Am Dienstag, dem 09.05.2023 um 20:12 +0100 schrieb Bruno Victal: > Hi Ludo’, > > On 2023-02-25 17:46, Ludovic Courtès wrote: > > Bruno Victal <mi...@makinata.eu> skribis: > > > In [1], the issue arises from using activation-service-type to > > > create files/directories for services > > > when these should be either (1) shepherd one-shot services or > > > moved into the 'start' procedure of the service. > > > 'activation-service-type' should only be used for doing things > > > "listed on its label", that is, performing > > > actions at boot-time or after a system reconfigure. > > > > Right. > > > > As we once discussed on IRC, the conclusion to me is that some of > > the > > code currently implemented as activation snippets should rather be > > implemented either as part of the ‘start’ method of the > > corresponding > > Shepherd service, or as a one-shot Shepherd service that the main > > service would depend on. > > I think moving them into the ‘start’ method is the best course of > action. > I'm considering the following changes: > * Adding (gnu build activation) to %default-imported-modules + > %default-modules in (gnu services shepherd). > I expect that mkdir-p/perms is going to be used frequently enough, > using the number of activation-service > extensions in use as a rough estimate. > * Refactor the activation extensions into the ‘start’ method, where > it makes sense to do so. > > > There's one issue I'm somewhat concerned about, consider the > following snippet: > > --8<---------------cut here---------------start------------->8--- > > (define log-directory "/var/log") > (define username "notroot") > > (start > #~(lambda _ > (mkdir-p/perms #$log-directory (getpw #$username) #o750) > ...)) > > --8<---------------cut here---------------end--------------->8--- > > This is somewhat pitfall prone since you most likely don't want to > chown /var/log to a non-root user. > I'm unsure what's the best course to take here, would a simple file- > exist? check before mkdir-p/perms be sufficient? I think this question highlights perfectly why one-shot services (or perhaps an as-of yet unknown type of services) are the way to go: With clearly named services for the creation of directories, you don't need to worry about creating some file with the wrong permissions as the owner is already predetermined. You also don't need mkdir-p; you simply depend on the mkdir-#$(dirname my-directory) service.
Cheers
