define (handle request body) ;; Preserve the request's 'connection' header in the response, so that the ;; server can close the connection if this is requested by the client. (lambda (request body) - (let-values (((response response-body) - (handle request body))) + (let ((response response-body (handle request body))) (values (preserve-connection-headers request response) response-body)))) -- 2.35.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 05:13:56 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 09:13:56 +0000 Received: from localhost ([127.0.0.1]:36717 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7AJ-0008N9-Sr for submit@debbugs.gnu.org; Sat, 09 Apr 2022 05:13:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60502) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7AH-0008Mj-O2 for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 05:13:54 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:46962) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nd7AC-0003kJ-3u; Sat, 09 Apr 2022 05:13:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=mcz6YpA7Hu7KEGV4Jv5P7pYYDW3UJVMKZC+bJW6fRIs=; b=H8QmrEQS/MbUV8uKXj5i Y6OG+T2K1YFxf+TW5z4Bwnd0LDHfIpEjJ3aCNKQDOsyxYAScvFP6jID2SUh6SlQcegVa+EtHbb18g ViY0Pw+7FCpbXbSSfQ6Rx34HBRbI9J8LpjMYEDmG0lTl80J9wQFLuwFmahZYwUUHzl/9wHT0vSkyq efeTVoGkTF4hrzU8L8ubCYQjOAk+Lc2JiByPSLDR2qjLvYJSpGvIgOPIzful6A1HE8T3Ng31p3831 agNoBrDUuPfP33TjW8/AO3kFMiT+VkcvQ91jhc7kjFhHktrjrrX/BJ3COVIzWdMRot9I+PXLHArsD f1bNoTt4jtsr2g==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:58682 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nd7AB-00086k-Ho; Sat, 09 Apr 2022 05:13:47 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 54811@debbugs.gnu.org Subject: [PATCH 2/3] publish: Support systemd-style socket activation. Date: Sat, 9 Apr 2022 11:13:39 +0200 Message-Id: <20220409091340.7013-2-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220409091340.7013-1-ludo@gnu.org> References: <20220409091340.7013-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/scripts/publish.scm (systemd-socket): New procedure. (guix-publish): Add 'style' variable. Adjust startup message depending on whether STYLE is 'systemd. * doc/guix.texi (Invoking guix publish): Mention socket activation. --- doc/guix.texi | 5 +++++ guix/scripts/publish.scm | 34 +++++++++++++++++++++++++++++----- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 59db00e581..16bd858a3b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14041,6 +14041,11 @@ spawn an HTTP server on port 8080: guix publish @end example +@cindex socket activation, for @command{guix publish} +@command{guix publish} can also be started following the systemd +``socket activation'' protocol (@pxref{Service De- and Constructors, +@code{make-systemd-constructor},, shepherd, The GNU Shepherd Manual}). + Once a publishing server has been authorized, the daemon may download substitutes from it. @xref{Getting Substitutes from Other Servers}. diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index d6eb65d912..a4b9565f91 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -1235,6 +1235,23 @@ (define (open-server-socket address) (bind sock address) sock)) +(define (systemd-socket) + "If this program is being spawned through systemd-style \"socket +activation\", whereby the listening socket is passed as file descriptor 3, +return the corresponding socket." + (and (equal? (and=> (getenv "LISTEN_PID") string->number) + (getpid)) + (match (getenv "LISTEN_FDS") + ((= string->number 1) + (let ((sock (fdopen 3 "r+0"))) + (configure-socket sock) + sock)) + ((= string->number (? integer? n)) + (leave (G_ "~a: unexpected number of startup file descriptors") + n)) + (_ + #f)))) + (define (gather-user-privileges user) "Switch to the identity of USER, a user name." (catch 'misc-error @@ -1280,7 +1297,12 @@ (define-command (guix-publish . args) (make-socket-address (sockaddr:fam addr) (sockaddr:addr addr) port))) - (socket (open-server-socket address)) + (socket style (match (systemd-socket) + (#f + (values (open-server-socket address) + 'normal)) + (socket + (values socket 'systemd)))) (nar-path (assoc-ref opts 'nar-path)) (repl-port (assoc-ref opts 'repl)) (cache (assoc-ref opts 'cache)) @@ -1305,10 +1327,12 @@ (define-command (guix-publish . args) (cache-bypass-threshold (or (assoc-ref opts 'cache-bypass-threshold) (cache-bypass-threshold)))) - (info (G_ "publishing ~a on ~a, port ~d~%") - %store-directory - (inet-ntop (sockaddr:fam address) (sockaddr:addr address)) - (sockaddr:port address)) + (if (eq? style 'systemd) + (info (G_ "publishing (started via socket activation)~%")) + (info (G_ "publishing ~a on ~a, port ~d~%") + %store-directory + (inet-ntop (sockaddr:fam address) (sockaddr:addr address)) + (sockaddr:port address))) (for-each (lambda (compression) (info (G_ "using '~a' compression method, level ~a~%") -- 2.35.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 05:13:57 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 09:13:57 +0000 Received: from localhost ([127.0.0.1]:36719 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7AL-0008NR-Eu for submit@debbugs.gnu.org; Sat, 09 Apr 2022 05:13:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60506) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7AJ-0008Mm-Ms for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 05:13:56 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:46964) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nd7AC-0003kN-Mv; Sat, 09 Apr 2022 05:13:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=aXuSOoUD9PFCYxpT6+JbDOPQcLH7omCCf5f8oHqBu1s=; b=j/BNaR5/P/EASeBJz0or jXIueR6NdAmbjp214A9ODRbBY2GzWZXS8EX5Fr/767LQo3toaYpzq4KWFbftTTky7tnVovcKu1e/T dxJXCFNC60zxSuqMEWr9ckbHzZF+tSmkMuvwD9YOV7jKRgRQLKNKgpW1O/IssUrGCtX8zbCQXNvw9 VTB5xRAvDvdg6aJeRs78QxB1P9VfLvKbAio61gTR3TW/gg9DVuoY9LOMVLAZJAs52ZZTh1bFho4LX N+ADNazKHTlUNb9jwDUfx/lVFMQ1v+OJqnstq9AxiJtHzvZAgXCPAHUzOG6xZ4xTn/EA7ZyDM4KCd g2R3saDgryIMsA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:58682 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nd7AC-00086k-AM; Sat, 09 Apr 2022 05:13:48 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 54811@debbugs.gnu.org Subject: [PATCH 3/3] daemon: Support systemd-style socket activation. Date: Sat, 9 Apr 2022 11:13:40 +0200 Message-Id: <20220409091340.7013-3-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220409091340.7013-1-ludo@gnu.org> References: <20220409091340.7013-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * nix/nix-daemon/guix-daemon.cc (SD_LISTEN_FDS_START): New macro. (systemd_activation_sockets): New function. (main): Use it. Remove obsolete 'printMsg' call. * doc/guix.texi (Invoking guix-daemon): Document socket activation. --- doc/guix.texi | 6 ++++- nix/nix-daemon/guix-daemon.cc | 42 ++++++++++++++++++++++++++++++----- 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 16bd858a3b..81fec35eb7 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1554,7 +1554,11 @@ is normally run as @code{root} like this: # guix-daemon --build-users-group=guixbuild @end example -@noindent +@cindex socket activation, for @command{guix-daemon} +This daemon can also be started following the systemd ``socket +activation'' protocol (@pxref{Service De- and Constructors, +@code{make-systemd-constructor},, shepherd, The GNU Shepherd Manual}). + For details on how to set it up, @pxref{Setting Up the Daemon}. @cindex chroot diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc index 36a06a3fae..d7ab9c5e64 100644 --- a/nix/nix-daemon/guix-daemon.cc +++ b/nix/nix-daemon/guix-daemon.cc @@ -1,5 +1,5 @@ /* GNU Guix --- Functional package management for GNU - Copyright (C) 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2021 Ludovic Courtès + Copyright (C) 2012-2019, 2021-2022 Ludovic Courtès Copyright (C) 2006, 2010, 2012, 2014 Eelco Dolstra This file is part of GNU Guix. @@ -434,6 +434,31 @@ listening_sockets (const std::list &options) return result; } +/* First file descriptor provided at startup using systemd-style socket + activation. */ +#define SD_LISTEN_FDS_START 3 + +/* Return a list of file descriptors of listening sockets provided following + the systemd "socket activation" protocol. Return the empty list if we are + not being socket-activated. */ +static std::vector +systemd_activation_sockets () +{ + std::vector result; + + if (getEnv ("LISTEN_PID") == std::to_string (getpid ())) + { + unsigned int fdCount; + if (string2Int (getEnv ("LISTEN_FDS"), fdCount)) + { + for (unsigned int i = 0; i < fdCount; i++) + result.push_back (SD_LISTEN_FDS_START + i); + } + } + + return result; +} + int main (int argc, char *argv[]) @@ -494,7 +519,17 @@ main (int argc, char *argv[]) argp_parse (&argp, argc, argv, 0, 0, 0); - auto sockets = listening_sockets (listen_options); + auto sockets = systemd_activation_sockets (); + if (sockets.empty ()) + /* We were not "socket-activated" so open the sockets specified by + LISTEN_OPTIONS. */ + sockets = listening_sockets (listen_options); + else + printMsg (lvlInfo, + format (ngettext ("socket-activated with %1% socket", + "socket-activated with %1% sockets", + sockets.size ())) + % sockets.size ()); /* Effect all the changes made via 'settings.set'. */ settings.update (); @@ -531,9 +566,6 @@ using `--build-users-group' is highly recommended\n")); format ("automatic deduplication set to %1%") % settings.autoOptimiseStore); - printMsg (lvlDebug, - format ("listening on `%1%'") % settings.nixDaemonSocketFile); - run (sockets); } catch (std::exception &e) -- 2.35.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 05:19:55 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 09:19:55 +0000 Received: from localhost ([127.0.0.1]:36728 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7G7-0002Gf-68 for submit@debbugs.gnu.org; Sat, 09 Apr 2022 05:19:55 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:57202) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7G5-0002GX-VC for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 05:19:54 -0400 Received: from [192.168.109.254] ([188.189.133.86]) by albert.telenet-ops.be with bizsmtp id GZKr2700G1s0Pjw06ZKs7e; Sat, 09 Apr 2022 11:19:52 +0200 Message-ID: <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> Subject: Re: [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= , 54811@debbugs.gnu.org Date: Sat, 09 Apr 2022 11:19:51 +0200 In-Reply-To: <20220409091246.6979-1-ludo@gnu.org> References: <20220409091246.6979-1-ludo@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-hMhAweUp4PD0jhK2Zyhr" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649495992; bh=WxwfUaIFLNOxcTJO0rKcbY8/UQPBE/tp5esA4B/T5VE=; h=Subject:From:To:Date:In-Reply-To:References; b=FuKA2dSingDKZ/R4cnvhBctPGZ/JCptcN1nzgJ1RSLYAF7JckgBC8bpty+iRb5pdi NuwIltqxu7Ndc3xKOwxc1frn+3NZereuZ8bdKJlGL37ADYEZyMg6mLAGZr0v3Vq7ZI iMtBTFp3sy1qPa939RUY45iDpWE7aoBwKJnkPsSOL11u2oQQpP7KzgP9okOB4kqw/u yIZiK5YhTo3nT6+yfMBGZyRW3nxhalkgjS7ZxBhE6l51XSRr00faB+cXOm+F3hrZte rBaQcLXSuuvcq/jePJcJcNH7GLomjSfaQOdTe1K6g+PuvPHnUEhne40+QWmwj1q2aj gTs3SFlYg45uQ== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-hMhAweUp4PD0jhK2Zyhr Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:12 [+0200]: > =C2=A0 publish: Support systemd-style socket activation. Does this imply that, at least when avahi/--advertise isn't used, "guix publish" can be run in a container without network access, in a container that only has access to /gnu/store, the private/public key and wherever the nars are stored? Greetings, Maxime. --=-hMhAweUp4PD0jhK2Zyhr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlFPtxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7rfxAQDryxyzujOnxD/WIbqSn9kUTu8B 6aCmo6yjPsx6DcBFUwD/d/tSmHYkS742JuKFrQfahLI3TktGAYi4OjK/rHq+EQo= =b6Zw -----END PGP SIGNATURE----- --=-hMhAweUp4PD0jhK2Zyhr-- From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 05:20:42 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 09:20:42 +0000 Received: from localhost ([127.0.0.1]:36733 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7Gs-0002IJ-EH for submit@debbugs.gnu.org; Sat, 09 Apr 2022 05:20:42 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:36140) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7Gq-0002IB-NC for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 05:20:41 -0400 Received: from [192.168.109.254] ([188.189.133.86]) by laurent.telenet-ops.be with bizsmtp id GZLf2700J1s0Pjw01ZLfsj; Sat, 09 Apr 2022 11:20:40 +0200 Message-ID: <76a4ebb5ab283c363db88ad0250ce30403a34de2.camel@telenet.be> Subject: Re: [bug#54811] [PATCH 2/3] publish: Support systemd-style socket activation. From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= , 54811@debbugs.gnu.org Date: Sat, 09 Apr 2022 11:20:39 +0200 In-Reply-To: <20220409091340.7013-2-ludo@gnu.org> References: <20220409091340.7013-1-ludo@gnu.org> <20220409091340.7013-2-ludo@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-nVH0TxAl/bHGLU9zfc98" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649496040; bh=Jyrejc6OgfmM8ZhMobzQovi7eSyi9Gu8pzHzlpnWXmM=; h=Subject:From:To:Date:In-Reply-To:References; b=kHIdwnacpyPaLihgoRmUsrvhjgz0U6WFSDnHF0+hkBoUsC22XpQ9ICnKPiUSPYsQk rfNHw5O0MAZySH1snB439/W0u5P8VhM3lIm4bXB+uGbFuEQm4RkFWr7OqK+YtUF1H2 V2pf3Fk1gkQW+ePHlKKedxby5pg3TWkiISHu9Hqq+4pPob6T8YGitBkOL0HcuFjUMA qZ6Q0v88kNJpt9MKaz/BXlKgU8VU5RXJNSw67gHNrqDVAh0HSdomtiMcAsgSmNcma2 ygHieX8g5lNLJYd4UyFCKHhlrNz4JU3b5uZDqnCfTIxov5VUzwzvkV9gHEo36PSOw+ 1u7Sz2LU6YpCQ== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-nVH0TxAl/bHGLU9zfc98 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:13 [+0200]: > +=C2=A0 "If this program is being spawned through systemd-style \"socket > +activation\", whereby the listening socket is passed as file descriptor = 3, > +return the corresponding socket." And if it isn't, what is returned then? "Otherwise, return #false." Greetings, Maxime. --=-nVH0TxAl/bHGLU9zfc98 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlFP5xccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7snwAP9flG7Aq6EkNMhaJ6Vz/kbkOZxj 6THyEDYwMkNpY8bZOgEAqv/OV0YTsuw+I+kmpGCyTBUjcPMTTtgguHW1JqjSFQQ= =OMEJ -----END PGP SIGNATURE----- --=-nVH0TxAl/bHGLU9zfc98-- From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 05:29:11 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 09:29:11 +0000 Received: from localhost ([127.0.0.1]:36743 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7P5-0002VT-Ep for submit@debbugs.gnu.org; Sat, 09 Apr 2022 05:29:11 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:53500) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nd7P3-0002VK-O7 for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 05:29:10 -0400 Received: from [192.168.109.254] ([188.189.133.86]) by michel.telenet-ops.be with bizsmtp id GZV8270091s0Pjw06ZV8Wc; Sat, 09 Apr 2022 11:29:08 +0200 Message-ID: Subject: Re: [bug#54811] [PATCH 3/3] daemon: Support systemd-style socket activation. From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= , 54811@debbugs.gnu.org Date: Sat, 09 Apr 2022 11:29:08 +0200 In-Reply-To: <20220409091340.7013-3-ludo@gnu.org> References: <20220409091340.7013-1-ludo@gnu.org> <20220409091340.7013-3-ludo@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-uDb2PLhZBJ2vOe5zu4w+" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649496548; bh=ovvZsjUjeRpg5asU67fIWZ7AKkuciBzXd+4FriZ2Y3c=; h=Subject:From:To:Date:In-Reply-To:References; b=Oyq8roNy9RwdSwDpNyLJO8cA7LZyj46ur0aqu3fkPXSbtCQRK00py73lgbSm1y9K6 FZegUFKW8agUuVTvqCbLUkLeKn22yb/jorNuEBxi3B6+WDNANTUQv5IHKW2gZGhW+Q nYbtVgiIsH3O0pGo63wvpckKm2JXcvrIpI3WqceObA7hGTfzuJ9ses0BIWDNNQPMkF DtOGb/BkUbw2v1IcjGoxG2MpV5mcfpzsJqz9HoSvW5Rdurzj7WELT2uSjwcKxsDv3p PnWklKqwh3CC0H2VbB1Q14R9/QQAhgRZj2tdx7dkaAwV4+6J+284DH0A2D6A8An6Ap ZWGyh9F3TaSZg== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-uDb2PLhZBJ2vOe5zu4w+ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:13 [+0200]: > +=C2=A0 if (getEnv ("LISTEN_PID") =3D=3D std::to_string (getpid ())) I thought it was name getenv, and not getEnv, and C strings cannot be meaningfully compared with =3D=3D (pointer equality), or is thi a C++-ism? Greetings, Maxime. --=-uDb2PLhZBJ2vOe5zu4w+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlFR5BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7ijqAP9RCMS0NspmGByB1Qq6TOneq1hq 9AG2MhhxKWC3OPIZgAD+PzvP/Vexxs5cMaDTzSDB9Ea91xqXhUt4bWD/0gnBQAY= =XXai -----END PGP SIGNATURE----- --=-uDb2PLhZBJ2vOe5zu4w+-- From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 16:28:25 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 20:28:25 +0000 Received: from localhost ([127.0.0.1]:38762 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndHh3-0002v1-1q for submit@debbugs.gnu.org; Sat, 09 Apr 2022 16:28:25 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40450) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndHh1-0002uq-RV for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 16:28:24 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:56300) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndHgw-0001s2-BY; Sat, 09 Apr 2022 16:28:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=FnWESflk/mFOCvrlIUbKB/+Q9EJgCXNb7spCM9yKryU=; b=BcTpkntqsnq6hm9iqboS FfRbneCGval5yj1tL6s9NnElFcqrzEKwHMhTK1l1FovgZf86N4qiEAa6LIHIwENrk3NoKv9Bmqwmk XrZ8e99VfGNPx1JGuC6l8e1qRzZvXjPXPCLck+DlJCofY1EGUoKJtxTNXwYItMvDlrD5nw1fjlAeW Dl8V8JgUK0a/rAk2rtOjDDWxkcKGoqNWxlaZuSHG25VcKzYZ33qi9fGLGuhevaliUoMRg2Kz527Pu Epj7NQXXhWAIh/27pZzVTXEScUjMvgQqQBgSCzYry1S861bv9LwigAWhRdy7WNurzOzMtr2Zn20wf npSGkiyN9hmp+Q==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:50366 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndHgv-0007xx-Ua; Sat, 09 Apr 2022 16:28:18 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' References: <20220409091340.7013-1-ludo@gnu.org> <20220409091340.7013-3-ludo@gnu.org> Date: Sat, 09 Apr 2022 22:28:15 +0200 In-Reply-To: (Maxime Devos's message of "Sat, 09 Apr 2022 11:29:08 +0200") Message-ID: <87y20e6ly8.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:13 [+0200]: >> +=C2=A0 if (getEnv ("LISTEN_PID") =3D=3D std::to_string (getpid ())) > > I thought it was name getenv, and not getEnv, and C strings cannot be > meaningfully compared with =3D=3D (pointer equality), or is thi a C++-ism? Yes, this is the equality operator on std::string. Also, =E2=80=98getEnv= =E2=80=99 always returns a string, possibly empty (a flaky but good-enough interface.) Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 16:30:10 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 20:30:10 +0000 Received: from localhost ([127.0.0.1]:38777 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndHik-00030W-3M for submit@debbugs.gnu.org; Sat, 09 Apr 2022 16:30:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40892) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndHij-0002z4-2J for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 16:30:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:56334) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndHid-0002Hh-Qw; Sat, 09 Apr 2022 16:30:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=9m4OTp4No7jCdwMAS198g7Xs7wUwHdhJ6VJystIGlhY=; b=OqhWzLhCogxXSdLa+CLE viymwJD/i0dRjbAgELI/JLkiWgC75Cz2tKTQ9Cq1/9yX+XhS1YAfrwKgamTrkZvQsyykMXm6hVf1r CrtviYWBGNzxGs/7l9YFqXU4brC/Q7jWjQwChvFvL8l9O3SA/4AJUQLRY8eEIXgA7hnhxTw0CEv+A XXvsaD3E8aQOzZC6fyfu+oeryAimXRlJ2KhOwxv2qLI4i65Vn5UWFn4Z1aQIECGAAgGL8eXDeeoR6 jEACb4J++/d83gODRb4Minn4f//yeIAjtqbqzcyVQYh8iaw8WZmxsLeGrjnr380+ufUrxjmSBemcG CwkQ+78vtT3mfQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:50731 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndHic-00044E-Hn; Sat, 09 Apr 2022 16:30:03 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> Date: Sat, 09 Apr 2022 22:30:01 +0200 In-Reply-To: <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> (Maxime Devos's message of "Sat, 09 Apr 2022 11:19:51 +0200") Message-ID: <87tub26lva.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:12 [+0200]: >> =C2=A0 publish: Support systemd-style socket activation. > > Does this imply that, at least when avahi/--advertise isn't used, > "guix publish" can be run in a container without network access, > in a container that only has access to /gnu/store, the private/public > key and wherever the nars are stored? I don=E2=80=99t think it makes any difference. Or am I misunderstanding? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 09 16:50:02 2022 Received: (at 54811) by debbugs.gnu.org; 9 Apr 2022 20:50:03 +0000 Received: from localhost ([127.0.0.1]:38802 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndI1y-0003W8-D9 for submit@debbugs.gnu.org; Sat, 09 Apr 2022 16:50:02 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:35118) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndI1w-0003Vf-2z for 54811@debbugs.gnu.org; Sat, 09 Apr 2022 16:50:01 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by baptiste.telenet-ops.be with bizsmtp id Gkpx2700F4UW6Th01kpyCj; Sat, 09 Apr 2022 22:49:58 +0200 Message-ID: <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Sat, 09 Apr 2022 22:49:53 +0200 In-Reply-To: <87tub26lva.fsf_-_@gnu.org> References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-+MrsCEdt2/FoSdsPxUcb" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649537398; bh=6akMhSluKKBiiIBoFZgoBf8X3dgrkQjFdgpXA7tnvLk=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=bDL6O3RUUOeqJe+fs2B1eufrEa4bmcy2PWCQEC31pkNJyXTKkwSSL+4UjeyGQtjLn YjDkX64zC3jhZlPIwcF8Ojl3KeEnoyE+CKmcss7dZIHVpAq0Mahmd0HVpLWIVD98Mn ju3lPTWIeyuZeZhboMxdGib1Y5uklt+HCtoC0A9yPKyer4wx5yJu+cfQM3sqc3dEX3 d8tXgV8XfG+wXeF+nfOs8jJIlbD+twVmde8Dgui6Gp0tGv6VrL/G91d1M6W3myJAvP +8KdGpDxgHopH8fLUkHAKrm5aVxoP4QS814lHBqeyzxSNIvZX0INHvojOML60u++rc YDIDJMq0J0mDw== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-+MrsCEdt2/FoSdsPxUcb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op za 09-04-2022 om 22:30 [+0200]: > Maxime Devos skribis: >=20 > > Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:12 [+0200]: > > > =C2=A0 publish: Support systemd-style socket activation. > >=20 > > Does this imply that, at least when avahi/--advertise isn't used, > > "guix publish" can be run in a container without network access, > > in a container that only has access to /gnu/store, the private/public > > key and wherever the nars are stored? >=20 > I don=E2=80=99t think it makes any difference.=C2=A0 Or am I misunderstan= ding? Is =E2=80=98it=E2=80=99 =3D =E2=80=98the new socket activation support=E2= =80=99, or =E2=80=98the avahi/-- advertise option being enabled or not=E2=80=99? Greetings, Maxime. --=-+MrsCEdt2/FoSdsPxUcb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlHxcRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7vrOAP9zmhPP0Dzo1MTSLCZEjaNQRum1 84MOYOKvWkhCkIEx8QEAr/x2WZyKRjktf1y+iOVCBVOVvzB1BlEPEn9FBYJA/wA= =maR3 -----END PGP SIGNATURE----- --=-+MrsCEdt2/FoSdsPxUcb-- From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 10 13:35:07 2022 Received: (at 54811) by debbugs.gnu.org; 10 Apr 2022 17:35:07 +0000 Received: from localhost ([127.0.0.1]:41341 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndbSt-0001Iz-86 for submit@debbugs.gnu.org; Sun, 10 Apr 2022 13:35:07 -0400 Received: from eggs.gnu.org ([209.51.188.92]:52064) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndbSr-0001IK-67 for 54811@debbugs.gnu.org; Sun, 10 Apr 2022 13:35:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45824) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndbSl-00032k-SP; Sun, 10 Apr 2022 13:34:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=mQ41BX2ifkFL6Zy52jDLY213K6kTe8CtNRVZMDXMqGk=; b=OP0l7bX+fS0ULqLyOuJg Ce1SC8gtXtgCxlss0oP74h4o8iqm24rrf+Knlw6w82030qVAAb5XO3udCL4BdHfeeGOjQnPDhXG58 cXAmL7rceRZYdeqgibBbSVThPmPZTFla0b5nJzKWEnZa+zd5bDK0DIQfeMaJQQp4izy4Xxl4w/Hq+ bhgbKwN8DulyNLMVNCmBkjeJMu/UPVIqIUIhnM8IUsKNvdLJD+PJnbSLMdlfv3ymuik3PyYCHR1cJ OCLLODfbhLvWJpht8yn55FQZyWGpTwS8gJWVtY76E36U/PiT+1lTKlO1fWZsoOcvr8DAsZaXbkGQl KrAN4YAnl2iB0g==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:53310 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndbSl-00067E-Fn; Sun, 10 Apr 2022 13:34:59 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 21 Germinal an 230 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sun, 10 Apr 2022 19:34:57 +0200 In-Reply-To: <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> (Maxime Devos's message of "Sat, 09 Apr 2022 22:49:53 +0200") Message-ID: <87sfqk6dvi.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op za 09-04-2022 om 22:30 [+0200]: >> Maxime Devos skribis: >>=20 >> > Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:12 [+0200]: >> > > =C2=A0 publish: Support systemd-style socket activation. >> >=20 >> > Does this imply that, at least when avahi/--advertise isn't used, >> > "guix publish" can be run in a container without network access, >> > in a container that only has access to /gnu/store, the private/public >> > key and wherever the nars are stored? >>=20 >> I don=E2=80=99t think it makes any difference.=C2=A0 Or am I misundersta= nding? > > Is =E2=80=98it=E2=80=99 =3D =E2=80=98the new socket activation support=E2= =80=99, or =E2=80=98the avahi/-- > advertise option being enabled or not=E2=80=99? =E2=80=9CIt=E2=80=9D referred to the long condition you wrote. :-) One thing is sure: when =E2=80=98--advertise=E2=80=99 is used, we shouldn= =E2=80=99t use socket activation or nothing will be advertised. Is that what you mean? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 10 13:43:57 2022 Received: (at 54811) by debbugs.gnu.org; 10 Apr 2022 17:43:57 +0000 Received: from localhost ([127.0.0.1]:41363 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndbbQ-0001Yr-Qz for submit@debbugs.gnu.org; Sun, 10 Apr 2022 13:43:57 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:60320) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndbbO-0001Yi-Vx for 54811@debbugs.gnu.org; Sun, 10 Apr 2022 13:43:55 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by albert.telenet-ops.be with bizsmtp id H5js2700J4UW6Th065jsgc; Sun, 10 Apr 2022 19:43:53 +0200 Message-ID: <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Sun, 10 Apr 2022 19:43:48 +0200 In-Reply-To: <87sfqk6dvi.fsf@gnu.org> References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-IcSWmvy+Rj+3lqPFN7TA" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649612633; bh=vJZ1L9TAgAcw/kq3M0uFS+orKL6MiqW4VytATDTzaMI=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=L/+VtKFTOUVJ4fFAykShePbJbQxvYwWeRMfhYciotO92h+ewjeu5VAwua0m24lERc y2A5Jzv/ridUigam91QydEukqXhSlOuTt3pxOZnlxdAKQGW1wjlh1Wye6g/JtmgVF2 yyTV5gCOxJnWqJKk414pyE1KShuapEZbN1C3hqASd2fpORELuljYkfr9c9XcBMSrd9 +6HMpQtj1iMvUBaps5TV244En9kmzWQBbvR4TnY9SlOACMIdPuqgwWNBvvFJOwqQGf TWLhseDp9x4a/MTRPyDF6r39Gw9CHO/zhFwtI4cIngsz99+fqdy0EovA5ie5BGWOJg rfNaXrQZRn1zw== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-IcSWmvy+Rj+3lqPFN7TA Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op zo 10-04-2022 om 19:34 [+0200]: > Maxime Devos skribis: >=20 > > Ludovic Court=C3=A8s schreef op za 09-04-2022 om 22:30 [+0200]: > > > Maxime Devos skribis: > > >=20 > > > > Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:12 [+0200]: > > > > > =C2=A0 publish: Support systemd-style socket activation. > > > >=20 > > > > Does this imply that, at least when avahi/--advertise isn't used, > > > > "guix publish" can be run in a container without network access, > > > > in a container that only has access to /gnu/store, the private/publ= ic > > > > key and wherever the nars are stored? > > >=20 > > > I don=E2=80=99t think it makes any difference.=C2=A0 Or am I misunder= standing? > >=20 > > Is =E2=80=98it=E2=80=99 =3D =E2=80=98the new socket activation support= =E2=80=99, or =E2=80=98the avahi/-- > > advertise option being enabled or not=E2=80=99? >=20 > =E2=80=9CIt=E2=80=9D referred to the long condition you wrote.=C2=A0 :-) >=20 > One thing is sure: when =E2=80=98--advertise=E2=80=99 is used, we shouldn= =E2=80=99t use socket > activation or nothing will be advertised.=C2=A0 Is that what you mean? No, how would socket activation prevent advertising? How would guile- avahi even know that we are doing socket activation? What I mean was: * if guile-avahi sends messages to the network by itself, then it cannot be run inside a networkless container, otherwise only the container's loopback would receive them. * if guile-avahi talks to some daemon via a unix domain socket, then no problem * IIUC, previously, "guix publish" could not be run inside a network container, because it tried to listen by itself (and listening to a container's own loopback isn't useful). * but in case of socket activation, this problem disappears * bonus: except possibly for the secret key material, "guix publish" does not have to be started as root anymore even if uses a reserved port such as port 80 (assuming socket activation is used). Greetings, Maxime. --=-IcSWmvy+Rj+3lqPFN7TA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlMXVBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7g3PAP0RgWhjegefwuLAnTqJEYHIVX/c ebTpEjrXszg7RQXEggD+O9rc7FePFpEFhrHMN7FDjcIIIp0crH9n8XLRkH+jxQY= =N7jj -----END PGP SIGNATURE----- --=-IcSWmvy+Rj+3lqPFN7TA-- From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 11 05:49:02 2022 Received: (at 54811) by debbugs.gnu.org; 11 Apr 2022 09:49:02 +0000 Received: from localhost ([127.0.0.1]:42511 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndqfN-00009T-Sj for submit@debbugs.gnu.org; Mon, 11 Apr 2022 05:49:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55146) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndqfM-000092-4l for 54811@debbugs.gnu.org; Mon, 11 Apr 2022 05:49:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34202) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndqfG-0000Lr-K0; Mon, 11 Apr 2022 05:48:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=c59hinSBwa2DjYwYIeKoE1aDq+AgG0lii9Bdijhq/iw=; b=iZQ1Bbv5QrDu5DatilcA k97UCBfE4qTvB4xZfTXm8IYYIks70D5IZZ5bNJlY/6vcoCCOkzTHIc77XIs3/2w3Uk5V6T9Qq5cSN GxSXy0JvjqM7dKkzTjet14qvKL99o8NZQVMVqV8tjQiuLZXa2uJn9gjVon0qENSulTAFHr3pBygS9 0Upi4CNOqYs0zV6MfNPMX/+8rgTmitDk1CaQe5VME09hW7eB4HOd7RKd6EBct0+XKt39Dv7jPC8SU Njaromgr1fWPxXsYnB/Bh0TXsPePIMSZ+/SwQO6wd68K86e+jN2wtyvbbYlCLEUzZCJtjHXQkCTmP PnmjpaU+LB7E6w==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:49763 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndqfF-0003YP-BN; Mon, 11 Apr 2022 05:48:54 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 22 Germinal an 230 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 11 Apr 2022 11:48:51 +0200 In-Reply-To: <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> (Maxime Devos's message of "Sun, 10 Apr 2022 19:43:48 +0200") Message-ID: <877d7wkl18.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op zo 10-04-2022 om 19:34 [+0200]: [...] >> One thing is sure: when =E2=80=98--advertise=E2=80=99 is used, we should= n=E2=80=99t use socket >> activation or nothing will be advertised.=C2=A0 Is that what you mean? > > No, how would socket activation prevent advertising? As currently implemented in the Shepherd, socket activation means that the process is started lazily, the first time a connection request is made. If the =E2=80=98guix publish=E2=80=99 process isn=E2=80=99t started,= then DNS-SD publication doesn=E2=80=99t happen. > How would guile- avahi even know that we are doing socket activation? > > What I mean was: > > * if guile-avahi sends messages to the network by itself, > then it cannot be run inside a networkless container, > otherwise only the container's loopback would receive them. > > * if guile-avahi talks to some daemon via a unix domain socket, > then no problem Guile-Avahi talks to avahi-daemon over a Unix-domain socket; avahi-daemon then does the actual mDNS/DNS-SD publication. > * IIUC, previously, "guix publish" could not be run inside a network > container, because it tried to listen by itself (and listening > to a container's own loopback isn't useful). > > * but in case of socket activation, this problem disappears Well, shepherd, as an ordinary process in the container, would also try to listen by itself. But I think that=E2=80=99s fine; worst thing is nobody ever connects to that socket, but that=E2=80=99s ok, no? > * bonus: except possibly for the secret key material, "guix publish" > does not have to be started as root anymore even if uses a > reserved port such as port 80 (assuming socket activation is used). But it does need to access the secret key=E2=80=A6 Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 11 06:06:44 2022 Received: (at 54811) by debbugs.gnu.org; 11 Apr 2022 10:06:44 +0000 Received: from localhost ([127.0.0.1]:42536 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndqwW-0000g2-G0 for submit@debbugs.gnu.org; Mon, 11 Apr 2022 06:06:44 -0400 Received: from andre.telenet-ops.be ([195.130.132.53]:54016) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndqwV-0000ft-3S for 54811@debbugs.gnu.org; Mon, 11 Apr 2022 06:06:44 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by andre.telenet-ops.be with bizsmtp id HN6h270034UW6Th01N6hX3; Mon, 11 Apr 2022 12:06:41 +0200 Message-ID: <5ba8549a9336a998133083939b1425f8bb5ad77f.camel@telenet.be> Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Mon, 11 Apr 2022 12:06:36 +0200 In-Reply-To: <877d7wkl18.fsf@gnu.org> References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> <877d7wkl18.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-0p4XBQUi+EXGVcXubka0" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649671601; bh=Q6z9f15JBaNZNT1RqlvhgtWi7B2o9e1c/BVtrnegmwU=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=hAEXsOTxWU2QLRGIOBIHyEnkCGFQSVrR4TfkDkUH8Yjo4/bCXvZ7TZw0pqooUnbTf tISCzDADu6c4pb8xxpnMSbvQkrscqZkC7l63p3YR+R3yJV9QX4Tmca9B+t4EDp4dpl /b1dWYz1mQWrE1GQ9iEi8lxRLVpX3LFK40Cw46B4wqhSWwAi7ZePR6lF2hwKnMV5sE OwXvTrvT/mibL5IbEciVtiYKzpILTwnwbH3GQ/imlIxlWX2JIysdOO1We2dEhkz5nT hrA3m8Q+CqdiLgSWtKPcm8An1YUt44wntRGoacWkQWe8Sw+EK5ay9OMLZJCX7jHW2Z 8H3I1JnVLs4sg== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-0p4XBQUi+EXGVcXubka0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op ma 11-04-2022 om 11:48 [+0200]: > > =C2=A0=C2=A0 * bonus: except possibly for the secret key material, "gui= x > > publish" > > =C2=A0=C2=A0=C2=A0=C2=A0 does not have to be started=C2=A0 as root anym= ore even if uses a > > =C2=A0=C2=A0=C2=A0=C2=A0 reserved port such as port 80 (assuming socket= activation is > > used). >=20 > But it does need to access the secret key=E2=80=A6 The =E2=80=98guix publish=E2=80=99 could be run as a separate, say, guix-pu= blish user, and the secret key could be made readable to guix-publish. Alternatively, the shepherd could open the secret key file on behalf of =E2=80=98guix publish=E2=80=99 and send it together with the listening sock= et to =E2=80=98guix publish=E2=80=99. Greetings, Maxime. --=-0p4XBQUi+EXGVcXubka0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlP9rBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7rowAQDoyX4ci6zJFsGV6fdyGI3v2hNt 1B/4u9lZbNOr0opA6AD/WEiBG4BMu+9QnrIejG/YqZzpkqGpMChL9HX2KQhITAo= =Bdix -----END PGP SIGNATURE----- --=-0p4XBQUi+EXGVcXubka0-- From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 11 06:09:00 2022 Received: (at 54811) by debbugs.gnu.org; 11 Apr 2022 10:09:00 +0000 Received: from localhost ([127.0.0.1]:42551 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndqyh-0000k7-Oi for submit@debbugs.gnu.org; Mon, 11 Apr 2022 06:08:59 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:50496) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndqyf-0000jx-8g for 54811@debbugs.gnu.org; Mon, 11 Apr 2022 06:08:57 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by baptiste.telenet-ops.be with bizsmtp id HN8v2700B4UW6Th01N8vyz; Mon, 11 Apr 2022 12:08:56 +0200 Message-ID: Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Mon, 11 Apr 2022 12:08:55 +0200 In-Reply-To: <877d7wkl18.fsf@gnu.org> References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> <877d7wkl18.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-1P5qPzd/Rz8cPIRcaHbF" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649671736; bh=ksFLytCUbeylJtq4Ybd0mcd6clsLLL1l4WGEMG0KxL8=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=OWP9Er1mSkkMvUh4diNmSCPZOhPgox2xPO3QSrpki/Zu9xMrQTvss/284REP0Jd1Q r9ycpz7GvdTDGkG3FAOABXnx66PkCSh0VsJko0HU/m4o3AE+f7btHKcp0BwCmTmj+5 7LKt/Jf05POlNHyljSGIcrlYdTCR8vpWkM8L5t+xKQcne19lyvq8sy7lWS24DwyCXM XNQtkBwgBWLm4VFAMflEdogI0GAsyVpYnKt1dmjDQAqpXfHaaX7CML0EA4oJCE2dI5 gcriwr1XmEF4HfVkdFlG3jK5yyh0kYgM3w8OuC+K9nK+9mx9mH/lunnbiub/zyC7dm 0XfHhkAio2nRA== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-1P5qPzd/Rz8cPIRcaHbF Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op ma 11-04-2022 om 11:48 [+0200]: > > =C2=A0=C2=A0 * IIUC, previously, "guix publish" could not be run inside= a > > network > > =C2=A0=C2=A0=C2=A0=C2=A0 container, because it tried to listen by itsel= f (and listening > > =C2=A0=C2=A0=C2=A0=C2=A0 to a container's own loopback isn't useful). > >=20 > > =C2=A0=C2=A0 * but in case of socket activation, this problem disappear= s >=20 > Well, shepherd, as an ordinary process in the container, I meant running =E2=80=98guix publish=E2=80=99 inside a container, not shep= herd as a whole in a container. Basically, make-forkexec-constructor/container, but for socket activation. > would also try to listen by itself.=C2=A0 But I think that=E2=80=99s fin= e; worst > thing is nobody ever connects to that socket, but that=E2=80=99s ok, no? If nobody every connects to the socket of =E2=80=98guix publish=E2=80=99, t= hen =E2=80=98guix publish=E2=80=99 is useless. Greetings, Maxime. --=-1P5qPzd/Rz8cPIRcaHbF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlP+NxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kUYAP9Onr44FXVmpN8GDoaJtonUnPN8 JrtGMebLV0GjMnOHKwD+Ot+yG3/OVzTBtPUVWv8Ht5TC50/YBOoZcnn3dXCUCg0= =uVXr -----END PGP SIGNATURE----- --=-1P5qPzd/Rz8cPIRcaHbF-- From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 11 06:10:26 2022 Received: (at 54811) by debbugs.gnu.org; 11 Apr 2022 10:10:26 +0000 Received: from localhost ([127.0.0.1]:42558 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndr06-0000mx-31 for submit@debbugs.gnu.org; Mon, 11 Apr 2022 06:10:26 -0400 Received: from andre.telenet-ops.be ([195.130.132.53]:59176) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndr04-0000mp-PV for 54811@debbugs.gnu.org; Mon, 11 Apr 2022 06:10:25 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by andre.telenet-ops.be with bizsmtp id HNAP2700Y4UW6Th01NAPEP; Mon, 11 Apr 2022 12:10:23 +0200 Message-ID: <49b1b912660173c856a9552a073f29d93d7a6a35.camel@telenet.be> Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Mon, 11 Apr 2022 12:10:23 +0200 In-Reply-To: <877d7wkl18.fsf@gnu.org> References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> <877d7wkl18.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-6GW/c5LtqE/Wzj0uo821" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649671824; bh=TCyz1pduHxLuC11RRfduivbN1VoENQjBaVJlqplQ5bw=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=hIys4hqhBqgHxh7+MP0eJQ+3lVzdkmntv31Fle8qHZ3F0b/duIVdLw+ZFBieZy4+2 Iz6BPg3CeiXhm/BZYRoPLnZ8V6trUWtI04tNUcgArP63hfEeU6o4Zsv+CHEwr2JgH8 TVC7zaacWqtJM7gPw47FHjQFVTo6tGbFsMFIIZiiyZ4QC0Ln+7bdL2N6Jajahj8tnl IrdzWyKopqgzI2Lc/lO7szbN05LX3mVqBX6pHt7DDh8mJuZNzuRhEDvEszdZHWVDjp dKuoJyPWn6bRIg0xYSmMWGyluKu0Vy4TIZZLtcoQ7oAQZXux9tWQx6siA5jWP1iM5J qqrfsbiMUShVQ== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-6GW/c5LtqE/Wzj0uo821 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op ma 11-04-2022 om 11:48 [+0200]: > > > One thing is sure: when =E2=80=98--advertise=E2=80=99 is used, we sho= uldn=E2=80=99t use > > > socket > > > activation or nothing will be advertised.=C2=A0 Is that what you mean= ? > >=20 > > No, how would socket activation prevent advertising? >=20 > As currently implemented in the Shepherd, socket activation means > that > the process is started lazily, the first time a connection request is > made.=C2=A0 If the =E2=80=98guix publish=E2=80=99 process isn=E2=80=99t s= tarted, then DNS-SD > publication doesn=E2=80=99t happen. Right, the DNS-SD publication would only happen when =E2=80=98guix publish= =E2=80=99 is contacted directly, e.g. somebody doing "guix build --substitute- urls=3Dhttp://...". Greetings, Maxime. --=-6GW/c5LtqE/Wzj0uo821 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlP+jxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qfyAQDNxvu1s7WZ5cLao+cc40XMisXB ZMVAxa1dSCfWMrdTYwD+KaXBPIFWekSjc5DzL4S5rivCKhP+d/XqV4PGd7tudAs= =+ZTx -----END PGP SIGNATURE----- --=-6GW/c5LtqE/Wzj0uo821-- From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 11 16:33:22 2022 Received: (at 54811) by debbugs.gnu.org; 11 Apr 2022 20:33:22 +0000 Received: from localhost ([127.0.0.1]:45840 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ne0iw-0001x9-HI for submit@debbugs.gnu.org; Mon, 11 Apr 2022 16:33:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40338) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ne0iv-0001wx-KI for 54811@debbugs.gnu.org; Mon, 11 Apr 2022 16:33:21 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49514) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ne0ip-00050X-9c; Mon, 11 Apr 2022 16:33:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=qGeww3yS2Gv2Nly7Y+eosItTM/PhSZ0WTVRIbxQ1BxM=; b=DRDoQpL/xTs+njEXbcMh /i1yArugoZun6QNgb4bUhaSFJvLWwAQGLs3xDa2K29N9HN6e5sFCTC7Vjg2eitiiqiGxZRiyzAauw kc0CMnyydb4iX1IyH0ViQw4jrVPVEYwWbHyvvTAcvqjVpVd3x/M7en4Mc323u1NnFR/WV5BHr5abr 8hlx3PlcNcCbWuIO2AngJukjOELnJdci66xz/6oj/0sbeoqk0SvphkQQHYwUtdZcIBiMfGk4e6VYP EyY8Rl+oKQEQQimi9Xu4D0rbs98Q1aMYNv9jlmDE4BZDLE1n7gG9AHR2PTf6zwlN+QeG1VvkHNf3Q HMoVOzXVTeOYyA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:54720 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ne0io-0000rw-Tb; Mon, 11 Apr 2022 16:33:15 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> <877d7wkl18.fsf@gnu.org> <5ba8549a9336a998133083939b1425f8bb5ad77f.camel@telenet.be> Date: Mon, 11 Apr 2022 22:33:12 +0200 In-Reply-To: <5ba8549a9336a998133083939b1425f8bb5ad77f.camel@telenet.be> (Maxime Devos's message of "Mon, 11 Apr 2022 12:06:36 +0200") Message-ID: <87bkx7gy2f.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op ma 11-04-2022 om 11:48 [+0200]: >> > =C2=A0=C2=A0 * bonus: except possibly for the secret key material, "gu= ix >> > publish" >> > =C2=A0=C2=A0=C2=A0=C2=A0 does not have to be started=C2=A0 as root any= more even if uses a >> > =C2=A0=C2=A0=C2=A0=C2=A0 reserved port such as port 80 (assuming socke= t activation is >> > used). >>=20 >> But it does need to access the secret key=E2=80=A6 > > The =E2=80=98guix publish=E2=80=99 could be run as a separate, say, guix-= publish user, > and the secret key could be made readable to guix-publish. That doesn=E2=80=99t sound reasonable. > Alternatively, the shepherd could open the secret key file on behalf of > =E2=80=98guix publish=E2=80=99 and send it together with the listening so= cket to =E2=80=98guix > publish=E2=80=99. Sure, that=E2=80=99s feasible, but that=E2=80=99d require a custom protocol= that I=E2=80=99d rather avoid. As things are now, =E2=80=98guix publish=E2=80=99 drops privileges as soon = as it has opened the signing key anyway. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 11 16:35:01 2022 Received: (at 54811) by debbugs.gnu.org; 11 Apr 2022 20:35:01 +0000 Received: from localhost ([127.0.0.1]:45846 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ne0kW-0001zQ-Tg for submit@debbugs.gnu.org; Mon, 11 Apr 2022 16:35:01 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40800) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ne0kV-0001zE-FM for 54811@debbugs.gnu.org; Mon, 11 Apr 2022 16:34:59 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49582) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ne0kP-0005Aq-SU; Mon, 11 Apr 2022 16:34:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=mqbID96Eghf54b+kOkYbx3aMjmSxO1765hDkIJGTjYM=; b=Ua/LxqvM8tzcyG5Ymt+v mXYpgamDI8g0U74FZDtuTz9TRm2UhMk8LRhc4SsrAJiT+VqlY1pr06b8nyGbTzVtWc1mBgYU0tVtk E3YZZqG6JgFmYSd5b4BgJEF/fcGBeaTL96AoGdCxJNs3RsrAx4onhzNFYpabUClLIeQGFNBDV8t6l uMd55/LVQUaLk1sCRUjn2dAgYIJ6QUAD2nCMYwUPXWQQFAbTlJq2s6PSgTiRlsNqeRRNhmJcZKP3P 9ZQvuRZVZIhz5myupN1TunVlUBMWEmW0lGiuLXOaGtNRBSxk4Hsx78yIZTbo6okasOG6R5L5z9pRw tHEHXoNBBRHCfA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:49965 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ne0kP-0004sf-GH; Mon, 11 Apr 2022 16:34:53 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> <877d7wkl18.fsf@gnu.org> Date: Mon, 11 Apr 2022 22:34:52 +0200 In-Reply-To: (Maxime Devos's message of "Mon, 11 Apr 2022 12:08:55 +0200") Message-ID: <877d7vgxzn.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > I meant running =E2=80=98guix publish=E2=80=99 inside a container, not sh= epherd as a > whole in a container. Basically, make-forkexec-constructor/container, > but for socket activation. Oh, I see; that=E2=80=99s future work (the existing =E2=80=98make-forkexec-constructor/container=E2=80=99 is not composable, we= need something else.) Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 12 04:42:17 2022 Received: (at 54811) by debbugs.gnu.org; 12 Apr 2022 08:42:17 +0000 Received: from localhost ([127.0.0.1]:47455 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neC6L-0004m6-AN for submit@debbugs.gnu.org; Tue, 12 Apr 2022 04:42:17 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:59770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neC6I-0004lw-I3 for 54811@debbugs.gnu.org; Tue, 12 Apr 2022 04:42:15 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by laurent.telenet-ops.be with bizsmtp id HkiC2700X4UW6Th01kiC07; Tue, 12 Apr 2022 10:42:13 +0200 Message-ID: <4b82341ee0e4bdebbdf477ede00b6a8b33949788.camel@telenet.be> Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Tue, 12 Apr 2022 10:42:07 +0200 In-Reply-To: <87bkx7gy2f.fsf_-_@gnu.org> References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> <877d7wkl18.fsf@gnu.org> <5ba8549a9336a998133083939b1425f8bb5ad77f.camel@telenet.be> <87bkx7gy2f.fsf_-_@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-iJ1hck27Kv3FQmVyrVSP" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649752933; bh=Ix0OLld14kRsbeM+l2apFefnhgKrrBk/rX80t+QGiX8=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=C14zXV4uJ8g9M5YCYxTDwe0u4c4C8AuFodF66rWJuNVge5K1TAITYWVtvXrbSiHEY RzM4IZi9UXRP67yQ6nodR2QDVsHdgjhQV2/l0PC8mUtrSHkrgaYvdI81mqECiAGkGK vWMqhcHci3B4OEopitE01pSKt3IbOjb0av2Ac6sOzElSIQhN+eqZUNFzp2L3gIycgI dFM6+p3EPwBdH8TXB0xW7Yn9epAO2x6mwbiCmDbZhT9T5CDV63CiEKDRoNBplkM9UM vgVxNdQXrKw7BVpZy7umtDDED9l/7NDvqqECBXxdL7JmayeKMRzGjM8IzOn4rB9LE5 E3MyBUVb7dSHQ== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-iJ1hck27Kv3FQmVyrVSP Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op ma 11-04-2022 om 22:33 [+0200]: > > Alternatively, the shepherd could open the secret key file on > > behalf of > > =E2=80=98guix publish=E2=80=99 and send it together with the listening = socket to > > =E2=80=98guix > > publish=E2=80=99. >=20 > Sure, that=E2=80=99s feasible, but that=E2=80=99d require a custom protoc= ol that I=E2=80=99d > rather avoid. I don't think it does, as long as we are using Shepherd and not SystemD (I don't think that SystemD supports opening regular files instead of sockets?), we could just=20 * extend 'endpoint->listening-socket' (in Shepherd) to allow opening regular files (and not only actual sockets) * in 'systemd-socket' (in (guix scripts publish)), expect two startup file descriptors instead of one startup file descriptor, and return both (the first one is the actual listening socket, the second one the secret key file) * modify 'guix-publish' appropriately * modify the guix-publish service to pass the file descriptor of the secret key file in addition to listening socket. Greetings, Maxime. --=-iJ1hck27Kv3FQmVyrVSP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlU7XxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7h95AP9DWQBnGpRmnT+KS1K98h+2CDVl R9a5kSKYb/AdUajhCAD/Urv6RbCHzu9aAaX5yBxK2q+VqF8+r75lAeS9TScBKwA= =FbrF -----END PGP SIGNATURE----- --=-iJ1hck27Kv3FQmVyrVSP-- From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 12 04:48:52 2022 Received: (at 54811) by debbugs.gnu.org; 12 Apr 2022 08:48:52 +0000 Received: from localhost ([127.0.0.1]:47463 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neCCi-00050Y-0i for submit@debbugs.gnu.org; Tue, 12 Apr 2022 04:48:52 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:42860) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neCCg-00050Q-9N for 54811@debbugs.gnu.org; Tue, 12 Apr 2022 04:48:51 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by michel.telenet-ops.be with bizsmtp id Hkoo270074UW6Th06kooq6; Tue, 12 Apr 2022 10:48:48 +0200 Message-ID: Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Tue, 12 Apr 2022 10:48:48 +0200 In-Reply-To: <87bkx7gy2f.fsf_-_@gnu.org> References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> <877d7wkl18.fsf@gnu.org> <5ba8549a9336a998133083939b1425f8bb5ad77f.camel@telenet.be> <87bkx7gy2f.fsf_-_@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-0KfIXutJxhAgBgNlkKtc" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1649753328; bh=NjalnX5+JDclBbXhOh2ts9iiD8Mtxq+QGs5QJbML/5A=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=HcFUWobB/tCVCsv16t7CI8rexr+2a927qHoskFMkAHYfRZzuTd/tWT7SzYItEJzTx gOELdiqLQLNuQWuCwYOkivLk0zYof+exCJHYXMUYyw1B9tZX2f5t99+gU5ryQvj5iK J6+/OfhPfwD+bIePAIp0lzLhT7+usl9IPzzDl0rOIZoXwY0Gp1dyVogDnnESo9RDfy tX9Q9OxwVOe/KoVmdSw6sravr21BiHMYoO/71b56osQueQN/1vCwp+6Oplm9aRUf+x UweOtimGurs+chKhFLe/MFAmlFhXy8thMFQjrbVWigqhbDQq7kqVXdf6aSDax2BSib Y5qF1ikolw0Kg== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-0KfIXutJxhAgBgNlkKtc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op ma 11-04-2022 om 22:33 [+0200]: > > Ludovic Court=C3=A8s schreef op ma 11-04-2022 om 11:48 [+0200]: > > > > =C2=A0=C2=A0 * bonus: except possibly for the secret key material, = "guix > > > > publish" > > > > =C2=A0=C2=A0=C2=A0=C2=A0 does not have to be started=C2=A0 as root = anymore even if uses > > > > a > > > > =C2=A0=C2=A0=C2=A0=C2=A0 reserved port such as port 80 (assuming so= cket activation > > > > is > > > > used). > > >=20 > > > But it does need to access the secret key=E2=80=A6 > >=20 > > The =E2=80=98guix publish=E2=80=99 could be run as a separate, say, gui= x-publish > > user, > > and the secret key could be made readable to guix-publish. >=20 > That doesn=E2=80=99t sound reasonable. Why not? =C2=A0=E2=80=98guix publish=E2=80=99 needs read access to the secr= et key anyway.=20 Though then (if done with chown) =E2=80=98guix publish=E2=80=99 could modif= y the secret key file, so maybe instead of making it =E2=80=98owned=E2=80=99 by the 'gui= x-publish' user, maybe just set an ACL to allow read access from =E2=80=98guix-publish= =E2=80=99 but not write access? Though that seems to be more complex than just letting =E2=80=98guix publis= h=E2=80=99 open the file and change users by itself, so maybe not. Greetings, Maxime. --=-0KfIXutJxhAgBgNlkKtc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlU88BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kBFAQCrQfcxnWAs2pOWW4iEeN22Uh++ 5XrWsx6fdpixOKmyXgEA+oPbO3swRIQ1eJQWI4vjBx07PFdXuoXcxgIhRGCHKQI= =0lhj -----END PGP SIGNATURE----- --=-0KfIXutJxhAgBgNlkKtc-- From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 12 06:15:25 2022 Received: (at 54811) by debbugs.gnu.org; 12 Apr 2022 10:15:25 +0000 Received: from localhost ([127.0.0.1]:47625 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neDYT-0007ki-Ih for submit@debbugs.gnu.org; Tue, 12 Apr 2022 06:15:25 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48612) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neDYS-0007kV-AD for 54811@debbugs.gnu.org; Tue, 12 Apr 2022 06:15:24 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33356) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1neDYM-0004bL-3X; Tue, 12 Apr 2022 06:15:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=vKcxFlk7CXfWkdxKwLoKQ5aV+wrrr6hOQFK/jdjiqrY=; b=KQPEXfACYzG87HPkwfRJ MsG9wp6ZBGtf8BXRA1Vuba4qblaY/KXwmXEE0KSZa4jBF4luBQbR3vIjo5IPYX8lD6SWFL1xsB16t Ctj+ATwE/kxlG9gtNQL/G37PEpPRZsSSashA4lpH2VDlgosZFjHym8xk0/kkaka8l6XboOpSXXgwp PAEroaowrrCZqC2NJoS3bxEb9HsRifV9J9Jo3fVXsxwf5sarg8edbzCwXfRx5kfoBq/VTMtFRSWj1 3Q+UdqxFF483WBJsM3ec8HHYZHIU/2Dt/vbOAh/zBwIVeAdm+nYH3iNw+F5YUSWfJiQOhBojHnrY0 V9frz+utsKgIZA==; Received: from nat-eduroam-36-gw-01-bso.bordeaux.inria.fr ([194.199.1.36]:43904 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1neDYL-0006mE-K8; Tue, 12 Apr 2022 06:15:17 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' References: <20220409091246.6979-1-ludo@gnu.org> <09e052a24c04b9ce45131e77a9c2eeffc57149e4.camel@telenet.be> <87tub26lva.fsf_-_@gnu.org> <39d3583decc263e805b27aea6bac138dbc9787b3.camel@telenet.be> <87sfqk6dvi.fsf@gnu.org> <7deae864707fc4aab3eadc28936775c6b920f8f9.camel@telenet.be> <877d7wkl18.fsf@gnu.org> <5ba8549a9336a998133083939b1425f8bb5ad77f.camel@telenet.be> <87bkx7gy2f.fsf_-_@gnu.org> <4b82341ee0e4bdebbdf477ede00b6a8b33949788.camel@telenet.be> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 23 Germinal an 230 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 12 Apr 2022 12:15:14 +0200 In-Reply-To: <4b82341ee0e4bdebbdf477ede00b6a8b33949788.camel@telenet.be> (Maxime Devos's message of "Tue, 12 Apr 2022 10:42:07 +0200") Message-ID: <87a6cqehfx.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811 Cc: 54811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op ma 11-04-2022 om 22:33 [+0200]: >> > Alternatively, the shepherd could open the secret key file on >> > behalf of >> > =E2=80=98guix publish=E2=80=99 and send it together with the listening= socket to >> > =E2=80=98guix >> > publish=E2=80=99. >>=20 >> Sure, that=E2=80=99s feasible, but that=E2=80=99d require a custom proto= col that I=E2=80=99d >> rather avoid. > > I don't think it does, as long as we are using Shepherd and not SystemD > (I don't think that SystemD supports opening regular files instead of > sockets?), we could just=20 > > * extend 'endpoint->listening-socket' (in Shepherd) to allow opening > regular files (and not only actual sockets) > * in 'systemd-socket' (in (guix scripts publish)), expect two startup > file descriptors instead of one startup file descriptor, and return > both (the first one is the actual listening socket, the second one > the secret key file) We could, but like I wrote, I=E2=80=99d rather stick to the existing system= d (or inetd) protocol, especially since this extension wouldn=E2=80=99t buy us mu= ch IMO. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 14 08:52:08 2022 Received: (at 54811-done) by debbugs.gnu.org; 14 Apr 2022 12:52:08 +0000 Received: from localhost ([127.0.0.1]:55572 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neyxE-0002Al-Kh for submit@debbugs.gnu.org; Thu, 14 Apr 2022 08:52:08 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57444) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neyxD-00029x-8R for 54811-done@debbugs.gnu.org; Thu, 14 Apr 2022 08:52:07 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59396) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1neyx6-00032Y-K6; Thu, 14 Apr 2022 08:52:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=OIgrCye06g7uPSZO06MUz29JN+zO8DyATAXrcB76n/I=; b=L58SS9msDAGfZ+Mh2LyY l8m/ZXmPB0nQORIG767IlSwU9OKSe261GYjCDYWK8eLU4zXmTCQw2GGCWtIYrfWCIJ4OLc5wpg3Ww IUZiEDk4Qek9KQq/YC5SAF1Owwbj/6YddByu3IzC7KfVjkH4hEZYIGzzRkrazy3JRY++UVWpKjXt/ FLa+c1ZrDjBPn1Girvah2/d8oSmSIe4W92fJ5aCCX74mS37hleREzXkGX0rQNzJax3vqheHUyC2bj CaCu6oXgsWf0g6e3LGfpfke6xqxEEiMxY+Sq5T63Uf9wY75qUATtA5nY73OVsMDPK6WnYIGy3qbbS +5niy242KA7JYQ==; Received: from [193.50.110.136] (port=57380 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1neyx6-0004q9-6V; Thu, 14 Apr 2022 08:52:00 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#54811: [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' References: <20220409091340.7013-1-ludo@gnu.org> <20220409091340.7013-2-ludo@gnu.org> <76a4ebb5ab283c363db88ad0250ce30403a34de2.camel@telenet.be> Date: Thu, 14 Apr 2022 14:51:58 +0200 In-Reply-To: <76a4ebb5ab283c363db88ad0250ce30403a34de2.camel@telenet.be> (Maxime Devos's message of "Sat, 09 Apr 2022 11:20:39 +0200") Message-ID: <87zgkn96a9.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54811-done Cc: 54811-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op za 09-04-2022 om 11:13 [+0200]: >> +=C2=A0 "If this program is being spawned through systemd-style \"socket >> +activation\", whereby the listening socket is passed as file descriptor= 3, >> +return the corresponding socket." > > And if it isn't, what is returned then? > > "Otherwise, return #false." I fixed that and pushed: 5f74169e8e daemon: Support systemd-style socket activation. b9233cb9a8 publish: Support systemd-style socket activation. 17c6d00b57 publish: Use SRFI-71 instead of SRFI-11. Thanks, Ludo=E2=80=99. From unknown Fri Jun 20 07:17:30 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 13 May 2022 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator