From 5e974362befc270ad8f142fb2eb760f169873e9c Mon Sep 17 00:00:00 2001
From: Silvan Mosberger <infinisil@icloud.com>
Date: Wed, 24 Jul 2019 20:26:22 +0200
Subject: [PATCH 1/2] nixos/couchdb: Prevent it from chowning /var/log to
 couchdb:couchdb
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The default for logFile is /var/log/couchdb.log, and the tmpfile rules chown
${dirOf cfg.logFile}, which is just /var/log, to couchdb:couchdb.

This was found by Edes' report on IRC, which looked like

    Detected unsafe path transition /var/log → /var/log/journal during canonicalization of /var/log/journal

While this bug has been present since the initial couchdb module in
62438c09f7cc811f994510550614c9265b3b1d18 by @garbas, this wasn't a
problem, because the initial module only created and chowned /var/log
if it didn't exist yet, which can't occur because this gets created in
the initial phases of NixOS startup.

However with the recent move from manual preStart chown scripts to
systemd.tmpfiles.rules in 062efe018d571b1daa9c37b8c99eb39ad47d7342 (#59389),
this chown is suddenly running unconditionally at every system
activation, therefore triggering the above error.
---
 nixos/modules/services/databases/couchdb.nix | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/services/databases/couchdb.nix b/nixos/modules/services/databases/couchdb.nix
index 5ddf8ba4bfbd..77e404116c8a 100644
--- a/nixos/modules/services/databases/couchdb.nix
+++ b/nixos/modules/services/databases/couchdb.nix
@@ -160,7 +160,7 @@ in {
 
     systemd.tmpfiles.rules = [
       "d '${dirOf cfg.uriFile}' - ${cfg.user} ${cfg.group} - -"
-      "d '${dirOf cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
+      "f '${cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
       "d '${cfg.databaseDir}' -  ${cfg.user} ${cfg.group} - -"
       "d '${cfg.viewIndexDir}' -  ${cfg.user} ${cfg.group} - -"
     ];
@@ -169,11 +169,9 @@ in {
       description = "CouchDB Server";
       wantedBy = [ "multi-user.target" ];
 
-      preStart =
-        ''
+      preStart = ''
         touch ${cfg.configFile}
-        touch -a ${cfg.logFile}
-        '';
+      '';
 
       environment = mkIf useVersion2 {
         # we are actually specifying 4 configuration files:

From 12eb0f524bdaf2cd81e6fc09d05af189cb68a502 Mon Sep 17 00:00:00 2001
From: Silvan Mosberger <infinisil@icloud.com>
Date: Wed, 24 Jul 2019 20:48:43 +0200
Subject: [PATCH 2/2] nixos/tests: Reenable couchdb

Works just fine in current master
---
 nixos/tests/all-tests.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index bc5f18d22bcc..60e70c5de5eb 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -56,7 +56,7 @@ in
   containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
   containers-restart_networking = handleTest ./containers-restart_networking.nix {};
   containers-tmpfs = handleTest ./containers-tmpfs.nix {};
-  #couchdb = handleTest ./couchdb.nix {}; # spidermonkey-1.8.5 is marked as broken
+  couchdb = handleTest ./couchdb.nix {};
   deluge = handleTest ./deluge.nix {};
   dhparams = handleTest ./dhparams.nix {};
   dnscrypt-proxy = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy.nix {};