From patchwork Sat Feb 17 23:21:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Timo Wilken X-Patchwork-Id: 60470 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1A0AA27BBE9; Sat, 17 Feb 2024 23:24:17 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id E535927BBE2 for ; Sat, 17 Feb 2024 23:24:15 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rbU26-0000rv-DJ; Sat, 17 Feb 2024 18:23:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rbU22-0000qn-S6 for guix-patches@gnu.org; Sat, 17 Feb 2024 18:23:42 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rbU22-0001Ih-KF for guix-patches@gnu.org; Sat, 17 Feb 2024 18:23:42 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rbU2M-0007JA-Mw for guix-patches@gnu.org; Sat, 17 Feb 2024 18:24:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#63877] [PATCH 1/2] gnu: services: web: Allow specifying extra php-fpm environment variables. Resent-From: guix@twilken.net Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 17 Feb 2024 23:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63877 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: moreinfo patch To: 63877@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= , Bruno Victal , Timo Wilken Received: via spool by 63877-submit@debbugs.gnu.org id=B63877.170821222528050 (code B ref 63877); Sat, 17 Feb 2024 23:24:02 +0000 Received: (at 63877) by debbugs.gnu.org; 17 Feb 2024 23:23:45 +0000 Received: from localhost ([127.0.0.1]:33995 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU24-0007IM-SC for submit@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:45 -0500 Received: from mx2.mythic-beasts.com ([46.235.227.24]:33647) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU23-0007I7-2n for 63877@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=twilken.net ; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=xidxHdDTfqhVuJphOFUKMJod/qxVg20jNVwO4lPm8Pw=; b=TAAMHCK4lAPoWzOyFrep//ftrV 7fM7+/2r/0YzTI1yKojxuerm2+kSdrXjLf9MuOC9QA5sTbPKBSEeP1HB7ZbKeACJZ/UqF+B34X8xN gRg8xTyCH08p9CkeZHiPG3uAH9VjInn4dZnggmEcvmDw8gXh4D5VFSyqDWCQaCTBph8cQViDzcidy bnIEQaSNnk4r3lO0TQIDcdfYDWljvI76B6InSOaH9raPBjXqhIVtuutzUejRSw8t3iFRpoVwMzLFm Z5uC7FtaniQ3f801/uY08d3Jj+drifuL1hP/llCXG+BL6pPJwzSjVLnoYuQbHn6f9cjFZB+jouOOQ WiC1++ww==; Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rbU1c-00BbpP-PF; Sat, 17 Feb 2024 23:23:17 +0000 From: guix@twilken.net Date: Sun, 18 Feb 2024 00:21:46 +0100 Message-ID: <20240217232151.12507-3-guix@twilken.net> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240217232151.12507-1-guix@twilken.net> References: <7be3201e-af9b-4ad0-81d6-44ab316d2162@makinata.eu> <20240217232151.12507-1-guix@twilken.net> MIME-Version: 1.0 X-BlackCat-Spam-Score: 9 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Timo Wilken Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For this, they need to know where the system CA certificates are, so SSL_CERT_DIR needs to be set. This can be accomplished by the user using the new environment-variables field of . This field is empty by default to preserve the existing behaviour of php-fpm. * gnu/services/web.scm (): Add environment-variables field. (php-fpm-shepherd-service): Use the new field. * doc/guix.texi (Web Services): Document the new field. --- doc/guix.texi | 14 ++++++++++++++ gnu/services/web.scm | 32 ++++++++++++++++++++++++++++---- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 04119a5955..2bb076a8fa 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -124,6 +124,7 @@ Copyright @copyright{} 2023 Thomas Ieong@* Copyright @copyright{} 2023 Saku Laesvuori@* Copyright @copyright{} 2023 Graham James Addis@* Copyright @copyright{} 2023 Tomas Volf@* +Copyright @copyright{} 2024 Timo Wilken@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -32227,6 +32228,19 @@ max_execution_time = 1800")) Consult the @url{https://www.php.net/manual/en/ini.core.php,core php.ini directives} for comprehensive documentation on the acceptable @file{php.ini} directives. +@item @code{environment-variables} (default @code{(list)}) +A list of @code{(variable-name . value)} pairs, representing environment +variable assignments. @code{value} may be a string or a store object, +for example returned by @code{file-append}. These environment variables +are set for the php-fpm process. This can be used to, for example, +point PHP at the CA certificates in the @code{nss-certs} package from +@code{(gnu packages certs)}: +@lisp +(php-fpm-configuration + ;; @dots{} + (environment-variables + `(("SSL_CERT_DIR" . ,(file-append nss-certs "/etc/ssl/certs"))))) +@end lisp @end table @end deftp diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 05fd71f994..5fd09c8945 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton ;;; Copyright © 2022 Simen Endsjø ;;; Copyright © 2023 Bruno Victal +;;; Copyright © 2024 Timo Wilken ;;; ;;; This file is part of GNU Guix. ;;; @@ -974,7 +975,9 @@ (define-record-type* php-fpm-configuration (file php-fpm-configuration-file ;#f | file-like (default #f)) (php-ini-file php-fpm-configuration-php-ini-file ;#f | file-like - (default #f))) + (default #f)) + (environment-variables php-fpm-configuration-environment-variables ;list of pairs of file-like + (default '()))) (define-record-type* php-fpm-dynamic-process-manager-configuration @@ -1024,7 +1027,8 @@ (define php-fpm-accounts (shell (file-append shadow "/sbin/nologin"))))))) (define (default-php-fpm-config socket user group socket-user socket-group - pid-file log-file pm display-errors timezone workers-log-file) + pid-file log-file pm display-errors timezone workers-log-file + environment-variables) (apply mixed-text-file "php-fpm.conf" (flatten "[global]\n" @@ -1068,6 +1072,10 @@ (define (default-php-fpm-config socket user group socket-user socket-group "pm.max_children =" (number->string pm.max-children) "\n" "pm.process_idle_timeout =" (number->string pm.process-idle-timeout) "s\n"))) + (map (lambda (variable) + ;; PHP-FPM will interpolate $VARIABLES from the outside environment. + (list "env[" variable "] = $" variable "\n")) + (map car environment-variables)) "php_flag[display_errors] = " (if display-errors "on" "off") "\n" @@ -1081,7 +1089,8 @@ (define php-fpm-shepherd-service (match-lambda (($ php socket user group socket-user socket-group pid-file log-file pm display-errors - timezone workers-log-file file php-ini-file) + timezone workers-log-file file php-ini-file + environment-variables) (list (shepherd-service (provision '(php-fpm)) (documentation "Run the php-fpm daemon.") @@ -1092,10 +1101,25 @@ (define php-fpm-shepherd-service #$(or file (default-php-fpm-config socket user group socket-user socket-group pid-file log-file - pm display-errors timezone workers-log-file)) + pm display-errors timezone workers-log-file + environment-variables)) #$@(if php-ini-file `("-c" ,php-ini-file) '())) + ;; Environment variables must be explicitly passed + ;; through in PHP-FPM's configuration. However, we + ;; can't just set them there, since libraries loaded by + ;; PHP (e.g. libcurl) will not see them if they are only + ;; set there. For those libraries, the variables also + ;; need to be present in the "outer" environment, so set + ;; them here as well. + #:environment-variables + (cons* + #$@(map (match-lambda + ((variable . value) + #~(string-append #$variable "=" #$value))) + environment-variables) + (default-environment-variables)) #:pid-file #$pid-file)) (stop #~(make-kill-destructor))))))) From patchwork Sat Feb 17 23:21:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Timo Wilken X-Patchwork-Id: 60469 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 582E227BBEA; Sat, 17 Feb 2024 23:24:05 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id A24E927BBE9 for ; Sat, 17 Feb 2024 23:24:02 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rbU24-0000rK-VT; Sat, 17 Feb 2024 18:23:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rbU23-0000r4-Bc for guix-patches@gnu.org; Sat, 17 Feb 2024 18:23:43 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rbU23-0001Is-3u for guix-patches@gnu.org; Sat, 17 Feb 2024 18:23:43 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rbU2N-0007JH-6T for guix-patches@gnu.org; Sat, 17 Feb 2024 18:24:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#63877] [PATCH 2/2] tests: web: Test environment variables are set for php-fpm. Resent-From: guix@twilken.net Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 17 Feb 2024 23:24:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63877 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: moreinfo patch To: 63877@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= , Bruno Victal , Timo Wilken Received: via spool by 63877-submit@debbugs.gnu.org id=B63877.170821222828065 (code B ref 63877); Sat, 17 Feb 2024 23:24:03 +0000 Received: (at 63877) by debbugs.gnu.org; 17 Feb 2024 23:23:48 +0000 Received: from localhost ([127.0.0.1]:33999 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU28-0007Ib-GR for submit@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:48 -0500 Received: from mx2.mythic-beasts.com ([46.235.227.24]:33979) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbU27-0007IE-HK for 63877@debbugs.gnu.org; Sat, 17 Feb 2024 18:23:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=twilken.net ; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=NTYaZ1EfojnAL+zCAVmY1BgWf5uhsUTC2oX96DK/LtA=; b=pnLFix5ZFRQyalXO0f+SWjO423 vQk6dpXdEk690T0h8PLtEUmZ17rZuqoBOGJKbR3D+ytrUGIDLUt6dEozzpcujdL0Ej8+BuFf9Siwa 1I5O4yqeCwhznGtVG+geTrzK4FQePjXRs4jx1H9oH3SpCq6xu1SXk93mUROQogWJQpLyzmHxzcOcR lVC9cNtZvycEyv2A+gJfud+iv214G/JUBwt7WzF8selb+2DQBlaJ+mM6EePpu67b9JKWOxKvlGbHy 9oP/BvtzuxqoHryolq+X5az2du8fKfnb/RWNVAtRckIk3r4F+l7luCi+GXTYAsdGizlgJw+Hf0l03 MFLKvtCA==; Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rbU1h-00BbpP-C6; Sat, 17 Feb 2024 23:23:21 +0000 From: guix@twilken.net Date: Sun, 18 Feb 2024 00:21:47 +0100 Message-ID: <20240217232151.12507-4-guix@twilken.net> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240217232151.12507-1-guix@twilken.net> References: <7be3201e-af9b-4ad0-81d6-44ab316d2162@makinata.eu> <20240217232151.12507-1-guix@twilken.net> MIME-Version: 1.0 X-BlackCat-Spam-Score: 49 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Timo Wilken Test the new `environment-variables' field of by looking for a sentinel variable and value in the output of `phpinfo()'. * gnu/tests/web.scm (run-php-fpm-test): Add test case. --- gnu/tests/web.scm | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm index 16dc6bea49..f1688bfd3a 100644 --- a/gnu/tests/web.scm +++ b/gnu/tests/web.scm @@ -272,7 +272,10 @@ (define %php-fpm-os ;; Operating system under test. (simple-operating-system (service dhcp-client-service-type) - (service php-fpm-service-type) + (service php-fpm-service-type + (php-fpm-configuration + (environment-variables + '(("GUIX_TEST_PHPFPM_ENV" . "sentinel"))))) (service nginx-service-type (nginx-configuration (server-blocks %php-fpm-nginx-server-blocks))) @@ -345,6 +348,13 @@ (define marionette (and matches (match:substring matches 0)))))) + (test-assert "php environment variable is applied" + (let-values (((response text) + (http-get "http://localhost:8080/index.php" + #:decode-body? #t))) + (and (string-contains text "GUIX_TEST_PHPFPM_ENV") + (string-contains text "sentinel")))) + (test-end)))) (gexp->derivation "php-fpm-test" test))