Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/mysql: fix typing-induced bugs #58702

Merged
merged 2 commits into from May 24, 2019
Merged

nixos/mysql: fix typing-induced bugs #58702

merged 2 commits into from May 24, 2019

Conversation

florianjacob
Copy link
Contributor

@florianjacob florianjacob commented Apr 1, 2019
edited

Motivation for this change

Fixes issues brought up by @schneefux in #58582.

This also tries to prevent mysql.initialScript from ending up in /nix/store when given as nix path type, i.e. initialScript = /etc/nixos/setup-credentials.sql in contrast to initialScript = "/etc/nixos/setup-credentials.sql";, as it might be used for sensitive data like credentials. Uses toString for this, as explained here: https://stackoverflow.com/questions/43850371/when-does-a-nix-path-type-make-it-into-the-nix-store-and-when-not

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Florian Jacob added 2 commits April 1, 2019 20:01
nixos/mysql: fix support for non-specified database schema
77978c1 
and increase test coverage to catch this
nixos/mysql: fix initialScript option
14571f5 
which was wrongly specified as types.lines
Prevent it from getting copied to nix store as people might use it for
credentials, and make the tests cover it.
@florianjacob
Copy link
Contributor Author

@schneefux can you give this a test, please? I don't personally use those two features, which is why those errors slipped through. Therefore tried to improve test coverage for those.

This should also fix the issue you would have come up with next, as initialScript was wrongly typed by me as multiline as I thought it's something like extraConfig, while it is actually a file. Should also stop initialScript from turning up in /nix/store, as you brought to my mind that people will likely store credentials in it as there is no other way to create users with passwords declaratively.

@florianjacob
Copy link
Contributor Author

@GrahamcOfBorg test mysql

@schneefux
Copy link
Contributor

Yeah, that works. Good job, thank you!

aanderse
aanderse requested changes Apr 14, 2019
View reviewed changes
Copy link
Member

@aanderse aanderse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nixpkgs/nixos/modules/services/databases/mysql.nix

Lines 366 to 375 in 14571f5

# TODO: this silently falls through if database.schema does not exist,
# we should catch this somehow and exit, but can't do it here because we're in a subshell.
if [ -f "${database.schema}" ]
then
cat ${database.schema}
elif [ -d "${database.schema}" ]
then
cat ${database.schema}/mysql-databases/*.sql
fi
''}

Can you please provide some documentation explaining how the user can make use of line 373? Seems like a useful feature that most people wouldn't even know exists.

@flokli
Copy link
Contributor

flokli commented May 21, 2019

Ping :-)

Ran into the current breakage at #57550 (comment) too.

@infinisil
Copy link
Member

I'll merge this for now

@aanderse This can be done in a follow-up PR. For now fixing this regression is more important.

@aanderse
Copy link
Member

@infinisil @flokli Yes, sorry. This sorta fell off my radar and I should have circled back. Thanks.

@infinisil infinisil merged commit f631167 into NixOS:master May 24, 2019
@schneefux schneefux mentioned this pull request May 27, 2019
Closed
@florianjacob florianjacob deleted the fix-mysql branch June 13, 2019 20:08
@florianjacob
Copy link
Contributor Author

Can you please provide some documentation explaining how the user can make use of line 373? Seems like a useful feature that most people wouldn't even know exists.

@aanderse sorry for my absence, and thanks for your review. While you're right and I think know how that option is intended, I never used it and will therefore refrain from trying to improve it, as this was how I introduced this regression in the first place. :/

@aanderse
Copy link
Member

@florianjacob no problem, fair enough.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aanderse aanderse aanderse requested changes

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@florianjacob @schneefux @flokli @infinisil @aanderse @GrahamcOfBorg