GNU bug report logs - #63877
[PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment.

Previous Next

Package: guix-patches;

Reported by: Timo Wilken <guix <at> twilken.net>

Date: Sat, 3 Jun 2023 18:26:02 UTC

Severity: normal

Tags: moreinfo, patch

Full log

View this message in rfc822 format

From: "Timo Wilken" <guix <at> twilken.net>
To: "Bruno Victal" <mirai <at> makinata.eu>, Ludovic Courtès <ludo <at> gnu.org>
Cc: 63877 <at> debbugs.gnu.org
Subject: [bug#63877] [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables.
Date: Sun, 15 Oct 2023 22:54:06 +0200

Hi Bruno, (hi Ludo'), thank you for your detailed feedback and sorry for not
responding earlier!

On Mon Jun 5, 2023 at 5:44 AM CEST, Bruno Victal wrote:
> Ungexp-ing lists can be rather tricky [...]
>
> You need to quote the list [...]

I was thinking of something closer to the example I added to doc/guix.texi in
my patch. The gexp would not be a list directly, but instead be some code that
would produce a list when evaluated, e.g.:

--8<---------------cut here---------------start------------->8---
#~(list (string-append "SSL_CERT_DIR=" #$nss-certs "/etc/ssl/certs"))))
--8<---------------cut here---------------end--------------->8---

That would let you refer to store paths in variable values, instead of being
limited to literal strings.

As far as I know, the following throws an error, and `file-append' instead of
`string-append' wouldn't work because of the `"SSL_CERT_DIR="' prefix, right?

--8<---------------cut here---------------start------------->8---
#~(#$(string-append "SSL_CERT_DIR=" nss-certs "/etc/ssl/certs"))))
--8<---------------cut here---------------end--------------->8---

If you have any ideas on a better way to do this, let me know!

> Bonus points if you can write a small system test for this. (see
> gnu/tests/web.scm for inspiration)
> For our purposes, a pair of HTTP servers where one of them uses a
> self-signed certificate will suffice.

Thanks for the pointer! I'll try to get something basic working along the
lines of the php-fpm tests already there, and send a PATCH v3 soon. I was
thinking of only verifying that an arbitrary sentinel variable is set, and not
bother to test SSL_*-related behaviour, but I can try to get the latter
working if you think that would be better.
This bug report was last modified 1 year and 120 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.