Open erdnaxe opened 2 years ago
ping @martinetd
Thanks for the cc.
There's no reason except nobody did it, no. I wasn't aware of this service when I did my rework and don't personally feel strongly about using upstream service units.
We could use the upstream unit with a symlink to /etc/logrotate.conf and/or overriding just the start action whichever looks better. The hardening options probably ought to be somehow copied if the immediate check service is kept (I'd like it to), otherwise it might not fail if the hardening introduce some regressions making the check less useful, but that's not a hard requirement either.
I don't think I'll be implementing that switch in the forseeable future but would be happy to review/test if anyone does, and the tests in nixosTests.logrotate should be enough to do this fearlessly so that'd be a good first issue if we have such a label.
(EDIT: missed negation...)
@erdnaxe looks like a good unit from upstream. Awesome!
Is there any information you require to craft up a PR to do this? It would be great if you could! And I would be more than happy to provide answer any questions if you're not sure how to do something.
Describe the bug
It seems that NixOS logrotate module manually defines
logrotate.service
: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/logging/logrotate.nix#L388Upstream ships a
logrotate.service
with hardening options: https://github.com/logrotate/logrotate/blob/master/examples/logrotate.serviceArchLinux, OpenSUSE, Fedora and Debian are all using upstream
logrotate.service
. Is there a reason we are not following this trend and shipping a less hardened configuration?Steps To Reproduce
Steps to reproduce the behavior:
logrotate
service on NixOS.systemctl cat logrotate
and observe that it does not contain upstream options.Notify maintainers
@viric
Metadata