From unknown Sat Jun 21 03:10:33 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#63877 <63877@debbugs.gnu.org> To: bug#63877 <63877@debbugs.gnu.org> Subject: Status: [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment. Reply-To: bug#63877 <63877@debbugs.gnu.org> Date: Sat, 21 Jun 2025 10:10:33 +0000 retitle 63877 [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm envir= onment. reassign 63877 guix-patches submitter 63877 Timo Wilken severity 63877 normal tag 63877 moreinfo patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 03 14:25:49 2023 Received: (at submit) by debbugs.gnu.org; 3 Jun 2023 18:25:49 +0000 Received: from localhost ([127.0.0.1]:44282 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q5Vwj-0001gZ-AI for submit@debbugs.gnu.org; Sat, 03 Jun 2023 14:25:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:49502) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q5Vwg-0001gO-Fq for submit@debbugs.gnu.org; Sat, 03 Jun 2023 14:25:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q5Vwg-0003gc-A7 for guix-patches@gnu.org; Sat, 03 Jun 2023 14:25:46 -0400 Received: from mx1.mythic-beasts.com ([2a00:1098:0:86:1000:0:2:1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q5Vwe-0000kD-EP for guix-patches@gnu.org; Sat, 03 Jun 2023 14:25:46 -0400 Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q5Vwc-00Fdc8-FC; Sat, 03 Jun 2023 19:25:42 +0100 From: Timo Wilken To: guix-patches@gnu.org Subject: [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment. Date: Sat, 3 Jun 2023 20:25:12 +0200 Message-Id: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@twilken.net> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BlackCat-Spam-Score: 9 X-Spam-Status: No, score=0.9 Received-SPF: pass client-ip=2a00:1098:0:86:1000:0:2:1; envelope-from=guix@twilken.net; helo=mx1.mythic-beasts.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: Timo Wilken X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For this, they need to know where the system CA certificates are. * gnu/services/web.scm (php-fpm-shepherd-service): Set SSL_CERT_DIR environment variable. --- This solution adds a dependency from the resulting Shepherd service to the nss-certs package, which weighs 0.3 MiB. An alternative solution might be to set SSL_CERT_DIR=/etc/ssl/certs instead and rely on nss-certs being installed system-wide. gnu/services/web.scm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 45897d7d6f..e46710a040 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton ;;; Copyright © 2022 Simen Endsjø ;;; Copyright © 2023 Bruno Victal +;;; Copyright © 2023 Timo Wilken ;;; ;;; This file is part of GNU Guix. ;;; @@ -1096,6 +1097,12 @@ (define php-fpm-shepherd-service #$@(if php-ini-file `("-c" ,php-ini-file) '())) + #:environment-variables + (cons* + ;; Needed by e.g. Nextcloud to make HTTPS requests. + (string-append + "SSL_CERT_DIR=" #$(file-append nss-certs "/etc/ssl/certs")) + (default-environment-variables)) #:pid-file #$pid-file)) (stop #~(make-kill-destructor))))))) base-commit: 66c9b82fed3c59ee07187898592c688c82fed273 -- 2.40.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 03 18:19:01 2023 Received: (at 63877) by debbugs.gnu.org; 3 Jun 2023 22:19:01 +0000 Received: from localhost ([127.0.0.1]:44462 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q5ZaP-0007oK-C9 for submit@debbugs.gnu.org; Sat, 03 Jun 2023 18:19:01 -0400 Received: from smtpm4.myservices.hosting ([185.26.105.235]:42998) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q5ZaM-0007o8-Lc for 63877@debbugs.gnu.org; Sat, 03 Jun 2023 18:18:59 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm4.myservices.hosting (Postfix) with ESMTP id B8C3920C80; Sun, 4 Jun 2023 00:18:57 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 0DED480097; Sun, 4 Jun 2023 00:18:57 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 37HNox9YgHDZ; Sun, 4 Jun 2023 00:18:56 +0200 (CEST) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 949A580060; Sun, 4 Jun 2023 00:18:56 +0200 (CEST) Message-ID: Date: Sat, 3 Jun 2023 23:18:51 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 Subject: Re: [bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment. Content-Language: en-US To: Timo Wilken References: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@twilken.net> From: Bruno Victal In-Reply-To: <3fec02d93b8e7803dd8183e7f0037ec1a1393b0f.1685816572.git.guix@twilken.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: 63877 Cc: 63877@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) Hi Timo, On 2023-06-03 19:25, Timo Wilken wrote: > Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For > this, they need to know where the system CA certificates are. > > * gnu/services/web.scm (php-fpm-shepherd-service): Set SSL_CERT_DIR > environment variable. > --- > > This solution adds a dependency from the resulting Shepherd service to the > nss-certs package, which weighs 0.3 MiB. An alternative solution might be to > set SSL_CERT_DIR=/etc/ssl/certs instead and rely on nss-certs being installed > system-wide. How about exposing this as a new environment-variable record field à la mpd-configuration (gnu services audio)? Forcing the service to use a specific package seems overly rigid since it would make it impossible to specify alternate/custom certificates or nss-certs package variants. -- Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno. From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 04 09:59:35 2023 Received: (at 63877) by debbugs.gnu.org; 4 Jun 2023 13:59:35 +0000 Received: from localhost ([127.0.0.1]:46814 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q5oGc-0002bw-GV for submit@debbugs.gnu.org; Sun, 04 Jun 2023 09:59:34 -0400 Received: from mx2.mythic-beasts.com ([46.235.227.24]:39303) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q5oGa-0002bg-5M for 63877@debbugs.gnu.org; Sun, 04 Jun 2023 09:59:33 -0400 Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q5oGT-00AVTe-Rt; Sun, 04 Jun 2023 14:59:26 +0100 From: Timo Wilken To: 63877@debbugs.gnu.org Subject: [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables. Date: Sun, 4 Jun 2023 15:59:03 +0200 Message-Id: X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BlackCat-Spam-Score: 9 X-Spam-Status: No, score=0.9 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 63877 Cc: mirai@makinata.eu, Timo Wilken X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For this, they need to know where the system CA certificates are, so SSL_CERT_DIR needs to be set. This can be accomplished by the user using the new environment-variables field of . This field is empty by default to preserve the existing behaviour of php-fpm. * gnu/services/web.scm (): Add environment-variables field. (php-fpm-shepherd-service): Use the new field. * doc/guix.texi (Web Services): Document the new field. --- > How about exposing this as a new environment-variable record field à la > mpd-configuration (gnu services audio)? Hi Bruno, that's a good point! I've added a new field instead where the user can specify arbitrary environment variables. I've left it empty by default so there's no added dependency on any package, and documented my intended use case in the info manual instead. Caveat: I haven't tested this "live" yet. doc/guix.texi | 12 ++++++++++++ gnu/services/web.scm | 11 +++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 7f8d8d66e9..441867afee 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -30994,6 +30994,18 @@ Web Services An optional override of the default php settings. It may be any ``file-like'' object (@pxref{G-Expressions, file-like objects}). You can use the @code{mixed-text-file} function or an absolute filepath for it. +@item @code{environment-variables} (default @code{#~(list)}) +A gexp (@pxref{G-Expressions}) which produces a list of strings +representing environment variable assignments. +These environment variables are set for the php-fpm process. +This can be used to, for example, point php-fpm at the CA certificates +in the @code{nss-certs} package from @code{(gnu packages certs)}: +@lisp +(php-fpm-configuration + ;; @dots{} + (environment-variables + #~(list (string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs")))) +@end lisp For local development it is useful to set a higher timeout and memory limit for spawned php processes. This be accomplished with the diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 45897d7d6f..1c496d5946 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton ;;; Copyright © 2022 Simen Endsjø ;;; Copyright © 2023 Bruno Victal +;;; Copyright © 2023 Timo Wilken ;;; ;;; This file is part of GNU Guix. ;;; @@ -974,7 +975,9 @@ (define-record-type* php-fpm-configuration (file php-fpm-configuration-file ;#f | file-like (default #f)) (php-ini-file php-fpm-configuration-php-ini-file ;#f | file-like - (default #f))) + (default #f)) + (environment-variables php-fpm-configuration-environment-variables ;gexp producing list-of-strings + (default #~(list)))) (define-record-type* php-fpm-dynamic-process-manager-configuration @@ -1081,7 +1084,8 @@ (define php-fpm-shepherd-service (match-lambda (($ php socket user group socket-user socket-group pid-file log-file pm display-errors - timezone workers-log-file file php-ini-file) + timezone workers-log-file file php-ini-file + environment-variables) (list (shepherd-service (provision '(php-fpm)) (documentation "Run the php-fpm daemon.") @@ -1096,6 +1100,9 @@ (define php-fpm-shepherd-service #$@(if php-ini-file `("-c" ,php-ini-file) '())) + #:environment-variables + (append #$environment-variables + (default-environment-variables)) #:pid-file #$pid-file)) (stop #~(make-kill-destructor))))))) base-commit: 66c9b82fed3c59ee07187898592c688c82fed273 -- 2.40.1 From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 04 23:52:06 2023 Received: (at 63877) by debbugs.gnu.org; 5 Jun 2023 03:52:06 +0000 Received: from localhost ([127.0.0.1]:47669 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q61GI-00037a-BP for submit@debbugs.gnu.org; Sun, 04 Jun 2023 23:52:06 -0400 Received: from smtpm5.myservices.hosting ([185.26.105.236]:43618) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q61GG-00037R-5F for 63877@debbugs.gnu.org; Sun, 04 Jun 2023 23:52:05 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm5.myservices.hosting (Postfix) with ESMTP id 1140120D25; Mon, 5 Jun 2023 05:52:01 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 1999B80097; Mon, 5 Jun 2023 05:44:39 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oFBD1LC2XNHk; Mon, 5 Jun 2023 05:44:38 +0200 (CEST) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 9285B80060; Mon, 5 Jun 2023 05:44:38 +0200 (CEST) Message-ID: Date: Mon, 5 Jun 2023 04:44:37 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 Subject: Re: [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables. Content-Language: en-US To: Timo Wilken References: From: Bruno Victal In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: 63877 Cc: 63877@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) On 2023-06-04 14:59, Timo Wilken wrote: > @@ -1096,6 +1100,9 @@ (define php-fpm-shepherd-service > #$@(if php-ini-file > `("-c" ,php-ini-file) > '())) > + #:environment-variables > + (append #$environment-variables > + (default-environment-variables)) Ungexp-ing lists can be rather tricky since your snippet will expand to: --8<---------------cut here---------------start------------->8--- ... #:environment-variables (append ("FOO=bar" ...) (default-environment-variables)) ... --8<---------------cut here---------------end--------------->8--- Which is interpreted as a procedure call. (and results in a hanged shepherd) You need to quote the list here: --8<---------------cut here---------------start------------->8--- #:environment-variables (append '#$environment-variables (default-environment-variables)) --8<---------------cut here---------------end--------------->8--- Bonus points if you can write a small system test for this. (see gnu/tests/web.scm for inspiration) For our purposes, a pair of HTTP servers where one of them uses a self-signed certificate will suffice. -- Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno. From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 01 10:41:09 2023 Received: (at 63877) by debbugs.gnu.org; 1 Jul 2023 14:41:09 +0000 Received: from localhost ([127.0.0.1]:58468 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qFbme-00047t-Pe for submit@debbugs.gnu.org; Sat, 01 Jul 2023 10:41:09 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39670) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qFbmc-00047X-P5 for 63877@debbugs.gnu.org; Sat, 01 Jul 2023 10:41:07 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qFbmW-0003zt-Og; Sat, 01 Jul 2023 10:41:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=a6YhyTeXqE4/KdzY0EWuyx7MySd6Z2HM+omvacVHGgk=; b=Ehegan8DbaDYpEepmRDb AE6XiCUEwTiQtQDG9kIvDv4LQYf3Q3vzM4rRurahxIIMdVCSWEQk7x5jRlKpT0W+ye2HSf3b13FZ5 aaBmOoUKlf3Vk4vCsigFsR8gbGMlN3rj2fBpNjO24gbqRPjfqUmW9hjF5kELFO+Uba7fZ0d/TNKaD 4BWxc41h5MNJASzA+/0KSOhhPtsJl3R0qqTDVdvb1iwCznnnYkUrYNaAwHncH613LXpYcjWa1tBmE WOn6JW+UeCcQR2YSSQBXIIY6ZwlptBBpPfW/CWEKJo+KSDY9OPXcwTZ8CwvC6Y0XYRdI9F2Ch+x+J HJkvRNTe6q987g==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qFbmW-0000WZ-CK; Sat, 01 Jul 2023 10:41:00 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Bruno Victal Subject: Re: bug#63877: [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment. References: Date: Sat, 01 Jul 2023 16:40:59 +0200 In-Reply-To: (Bruno Victal's message of "Mon, 5 Jun 2023 04:44:37 +0100") Message-ID: <87zg4fy9s4.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 63877 Cc: 63877@debbugs.gnu.org, Timo Wilken X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Timo, Did you have a chance to look into implementing Bruno=E2=80=99s suggestions? https://issues.guix.gnu.org/63877 Ludo=E2=80=99. Bruno Victal skribis: > On 2023-06-04 14:59, Timo Wilken wrote: >> @@ -1096,6 +1100,9 @@ (define php-fpm-shepherd-service >> #$@(if php-ini-file >> `("-c" ,php-ini-file) >> '())) >> + #:environment-variables >> + (append #$environment-variables >> + (default-environment-variables)) > > Ungexp-ing lists can be rather tricky since your snippet will expand to: > > ... > #:environment-variables (append ("FOO=3Dbar" ...) > (default-environment-variables)) > ... > > > Which is interpreted as a procedure call. (and results in a hanged shephe= rd) > > You need to quote the list here: > > #:environment-variables (append '#$environment-variables > (default-environment-variables)) > > Bonus points if you can write a small system test for this. (see > gnu/tests/web.scm for inspiration) > For our purposes, a pair of HTTP servers where one of them uses a > self-signed certificate will suffice. From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 02 11:04:07 2023 Received: (at control) by debbugs.gnu.org; 2 Oct 2023 15:04:07 +0000 Received: from localhost ([127.0.0.1]:37703 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qnKSt-00030B-37 for submit@debbugs.gnu.org; Mon, 02 Oct 2023 11:04:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33936) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qnKSr-0002ze-FB for control@debbugs.gnu.org; Mon, 02 Oct 2023 11:04:06 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qnKSV-0004nF-Er for control@debbugs.gnu.org; Mon, 02 Oct 2023 11:03:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to: references; bh=Jyp/cJD3a9082rxc4qH01HSlQnqWIAJhLn1KVRVtOSI=; b=LQbqPLsXbnabm9 QuKEv6u2B8d+o30gxxr7q8shwh6QyNKpzTyw2yaLiJzqn4/Bulzqx/xNKp5MVeaze8CGtFthPFi6+ isWnKx7oPukeomCLLjVqeN4wVpTXfZ1dnCnLL56KTmEW+zVIKH7w6VyFIcmB9SQV0DM7jzStsZpkl tv4UccdVlZC3Dx0gXjlUNPwWxxztD/9uK2NWy/3SSHBto3B8wpyOJbhb6kOAjEYEzjPCfe8lnoL7C Wuly/XCt6N/xuf7MHn5kV5aSMJ1uq4ugfwPwrF28ObYOOQTVUSv31tOAhYbKR7gNAatn3oQBjP1z+ WJYCEGXnd6SaI3+Cchjw==; Date: Mon, 02 Oct 2023 17:03:40 +0200 Message-Id: <87jzs5hxrn.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #63877 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) tags 63877 + moreinfo quit From debbugs-submit-bounces@debbugs.gnu.org Sun Oct 15 16:55:04 2023 Received: (at 63877) by debbugs.gnu.org; 15 Oct 2023 20:55:04 +0000 Received: from localhost ([127.0.0.1]:54220 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qs88d-0007FH-Lv for submit@debbugs.gnu.org; Sun, 15 Oct 2023 16:55:03 -0400 Received: from mx1.mythic-beasts.com ([2a00:1098:0:86:1000:0:2:1]:44529) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qs88Z-0007Eh-Ic for 63877@debbugs.gnu.org; Sun, 15 Oct 2023 16:55:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=twilken.net ; s=mythic-beasts-k1; h=From:Subject:To:Date; bh=k7A6NJKCay06GHLiIAj4NQOQ9gtN+8vXwR418wSJJf4=; b=KmnpP4DRVT0ptSge2ydXelCoKl E36DqEkK4fjNhI75IDPj/e/yBoB7x/AjSHUBy9BDfyyQL8tj4LHKE4xwALi0XOO2sKko82HL2kl+c zFSEs6RRx3RFJqpQXzaMWXE8J9EL0aF4nlZqFQ/YXHomS32JX64VVi3mOFQEVW0B7fvgqVhHgp2xr pQVhKv64LS++3jLyh/1YT06M3g9LoafhmDHwSyEG+ODYf9NQZyj0FGjH+AQINe6pZwQc+2h5wovmw r801M+YGPdahvOzTg4B+lrz7oxwdCaemFx17DP0HZykG6LkQLSPT+jUI8iE+ZD8lJfrU0VIsNLkLu qdDnvipQ==; Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qs880-00BFT4-Ej; Sun, 15 Oct 2023 21:54:24 +0100 Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sun, 15 Oct 2023 22:54:06 +0200 To: "Bruno Victal" , =?utf-8?q?Ludovic_Court=C3=A8s?= Subject: Re: [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables. From: "Timo Wilken" Message-Id: X-Mailer: aerc 0.15.2 References: In-Reply-To: X-BlackCat-Spam-Score: 7 X-Spam-Status: No, score=0.7 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 63877 Cc: 63877@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Bruno, (hi Ludo'), thank you for your detailed feedback and sorry for no= t responding earlier! On Mon Jun 5, 2023 at 5:44 AM CEST, Bruno Victal wrote: > Ungexp-ing lists can be rather tricky [...] > > You need to quote the list [...] I was thinking of something closer to the example I added to doc/guix.texi = in my patch. The gexp would not be a list directly, but instead be some code t= hat would produce a list when evaluated, e.g.: --8<---------------cut here---------------start------------->8--- #~(list (string-append "SSL_CERT_DIR=3D" #$nss-certs "/etc/ssl/certs")))) --8<---------------cut here---------------end--------------->8--- That would let you refer to store paths in variable values, instead of bein= g limited to literal strings. As far as I know, the following throws an error, and `file-append' instead = of `string-append' wouldn't work because of the `"SSL_CERT_DIR=3D"' prefix, ri= ght? --8<---------------cut here---------------start------------->8--- #~(#$(string-append "SSL_CERT_DIR=3D" nss-certs "/etc/ssl/certs")))) --8<---------------cut here---------------end--------------->8--- If you have any ideas on a better way to do this, let me know! > Bonus points if you can write a small system test for this. (see > gnu/tests/web.scm for inspiration) > For our purposes, a pair of HTTP servers where one of them uses a > self-signed certificate will suffice. Thanks for the pointer! I'll try to get something basic working along the lines of the php-fpm tests already there, and send a PATCH v3 soon. I was thinking of only verifying that an arbitrary sentinel variable is set, and = not bother to test SSL_*-related behaviour, but I can try to get the latter working if you think that would be better. From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 19 10:42:00 2023 Received: (at 63877) by debbugs.gnu.org; 19 Oct 2023 14:42:00 +0000 Received: from localhost ([127.0.0.1]:37409 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qtUDo-00019i-2s for submit@debbugs.gnu.org; Thu, 19 Oct 2023 10:42:00 -0400 Received: from smtpm1.myservices.hosting ([185.26.105.232]:38314) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qtUDl-00019Y-Pz for 63877@debbugs.gnu.org; Thu, 19 Oct 2023 10:41:59 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm1.myservices.hosting (Postfix) with ESMTP id B00FE2023A; Thu, 19 Oct 2023 16:41:28 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id E438980099; Thu, 19 Oct 2023 16:32:40 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Fzffnv2mtbct; Thu, 19 Oct 2023 16:32:40 +0200 (CEST) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 2883E80098; Thu, 19 Oct 2023 16:32:40 +0200 (CEST) Message-ID: <7be3201e-af9b-4ad0-81d6-44ab316d2162@makinata.eu> Date: Thu, 19 Oct 2023 15:32:39 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables. To: Timo Wilken References: Content-Language: en-US From: Bruno Victal In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 63877 Cc: 63877@debbugs.gnu.org, =?UTF-8?Q?Ludovic_Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Timo, On 2023-10-15 21:54, Timo Wilken wrote: > Hi Bruno, (hi Ludo'), thank you for your detailed feedback and sorry for not > responding earlier! > > On Mon Jun 5, 2023 at 5:44 AM CEST, Bruno Victal wrote: >> Ungexp-ing lists can be rather tricky [...] >> >> You need to quote the list [...] > > I was thinking of something closer to the example I added to doc/guix.texi in > my patch. The gexp would not be a list directly, but instead be some code that > would produce a list when evaluated, e.g.: > > --8<---------------cut here---------------start------------->8--- > #~(list (string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs")))) > --8<---------------cut here---------------end--------------->8--- > > That would let you refer to store paths in variable values, instead of being > limited to literal strings. Right, I can see that it is indeed useful to accept a G-Exp instead. > As far as I know, the following throws an error, and `file-append' instead of > `string-append' wouldn't work because of the `"SSL_CERT_DIR="' prefix, right? > > --8<---------------cut here---------------start------------->8--- > #~(#$(string-append "SSL_CERT_DIR=" nss-certs "/etc/ssl/certs")))) > --8<---------------cut here---------------end--------------->8--- This ungexp doesn't work because it's “too wide”, in fact the bug in [1] was caused by a very similar snippet. Furthermore this would still run into the ungexp pitfall of being interpreted as a procedure call since you now have: --8<---------------cut here---------------start------------->8--- … #:environment-variables (append ("SSL_CERT_DIR=…" …) (default-environment-variables)) … --8<---------------cut here---------------end--------------->8--- You could try using a list gexps/strings like this: --8<---------------cut here---------------start------------->8--- (list #~(string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs") "FOO=bar" (string-append "BAR=" 999)) --8<---------------cut here---------------end--------------->8--- Although your G-Exp idea might be better as it obviates the need to do things like '#$ (by using #~(list …) or #~'("foo" …)). [1]: -- Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno. From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 17 18:23:11 2024 Received: (at 63877) by debbugs.gnu.org; 17 Feb 2024 23:23:11 +0000 Received: from localhost ([127.0.0.1]:33991 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU1X-0007HY-Dh for submit@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:11 -0500 Received: from mx2.mythic-beasts.com ([46.235.227.24]:52235) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU1V-0007HL-Ae for 63877@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=twilken.net ; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=GZQ3Unb9EyGGDIGfpkeZ2yRTxjqKjZjIYUSJDlIFxcc=; b=AggA/Y9EpviH/MDxrJkVg4MAlR eQ+PGv/S/Tl/hreGPjQk+mA9vBqPz6AWBtgl3PBSArfkUz4ZphUyP+yvQORzIX9p1axb1DMik/Sx3 HkNQoI4dSt69qb3Gu1GPS49wTxHttcWYViX9Rt4nFWyfnZgmI6Jl9yt0buZH0Co5RhXVoNIVzf26e 4Zf7sSqhkao20eeamaIjRhv+61a0SJmVy7XiPFA+beoMlBmtoQWb9QUXnpwaYyCSgDdaJWmF2WgGM HtTmPSCUsgiWnY9tc3qmo+CcGYK5h+CEK73xsg0oXTbATea93kxmSVcmfy3xokUgD8B9sYNIYVnUT sx/q6bYA==; Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rbU0u-00BbpP-Rq; Sat, 17 Feb 2024 23:22:33 +0000 From: guix@twilken.net To: 63877@debbugs.gnu.org Subject: Reworked patch for setting php-fpm environment variables Date: Sun, 18 Feb 2024 00:21:44 +0100 Message-ID: <20240217232151.12507-1-guix@twilken.net> X-Mailer: git-send-email 2.41.0 In-Reply-To: <7be3201e-af9b-4ad0-81d6-44ab316d2162@makinata.eu> References: <7be3201e-af9b-4ad0-81d6-44ab316d2162@makinata.eu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BlackCat-Spam-Score: 49 X-Spam-Status: No, score=4.9 X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 63877 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= , Bruno Victal X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.9 (--) Hi Bruno, sorry for taking a while to get back to this. Writing a test for curl's behaviour with the SSL_CERT_DIR variable proved too fiddly for me, so I gave up and wrote a simpler test that just checks for a sentinel variable in the phpinfo output instead. I also found out that php-fpm clears environment variables when it starts, except for those listed in its configuration. However, libcurl isn't affected by this as far as I can tell -- it needs the SSL_CERT_DIR variable to be set in the process environment, not only in the php-fpm config file! I decided to set environment variables in the process environment and list them in the generated configuration file, so they're passed through to any PHP programs run through PHP-FPM. This should minimise surprise, I hope. (That's also be useful for setting e.g. PATH -- Nextcloud has started complaining that that variable is unset, and it needs the variable to be listed in the php-fpm configuration.) The reworked patch also removes some of the gexp-related hairyness -- the `environment-variables' property just takes a list of (variable-name . value) pairs now, no gexp'ing required, though file-like objects like what `file-append' returns are accepted. Please let me know what you think, and thank you for your considerable patience with this patch series! :) From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 17 18:23:45 2024 Received: (at 63877) by debbugs.gnu.org; 17 Feb 2024 23:23:45 +0000 Received: from localhost ([127.0.0.1]:33995 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU24-0007IM-SC for submit@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:45 -0500 Received: from mx2.mythic-beasts.com ([46.235.227.24]:33647) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU23-0007I7-2n for 63877@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=twilken.net ; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=xidxHdDTfqhVuJphOFUKMJod/qxVg20jNVwO4lPm8Pw=; b=TAAMHCK4lAPoWzOyFrep//ftrV 7fM7+/2r/0YzTI1yKojxuerm2+kSdrXjLf9MuOC9QA5sTbPKBSEeP1HB7ZbKeACJZ/UqF+B34X8xN gRg8xTyCH08p9CkeZHiPG3uAH9VjInn4dZnggmEcvmDw8gXh4D5VFSyqDWCQaCTBph8cQViDzcidy bnIEQaSNnk4r3lO0TQIDcdfYDWljvI76B6InSOaH9raPBjXqhIVtuutzUejRSw8t3iFRpoVwMzLFm Z5uC7FtaniQ3f801/uY08d3Jj+drifuL1hP/llCXG+BL6pPJwzSjVLnoYuQbHn6f9cjFZB+jouOOQ WiC1++ww==; Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rbU1c-00BbpP-PF; Sat, 17 Feb 2024 23:23:17 +0000 From: guix@twilken.net To: 63877@debbugs.gnu.org Subject: [PATCH 1/2] gnu: services: web: Allow specifying extra php-fpm environment variables. Date: Sun, 18 Feb 2024 00:21:46 +0100 Message-ID: <20240217232151.12507-3-guix@twilken.net> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240217232151.12507-1-guix@twilken.net> References: <7be3201e-af9b-4ad0-81d6-44ab316d2162@makinata.eu> <20240217232151.12507-1-guix@twilken.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BlackCat-Spam-Score: 9 X-Spam-Status: No, score=0.9 X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 63877 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= , Bruno Victal , Timo Wilken X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.9 (--) From: Timo Wilken Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For this, they need to know where the system CA certificates are, so SSL_CERT_DIR needs to be set. This can be accomplished by the user using the new environment-variables field of . This field is empty by default to preserve the existing behaviour of php-fpm. * gnu/services/web.scm (): Add environment-variables field. (php-fpm-shepherd-service): Use the new field. * doc/guix.texi (Web Services): Document the new field. --- doc/guix.texi | 14 ++++++++++++++ gnu/services/web.scm | 32 ++++++++++++++++++++++++++++---- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 04119a5955..2bb076a8fa 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -124,6 +124,7 @@ Copyright @copyright{} 2023 Thomas Ieong@* Copyright @copyright{} 2023 Saku Laesvuori@* Copyright @copyright{} 2023 Graham James Addis@* Copyright @copyright{} 2023 Tomas Volf@* +Copyright @copyright{} 2024 Timo Wilken@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -32227,6 +32228,19 @@ max_execution_time = 1800")) Consult the @url{https://www.php.net/manual/en/ini.core.php,core php.ini directives} for comprehensive documentation on the acceptable @file{php.ini} directives. +@item @code{environment-variables} (default @code{(list)}) +A list of @code{(variable-name . value)} pairs, representing environment +variable assignments. @code{value} may be a string or a store object, +for example returned by @code{file-append}. These environment variables +are set for the php-fpm process. This can be used to, for example, +point PHP at the CA certificates in the @code{nss-certs} package from +@code{(gnu packages certs)}: +@lisp +(php-fpm-configuration + ;; @dots{} + (environment-variables + `(("SSL_CERT_DIR" . ,(file-append nss-certs "/etc/ssl/certs"))))) +@end lisp @end table @end deftp diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 05fd71f994..5fd09c8945 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton ;;; Copyright © 2022 Simen Endsjø ;;; Copyright © 2023 Bruno Victal +;;; Copyright © 2024 Timo Wilken ;;; ;;; This file is part of GNU Guix. ;;; @@ -974,7 +975,9 @@ (define-record-type* php-fpm-configuration (file php-fpm-configuration-file ;#f | file-like (default #f)) (php-ini-file php-fpm-configuration-php-ini-file ;#f | file-like - (default #f))) + (default #f)) + (environment-variables php-fpm-configuration-environment-variables ;list of pairs of file-like + (default '()))) (define-record-type* php-fpm-dynamic-process-manager-configuration @@ -1024,7 +1027,8 @@ (define php-fpm-accounts (shell (file-append shadow "/sbin/nologin"))))))) (define (default-php-fpm-config socket user group socket-user socket-group - pid-file log-file pm display-errors timezone workers-log-file) + pid-file log-file pm display-errors timezone workers-log-file + environment-variables) (apply mixed-text-file "php-fpm.conf" (flatten "[global]\n" @@ -1068,6 +1072,10 @@ (define (default-php-fpm-config socket user group socket-user socket-group "pm.max_children =" (number->string pm.max-children) "\n" "pm.process_idle_timeout =" (number->string pm.process-idle-timeout) "s\n"))) + (map (lambda (variable) + ;; PHP-FPM will interpolate $VARIABLES from the outside environment. + (list "env[" variable "] = $" variable "\n")) + (map car environment-variables)) "php_flag[display_errors] = " (if display-errors "on" "off") "\n" @@ -1081,7 +1089,8 @@ (define php-fpm-shepherd-service (match-lambda (($ php socket user group socket-user socket-group pid-file log-file pm display-errors - timezone workers-log-file file php-ini-file) + timezone workers-log-file file php-ini-file + environment-variables) (list (shepherd-service (provision '(php-fpm)) (documentation "Run the php-fpm daemon.") @@ -1092,10 +1101,25 @@ (define php-fpm-shepherd-service #$(or file (default-php-fpm-config socket user group socket-user socket-group pid-file log-file - pm display-errors timezone workers-log-file)) + pm display-errors timezone workers-log-file + environment-variables)) #$@(if php-ini-file `("-c" ,php-ini-file) '())) + ;; Environment variables must be explicitly passed + ;; through in PHP-FPM's configuration. However, we + ;; can't just set them there, since libraries loaded by + ;; PHP (e.g. libcurl) will not see them if they are only + ;; set there. For those libraries, the variables also + ;; need to be present in the "outer" environment, so set + ;; them here as well. + #:environment-variables + (cons* + #$@(map (match-lambda + ((variable . value) + #~(string-append #$variable "=" #$value))) + environment-variables) + (default-environment-variables)) #:pid-file #$pid-file)) (stop #~(make-kill-destructor))))))) -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 17 18:23:48 2024 Received: (at 63877) by debbugs.gnu.org; 17 Feb 2024 23:23:48 +0000 Received: from localhost ([127.0.0.1]:33999 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU28-0007Ib-GR for submit@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:48 -0500 Received: from mx2.mythic-beasts.com ([46.235.227.24]:33979) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU27-0007IE-HK for 63877@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=twilken.net ; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=NTYaZ1EfojnAL+zCAVmY1BgWf5uhsUTC2oX96DK/LtA=; b=pnLFix5ZFRQyalXO0f+SWjO423 vQk6dpXdEk690T0h8PLtEUmZ17rZuqoBOGJKbR3D+ytrUGIDLUt6dEozzpcujdL0Ej8+BuFf9Siwa 1I5O4yqeCwhznGtVG+geTrzK4FQePjXRs4jx1H9oH3SpCq6xu1SXk93mUROQogWJQpLyzmHxzcOcR lVC9cNtZvycEyv2A+gJfud+iv214G/JUBwt7WzF8selb+2DQBlaJ+mM6EePpu67b9JKWOxKvlGbHy 9oP/BvtzuxqoHryolq+X5az2du8fKfnb/RWNVAtRckIk3r4F+l7luCi+GXTYAsdGizlgJw+Hf0l03 MFLKvtCA==; Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rbU1h-00BbpP-C6; Sat, 17 Feb 2024 23:23:21 +0000 From: guix@twilken.net To: 63877@debbugs.gnu.org Subject: [PATCH 2/2] tests: web: Test environment variables are set for php-fpm. Date: Sun, 18 Feb 2024 00:21:47 +0100 Message-ID: <20240217232151.12507-4-guix@twilken.net> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240217232151.12507-1-guix@twilken.net> References: <7be3201e-af9b-4ad0-81d6-44ab316d2162@makinata.eu> <20240217232151.12507-1-guix@twilken.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BlackCat-Spam-Score: 49 X-Spam-Status: No, score=4.9 X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 63877 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= , Bruno Victal , Timo Wilken X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.9 (--) From: Timo Wilken Test the new `environment-variables' field of by looking for a sentinel variable and value in the output of `phpinfo()'. * gnu/tests/web.scm (run-php-fpm-test): Add test case. --- gnu/tests/web.scm | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm index 16dc6bea49..f1688bfd3a 100644 --- a/gnu/tests/web.scm +++ b/gnu/tests/web.scm @@ -272,7 +272,10 @@ (define %php-fpm-os ;; Operating system under test. (simple-operating-system (service dhcp-client-service-type) - (service php-fpm-service-type) + (service php-fpm-service-type + (php-fpm-configuration + (environment-variables + '(("GUIX_TEST_PHPFPM_ENV" . "sentinel"))))) (service nginx-service-type (nginx-configuration (server-blocks %php-fpm-nginx-server-blocks))) @@ -345,6 +348,13 @@ (define marionette (and matches (match:substring matches 0)))))) + (test-assert "php environment variable is applied" + (let-values (((response text) + (http-get "http://localhost:8080/index.php" + #:decode-body? #t))) + (and (string-contains text "GUIX_TEST_PHPFPM_ENV") + (string-contains text "sentinel")))) + (test-end)))) (gexp->derivation "php-fpm-test" test)) -- 2.41.0