From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 08 07:31:18 2023 Received: (at submit) by debbugs.gnu.org; 8 Jan 2023 12:31:18 +0000 Received: from localhost ([127.0.0.1]:60131 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pEUpZ-0000vP-U9 for submit@debbugs.gnu.org; Sun, 08 Jan 2023 07:31:18 -0500 Received: from lists.gnu.org ([209.51.188.17]:45276) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pEUpU-0000vE-NJ for submit@debbugs.gnu.org; Sun, 08 Jan 2023 07:31:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pEUpT-0001xO-Ju for bug-guix@gnu.org; Sun, 08 Jan 2023 07:31:11 -0500 Received: from smtpmciv6.myservices.hosting ([185.26.106.201]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pEUpR-0006Ab-CO for bug-guix@gnu.org; Sun, 08 Jan 2023 07:31:11 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.172]) by smtpmciv6.myservices.hosting (Postfix) with ESMTP id E679C20682 for ; Sun, 8 Jan 2023 13:31:05 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id A007F80096 for ; Sun, 8 Jan 2023 13:31:05 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-1.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8FpZXsycBF_I for ; Sun, 8 Jan 2023 13:31:04 +0100 (CET) Received: from [192.168.1.239] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 4CF6580093 for ; Sun, 8 Jan 2023 13:31:04 +0100 (CET) Message-ID: Date: Sun, 8 Jan 2023 12:31:03 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Content-Language: en-US To: bug-guix From: Bruno Victal Subject: Rethinking how service extensions work Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=185.26.106.201; envelope-from=mirai@makinata.eu; helo=smtpmciv6.myservices.hosting X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Hi all, The current situation with services in Guix is that service extensions do not care about dependencies. This can result in cryptic errors as seen in [1]. In [1], the issue arises from using activation-service-type to create files/directories for services when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service. 'activation-service-type' should only be used for doing things "listed on its label", that is, performing actions at boot-time or after a system reconfigure. But both solutions (1) and (2) are still not enough as the directories themselves might not yet be available and the services must be aware of this fact and wait for them to be ready. One example would be a network dependent mount or a simple service that mounts a volume such as: --8<---------------cut here---------------start------------->8--- (simple-service 'mount-overlayfs shepherd-root-service-type (list (shepherd-service (requirement '(foo-mount)) (provision '(overlayfs-foo)) (documentation "Mount OverlayFS.") (one-shot? #t) (start (let ((util-linux (@ (gnu packages linux) util-linux))) #~(lambda _ (system* #$(file-append util-linux "/bin/mount") "-t" "overlay" "-o" (string-append "noatime,nodev,noexec,ro," "lowerdir=" (string-join '("/srv/foo/overlays/top-layer" "/srv/foo/overlays/layer2" "/srv/foo/overlays/layer1" "/media/foo-base") ":")) "none" "/media/foo" ))))))) --8<---------------cut here---------------end--------------->8--- This example also means that it's untenable to just look into the file-systems field entries and attempt to intelligently discover which paths are required for the services and add them as dependencies (another hole to this idea is that overlayfs and some fuse filesystems can mount over the same path). I've proposed in [2] for the service procedure to accept optional arguments, these could be of interest in solving this problem. Another place we should look at is how systemd manages its service dependencies, with the 'Wants', 'After', 'Before', 'RequiresMountsFor', etc. [3] directives. These could potentially be implemented and used alongside [2]. Such changes might also imply that a UI change in herd is required to handle the structured information or to avoid cluttering it with too much "noise". [1]: https://issues.guix.gnu.org/57589#12 [2]: https://lists.gnu.org/archive/html/guix-devel/2022-12/msg00292.html [3]: https://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BUnit%5D%20Section%20Options From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 24 12:31:12 2023 Received: (at 60657) by debbugs.gnu.org; 24 Jan 2023 17:31:12 +0000 Received: from localhost ([127.0.0.1]:57501 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pKN8a-0002hA-Iu for submit@debbugs.gnu.org; Tue, 24 Jan 2023 12:31:12 -0500 Received: from smtpm1.myservices.hosting ([185.26.105.232]:53312) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pKN8W-0002gz-FF for 60657@debbugs.gnu.org; Tue, 24 Jan 2023 12:31:11 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.172]) by smtpm1.myservices.hosting (Postfix) with ESMTP id D7E3020511 for <60657@debbugs.gnu.org>; Tue, 24 Jan 2023 18:31:06 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 6C0CA8009A for <60657@debbugs.gnu.org>; Tue, 24 Jan 2023 18:31:06 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-1.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id gnovUycj4TJm for <60657@debbugs.gnu.org>; Tue, 24 Jan 2023 18:31:06 +0100 (CET) Received: from [192.168.1.239] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 1113C80099 for <60657@debbugs.gnu.org>; Tue, 24 Jan 2023 18:31:06 +0100 (CET) Message-ID: <10e6cd1e-644c-b02c-e0a6-bcb110dbd5f1@makinata.eu> Date: Tue, 24 Jan 2023 17:31:05 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: Re: bug#60657: Rethinking how service extensions work Content-Language: en-US From: Bruno Victal To: 60657@debbugs.gnu.org References: In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: 60657 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) On 2023-01-08 12:31, Bruno Victal wrote: > (...) the issue arises from using activation-service-type to create files/directories for services > when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service. Idea: Instead of moving these procedures into the start procedure from shepherd-service and end up with a very large start constructor, we could augment with a 'pre-start' field that is responsible for setting up the initial conditions for the service. That is, we move most of the code in the activation-service-type extensions into this 'pre-start' field. We could also consider if it would make sense adding post-start, pre-stop and post-stop fields. Cheers, Bruno From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 25 12:46:29 2023 Received: (at 60657) by debbugs.gnu.org; 25 Feb 2023 17:46:29 +0000 Received: from localhost ([127.0.0.1]:41366 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVycv-0005hB-73 for submit@debbugs.gnu.org; Sat, 25 Feb 2023 12:46:29 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52252) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVycs-0005gx-WE for 60657@debbugs.gnu.org; Sat, 25 Feb 2023 12:46:27 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVycn-0002Of-H6; Sat, 25 Feb 2023 12:46:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=OkO6HSNpS/zaWtCO3nP2+tmQUC2Jmh9GDdBRzpAUJ0o=; b=jfl5qSXly70kXfMygo/S +xCKsWTcwVh7jkrKf5i8GJNDq/SHokrIOchAgeMs9BHAwHqqIGDeIN8cmXBlVohzUSBVQoxdTIGKJ 9fXR7Sk4PcQXTk4EdqqM8tWviQpm3uSIY8OQZjUqWVSR6qy+V53k8GO/IyWJOxkrP+prJUaF1qWXq tEWH4zouH4StMYQFZOxg6r0KF7n52M++YpGZUjUreZtuqMExUAdQmBR0gK28HwVp0R8KPgf9S7z+F rXTwFcKO82ks1uDLBeqIXGFXzEhbzS6QhvFr3TGmxu98a0vyFmIfFNwcbqEJBJ7lQtMnyC/C0ZyHY mykFI/31Qs1M8g==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVycl-00035O-RQ; Sat, 25 Feb 2023 12:46:20 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Bruno Victal Subject: Re: bug#60657: Rethinking how service extensions work References: Date: Sat, 25 Feb 2023 18:46:18 +0100 In-Reply-To: (Bruno Victal's message of "Sun, 8 Jan 2023 12:31:03 +0000") Message-ID: <87pm9xy6xh.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 60657 Cc: 60657@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Bruno, Bruno Victal skribis: > The current situation with services in Guix is that service extensions do= not care about dependencies. This is the result of =E2=80=9Cservices=E2=80=9D being unrelated to =E2=80= =9CShepherd services=E2=80=9D, as noted in the manual (info "(guix) Services"). > This can result in cryptic errors as seen in [1]. > > [1] https://issues.guix.gnu.org/57589#12 > > In [1], the issue arises from using activation-service-type to create fil= es/directories for services > when these should be either (1) shepherd one-shot services or moved into = the 'start' procedure of the service. > 'activation-service-type' should only be used for doing things "listed on= its label", that is, performing > actions at boot-time or after a system reconfigure. Right. As we once discussed on IRC, the conclusion to me is that some of the code currently implemented as activation snippets should rather be implemented either as part of the =E2=80=98start=E2=80=99 method of the cor= responding Shepherd service, or as a one-shot Shepherd service that the main service would depend on. > But both solutions (1) and (2) are still not enough as the directories th= emselves might not yet > be available and the services must be aware of this fact and wait for the= m to be ready. One example > would be a network dependent mount or a simple service that mounts a volu= me such as: > > (simple-service 'mount-overlayfs shepherd-root-service-type > (list (shepherd-service (requirement '(foo-mount)) > (provision '(overlayfs-foo)) > (documentation "Mount OverlayFS.") > (one-shot? #t) > (start (let ((util-linux (@ (gnu = packages linux) util-linux))) > #~(lambda _ > (system* #$(file-app= end util-linux "/bin/mount") > "-t" "overl= ay" > "-o" (strin= g-append "noatime,nodev,noexec,ro," > = "lowerdir=3D" > = (string-join '("/srv/foo/overlays/top-layer" > = "/srv/foo/overlays/layer2" > = "/srv/foo/overlays/layer1" > = "/media/foo-base") ":")) > "none" "/me= dia/foo" ))))))) Note that this should prolly be declared as a =E2=80=98file-system=E2=80=99= rather than as a custom service. That way, it would get a =E2=80=9Cstandard=E2=80=9D S= hepherd service. There are cases where we add explicit dependencies on =E2=80=98file-system-/media/foo=E2=80=99 or similar. has a = =E2=80=98dependencies=E2=80=99 field specifically for this purpose (info "(guix) File Systems"). Would that work for you? HTH, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue May 09 15:13:06 2023 Received: (at 60657) by debbugs.gnu.org; 9 May 2023 19:13:06 +0000 Received: from localhost ([127.0.0.1]:44513 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pwSlm-000299-2k for submit@debbugs.gnu.org; Tue, 09 May 2023 15:13:06 -0400 Received: from smtpmciv3.myservices.hosting ([185.26.107.239]:58532) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pwSlh-00028h-S6 for 60657@debbugs.gnu.org; Tue, 09 May 2023 15:13:05 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv3.myservices.hosting (Postfix) with ESMTP id D7B70206BB; Tue, 9 May 2023 21:12:59 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 4795680098; Tue, 9 May 2023 21:12:59 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0O9VsCco37HR; Tue, 9 May 2023 21:12:58 +0200 (CEST) Received: from [192.168.1.239] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id A8F7780097; Tue, 9 May 2023 21:12:58 +0200 (CEST) Message-ID: Date: Tue, 9 May 2023 20:12:58 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: Re: bug#60657: Rethinking how service extensions work Content-Language: en-US To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= References: <87pm9xy6xh.fsf@gnu.org> From: Bruno Victal In-Reply-To: <87pm9xy6xh.fsf@gnu.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: 60657 Cc: 60657@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) Hi Ludo’, On 2023-02-25 17:46, Ludovic Courtès wrote: > Bruno Victal skribis: >> In [1], the issue arises from using activation-service-type to create files/directories for services >> when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service. >> 'activation-service-type' should only be used for doing things "listed on its label", that is, performing >> actions at boot-time or after a system reconfigure. > > Right. > > As we once discussed on IRC, the conclusion to me is that some of the > code currently implemented as activation snippets should rather be > implemented either as part of the ‘start’ method of the corresponding > Shepherd service, or as a one-shot Shepherd service that the main > service would depend on. I think moving them into the ‘start’ method is the best course of action. I'm considering the following changes: * Adding (gnu build activation) to %default-imported-modules + %default-modules in (gnu services shepherd). I expect that mkdir-p/perms is going to be used frequently enough, using the number of activation-service extensions in use as a rough estimate. * Refactor the activation extensions into the ‘start’ method, where it makes sense to do so. There's one issue I'm somewhat concerned about, consider the following snippet: --8<---------------cut here---------------start------------->8--- (define log-directory "/var/log") (define username "notroot") (start #~(lambda _ (mkdir-p/perms #$log-directory (getpw #$username) #o750) ...)) --8<---------------cut here---------------end--------------->8--- This is somewhat pitfall prone since you most likely don't want to chown /var/log to a non-root user. I'm unsure what's the best course to take here, would a simple file-exist? check before mkdir-p/perms be sufficient? In either case, with or without refactoring this issue is already present (but in activation-service extensions) so it's no worse than the status quo. >> (simple-service 'mount-overlayfs shepherd-root-service-type >> (list (shepherd-service (requirement '(foo-mount)) >> (provision '(overlayfs-foo)) >> (documentation "Mount OverlayFS.") >> (one-shot? #t) >> (start (let ((util-linux (@ (gnu packages linux) util-linux))) >> #~(lambda _ >> (system* #$(file-append util-linux "/bin/mount") >> "-t" "overlay" >> "-o" (string-append "noatime,nodev,noexec,ro," >> "lowerdir=" >> (string-join '("/srv/foo/overlays/top-layer" >> "/srv/foo/overlays/layer2" >> "/srv/foo/overlays/layer1" >> "/media/foo-base") ":")) >> "none" "/media/foo" ))))))) > > Note that this should prolly be declared as a ‘file-system’ rather than > as a custom service. That way, it would get a “standard” Shepherd > service. > > There are cases where we add explicit dependencies on > ‘file-system-/media/foo’ or similar. has a ‘dependencies’ > field specifically for this purpose (info "(guix) File Systems"). > > Would that work for you? Unfortunately OverlayFS is filtered out from fstab by Guix (reported #60246) and the dependencies field IMO is too restrictive, there should be a (sane) way to pass shepherd service symbols too. (for cases where a file system depends on 'networking or depends on a particular interface e.g. NFS mount that uses a IPv6 link-local address) Cheers, Bruno From debbugs-submit-bounces@debbugs.gnu.org Wed May 10 15:57:47 2023 Received: (at 60657) by debbugs.gnu.org; 10 May 2023 19:57:47 +0000 Received: from localhost ([127.0.0.1]:49077 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pwpwY-0000jd-Vr for submit@debbugs.gnu.org; Wed, 10 May 2023 15:57:47 -0400 Received: from mail-ej1-f66.google.com ([209.85.218.66]:49624) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pwpwW-0000jP-Bg for 60657@debbugs.gnu.org; Wed, 10 May 2023 15:57:45 -0400 Received: by mail-ej1-f66.google.com with SMTP id a640c23a62f3a-956ff2399b1so1446067466b.3 for <60657@debbugs.gnu.org>; Wed, 10 May 2023 12:57:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683748658; x=1686340658; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=oJWoWM+Hj1vuU+PkQccLaCDKoQ2Ih7KwkUx1NyAFRvA=; b=ZWgQYRYx3R8g+c9iszOq9EkEgp96z18csSLQKWd73kzGg7qA0fnhiqVuLf50TEMNIi ohgJrZxi2Bf2mwHvIWb3+EpMnA14ylsZZyGtRW1KB6zHFaYqO/Q7bwVkAEezUWucp2ZN jRbljcIja3+P4Vs4vYbPKF0eYQ6g690Ie/NmxqZILLuJXFl5rA2rGWDI43+gFGYJH7j+ /6ZdHiS72/TlJkstzbatazSgdr7fYZLyTCrLevOjP/BLieWd5eTAdY8oVdj5kk5RiKdT ZX5PQ/c/cTtJ2LmI9FJy++asof87jLeIszRPhDJ3q3mc1fwZ4FWFAN1cNZLZVFx2ncZJ 0IsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683748658; x=1686340658; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=oJWoWM+Hj1vuU+PkQccLaCDKoQ2Ih7KwkUx1NyAFRvA=; b=fOA1YGE2L5qnO+ypqPBOO687Tc0BTDpTHRpS+XnHuaBOW2Wsy2kOA8L5wkN3mgV/pQ hHikTOoUFofOxsoz/+NKu/1oVIIpO0OSRQhXhDlCJbA4LbK0veiIq/3DsUMiJ24kYVlU lFDe2wnrP5hmk9Jd4sOHXlNXLJBMnq9RFYbFDrRG4o0tRJdUegcZ8d6Y+dOgjiQFrLRP MF0Ot1qpXEJWVFB6227gTvJM+8yHMC5V3gkf3Resf6ChT1UWdWzOK8nEOWQ3ARndTX0N T/otNHLpbYUaobdrTKATn9t6Ue0vxicU3+9qeN2OJfROQkvpjW4n5aKNZ7sV6zrnc0BQ H6Ww== X-Gm-Message-State: AC+VfDxnqLoVZT3FgzZ5WU2ngCdgDPUgbjEFviJuqth9S6/Ya6TDapK7 xOvC3b7QUAeW/wle6Hif8xumW6BhzazqIA== X-Google-Smtp-Source: ACHHUZ7D2PhfUatIlMAMWbLRmDFE3jbw3eIPZc7U35Ew3kHaTCBQonfGbITCABNponeTi79GohmlkA== X-Received: by 2002:a17:907:8a04:b0:95f:de3c:6c98 with SMTP id sc4-20020a1709078a0400b0095fde3c6c98mr18213255ejc.58.1683748658339; Wed, 10 May 2023 12:57:38 -0700 (PDT) Received: from lumine.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id ib8-20020a1709072c6800b0094f67ea6598sm3055871ejc.193.2023.05.10.12.57.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 May 2023 12:57:38 -0700 (PDT) Message-ID: <5502762865d23b85dd133821904008344b3c6602.camel@gmail.com> Subject: Re: bug#60657: Rethinking how service extensions work From: Liliana Marie Prikler To: Bruno Victal , Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Wed, 10 May 2023 21:57:37 +0200 In-Reply-To: References: <87pm9xy6xh.fsf@gnu.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 60657 Cc: 60657@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Dienstag, dem 09.05.2023 um 20:12 +0100 schrieb Bruno Victal: > Hi Ludo=E2=80=99, >=20 > On 2023-02-25 17:46, Ludovic Court=C3=A8s wrote: > > Bruno Victal skribis: > > > In [1], the issue arises from using activation-service-type to > > > create files/directories for services > > > when these should be either (1) shepherd one-shot services or > > > moved into the 'start' procedure of the service. > > > 'activation-service-type' should only be used for doing things > > > "listed on its label", that is, performing > > > actions at boot-time or after a system reconfigure. > >=20 > > Right. > >=20 > > As we once discussed on IRC, the conclusion to me is that some of > > the > > code currently implemented as activation snippets should rather be > > implemented either as part of the =E2=80=98start=E2=80=99 method of the > > corresponding > > Shepherd service, or as a one-shot Shepherd service that the main > > service would depend on. >=20 > I think moving them into the =E2=80=98start=E2=80=99 method is the best c= ourse of > action. > I'm considering the following changes: > * Adding (gnu build activation) to %default-imported-modules + > %default-modules in (gnu services shepherd). > =C2=A0 I expect that mkdir-p/perms is going to be used frequently enough, > using the number of activation-service > =C2=A0 extensions in use as a rough estimate. > * Refactor the activation extensions into the =E2=80=98start=E2=80=99 met= hod, where > it makes sense to do so. >=20 >=20 > There's one issue I'm somewhat concerned about, consider the > following snippet: >=20 > --8<---------------cut here---------------start------------->8--- >=20 > (define log-directory "/var/log") > (define username "notroot") >=20 > (start > =C2=A0#~(lambda _ > =C2=A0=C2=A0=C2=A0 (mkdir-p/perms #$log-directory (getpw #$username) #o75= 0) > =C2=A0=C2=A0=C2=A0 ...)) >=20 > --8<---------------cut here---------------end--------------->8--- >=20 > This is somewhat pitfall prone since you most likely don't want to > chown /var/log to a non-root user. > I'm unsure what's the best course to take here, would a simple file- > exist? check before mkdir-p/perms be sufficient? I think this question highlights perfectly why one-shot services (or perhaps an as-of yet unknown type of services) are the way to go: With clearly named services for the creation of directories, you don't need to worry about creating some file with the wrong permissions as the owner is already predetermined. You also don't need mkdir-p; you simply depend on the mkdir-#$(dirname my-directory) service. Cheers From debbugs-submit-bounces@debbugs.gnu.org Thu May 11 06:23:02 2023 Received: (at 60657) by debbugs.gnu.org; 11 May 2023 10:23:03 +0000 Received: from localhost ([127.0.0.1]:49786 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1px3Ru-00068W-7k for submit@debbugs.gnu.org; Thu, 11 May 2023 06:23:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44100) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1px3Rp-00067s-51 for 60657@debbugs.gnu.org; Thu, 11 May 2023 06:23:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1px3Rj-0004Yq-6w; Thu, 11 May 2023 06:22:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=+yE3fAxGd9yUzwv2zQzriN6hrPiokzxfQiVcK1jQMHg=; b=KbsuNdQCzuEX9sOUBx2X QIN4yPJHyWSQ+snVlkVkf2gfpKRGGAuNdfxqkUYduT09RsImuO386Uyuc0pDQ23WT9UxM0VRSV6El 75nHrMNcrGpRBgHk5EDqL4awD/TFDr3sz857Glcno1XAheTmzurxnndddOYh18sL5eD1D/hG6BNuX wAON4VmHDYb1Xt84N6Qh6AfjXWZhvpwRGrLBD9zkIxBUlYq4KcaPgqOSsTi1RGGID6T7fuxBUYRj8 j2X3ZHlrTxp+iu1yqEzZif3DzNY28dxfuQyOqPbDXIqQIw/rVScj+efxpb2AuGcAgdM2xKRZf65gT yp4IqZbdwY9OTw==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1px3Ri-00068C-QX; Thu, 11 May 2023 06:22:51 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Bruno Victal Subject: Re: bug#60657: Rethinking how service extensions work References: <87pm9xy6xh.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Duodi 22 =?utf-8?Q?Flor=C3=A9al?= an 231 de la =?utf-8?Q?R=C3=A9volution=2C?= jour de la Fritillaire X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 11 May 2023 12:22:48 +0200 In-Reply-To: (Bruno Victal's message of "Tue, 9 May 2023 20:12:58 +0100") Message-ID: <8735436ubr.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 60657 Cc: 60657@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Bruno, Bruno Victal skribis: > On 2023-02-25 17:46, Ludovic Court=C3=A8s wrote: [...] >> As we once discussed on IRC, the conclusion to me is that some of the >> code currently implemented as activation snippets should rather be >> implemented either as part of the =E2=80=98start=E2=80=99 method of the = corresponding >> Shepherd service, or as a one-shot Shepherd service that the main >> service would depend on. > > I think moving them into the =E2=80=98start=E2=80=99 method is the best c= ourse of action. > I'm considering the following changes: > * Adding (gnu build activation) to %default-imported-modules + %default-m= odules in (gnu services shepherd). > I expect that mkdir-p/perms is going to be used frequently enough, usin= g the number of activation-service > extensions in use as a rough estimate. > * Refactor the activation extensions into the =E2=80=98start=E2=80=99 met= hod, where it makes sense to do so. OK. Cosmetic considerations: how about adding a =E2=80=98pre-start=E2=80= =99 field in ? That would allow us to keep the =E2=80=9Csetup=E2=80= =9D bit visually separate from the actual =E2=80=98start=E2=80=99 method, even if u= nder the hood they get =E2=80=9Cmerged=E2=80=9D together: (shepherd-service ;; =E2=80=A6 (pre-start #~(mkdir-p "/whatever")) (start #~(make-forkexec-constructor =E2=80=A6))) > There's one issue I'm somewhat concerned about, consider the following sn= ippet: > > > (define log-directory "/var/log") > (define username "notroot") > > (start > #~(lambda _ > (mkdir-p/perms #$log-directory (getpw #$username) #o750) > ...)) > > This is somewhat pitfall prone since you most likely don't want to chown = /var/log to a non-root user. > I'm unsure what's the best course to take here, would a simple file-exist= ? check before mkdir-p/perms be sufficient? We ensure /var/log exists before anything else=E2=80=94see =E2=80=98directi= ves=E2=80=99 in (gnu build install). If we want an extra safety, we can add a real activation snippet that does (mkdir-p "/var/log"), with the understanding that it would notably run at boot time before shepherd is started. > In either case, with or without refactoring this issue is already present= (but in activation-service extensions) > so it's no worse than the status quo. Right. >> Note that this should prolly be declared as a =E2=80=98file-system=E2=80= =99 rather than >> as a custom service. That way, it would get a =E2=80=9Cstandard=E2=80= =9D Shepherd >> service. >>=20 >> There are cases where we add explicit dependencies on >> =E2=80=98file-system-/media/foo=E2=80=99 or similar. has = a =E2=80=98dependencies=E2=80=99 >> field specifically for this purpose (info "(guix) File Systems"). >>=20 >> Would that work for you? > > Unfortunately OverlayFS is filtered out from fstab by Guix (reported #602= 46) and the dependencies field IMO is too restrictive, > there should be a (sane) way to pass shepherd service symbols too. (for c= ases where a file system depends on 'networking or > depends on a particular interface e.g. NFS mount that uses a IPv6 link-lo= cal address) Sure, we could make these changes. Let=E2=80=99s discuss it separately? Thanks, Ludo=E2=80=99.