unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
@ 2020-05-14 13:48 Tobias Geerinckx-Rice via Guix-patches via
  2020-05-14 14:01 ` Julien Lepiller
                   ` (3 more replies)
  0 siblings, 4 replies; 15+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-05-14 13:48 UTC (permalink / raw)
  To: 41259

* etc/gnu-store.mount.in: New file.
* nix/local.mk (nodist_systemdservice_DATA): Add it.
(etc/%.mount): New rule.
* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
* doc/guix.texi (Binary Installation): Document it.
---

For <https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.

 doc/guix.texi          |  5 +++--
 etc/gnu-store.mount.in | 14 ++++++++++++++
 etc/guix-install.sh    | 12 +++++++++---
 nix/local.mk           | 12 +++++++++++-
 4 files changed, 37 insertions(+), 6 deletions(-)
 create mode 100644 etc/gnu-store.mount.in

diff --git a/doc/guix.texi b/doc/guix.texi
index d6fbd85fde..5d80a7e405 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -659,9 +659,10 @@ with these commands:
 @c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
 
 @example
-# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
+     ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
      /etc/systemd/system/
-# systemctl enable --now guix-daemon
+# systemctl enable --now gnu-store.mount guix-daemon
 @end example
 
 If your host distro uses the Upstart init system:
diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
new file mode 100644
index 0000000000..c94f2db72b
--- /dev/null
+++ b/etc/gnu-store.mount.in
@@ -0,0 +1,14 @@
+[Unit]
+Description=Read-only @storedir@ for GNU Guix
+DefaultDependencies=no
+ConditionPathExists=@storedir@
+Before=guix-daemon.service
+
+[Install]
+WantedBy=guix-daemon.service
+
+[Mount]
+What=@storedir@
+Where=@storedir@
+Type=none
+Options=bind,ro
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 4909d3f162..d252c132fb 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
                 _msg "${PAS}enabled Guix daemon via upstart"
             ;;
         systemd)
-            { cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
+            { # systemd .mount units must be named after the target directory.
+              # Here we assume a hard-coded name of /gnu/store.
+              cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
+                 /etc/systemd/system/;
+              chmod 664 /etc/systemd/system/gnu-store.mount;
+
+              cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
                  /etc/systemd/system/;
               chmod 664 /etc/systemd/system/guix-daemon.service;
 
@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
 	      fi;
 
               systemctl daemon-reload &&
-                  systemctl start guix-daemon &&
-                  systemctl enable guix-daemon; } &&
+                  systemctl start  gnu-store.mount guix-daemon &&
+                  systemctl enable gnu-store.mount guix-daemon; } &&
                 _msg "${PAS}enabled Guix daemon via systemd"
             ;;
         sysv-init)
diff --git a/nix/local.mk b/nix/local.mk
index a64bdd2137..435fdd389a 100644
--- a/nix/local.mk
+++ b/nix/local.mk
@@ -155,7 +155,17 @@ noinst_HEADERS =						\
 
 # The '.service' files for systemd.
 systemdservicedir = $(libdir)/systemd/system
-nodist_systemdservice_DATA = etc/guix-daemon.service etc/guix-publish.service
+nodist_systemdservice_DATA =			\
+  etc/gnu-store.mount				\
+  etc/guix-daemon.service			\
+  etc/guix-publish.service
+
+etc/%.mount: etc/%.mount.in	\
+			 $(top_builddir)/config.status
+	$(AM_V_GEN)$(MKDIR_P) "`dirname $@`";	\
+	$(SED) -e 's|@''storedir''@|$(storedir)|' <	\
+	       "$<" > "$@.tmp";		\
+	mv "$@.tmp" "$@"
 
 etc/guix-%.service: etc/guix-%.service.in	\
 			 $(top_builddir)/config.status
-- 
2.26.2





^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-14 13:48 [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Tobias Geerinckx-Rice via Guix-patches via
@ 2020-05-14 14:01 ` Julien Lepiller
  2020-05-14 14:13   ` Marius Bakke
                     ` (2 more replies)
  2020-05-14 14:24 ` Tobias Geerinckx-Rice via Guix-patches via
                   ` (2 subsequent siblings)
  3 siblings, 3 replies; 15+ messages in thread
From: Julien Lepiller @ 2020-05-14 14:01 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice, 41259

Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via Guix-patches via <guix-patches@gnu.org> a écrit :
>* etc/gnu-store.mount.in: New file.
>* nix/local.mk (nodist_systemdservice_DATA): Add it.
>(etc/%.mount): New rule.
>* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
>* doc/guix.texi (Binary Installation): Document it.
>---
>
>For
><https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
>
> doc/guix.texi          |  5 +++--
> etc/gnu-store.mount.in | 14 ++++++++++++++
> etc/guix-install.sh    | 12 +++++++++---
> nix/local.mk           | 12 +++++++++++-
> 4 files changed, 37 insertions(+), 6 deletions(-)
> create mode 100644 etc/gnu-store.mount.in
>
>diff --git a/doc/guix.texi b/doc/guix.texi
>index d6fbd85fde..5d80a7e405 100644
>--- a/doc/guix.texi
>+++ b/doc/guix.texi
>@@ -659,9 +659,10 @@ with these commands:
> @c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
> 
> @example
>-# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>\
>+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
>+     ~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>\
>      /etc/systemd/system/
>-# systemctl enable --now guix-daemon
>+# systemctl enable --now gnu-store.mount guix-daemon
> @end example
> 
> If your host distro uses the Upstart init system:
>diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
>new file mode 100644
>index 0000000000..c94f2db72b
>--- /dev/null
>+++ b/etc/gnu-store.mount.in
>@@ -0,0 +1,14 @@
>+[Unit]
>+Description=Read-only @storedir@ for GNU Guix
>+DefaultDependencies=no
>+ConditionPathExists=@storedir@
>+Before=guix-daemon.service
>+
>+[Install]
>+WantedBy=guix-daemon.service
>+
>+[Mount]
>+What=@storedir@
>+Where=@storedir@
>+Type=none
>+Options=bind,ro
>diff --git a/etc/guix-install.sh b/etc/guix-install.sh
>index 4909d3f162..d252c132fb 100755
>--- a/etc/guix-install.sh
>+++ b/etc/guix-install.sh
>@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
>                 _msg "${PAS}enabled Guix daemon via upstart"
>             ;;
>         systemd)
>-            { cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>\
>+            { # systemd .mount units must be named after the target
>directory.
>+              # Here we assume a hard-coded name of /gnu/store.
>+              cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount"
>\
>+                 /etc/systemd/system/;
>+              chmod 664 /etc/systemd/system/gnu-store.mount;
>+
>+              cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>\
>                  /etc/systemd/system/;
>               chmod 664 /etc/systemd/system/guix-daemon.service;
> 
>@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
> 	      fi;
> 
>               systemctl daemon-reload &&
>-                  systemctl start guix-daemon &&
>-                  systemctl enable guix-daemon; } &&
>+                  systemctl start  gnu-store.mount guix-daemon &&
>+                  systemctl enable gnu-store.mount guix-daemon; } &&
>                 _msg "${PAS}enabled Guix daemon via systemd"
>             ;;
>         sysv-init)
>diff --git a/nix/local.mk b/nix/local.mk
>index a64bdd2137..435fdd389a 100644
>--- a/nix/local.mk
>+++ b/nix/local.mk
>@@ -155,7 +155,17 @@ noinst_HEADERS =						\
> 
> # The '.service' files for systemd.
> systemdservicedir = $(libdir)/systemd/system
>-nodist_systemdservice_DATA = etc/guix-daemon.service
>etc/guix-publish.service
>+nodist_systemdservice_DATA =			\
>+  etc/gnu-store.mount				\
>+  etc/guix-daemon.service			\
>+  etc/guix-publish.service
>+
>+etc/%.mount: etc/%.mount.in	\
>+			 $(top_builddir)/config.status
>+	$(AM_V_GEN)$(MKDIR_P) "`dirname $@`";	\
>+	$(SED) -e 's|@''storedir''@|$(storedir)|' <	\
>+	       "$<" > "$@.tmp";		\
>+	mv "$@.tmp" "$@"
> 
> etc/guix-%.service: etc/guix-%.service.in	\
> 			 $(top_builddir)/config.status

I see that's how it's done with the existing service, but why sed the .in file when we could let configure.ac take care of it?

I'll try that on a VM of a foreign distro soonish and report. Thanks!




^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-14 14:01 ` Julien Lepiller
@ 2020-05-14 14:13   ` Marius Bakke
  2020-05-14 14:25     ` Tobias Geerinckx-Rice via Guix-patches via
  2020-05-14 14:21   ` Tobias Geerinckx-Rice via Guix-patches via
  2020-05-14 16:35   ` Julien Lepiller
  2 siblings, 1 reply; 15+ messages in thread
From: Marius Bakke @ 2020-05-14 14:13 UTC (permalink / raw)
  To: Julien Lepiller, Tobias Geerinckx-Rice, 41259

[-- Attachment #1: Type: text/plain, Size: 880 bytes --]

Julien Lepiller <julien@lepiller.eu> writes:

>>+etc/%.mount: etc/%.mount.in	\
>>+			 $(top_builddir)/config.status
>>+	$(AM_V_GEN)$(MKDIR_P) "`dirname $@`";	\
>>+	$(SED) -e 's|@''storedir''@|$(storedir)|' <	\
>>+	       "$<" > "$@.tmp";		\
>>+	mv "$@.tmp" "$@"
>> 
>> etc/guix-%.service: etc/guix-%.service.in	\
>> 			 $(top_builddir)/config.status
>
> I see that's how it's done with the existing service, but why sed the .in file when we could let configure.ac take care of it?

Because --storedir can in theory be something like '$prefix/store',
which would not get properly expanded by configure.  See "Installation
Directory Variables" in the GNU Autoconf manual:

  https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html

(in particular scroll down to the notice about AC_CONFIG_FILES)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-14 14:01 ` Julien Lepiller
  2020-05-14 14:13   ` Marius Bakke
@ 2020-05-14 14:21   ` Tobias Geerinckx-Rice via Guix-patches via
  2020-05-14 16:35   ` Julien Lepiller
  2 siblings, 0 replies; 15+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-05-14 14:21 UTC (permalink / raw)
  To: Julien Lepiller; +Cc: 41259

[-- Attachment #1: Type: text/plain, Size: 581 bytes --]

Julien,

Julien Lepiller 写道:
>> etc/guix-%.service: etc/guix-%.service.in	\
>> 			 $(top_builddir)/config.status
>
> I see that's how it's done with the existing service, but why 
> sed the .in file when we could let configure.ac take care of it?

¯\_(ツ)_/¯!

TBH I wondered the same thing but am not in deep-dive mode ATM.

> I'll try that on a VM of a foreign distro soonish and 
> report. Thanks!

Thank you!  I'm still in the middle of reinstalling Guix on my 
main laptop, which should give me back my magical KVM powers.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-14 13:48 [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Tobias Geerinckx-Rice via Guix-patches via
  2020-05-14 14:01 ` Julien Lepiller
@ 2020-05-14 14:24 ` Tobias Geerinckx-Rice via Guix-patches via
  2020-05-15  7:34 ` Vincent Legoll
  2020-05-15 16:25 ` [bug#41259] .gitignore ? Vincent Legoll
  3 siblings, 0 replies; 15+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-05-14 14:24 UTC (permalink / raw)
  To: 41259

[-- Attachment #1: Type: text/plain, Size: 516 bytes --]

Tobias Geerinckx-Rice via Guix-patches via 写道:
>                systemctl daemon-reload &&
> -                  systemctl start guix-daemon &&
> -                  systemctl enable guix-daemon; } &&
> +                  systemctl start  gnu-store.mount guix-daemon 
> &&
> +                  systemctl enable gnu-store.mount guix-daemon; 
> } &&

Speaking of things I wondered: I'm no systemd wizard but I think 
‘enable --now’ would be equivalent and less repetitive.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-14 14:13   ` Marius Bakke
@ 2020-05-14 14:25     ` Tobias Geerinckx-Rice via Guix-patches via
  0 siblings, 0 replies; 15+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-05-14 14:25 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 41259, Julien Lepiller

[-- Attachment #1: Type: text/plain, Size: 339 bytes --]

Marius Bakke 写道:
>> I see that's how it's done with the existing service, but why 
>> sed the .in file when we could let configure.ac take care of 
>> it?
>
> Because --storedir can in theory be something like 
> '$prefix/store',
> which would not get properly expanded by configure.

Makes sense.  Thanks Marius,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-14 14:01 ` Julien Lepiller
  2020-05-14 14:13   ` Marius Bakke
  2020-05-14 14:21   ` Tobias Geerinckx-Rice via Guix-patches via
@ 2020-05-14 16:35   ` Julien Lepiller
  2020-05-14 18:49     ` Julien Lepiller
  2 siblings, 1 reply; 15+ messages in thread
From: Julien Lepiller @ 2020-05-14 16:35 UTC (permalink / raw)
  To: 41259, me

Le 14 mai 2020 10:01:51 GMT-04:00, Julien Lepiller <julien@lepiller.eu> a écrit :
>Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via
>Guix-patches via <guix-patches@gnu.org> a écrit :
>>* etc/gnu-store.mount.in: New file.
>>* nix/local.mk (nodist_systemdservice_DATA): Add it.
>>(etc/%.mount): New rule.
>>* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
>>* doc/guix.texi (Binary Installation): Document it.
>>---
>>
>>For
>><https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
>>
>> doc/guix.texi          |  5 +++--
>> etc/gnu-store.mount.in | 14 ++++++++++++++
>> etc/guix-install.sh    | 12 +++++++++---
>> nix/local.mk           | 12 +++++++++++-
>> 4 files changed, 37 insertions(+), 6 deletions(-)
>> create mode 100644 etc/gnu-store.mount.in
>>
>>diff --git a/doc/guix.texi b/doc/guix.texi
>>index d6fbd85fde..5d80a7e405 100644
>>--- a/doc/guix.texi
>>+++ b/doc/guix.texi
>>@@ -659,9 +659,10 @@ with these commands:
>> @c
>https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
>> 
>> @example
>>-# cp
>~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>>\
>>+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
>>+    
>~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>>\
>>      /etc/systemd/system/
>>-# systemctl enable --now guix-daemon
>>+# systemctl enable --now gnu-store.mount guix-daemon
>> @end example
>> 
>> If your host distro uses the Upstart init system:
>>diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
>>new file mode 100644
>>index 0000000000..c94f2db72b
>>--- /dev/null
>>+++ b/etc/gnu-store.mount.in
>>@@ -0,0 +1,14 @@
>>+[Unit]
>>+Description=Read-only @storedir@ for GNU Guix
>>+DefaultDependencies=no
>>+ConditionPathExists=@storedir@
>>+Before=guix-daemon.service
>>+
>>+[Install]
>>+WantedBy=guix-daemon.service
>>+
>>+[Mount]
>>+What=@storedir@
>>+Where=@storedir@
>>+Type=none
>>+Options=bind,ro
>>diff --git a/etc/guix-install.sh b/etc/guix-install.sh
>>index 4909d3f162..d252c132fb 100755
>>--- a/etc/guix-install.sh
>>+++ b/etc/guix-install.sh
>>@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
>>                 _msg "${PAS}enabled Guix daemon via upstart"
>>             ;;
>>         systemd)
>>-            { cp
>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>>\
>>+            { # systemd .mount units must be named after the target
>>directory.
>>+              # Here we assume a hard-coded name of /gnu/store.
>>+              cp
>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount"
>>\
>>+                 /etc/systemd/system/;
>>+              chmod 664 /etc/systemd/system/gnu-store.mount;
>>+
>>+              cp
>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>>\
>>                  /etc/systemd/system/;
>>               chmod 664 /etc/systemd/system/guix-daemon.service;
>> 
>>@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
>> 	      fi;
>> 
>>               systemctl daemon-reload &&
>>-                  systemctl start guix-daemon &&
>>-                  systemctl enable guix-daemon; } &&
>>+                  systemctl start  gnu-store.mount guix-daemon &&
>>+                  systemctl enable gnu-store.mount guix-daemon; } &&
>>                 _msg "${PAS}enabled Guix daemon via systemd"
>>             ;;
>>         sysv-init)
>>diff --git a/nix/local.mk b/nix/local.mk
>>index a64bdd2137..435fdd389a 100644
>>--- a/nix/local.mk
>>+++ b/nix/local.mk
>>@@ -155,7 +155,17 @@ noinst_HEADERS =						\
>> 
>> # The '.service' files for systemd.
>> systemdservicedir = $(libdir)/systemd/system
>>-nodist_systemdservice_DATA = etc/guix-daemon.service
>>etc/guix-publish.service
>>+nodist_systemdservice_DATA =			\
>>+  etc/gnu-store.mount				\
>>+  etc/guix-daemon.service			\
>>+  etc/guix-publish.service
>>+
>>+etc/%.mount: etc/%.mount.in	\
>>+			 $(top_builddir)/config.status
>>+	$(AM_V_GEN)$(MKDIR_P) "`dirname $@`";	\
>>+	$(SED) -e 's|@''storedir''@|$(storedir)|' <	\
>>+	       "$<" > "$@.tmp";		\
>>+	mv "$@.tmp" "$@"
>> 
>> etc/guix-%.service: etc/guix-%.service.in	\
>> 			 $(top_builddir)/config.status
>
>I see that's how it's done with the existing service, but why sed the
>.in file when we could let configure.ac take care of it?
>
>I'll try that on a VM of a foreign distro soonish and report. Thanks!

I tested it on a debian VM and it worked well. I tested the installer script and it fails at installing the .mount unit, because it does not exist in the tarball.

After installing the unit manually, I could start the .mount service and found that I was not able to remove store store items with rm. I checked that Guix is able to install new store items.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-14 16:35   ` Julien Lepiller
@ 2020-05-14 18:49     ` Julien Lepiller
  0 siblings, 0 replies; 15+ messages in thread
From: Julien Lepiller @ 2020-05-14 18:49 UTC (permalink / raw)
  To: 41259, me

Le 14 mai 2020 12:35:12 GMT-04:00, Julien Lepiller <julien@lepiller.eu> a écrit :
>Le 14 mai 2020 10:01:51 GMT-04:00, Julien Lepiller <julien@lepiller.eu>
>a écrit :
>>Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via
>>Guix-patches via <guix-patches@gnu.org> a écrit :
>>>* etc/gnu-store.mount.in: New file.
>>>* nix/local.mk (nodist_systemdservice_DATA): Add it.
>>>(etc/%.mount): New rule.
>>>* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
>>>* doc/guix.texi (Binary Installation): Document it.
>>>---
>>>
>>>For
>>><https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
>>>
>>> doc/guix.texi          |  5 +++--
>>> etc/gnu-store.mount.in | 14 ++++++++++++++
>>> etc/guix-install.sh    | 12 +++++++++---
>>> nix/local.mk           | 12 +++++++++++-
>>> 4 files changed, 37 insertions(+), 6 deletions(-)
>>> create mode 100644 etc/gnu-store.mount.in
>>>
>>>diff --git a/doc/guix.texi b/doc/guix.texi
>>>index d6fbd85fde..5d80a7e405 100644
>>>--- a/doc/guix.texi
>>>+++ b/doc/guix.texi
>>>@@ -659,9 +659,10 @@ with these commands:
>>> @c
>>https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
>>> 
>>> @example
>>>-# cp
>>~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>>>\
>>>+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
>>>+    
>>~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>>>\
>>>      /etc/systemd/system/
>>>-# systemctl enable --now guix-daemon
>>>+# systemctl enable --now gnu-store.mount guix-daemon
>>> @end example
>>> 
>>> If your host distro uses the Upstart init system:
>>>diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
>>>new file mode 100644
>>>index 0000000000..c94f2db72b
>>>--- /dev/null
>>>+++ b/etc/gnu-store.mount.in
>>>@@ -0,0 +1,14 @@
>>>+[Unit]
>>>+Description=Read-only @storedir@ for GNU Guix
>>>+DefaultDependencies=no
>>>+ConditionPathExists=@storedir@
>>>+Before=guix-daemon.service
>>>+
>>>+[Install]
>>>+WantedBy=guix-daemon.service
>>>+
>>>+[Mount]
>>>+What=@storedir@
>>>+Where=@storedir@
>>>+Type=none
>>>+Options=bind,ro
>>>diff --git a/etc/guix-install.sh b/etc/guix-install.sh
>>>index 4909d3f162..d252c132fb 100755
>>>--- a/etc/guix-install.sh
>>>+++ b/etc/guix-install.sh
>>>@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
>>>                 _msg "${PAS}enabled Guix daemon via upstart"
>>>             ;;
>>>         systemd)
>>>-            { cp
>>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>>>\
>>>+            { # systemd .mount units must be named after the target
>>>directory.
>>>+              # Here we assume a hard-coded name of /gnu/store.
>>>+              cp
>>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount"
>>>\
>>>+                 /etc/systemd/system/;
>>>+              chmod 664 /etc/systemd/system/gnu-store.mount;
>>>+
>>>+              cp
>>>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>>>\
>>>                  /etc/systemd/system/;
>>>               chmod 664 /etc/systemd/system/guix-daemon.service;
>>> 
>>>@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
>>> 	      fi;
>>> 
>>>               systemctl daemon-reload &&
>>>-                  systemctl start guix-daemon &&
>>>-                  systemctl enable guix-daemon; } &&
>>>+                  systemctl start  gnu-store.mount guix-daemon &&
>>>+                  systemctl enable gnu-store.mount guix-daemon; } &&
>>>                 _msg "${PAS}enabled Guix daemon via systemd"
>>>             ;;
>>>         sysv-init)
>>>diff --git a/nix/local.mk b/nix/local.mk
>>>index a64bdd2137..435fdd389a 100644
>>>--- a/nix/local.mk
>>>+++ b/nix/local.mk
>>>@@ -155,7 +155,17 @@ noinst_HEADERS =						\
>>> 
>>> # The '.service' files for systemd.
>>> systemdservicedir = $(libdir)/systemd/system
>>>-nodist_systemdservice_DATA = etc/guix-daemon.service
>>>etc/guix-publish.service
>>>+nodist_systemdservice_DATA =			\
>>>+  etc/gnu-store.mount				\
>>>+  etc/guix-daemon.service			\
>>>+  etc/guix-publish.service
>>>+
>>>+etc/%.mount: etc/%.mount.in	\
>>>+			 $(top_builddir)/config.status
>>>+	$(AM_V_GEN)$(MKDIR_P) "`dirname $@`";	\
>>>+	$(SED) -e 's|@''storedir''@|$(storedir)|' <	\
>>>+	       "$<" > "$@.tmp";		\
>>>+	mv "$@.tmp" "$@"
>>> 
>>> etc/guix-%.service: etc/guix-%.service.in	\
>>> 			 $(top_builddir)/config.status
>>
>>I see that's how it's done with the existing service, but why sed the
>>.in file when we could let configure.ac take care of it?
>>
>>I'll try that on a VM of a foreign distro soonish and report. Thanks!
>
>I tested it on a debian VM and it worked well. I tested the installer
>script and it fails at installing the .mount unit, because it does not
>exist in the tarball.
>
>After installing the unit manually, I could start the .mount service
>and found that I was not able to remove store store items with rm. I
>checked that Guix is able to install new store items.

For non systemd distros, adding the following line to /etc/fstab works:

@storedir@ @storedir@ none defaults,bind,ro 0 0

Then running "mount -a" remounts the store read-only.

I'm not sure how to integrate this properly in the installer script.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-14 13:48 [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Tobias Geerinckx-Rice via Guix-patches via
  2020-05-14 14:01 ` Julien Lepiller
  2020-05-14 14:24 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2020-05-15  7:34 ` Vincent Legoll
  2020-05-15 16:25 ` [bug#41259] .gitignore ? Vincent Legoll
  3 siblings, 0 replies; 15+ messages in thread
From: Vincent Legoll @ 2020-05-15  7:34 UTC (permalink / raw)
  To: 41259

Hello Tobias,

As this will conflict with the work I'm preparing (runit, openrc,
non-interactive-mode, busybox compatibility, local binary tarball
& misc cleanups)

I'll give it a spin on a bunch of different OS versions (fedora
rawhide, debian 9 & 10, devuan, alpine & void/i686) later today.

-- 
Vincent Legoll




^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] .gitignore ?
  2020-05-14 13:48 [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Tobias Geerinckx-Rice via Guix-patches via
                   ` (2 preceding siblings ...)
  2020-05-15  7:34 ` Vincent Legoll
@ 2020-05-15 16:25 ` Vincent Legoll
  2020-05-15 16:52   ` Tobias Geerinckx-Rice via Guix-patches via
  3 siblings, 1 reply; 15+ messages in thread
From: Vincent Legoll @ 2020-05-15 16:25 UTC (permalink / raw)
  To: 41259

Hello Tobias,

shouldn't your patch also add: /etc/gnu-store.mount
to .gitignore ?

I'm doing the tests now, stay tuned for the results.

-- 
Vincent Legoll




^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] .gitignore ?
  2020-05-15 16:25 ` [bug#41259] .gitignore ? Vincent Legoll
@ 2020-05-15 16:52   ` Tobias Geerinckx-Rice via Guix-patches via
  2020-05-15 16:55     ` Vincent Legoll
  0 siblings, 1 reply; 15+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-05-15 16:52 UTC (permalink / raw)
  To: Vincent Legoll; +Cc: 41259

[-- Attachment #1: Type: text/plain, Size: 227 bytes --]

Vincent,

Vincent Legoll 写道:
> shouldn't your patch also add: /etc/gnu-store.mount
> to .gitignore ?

Probably, it's not a file I ever think of.  Done.

How does this conflict with your work?

Thanks,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] .gitignore ?
  2020-05-15 16:52   ` Tobias Geerinckx-Rice via Guix-patches via
@ 2020-05-15 16:55     ` Vincent Legoll
  2020-05-16 12:38       ` Vincent Legoll
  0 siblings, 1 reply; 15+ messages in thread
From: Vincent Legoll @ 2020-05-15 16:55 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 41259

Hello,

On 15/05/2020 18:52, Tobias Geerinckx-Rice wrote:
> How does this conflict with your work?

I'll get a merge conflict in etc/guix-install.sh and
maybe also in nix/local.mk but that's OK, it will be
simple enough to handle.

-- 
Vincent Legoll




^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] .gitignore ?
  2020-05-15 16:55     ` Vincent Legoll
@ 2020-05-16 12:38       ` Vincent Legoll
  2020-05-16 14:04         ` Tobias Geerinckx-Rice via Guix-patches via
  0 siblings, 1 reply; 15+ messages in thread
From: Vincent Legoll @ 2020-05-16 12:38 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 41259

Hello Tobias,

yesterday's today is in fact today's today...

On 15/05/2020 18:55, Vincent Legoll wrote:
> I'll get a merge conflict in etc/guix-install.sh and
> maybe also in nix/local.mk but that's OK, it will be
> simple enough to handle.

I was too pessimistic, I'm not getting any merge conflict.

Your patch seems to be working nicely, I tested on a range
of VMs:

x86_64: alpine devuan fedora debian_stretch debian_buster
i686: void

guix is still working properly (search, show, build, gc,
package -i, -r, -l, -d)

And `rm -rf /gnu/store/*hello*' was correctly prevented
on the systemds (debian*, fedora) and the other ones let
the delete run.

LGTM

I'll try to come with something for the other init systems
and add that to my series...

-- 
Vincent Legoll




^ permalink raw reply	[flat|nested] 15+ messages in thread

* [bug#41259] .gitignore ?
  2020-05-16 12:38       ` Vincent Legoll
@ 2020-05-16 14:04         ` Tobias Geerinckx-Rice via Guix-patches via
  2021-08-03 19:56           ` bug#41259: [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Maxim Cournoyer
  0 siblings, 1 reply; 15+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2020-05-16 14:04 UTC (permalink / raw)
  To: Vincent Legoll; +Cc: 41259

[-- Attachment #1: Type: text/plain, Size: 898 bytes --]

Vincent,

Vincent Legoll 写道:
> yesterday's today is in fact today's today...

I've tried to stop that but to no avail.

> I was too pessimistic, I'm not getting any merge conflict.

Happy to hear it.  Git can be remarkably clever with 3-way merges 
sometimes (and disappointingly dense at others).

> Your patch seems to be working nicely, I tested on a range
> of VMs:
>
> x86_64: alpine devuan fedora debian_stretch debian_buster
> i686: void

Thank you for being so thorough.  You've given me the confidence 
to push this to master as 
1a1faa78b0498fbb71f1533beb4b65817c1d3f2a.  Guess I'll leave this 
bug open since it only solves it for systemd.

> I'll try to come with something for the other init systems
> and add that to my series...

I hope we can avoid touching users' fstab but don't know enough 
about these other systems to say.

Thanks!

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41259: [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
  2020-05-16 14:04         ` Tobias Geerinckx-Rice via Guix-patches via
@ 2021-08-03 19:56           ` Maxim Cournoyer
  0 siblings, 0 replies; 15+ messages in thread
From: Maxim Cournoyer @ 2021-08-03 19:56 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 41259-done, Vincent Legoll

Tobias Geerinckx-Rice <me@tobias.gr> writes:

> Vincent,
>
> Vincent Legoll 写道:
>> yesterday's today is in fact today's today...
>
> I've tried to stop that but to no avail.
>
>> I was too pessimistic, I'm not getting any merge conflict.
>
> Happy to hear it.  Git can be remarkably clever with 3-way merges
> sometimes (and disappointingly dense at others).
>
>> Your patch seems to be working nicely, I tested on a range
>> of VMs:
>>
>> x86_64: alpine devuan fedora debian_stretch debian_buster
>> i686: void
>
> Thank you for being so thorough.  You've given me the confidence to
> push this to master as 1a1faa78b0498fbb71f1533beb4b65817c1d3f2a.
> Guess I'll leave this bug open since it only solves it for systemd.

That's a patch, not a bug, though :-).

I'll close it now to spare someone else the time it took me to read
through and see whether bits had gone uncommitted :-).

Thank you,

Maxim




^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2021-08-03 19:57 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-14 13:48 [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Tobias Geerinckx-Rice via Guix-patches via
2020-05-14 14:01 ` Julien Lepiller
2020-05-14 14:13   ` Marius Bakke
2020-05-14 14:25     ` Tobias Geerinckx-Rice via Guix-patches via
2020-05-14 14:21   ` Tobias Geerinckx-Rice via Guix-patches via
2020-05-14 16:35   ` Julien Lepiller
2020-05-14 18:49     ` Julien Lepiller
2020-05-14 14:24 ` Tobias Geerinckx-Rice via Guix-patches via
2020-05-15  7:34 ` Vincent Legoll
2020-05-15 16:25 ` [bug#41259] .gitignore ? Vincent Legoll
2020-05-15 16:52   ` Tobias Geerinckx-Rice via Guix-patches via
2020-05-15 16:55     ` Vincent Legoll
2020-05-16 12:38       ` Vincent Legoll
2020-05-16 14:04         ` Tobias Geerinckx-Rice via Guix-patches via
2021-08-03 19:56           ` bug#41259: [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Maxim Cournoyer

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).