unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: "Ludovic Courtès" <ludo@gnu.org>
To: Ricardo Wurmus <rekado@elephly.net>
Cc: guix-devel@gnu.org
Subject: Re: Make guix-publish's URL identical to cache file name
Date: Sun, 08 Nov 2020 18:08:19 +0100	[thread overview]
Message-ID: <87lffbvksc.fsf@gnu.org> (raw)
In-Reply-To: <87d00pya7k.fsf@elephly.net> (Ricardo Wurmus's message of "Sat, 07 Nov 2020 07:03:59 +0100")

[-- Attachment #1: Type: text/plain, Size: 1220 bytes --]

Hi,

Ricardo Wurmus <rekado@elephly.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> The simplest solution for now (I think that’s what Ricardo & co. had in
>> mind) would be for you to retrieve /var/cache/guix/publish on your
>> server, as is, and then run ‘guix publish’ on your sever: it will know
>> where to find files.  As I wrote to Jonathan, you can/should also run
>> nginx on top of that as a proxy to your local ‘guix publish’.
>>
>> Ricardo, can you remind us what the next steps would be?
>
> We need to make sure that *all* the files produced by “guix publish”
> have correct permissions; IIRC some of the files are not readable at all
> by users other than the owner of the files.

Oops, I had forgotten, my bad.  I’ll push the attached patch later
today.

Next we’ll need to update the ‘guix’ package, restart ‘guix publish’ on
berlin, and chmod a+r -R /var/cache/guix/publish.

> Once that’s done we just need to start the rsync daemon again,
> preferably as a shepherd service.

Yes.

Sounds like we have a plan!

Peng Mei Yu: make sure to ping us in the coming weeks if you don’t hear
from us by then!

Thanks,
Ludo’.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 2010 bytes --]

diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index e8faf379e2..e3c8711f5b 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -583,7 +583,10 @@ requested using POOL."
      ;; guarantee the TTL (see <https://bugs.gnu.org/28664>.)
      (with-atomic-file-output nar
        (lambda (port)
-         (write-file item port))))))
+         (write-file item port)
+         ;; Make the file world-readable, contrary to what
+         ;; 'with-atomic-file-output' does.
+         (chmod port (logand #o644 (lognot (umask)))))))))
 
 (define* (bake-narinfo+nar cache item
                            #:key ttl (compressions (list %no-compression))
@@ -615,7 +618,12 @@ requested using POOL."
                                           #:nar-path nar-path
                                           #:compressions compressions
                                           #:file-sizes sizes)
-                          port)))))
+                          port)))
+
+             ;; Make the cached narinfo world-readable, contrary to what
+             ;; 'with-atomic-file-output' does, so that other users can rsync
+             ;; the whole cache.
+             (chmod port (logand #o644 (lognot (umask))))))
 
          ;; Make narinfo files for OTHERS hard links to NARINFO such that the
          ;; atime-based cache eviction considers either all the nars or none
diff --git a/tests/publish.scm b/tests/publish.scm
index e46e6256b7..cafd0f13a2 100644
--- a/tests/publish.scm
+++ b/tests/publish.scm
@@ -434,6 +434,11 @@ References: ~%"
                  (< ttl 3600)))
 
               (wait-for-file cached)
+
+              ;; Both the narinfo and nar should be world-readable.
+              (= #o644 (stat:perms (lstat cached)))
+              (= #o644 (stat:perms (lstat nar)))
+
               (let* ((body         (http-get-port url))
                      (compressed   (http-get nar-url))
                      (uncompressed (http-get (string-append base "nar/"

  reply	other threads:[~2020-11-08 17:08 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-04  8:46 Make guix-publish's URL identical to cache file name Peng Mei Yu
2020-11-04 12:01 ` Jonathan Brielmaier
2020-11-05  1:55   ` Peng Mei Yu
2020-11-13 12:53     ` zimoun
2020-11-06  9:51   ` Ludovic Courtès
2020-11-06  9:55 ` Ludovic Courtès
2020-11-07  6:03   ` Ricardo Wurmus
2020-11-08 17:08     ` Ludovic Courtès [this message]
2020-12-09  8:29       ` Peng Mei Yu
2020-12-14  9:54         ` Ludovic Courtès
2021-01-11  2:13           ` Peng Mei Yu
2020-11-09  2:59   ` Peng Mei Yu
2020-11-12 20:37     ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87lffbvksc.fsf@gnu.org \
    --to=ludo@gnu.org \
    --cc=guix-devel@gnu.org \
    --cc=rekado@elephly.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).