GNU bug report logs -
#41259
[PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
Previous Next
Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>
Date: Thu, 14 May 2020 13:50:01 UTC
Severity: normal
Tags: patch
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41259 in the body.
You can then email your comments to 41259 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 13:50:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Tobias Geerinckx-Rice <me <at> tobias.gr>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 14 May 2020 13:50:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* etc/gnu-store.mount.in: New file.
* nix/local.mk (nodist_systemdservice_DATA): Add it.
(etc/%.mount): New rule.
* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
* doc/guix.texi (Binary Installation): Document it.
---
For <https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
doc/guix.texi | 5 +++--
etc/gnu-store.mount.in | 14 ++++++++++++++
etc/guix-install.sh | 12 +++++++++---
nix/local.mk | 12 +++++++++++-
4 files changed, 37 insertions(+), 6 deletions(-)
create mode 100644 etc/gnu-store.mount.in
diff --git a/doc/guix.texi b/doc/guix.texi
index d6fbd85fde..5d80a7e405 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -659,9 +659,10 @@ with these commands:
@c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
@example
-# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
+ ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
/etc/systemd/system/
-# systemctl enable --now guix-daemon
+# systemctl enable --now gnu-store.mount guix-daemon
@end example
If your host distro uses the Upstart init system:
diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
new file mode 100644
index 0000000000..c94f2db72b
--- /dev/null
+++ b/etc/gnu-store.mount.in
@@ -0,0 +1,14 @@
+[Unit]
+Description=Read-only @storedir@ for GNU Guix
+DefaultDependencies=no
+ConditionPathExists=@storedir@
+Before=guix-daemon.service
+
+[Install]
+WantedBy=guix-daemon.service
+
+[Mount]
+What=@storedir@
+Where=@storedir@
+Type=none
+Options=bind,ro
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 4909d3f162..d252c132fb 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
_msg "${PAS}enabled Guix daemon via upstart"
;;
systemd)
- { cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
+ { # systemd .mount units must be named after the target directory.
+ # Here we assume a hard-coded name of /gnu/store.
+ cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
+ /etc/systemd/system/;
+ chmod 664 /etc/systemd/system/gnu-store.mount;
+
+ cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
/etc/systemd/system/;
chmod 664 /etc/systemd/system/guix-daemon.service;
@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
fi;
systemctl daemon-reload &&
- systemctl start guix-daemon &&
- systemctl enable guix-daemon; } &&
+ systemctl start gnu-store.mount guix-daemon &&
+ systemctl enable gnu-store.mount guix-daemon; } &&
_msg "${PAS}enabled Guix daemon via systemd"
;;
sysv-init)
diff --git a/nix/local.mk b/nix/local.mk
index a64bdd2137..435fdd389a 100644
--- a/nix/local.mk
+++ b/nix/local.mk
@@ -155,7 +155,17 @@ noinst_HEADERS = \
# The '.service' files for systemd.
systemdservicedir = $(libdir)/systemd/system
-nodist_systemdservice_DATA = etc/guix-daemon.service etc/guix-publish.service
+nodist_systemdservice_DATA = \
+ etc/gnu-store.mount \
+ etc/guix-daemon.service \
+ etc/guix-publish.service
+
+etc/%.mount: etc/%.mount.in \
+ $(top_builddir)/config.status
+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \
+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \
+ "$<" > "$@.tmp"; \
+ mv "$@.tmp" "$@"
etc/guix-%.service: etc/guix-%.service.in \
$(top_builddir)/config.status
--
2.26.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 13:54:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 41259 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Tobias Geerinckx-Rice 写道:
> A simple
>
> $ sudo mount -o bind,ro /gnu/store /gnu/store
I decided to write a q&d patch that does just that
<https://issues.guix.gnu.org/41259>.
Caveats:
- It's lightly tested (the only non-Guix System I have SSH access
to is someone's laptop, currently being used to consume ‘dank
memes’, and I cannot risk performing any action that could stop
the flow of memes),
- it only fixes the problem on modern^Wsystemd systems (I'm fine
with that),
- the unit name could be templated to @storedir@ as well. Worth
it?
Feedback and testing welcome.
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 14:03:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 41259 <at> debbugs.gnu.org (full text, mbox):
Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via Guix-patches via <guix-patches <at> gnu.org> a écrit :
>* etc/gnu-store.mount.in: New file.
>* nix/local.mk (nodist_systemdservice_DATA): Add it.
>(etc/%.mount): New rule.
>* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
>* doc/guix.texi (Binary Installation): Document it.
>---
>
>For
><https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
>
> doc/guix.texi | 5 +++--
> etc/gnu-store.mount.in | 14 ++++++++++++++
> etc/guix-install.sh | 12 +++++++++---
> nix/local.mk | 12 +++++++++++-
> 4 files changed, 37 insertions(+), 6 deletions(-)
> create mode 100644 etc/gnu-store.mount.in
>
>diff --git a/doc/guix.texi b/doc/guix.texi
>index d6fbd85fde..5d80a7e405 100644
>--- a/doc/guix.texi
>+++ b/doc/guix.texi
>@@ -659,9 +659,10 @@ with these commands:
> @c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
>
> @example
>-# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>\
>+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
>+ ~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>\
> /etc/systemd/system/
>-# systemctl enable --now guix-daemon
>+# systemctl enable --now gnu-store.mount guix-daemon
> @end example
>
> If your host distro uses the Upstart init system:
>diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
>new file mode 100644
>index 0000000000..c94f2db72b
>--- /dev/null
>+++ b/etc/gnu-store.mount.in
>@@ -0,0 +1,14 @@
>+[Unit]
>+Description=Read-only @storedir@ for GNU Guix
>+DefaultDependencies=no
>+ConditionPathExists=@storedir@
>+Before=guix-daemon.service
>+
>+[Install]
>+WantedBy=guix-daemon.service
>+
>+[Mount]
>+What=@storedir@
>+Where=@storedir@
>+Type=none
>+Options=bind,ro
>diff --git a/etc/guix-install.sh b/etc/guix-install.sh
>index 4909d3f162..d252c132fb 100755
>--- a/etc/guix-install.sh
>+++ b/etc/guix-install.sh
>@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
> _msg "${PAS}enabled Guix daemon via upstart"
> ;;
> systemd)
>- { cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>\
>+ { # systemd .mount units must be named after the target
>directory.
>+ # Here we assume a hard-coded name of /gnu/store.
>+ cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount"
>\
>+ /etc/systemd/system/;
>+ chmod 664 /etc/systemd/system/gnu-store.mount;
>+
>+ cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>\
> /etc/systemd/system/;
> chmod 664 /etc/systemd/system/guix-daemon.service;
>
>@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
> fi;
>
> systemctl daemon-reload &&
>- systemctl start guix-daemon &&
>- systemctl enable guix-daemon; } &&
>+ systemctl start gnu-store.mount guix-daemon &&
>+ systemctl enable gnu-store.mount guix-daemon; } &&
> _msg "${PAS}enabled Guix daemon via systemd"
> ;;
> sysv-init)
>diff --git a/nix/local.mk b/nix/local.mk
>index a64bdd2137..435fdd389a 100644
>--- a/nix/local.mk
>+++ b/nix/local.mk
>@@ -155,7 +155,17 @@ noinst_HEADERS = \
>
> # The '.service' files for systemd.
> systemdservicedir = $(libdir)/systemd/system
>-nodist_systemdservice_DATA = etc/guix-daemon.service
>etc/guix-publish.service
>+nodist_systemdservice_DATA = \
>+ etc/gnu-store.mount \
>+ etc/guix-daemon.service \
>+ etc/guix-publish.service
>+
>+etc/%.mount: etc/%.mount.in \
>+ $(top_builddir)/config.status
>+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \
>+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \
>+ "$<" > "$@.tmp"; \
>+ mv "$@.tmp" "$@"
>
> etc/guix-%.service: etc/guix-%.service.in \
> $(top_builddir)/config.status
I see that's how it's done with the existing service, but why sed the .in file when we could let configure.ac take care of it?
I'll try that on a VM of a foreign distro soonish and report. Thanks!
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 14:15:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 41259 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Julien Lepiller <julien <at> lepiller.eu> writes:
>>+etc/%.mount: etc/%.mount.in \
>>+ $(top_builddir)/config.status
>>+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \
>>+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \
>>+ "$<" > "$@.tmp"; \
>>+ mv "$@.tmp" "$@"
>>
>> etc/guix-%.service: etc/guix-%.service.in \
>> $(top_builddir)/config.status
>
> I see that's how it's done with the existing service, but why sed the .in file when we could let configure.ac take care of it?
Because --storedir can in theory be something like '$prefix/store',
which would not get properly expanded by configure. See "Installation
Directory Variables" in the GNU Autoconf manual:
https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html
(in particular scroll down to the notice about AC_CONFIG_FILES)
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 14:22:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 41259 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Julien,
Julien Lepiller 写道:
>> etc/guix-%.service: etc/guix-%.service.in \
>> $(top_builddir)/config.status
>
> I see that's how it's done with the existing service, but why
> sed the .in file when we could let configure.ac take care of it?
¯\_(ツ)_/¯!
TBH I wondered the same thing but am not in deep-dive mode ATM.
> I'll try that on a VM of a foreign distro soonish and
> report. Thanks!
Thank you! I'm still in the middle of reinstalling Guix on my
main laptop, which should give me back my magical KVM powers.
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 14:25:02 GMT)
Full text and
rfc822 format available.
Message #20 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Tobias Geerinckx-Rice via Guix-patches via 写道:
> systemctl daemon-reload &&
> - systemctl start guix-daemon &&
> - systemctl enable guix-daemon; } &&
> + systemctl start gnu-store.mount guix-daemon
> &&
> + systemctl enable gnu-store.mount guix-daemon;
> } &&
Speaking of things I wondered: I'm no systemd wizard but I think
‘enable --now’ would be equivalent and less repetitive.
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 14:25:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 14:26:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 41259 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Marius Bakke 写道:
>> I see that's how it's done with the existing service, but why
>> sed the .in file when we could let configure.ac take care of
>> it?
>
> Because --storedir can in theory be something like
> '$prefix/store',
> which would not get properly expanded by configure.
Makes sense. Thanks Marius,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 16:36:01 GMT)
Full text and
rfc822 format available.
Message #29 received at submit <at> debbugs.gnu.org (full text, mbox):
Le 14 mai 2020 10:01:51 GMT-04:00, Julien Lepiller <julien <at> lepiller.eu> a écrit :
>Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via
>Guix-patches via <guix-patches <at> gnu.org> a écrit :
>>* etc/gnu-store.mount.in: New file.
>>* nix/local.mk (nodist_systemdservice_DATA): Add it.
>>(etc/%.mount): New rule.
>>* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
>>* doc/guix.texi (Binary Installation): Document it.
>>---
>>
>>For
>><https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
>>
>> doc/guix.texi | 5 +++--
>> etc/gnu-store.mount.in | 14 ++++++++++++++
>> etc/guix-install.sh | 12 +++++++++---
>> nix/local.mk | 12 +++++++++++-
>> 4 files changed, 37 insertions(+), 6 deletions(-)
>> create mode 100644 etc/gnu-store.mount.in
>>
>>diff --git a/doc/guix.texi b/doc/guix.texi
>>index d6fbd85fde..5d80a7e405 100644
>>--- a/doc/guix.texi
>>+++ b/doc/guix.texi
>>@@ -659,9 +659,10 @@ with these commands:
>> @c
>https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
>>
>> @example
>>-# cp
>~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>>\
>>+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
>>+
>~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>>\
>> /etc/systemd/system/
>>-# systemctl enable --now guix-daemon
>>+# systemctl enable --now gnu-store.mount guix-daemon
>> @end example
>>
>> If your host distro uses the Upstart init system:
>>diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
>>new file mode 100644
>>index 0000000000..c94f2db72b
>>--- /dev/null
>>+++ b/etc/gnu-store.mount.in
>>@@ -0,0 +1,14 @@
>>+[Unit]
>>+Description=Read-only @storedir@ for GNU Guix
>>+DefaultDependencies=no
>>+ConditionPathExists=@storedir@
>>+Before=guix-daemon.service
>>+
>>+[Install]
>>+WantedBy=guix-daemon.service
>>+
>>+[Mount]
>>+What=@storedir@
>>+Where=@storedir@
>>+Type=none
>>+Options=bind,ro
>>diff --git a/etc/guix-install.sh b/etc/guix-install.sh
>>index 4909d3f162..d252c132fb 100755
>>--- a/etc/guix-install.sh
>>+++ b/etc/guix-install.sh
>>@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
>> _msg "${PAS}enabled Guix daemon via upstart"
>> ;;
>> systemd)
>>- { cp
>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>>\
>>+ { # systemd .mount units must be named after the target
>>directory.
>>+ # Here we assume a hard-coded name of /gnu/store.
>>+ cp
>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount"
>>\
>>+ /etc/systemd/system/;
>>+ chmod 664 /etc/systemd/system/gnu-store.mount;
>>+
>>+ cp
>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>>\
>> /etc/systemd/system/;
>> chmod 664 /etc/systemd/system/guix-daemon.service;
>>
>>@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
>> fi;
>>
>> systemctl daemon-reload &&
>>- systemctl start guix-daemon &&
>>- systemctl enable guix-daemon; } &&
>>+ systemctl start gnu-store.mount guix-daemon &&
>>+ systemctl enable gnu-store.mount guix-daemon; } &&
>> _msg "${PAS}enabled Guix daemon via systemd"
>> ;;
>> sysv-init)
>>diff --git a/nix/local.mk b/nix/local.mk
>>index a64bdd2137..435fdd389a 100644
>>--- a/nix/local.mk
>>+++ b/nix/local.mk
>>@@ -155,7 +155,17 @@ noinst_HEADERS = \
>>
>> # The '.service' files for systemd.
>> systemdservicedir = $(libdir)/systemd/system
>>-nodist_systemdservice_DATA = etc/guix-daemon.service
>>etc/guix-publish.service
>>+nodist_systemdservice_DATA = \
>>+ etc/gnu-store.mount \
>>+ etc/guix-daemon.service \
>>+ etc/guix-publish.service
>>+
>>+etc/%.mount: etc/%.mount.in \
>>+ $(top_builddir)/config.status
>>+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \
>>+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \
>>+ "$<" > "$@.tmp"; \
>>+ mv "$@.tmp" "$@"
>>
>> etc/guix-%.service: etc/guix-%.service.in \
>> $(top_builddir)/config.status
>
>I see that's how it's done with the existing service, but why sed the
>.in file when we could let configure.ac take care of it?
>
>I'll try that on a VM of a foreign distro soonish and report. Thanks!
I tested it on a debian VM and it worked well. I tested the installer script and it fails at installing the .mount unit, because it does not exist in the tarball.
After installing the unit manually, I could start the .mount service and found that I was not able to remove store store items with rm. I checked that Guix is able to install new store items.
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 16:36:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Thu, 14 May 2020 18:50:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 41259 <at> debbugs.gnu.org (full text, mbox):
Le 14 mai 2020 12:35:12 GMT-04:00, Julien Lepiller <julien <at> lepiller.eu> a écrit :
>Le 14 mai 2020 10:01:51 GMT-04:00, Julien Lepiller <julien <at> lepiller.eu>
>a écrit :
>>Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via
>>Guix-patches via <guix-patches <at> gnu.org> a écrit :
>>>* etc/gnu-store.mount.in: New file.
>>>* nix/local.mk (nodist_systemdservice_DATA): Add it.
>>>(etc/%.mount): New rule.
>>>* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
>>>* doc/guix.texi (Binary Installation): Document it.
>>>---
>>>
>>>For
>>><https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
>>>
>>> doc/guix.texi | 5 +++--
>>> etc/gnu-store.mount.in | 14 ++++++++++++++
>>> etc/guix-install.sh | 12 +++++++++---
>>> nix/local.mk | 12 +++++++++++-
>>> 4 files changed, 37 insertions(+), 6 deletions(-)
>>> create mode 100644 etc/gnu-store.mount.in
>>>
>>>diff --git a/doc/guix.texi b/doc/guix.texi
>>>index d6fbd85fde..5d80a7e405 100644
>>>--- a/doc/guix.texi
>>>+++ b/doc/guix.texi
>>>@@ -659,9 +659,10 @@ with these commands:
>>> @c
>>https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
>>>
>>> @example
>>>-# cp
>>~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>>>\
>>>+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
>>>+
>>~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>>>\
>>> /etc/systemd/system/
>>>-# systemctl enable --now guix-daemon
>>>+# systemctl enable --now gnu-store.mount guix-daemon
>>> @end example
>>>
>>> If your host distro uses the Upstart init system:
>>>diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
>>>new file mode 100644
>>>index 0000000000..c94f2db72b
>>>--- /dev/null
>>>+++ b/etc/gnu-store.mount.in
>>>@@ -0,0 +1,14 @@
>>>+[Unit]
>>>+Description=Read-only @storedir@ for GNU Guix
>>>+DefaultDependencies=no
>>>+ConditionPathExists=@storedir@
>>>+Before=guix-daemon.service
>>>+
>>>+[Install]
>>>+WantedBy=guix-daemon.service
>>>+
>>>+[Mount]
>>>+What=@storedir@
>>>+Where=@storedir@
>>>+Type=none
>>>+Options=bind,ro
>>>diff --git a/etc/guix-install.sh b/etc/guix-install.sh
>>>index 4909d3f162..d252c132fb 100755
>>>--- a/etc/guix-install.sh
>>>+++ b/etc/guix-install.sh
>>>@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
>>> _msg "${PAS}enabled Guix daemon via upstart"
>>> ;;
>>> systemd)
>>>- { cp
>>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>>>\
>>>+ { # systemd .mount units must be named after the target
>>>directory.
>>>+ # Here we assume a hard-coded name of /gnu/store.
>>>+ cp
>>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount"
>>>\
>>>+ /etc/systemd/system/;
>>>+ chmod 664 /etc/systemd/system/gnu-store.mount;
>>>+
>>>+ cp
>>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>>>\
>>> /etc/systemd/system/;
>>> chmod 664 /etc/systemd/system/guix-daemon.service;
>>>
>>>@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
>>> fi;
>>>
>>> systemctl daemon-reload &&
>>>- systemctl start guix-daemon &&
>>>- systemctl enable guix-daemon; } &&
>>>+ systemctl start gnu-store.mount guix-daemon &&
>>>+ systemctl enable gnu-store.mount guix-daemon; } &&
>>> _msg "${PAS}enabled Guix daemon via systemd"
>>> ;;
>>> sysv-init)
>>>diff --git a/nix/local.mk b/nix/local.mk
>>>index a64bdd2137..435fdd389a 100644
>>>--- a/nix/local.mk
>>>+++ b/nix/local.mk
>>>@@ -155,7 +155,17 @@ noinst_HEADERS = \
>>>
>>> # The '.service' files for systemd.
>>> systemdservicedir = $(libdir)/systemd/system
>>>-nodist_systemdservice_DATA = etc/guix-daemon.service
>>>etc/guix-publish.service
>>>+nodist_systemdservice_DATA = \
>>>+ etc/gnu-store.mount \
>>>+ etc/guix-daemon.service \
>>>+ etc/guix-publish.service
>>>+
>>>+etc/%.mount: etc/%.mount.in \
>>>+ $(top_builddir)/config.status
>>>+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \
>>>+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \
>>>+ "$<" > "$@.tmp"; \
>>>+ mv "$@.tmp" "$@"
>>>
>>> etc/guix-%.service: etc/guix-%.service.in \
>>> $(top_builddir)/config.status
>>
>>I see that's how it's done with the existing service, but why sed the
>>.in file when we could let configure.ac take care of it?
>>
>>I'll try that on a VM of a foreign distro soonish and report. Thanks!
>
>I tested it on a debian VM and it worked well. I tested the installer
>script and it fails at installing the .mount unit, because it does not
>exist in the tarball.
>
>After installing the unit manually, I could start the .mount service
>and found that I was not able to remove store store items with rm. I
>checked that Guix is able to install new store items.
For non systemd distros, adding the following line to /etc/fstab works:
@storedir@ @storedir@ none defaults,bind,ro 0 0
Then running "mount -a" remounts the store read-only.
I'm not sure how to integrate this properly in the installer script.
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Fri, 15 May 2020 07:36:01 GMT)
Full text and
rfc822 format available.
Message #38 received at 41259 <at> debbugs.gnu.org (full text, mbox):
Hello Tobias,
As this will conflict with the work I'm preparing (runit, openrc,
non-interactive-mode, busybox compatibility, local binary tarball
& misc cleanups)
I'll give it a spin on a bunch of different OS versions (fedora
rawhide, debian 9 & 10, devuan, alpine & void/i686) later today.
--
Vincent Legoll
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Fri, 15 May 2020 16:27:02 GMT)
Full text and
rfc822 format available.
Message #41 received at 41259 <at> debbugs.gnu.org (full text, mbox):
Hello Tobias,
shouldn't your patch also add: /etc/gnu-store.mount
to .gitignore ?
I'm doing the tests now, stay tuned for the results.
--
Vincent Legoll
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Fri, 15 May 2020 16:53:02 GMT)
Full text and
rfc822 format available.
Message #44 received at 41259 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Vincent,
Vincent Legoll 写道:
> shouldn't your patch also add: /etc/gnu-store.mount
> to .gitignore ?
Probably, it's not a file I ever think of. Done.
How does this conflict with your work?
Thanks,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Fri, 15 May 2020 16:56:02 GMT)
Full text and
rfc822 format available.
Message #47 received at 41259 <at> debbugs.gnu.org (full text, mbox):
Hello,
On 15/05/2020 18:52, Tobias Geerinckx-Rice wrote:
> How does this conflict with your work?
I'll get a merge conflict in etc/guix-install.sh and
maybe also in nix/local.mk but that's OK, it will be
simple enough to handle.
--
Vincent Legoll
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Sat, 16 May 2020 12:40:02 GMT)
Full text and
rfc822 format available.
Message #50 received at 41259 <at> debbugs.gnu.org (full text, mbox):
Hello Tobias,
yesterday's today is in fact today's today...
On 15/05/2020 18:55, Vincent Legoll wrote:
> I'll get a merge conflict in etc/guix-install.sh and
> maybe also in nix/local.mk but that's OK, it will be
> simple enough to handle.
I was too pessimistic, I'm not getting any merge conflict.
Your patch seems to be working nicely, I tested on a range
of VMs:
x86_64: alpine devuan fedora debian_stretch debian_buster
i686: void
guix is still working properly (search, show, build, gc,
package -i, -r, -l, -d)
And `rm -rf /gnu/store/*hello*' was correctly prevented
on the systemds (debian*, fedora) and the other ones let
the delete run.
LGTM
I'll try to come with something for the other init systems
and add that to my series...
--
Vincent Legoll
Information forwarded
to
guix-patches <at> gnu.org:
bug#41259; Package
guix-patches.
(Sat, 16 May 2020 14:05:02 GMT)
Full text and
rfc822 format available.
Message #53 received at 41259 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Vincent,
Vincent Legoll 写道:
> yesterday's today is in fact today's today...
I've tried to stop that but to no avail.
> I was too pessimistic, I'm not getting any merge conflict.
Happy to hear it. Git can be remarkably clever with 3-way merges
sometimes (and disappointingly dense at others).
> Your patch seems to be working nicely, I tested on a range
> of VMs:
>
> x86_64: alpine devuan fedora debian_stretch debian_buster
> i686: void
Thank you for being so thorough. You've given me the confidence
to push this to master as
1a1faa78b0498fbb71f1533beb4b65817c1d3f2a. Guess I'll leave this
bug open since it only solves it for systemd.
> I'll try to come with something for the other init systems
> and add that to my series...
I hope we can avoid touching users' fstab but don't know enough
about these other systems to say.
Thanks!
T G-R
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility.
(Tue, 03 Aug 2021 19:57:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Tobias Geerinckx-Rice <me <at> tobias.gr>:
bug acknowledged by developer.
(Tue, 03 Aug 2021 19:57:02 GMT)
Full text and
rfc822 format available.
Message #58 received at 41259-done <at> debbugs.gnu.org (full text, mbox):
Tobias Geerinckx-Rice <me <at> tobias.gr> writes:
> Vincent,
>
> Vincent Legoll 写道:
>> yesterday's today is in fact today's today...
>
> I've tried to stop that but to no avail.
>
>> I was too pessimistic, I'm not getting any merge conflict.
>
> Happy to hear it. Git can be remarkably clever with 3-way merges
> sometimes (and disappointingly dense at others).
>
>> Your patch seems to be working nicely, I tested on a range
>> of VMs:
>>
>> x86_64: alpine devuan fedora debian_stretch debian_buster
>> i686: void
>
> Thank you for being so thorough. You've given me the confidence to
> push this to master as 1a1faa78b0498fbb71f1533beb4b65817c1d3f2a.
> Guess I'll leave this bug open since it only solves it for systemd.
That's a patch, not a bug, though :-).
I'll close it now to spare someone else the time it took me to read
through and see whether bits had gone uncommitted :-).
Thank you,
Maxim
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 01 Sep 2021 11:24:11 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 235 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.