Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/httpd: always test the generated configuration #58033

Closed
wants to merge 1 commit into from
Closed

nixos/httpd: always test the generated configuration #58033

wants to merge 1 commit into from

Conversation

zimbatm
Copy link
Member

@zimbatm zimbatm commented Mar 21, 2019

Motivation for this change

#34902 (comment)

not sure if that would work

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@zimbatm zimbatm requested a review from infinisil as a code owner March 21, 2019 11:45
@aanderse
Copy link
Member

@zimbatm Currently apache is run as the root user so it can read ssl files which are root readable only which poses a problem for this PR (ie. files which won't be accessible when this apachectl command is run). Further to that the apache config file potentially depend on files/folders/users which don't exist yet (for example, your nixops server likely won't have a wwwrun user).

Very unfortunately I don't have any constructive ideas for this PR yet. I would love to see this problem solved, though.

aanderse
aanderse reviewed Mar 21, 2019
View reviewed changes
nixos/modules/services/web-servers/apache-httpd/default.nix
confFile = pkgs.writeTextFile {
name = "httpd.conf";
checkPhase = ''
${httpd}/bin/apachectl configtext $out
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

${httpd}/bin/apachectl configtest -f $out

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For future reference in case anyone sees this I'd like to correct my mistake I noticed. If specifying the config file you have to use ${httpd}/bin/httpd -t -f $out instead of the apachectl wrapper (which assumes a hard coded location for the config file).

@zimbatm
Copy link
Member Author

zimbatm commented Mar 21, 2019

good points. closing this for now

@zimbatm zimbatm closed this Mar 21, 2019
@zimbatm zimbatm deleted the httpd-test-config branch March 21, 2019 17:08
@grahamc
Copy link
Member

grahamc commented Mar 21, 2019

This is a really big bummer, because this is such a nice idea.

@infinisil
Copy link
Member

@volth How so?

@infinisil
Copy link
Member

@volth

{
  nativeBuildInputs = [ httpd ];
  checkPhase = ''
    apachectl ...
  '';
}

should work though

@aanderse aanderse mentioned this pull request May 23, 2019
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aanderse aanderse aanderse left review comments

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@zimbatm @aanderse @grahamc @infinisil @GrahamcOfBorg