Hello, Caddy is written in go, so it seems that modules can only be added by rebuilding the project. I am requesting that the next version of the ebuild include support for building the project (perhaps controlled by a USE flag) with Paul Greenberg's "caddy-security" module. This module appears to be mature and well supported. There are quite a few references to it in the official documentation at caddyserver.com. The module adds additional authentication and authorization features to Caddy. Thank you Reproducible: Always
caddy-security github: https://github.com/greenpau/caddy-security It looks like the maintainer, Paul Greenberg, started a company called authcrunch which is sponsoring the development of the module and hosting some of the documentation: https://authcrunch.com/ I look forward to hearing your thoughts! Thank you again.
Maybe we can add a USE flag to patch it in like we did for events-handlers-exec here: https://github.com/gentoo/gentoo/pull/35232
Yes it does seem straightforward if we use that nice function 'add_custom_module' that Rahil wrote. I can take care of this myself and create a pull request if you are okay with that. I didn't do it originally because I am not a regular contributor and I was not sure if an unexpected pull request from a stranger was welcome :)
Yes, this module seems to be fairly popular so a pull request would be welcome, thanks!
> Yes it does seem straightforward if we use that nice function 'add_custom_module' that Rahil wrote. I can take care of this myself and create a pull request if you are okay with that. I didn't do it originally because I am not a regular contributor and I was not sure if an unexpected pull request from a stranger was welcome :) You're very welcome to create PR. But it isn't as straight forward as it looks because in the case of "events-handlers-exec", there was just one more MB of size added (uncompressed) to deps.tar because it is a very simple and minimal module, so I just bundled it with vanilla deps.tar. Where as in caddy-security it adds 300+ mb, so you've to provide different another layer of deps.tar on top of vanilla deps.tar which is doable but complicates packaging and maintenance. Another issue is patching go.mod. I'll have to do conditionally patch ( use security && eapply security.patch ) the source which is considered bad practice and discouraged. If Zac allows me to conditionally patch it, I'll create the PR. Another solution I can think of is to only provide extra USE=security in -9999 live ebuild, so that it would be as easy as just `go get github.com/greenpau/caddy-security` and importing it in cmd/caddy/main.go.
(In reply to Rahil Bhimjiani from comment #5) > If Zac allows me to conditionally patch it, I'll create the PR. Another > solution I can think of is to only provide extra USE=security in -9999 live > ebuild, so that it would be as easy as just `go get > github.com/greenpau/caddy-security` and importing it in cmd/caddy/main.go. Yeah that's fine as long as upstream doesn't provide a better process for this. I see they have some kind of xcaddy tool, not sure if that could help us: https://github.com/caddyserver/caddy#with-version-information-andor-plugins
(In reply to Rahil Bhimjiani from comment #5) > But it isn't as straight forward as it looks because in the case of > "events-handlers-exec", there was just one more MB of size added > (uncompressed) to deps.tar because it is a very simple and minimal module, > so I just bundled it with vanilla deps.tar. Where as in caddy-security it > adds 300+ mb, so you've to provide different another layer of deps.tar on > top of vanilla deps.tar which is doable but complicates packaging and > maintenance. Right, I forgot about the 'deps' issue. With that in mind, simply adding Caddy modules as USE flags doesn't seem sustainable. We could maybe add this one now, but then when there are more future modules to add it may become too much of a burden like you said. (In reply to Zac Medico from comment #6) > I see they have some kind of xcaddy tool, not sure if that could help. Maybe that is the solution instead. It is a tool that fetches and rebuilds Caddy from source along with user-specified modules and options. I haven't tried it yet so that's really all I know about it. Maybe we package xcaddy separately? and then maybe there is a caddy symlink that lets you eselect which binary you want to use from among the versions you have installed? Or maybe instead of adding any further modules as USE flags we just add an xcaddy use flag which installs xcaddy along with the normal package contents. I still see the necessity of some sort of symlink though, because otherwise the custom built caddy binary will be overwritten when the package is updated. The only problem with the xcaddy approach is that the user is essentially managing the package manually at that point. Users might expect that their system is up to date after an 'emerge --update' when really the binary built with xcaddy is unchanged. Maybe this isn't really a problem. Gentoo users are power-users after all. Either way I certainly don't want to turn the package maintenance into a chore just for my own benefit. I am going to try out xcaddy so I am a bit more informed and then maybe I can contribute some better ideas. Thank you both for your expertise and input!
jcazeault, done. Let's unleash the power of Gentoo. :) Apply this patch in your ::gentoo and report back. https://github.com/gentoo/gentoo/pull/35773.patch Thanks to you I discovered new way to drastically reduce deps tarball size <3
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d101be0ef15dbc2dc92b22b15f41d4c8861c32dd commit d101be0ef15dbc2dc92b22b15f41d4c8861c32dd Author: Rahil Bhimjiani <me@rahil.rocks> AuthorDate: 2024-03-15 13:26:54 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-03-16 22:26:57 +0000 www-servers/caddy: add 2.7.6-r2 with new USE, security * Adds `security` module https://caddyserver.com/docs/modules/security * Significantly reducing size of deps' tarball from 125MiB => 8MiB Steps to package this: 1. `go get` all extra modules 2. import all extra modules in cmd/caddy/main.go 3. `go mod vendor` 4. create tarball with patch (of go.mod and go.sum) and vendor/ Closes: https://bugs.gentoo.org/926873 Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Closes: https://github.com/gentoo/gentoo/pull/35773 Signed-off-by: Zac Medico <zmedico@gentoo.org> www-servers/caddy/Manifest | 1 + www-servers/caddy/caddy-2.7.6-r2.ebuild | 131 ++++++++++++++++++++++++++++++++ www-servers/caddy/caddy-9999.ebuild | 44 ++++++----- www-servers/caddy/metadata.xml | 5 ++ 4 files changed, 160 insertions(+), 21 deletions(-)
