bug#56799: (gnu services configuration) usage of *unspecified* is problematic

[Maxim Cournoyer]

Hi Attila!

Attila Lendvai <attila@lendvai.name> writes:

>> OK, I've reread this, and it is indeed a risk, that 'unset could leak in
>> the case of a serializable configuration making use of a maybe-value
>> field of type maybe-symbol. I've added the unit test suggested as
>> 97cb43e732a38758c95b7caf3963507188d011cf (currently marked as 'expected
>> to fail'). Luckily no current service uses that.
>
> thank you for that Maxim!

>
> and sorry for my initial, somewhat reactive, and emotionally driven
> response earlier! maintaining a channel with complex services, and
> finally getting the changes i needed merged into Guix proper was a
> source of frustration for me.

No worries.  We all get caught in emotions at times.  It's not
necessarily a bad thing, it's a sign we are invested and care.

> i've looked at the current state of the code, and it looks good to me. the 
> only issues i have left are the following:
>
> 1) the (eq 'unset ...) scattered around the code; it should be hidden
> behind an explicit abstraction, but you yourself mentioned this
> already in an earlier mail. i'd call it CONFIGURATION-FIELD-SET?
> (instead of MAYBE-SET?). it's longer, but we have completion in emacs,
> and it won't be used a gazillion times all around the code either.

I had used maybe-value-set? because the maybe values are define via the
'define-maybe' syntax; they are not really part of
'define-configuration' and are sometimes used outside of it, such as in
(guix home ssh).

> 2) the lack of an abstraction for the unset/unspecified
> value. whatever we use as the marker should be hidden behind either an
> exported global variable, or a function called
> UNSET-CONFIGURATION-FIELD! (or something alike). i should have
> introduced these myself, and then your fix would have been as simple
> as replacing *UNSPECIFIED* with 'UNSET in the abstraction.

An exported variable seems simplest and perhaps less awkward to use,
e.g. %unset or similar, although it's a bit ugly that we need to reify
an unspecified value :-).

> 3) the SYMBOL? corner case that your test captures, but it's not a burning 
> issue for me (it doesn't affect the user facing API, once the above leakages 
> are fixed).
>
> do you agree? if yes, will you implement it, or shall i prepare a patch?

I sent a patch somewhere for the maybe-value-set?, see message-id
<87bkstnd2d.fsf@gmail.com> up this thread.  I'd be happy if you could
prepare a patch for the other things mentionned here (an exported
symbol).

> one more note: sometimes it's useful to have a field with a maybe type
> that also has a default, together with the ability to explicitly unset
> this field.

True.  I'd prefer if this never was true for simplicity (a maybe field
would not need to take a default value), but the reality is that we may
want to set a sane default value while allowing the user to clear the
field to have the software use its default behavior.

>
> an example would be a port specification for a torrent client: it has some 
> default port, but it's possible to explicitly unset the port value to request 
> the allocation of a random port at startup.
>
> to better accommodate for this use case, 2) should probably be
> implemented not as an UNSET-FOO! function, but as a global variable
> holding the unset value marker. or maybe both?

I'd keep things simple with the exported unspecified value rather than
both.  A single, obvious way to do things is simpler.

Thanks,

Maxim