Polkit actions are not updated after guix system reconfigure

  • Open
  • quality assurance status badge
Details
3 participants
  • Danny Milosavljevic
  • Ludovic Courtès
  • Ryan Moe
Owner
unassigned
Submitted by
Ryan Moe
Severity
normal
R
R
Ryan Moe wrote on 31 Jul 2017 23:08
(address . bug-guix@gnu.org)
CAN-ReHqDxmNcsPAffCo4PYKpf0qjvdvGne0eAeB7Pf8spHsc_A@mail.gmail.com
When a service is added to or removed from the system configuration,
polkit actions are not appropriately registered or unregistered.

The policy files are added and deleted correctly but the polkitd
process needs a SIGHUP afterwards to update the list of registered
actions.


Steps to reproduce:

1. Add (xfce-desktop-service) to (services) in config.scm. [Or any
service which adds polkit actions]

2. Run guix system reconfigure.

3. Observe that the policy files are in place but not registered:
$ ls /etc/polkit-1/actions/*xfce*
/etc/polkit-1/actions/org.xfce.thunar.policy

$ pkaction | grep -i xfce
$

4. Run killall -HUP polkitd

5. Observe that actions are registered.
$ pkaction | grep -i xfce
org.xfce.thunar
D
D
Danny Milosavljevic wrote on 31 Jul 2017 23:34
(address . 27889@debbugs.gnu.org)(name . Ryan Moe)(address . ryan.moe@gmail.com)
20170731233404.691437c0@scratchpost.org
Oops!

That's indeed still broken.

But gnu/services/shepherd.scm shepherd-service-file could be extended to provide a "restart" action (shepherd itself already supports it).

The general format for shepherd is:

(register-services
(make <service>
#:provides '(apache-2.0 apache httpd)
#:requires '()
#:start (...)
#:stop (...)
#:actions (make-actions
(restart (...)))))
^^^^^^^^^^^^^

But the Guix <shepherd-service> record, which is the source that is eventually compiled to the above, neither has an "actions" slot nor a "restart" slot. It would have to be extended with one.

I wonder whether it would make sense to make shepherd automatically default to a SIGHUP restart action for daemonized processes instead, though. It's not exactly rare for daemons to provide that.

Also, does "guix system reconfigure" already call this restart action if it's present?
R
R
Ryan Moe wrote on 1 Aug 2017 01:10
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 27889@debbugs.gnu.org)
CAN-ReHoqipxjd-NOM7YvAjTU_2-KeAey3bxzfbJ1QmEQdbf0HA@mail.gmail.com
On Mon, Jul 31, 2017 at 2:34 PM, Danny Milosavljevic
<dannym@scratchpost.org> wrote:
Toggle quote (24 lines)
> Oops!
>
> That's indeed still broken.
>
> But gnu/services/shepherd.scm shepherd-service-file could be extended to provide a "restart" action (shepherd itself already supports it).
>
> The general format for shepherd is:
>
> (register-services
> (make <service>
> #:provides '(apache-2.0 apache httpd)
> #:requires '()
> #:start (...)
> #:stop (...)
> #:actions (make-actions
> (restart (...)))))
> ^^^^^^^^^^^^^
>
> But the Guix <shepherd-service> record, which is the source that is eventually compiled to the above, neither has an "actions" slot nor a "restart" slot. It would have to be extended with one.
>
> I wonder whether it would make sense to make shepherd automatically default to a SIGHUP restart action for daemonized processes instead, though. It's not exactly rare for daemons to provide that.
>
> Also, does "guix system reconfigure" already call this restart action if it's present?

polkitd isn't managed by shepherd. It looks to be managed by dbus and
I'm not sure how to restart an individual dbus service (or if you even
can). Restarting dbus-system is obviously too intrusive (it does
reload the policy files at the expense of restarting my X session :)).
D
D
Danny Milosavljevic wrote on 1 Aug 2017 09:17
(name . Ryan Moe)(address . ryan.moe@gmail.com)(address . 27889@debbugs.gnu.org)
20170801091753.0f9dd3cf@scratchpost.org
Toggle quote (5 lines)
> polkitd isn't managed by shepherd. It looks to be managed by dbus and
> I'm not sure how to restart an individual dbus service (or if you even
> can). Restarting dbus-system is obviously too intrusive (it does
> reload the policy files at the expense of restarting my X session :)).

Yeah, we specifically don't restart dbus because of that.

But I guess we could still send SIGHUP to polkitd.

I'm not sure how to find out which polkitd it is - if we don't want to restart a superset.

Also, pstree says that polkitd forked and started another polkitd. There are two polkitd. Which one has to get the SIGHUP?
L
L
Ludovic Courtès wrote on 1 Aug 2017 12:03
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)
87vam7r4eh.fsf@gnu.org
Hello,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (20 lines)
> But gnu/services/shepherd.scm shepherd-service-file could be extended to provide a "restart" action (shepherd itself already supports it).
>
> The general format for shepherd is:
>
> (register-services
> (make <service>
> #:provides '(apache-2.0 apache httpd)
> #:requires '()
> #:start (...)
> #:stop (...)
> #:actions (make-actions
> (restart (...)))))
> ^^^^^^^^^^^^^
>
> But the Guix <shepherd-service> record, which is the source that is eventually compiled to the above, neither has an "actions" slot nor a "restart" slot. It would have to be extended with one.
>
> I wonder whether it would make sense to make shepherd automatically default to a SIGHUP restart action for daemonized processes instead, though. It's not exactly rare for daemons to provide that.
>
> Also, does "guix system reconfigure" already call this restart action if it's present?

Not yet, but it should. I think the patches at
https://bugs.gnu.org/26830 would be sufficient if the action boils
down to sending SIGHUP. Perhaps time to revive that patch set!

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 27889@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 27889
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch