nixos/kubo: fix potential panic on startup #272041
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
6.topic: nixos
This was referenced Dec 4, 2023
ofborg
bot
added
10.rebuild-darwin: 0
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review/3032/3065 |
This fixes a panic of the kubo daemon which could occur under certain conditions when the daemon was starting. It was caused by the `ipfs.service` unit not depending on the `ipfs-api.socket` and `ipfs-gateway.socket` units with `Wants=`. This allows the `ipfs.service` to be started manually or by `nixos-rebuild` without the sockets being set up before that. When that happens, the daemon won't know about these sockets and will only use what is set in `services.kubo.settings.Addresses.Gateway` and `services.kubo.settings.Addresses.API`. By default the `API` is an empty list in NixOS though. The daemon doesn't like this at all and panics on startup, see ipfs/kubo#10056. With this commit, starting `ipfs.service` will first set up the two sockets before starting the actual service. Adding the `Sockets=` option implicitly adds a `Wants=` for the sockets and this is exactly what we need. See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#Implicit%20Dependencies . This can be checked with `systemctl show ipfs.service`. This should probably be upstreamed to the unit file in the Kubo repo. The problem can be reproduced in the following way: - Add `services.kubo.enable = true` to `/etc/nixos/configuration.nix` - `sudo nixos-rebuild switch` (this may already fail, not sure why it's not deterministic for me) - `sudo systemctl stop ipfs-api.socket` - `sudo systemctl stop ipfs-gateway.socket` - `sudo systemctl stop ipfs.service` - `sudo systemctl start ipfs.service` Fixes NixOS#248447.
Luflosi
force-pushed
the
kubo-fix-potential-panic-on-start
branch
from
a368b4a
to
d4fcb44
Compare
|
Rebased. |
|
Successfully created backport PR for |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
This fixes a panic of the kubo daemon which could occur under certain conditions when the daemon was starting.
It was caused by the
ipfs.serviceunit not depending on theipfs-api.socketandipfs-gateway.socketunits withWants=. This allows theipfs.serviceto be started manually or bynixos-rebuildwithout the sockets being set up before that. When that happens, the daemon won't know about these sockets and will only use what is set inservices.kubo.settings.Addresses.Gatewayandservices.kubo.settings.Addresses.API. By default theAPIis an empty list in NixOS though. The daemon doesn't like this at all and panics on startup, see ipfs/kubo#10056.With this commit, starting
ipfs.servicewill first set up the two sockets before starting the actual service.Adding the
Sockets=option implicitly adds aWants=for the sockets and this is exactly what we need. See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#Implicit%20Dependencies . This can be checked withsystemctl show ipfs.service.This should probably be upstreamed to the unit file in the Kubo repo.
The problem can be reproduced in the following way:
services.kubo.enable = trueto/etc/nixos/configuration.nixsudo nixos-rebuild switch(this may already fail, not sure why it's not deterministic for me)sudo systemctl stop ipfs-api.socketsudo systemctl stop ipfs-gateway.socketsudo systemctl stop ipfs.servicesudo systemctl start ipfs.serviceFixes #248447.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.