From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id AHGiD4RzvV6LMgAA0tVLHw (envelope-from ) for ; Thu, 14 May 2020 16:36:20 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id ICEKCoRzvV6vCAAAB5/wlQ (envelope-from ) for ; Thu, 14 May 2020 16:36:20 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7FB16940415 for ; Thu, 14 May 2020 16:36:19 +0000 (UTC) Received: from localhost ([::1]:52012 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jZGqG-00068l-Nu for larch@yhetil.org; Thu, 14 May 2020 12:36:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60772) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jZGq2-00066B-4x for guix-patches@gnu.org; Thu, 14 May 2020 12:36:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:51271) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jZGq1-0002Hk-Qm for guix-patches@gnu.org; Thu, 14 May 2020 12:36:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jZGq1-0000jl-Me for guix-patches@gnu.org; Thu, 14 May 2020 12:36:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only. Resent-From: Julien Lepiller Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 14 May 2020 16:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41259 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 41259@debbugs.gnu.org, me@tobias.gr X-Debbugs-Original-To: guix-patches@gnu.org, Tobias Geerinckx-Rice , 41259@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15894741512811 (code B ref -1); Thu, 14 May 2020 16:36:01 +0000 Received: (at submit) by debbugs.gnu.org; 14 May 2020 16:35:51 +0000 Received: from localhost ([127.0.0.1]:34584 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jZGpn-0000j7-N3 for submit@debbugs.gnu.org; Thu, 14 May 2020 12:35:51 -0400 Received: from lists.gnu.org ([209.51.188.17]:50786) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jZGpY-0000ie-Dm for submit@debbugs.gnu.org; Thu, 14 May 2020 12:35:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60686) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jZGpY-0005Oj-6W for guix-patches@gnu.org; Thu, 14 May 2020 12:35:32 -0400 Received: from lepiller.eu ([2a00:5884:8208::1]:45986) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jZGpT-00028v-RF for guix-patches@gnu.org; Thu, 14 May 2020 12:35:31 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 081242b0; Thu, 14 May 2020 16:35:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=1uQJMRWdBdem92tZzO+DH+4Pk8jFiRNvI4x9znnSftk=; b=Li4zKtpQELLQ fgNruvbxTwDwT9Q953DcWJNIt//t5/G5g8xQCUK62dpUOLGisDPgTjIoZFbuDJ+s LWV1omCuXbeAa7WQGofXXv9Zd7/YwGby3v+Um2vWqKrRzVs8P0POhOGVPWxCRK8l UWjsRYMp7zAr+++V5+ijzRssjGR/ffUbrbG4pVuz1Vxd1YfImaOzSq1x9WlP8MeF 2nb9G9Lno2Osd891rR3jhycP/DFu0mNVWlEy5BWzofV+djSveT/pZUmCfJUOZNAA 9FpzHTx91IeeOaao8mxBWfgAV8W/3VcLOaFFyMKvOuHaZbzH256rYuklEDOg5V/y n1o6uh3SiA== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id fe7d552c (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Thu, 14 May 2020 16:35:24 +0000 (UTC) Date: Thu, 14 May 2020 12:35:12 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: <20200514134846.29037-1-me@tobias.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Julien Lepiller Message-ID: Received-SPF: none client-ip=2a00:5884:8208::1; envelope-from=julien@lepiller.eu; helo=lepiller.eu X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=lepiller.eu header.s=dkim header.b=Li4zKtpQ; dmarc=fail reason="SPF not aligned (relaxed)" header.from=lepiller.eu (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 1.59 X-TUID: Nymj/Njax1A+ Le 14 mai 2020 10:01:51 GMT-04:00, Julien Lepiller a= =C3=A9crit : >Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via >Guix-patches via a =C3=A9crit : >>* etc/gnu-store=2Emount=2Ein: New file=2E >>* nix/local=2Emk (nodist_systemdservice_DATA): Add it=2E >>(etc/%=2Emount): New rule=2E >>* etc/guix-install=2Esh (sys_enable_guix_daemon): Install it=2E >>* doc/guix=2Etexi (Binary Installation): Document it=2E >>--- >> >>For >>=2E >> >> doc/guix=2Etexi | 5 +++-- >> etc/gnu-store=2Emount=2Ein | 14 ++++++++++++++ >> etc/guix-install=2Esh | 12 +++++++++--- >> nix/local=2Emk | 12 +++++++++++- >> 4 files changed, 37 insertions(+), 6 deletions(-) >> create mode 100644 etc/gnu-store=2Emount=2Ein >> >>diff --git a/doc/guix=2Etexi b/doc/guix=2Etexi >>index d6fbd85fde=2E=2E5d80a7e405 100644 >>--- a/doc/guix=2Etexi >>+++ b/doc/guix=2Etexi >>@@ -659,9 +659,10 @@ with these commands: >> @c >https://lists=2Egnu=2Eorg/archive/html/guix-devel/2017-01/msg01199=2Ehtml >>=20 >> @example >>-# cp >~root/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Eservice >>\ >>+# cp ~root/=2Econfig/guix/current/lib/systemd/system/gnu-store=2Emount = \ >>+ =20 >~root/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Eservice >>\ >> /etc/systemd/system/ >>-# systemctl enable --now guix-daemon >>+# systemctl enable --now gnu-store=2Emount guix-daemon >> @end example >>=20 >> If your host distro uses the Upstart init system: >>diff --git a/etc/gnu-store=2Emount=2Ein b/etc/gnu-store=2Emount=2Ein >>new file mode 100644 >>index 0000000000=2E=2Ec94f2db72b >>--- /dev/null >>+++ b/etc/gnu-store=2Emount=2Ein >>@@ -0,0 +1,14 @@ >>+[Unit] >>+Description=3DRead-only @storedir@ for GNU Guix >>+DefaultDependencies=3Dno >>+ConditionPathExists=3D@storedir@ >>+Before=3Dguix-daemon=2Eservice >>+ >>+[Install] >>+WantedBy=3Dguix-daemon=2Eservice >>+ >>+[Mount] >>+What=3D@storedir@ >>+Where=3D@storedir@ >>+Type=3Dnone >>+Options=3Dbind,ro >>diff --git a/etc/guix-install=2Esh b/etc/guix-install=2Esh >>index 4909d3f162=2E=2Ed252c132fb 100755 >>--- a/etc/guix-install=2Esh >>+++ b/etc/guix-install=2Esh >>@@ -342,7 +342,13 @@ sys_enable_guix_daemon() >> _msg "${PAS}enabled Guix daemon via upstart" >> ;; >> systemd) >>- { cp >>"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Ese= rvice" >>\ >>+ { # systemd =2Emount units must be named after the target >>directory=2E >>+ # Here we assume a hard-coded name of /gnu/store=2E >>+ cp >>"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/gnu-store=2Emoun= t" >>\ >>+ /etc/systemd/system/; >>+ chmod 664 /etc/systemd/system/gnu-store=2Emount; >>+ >>+ cp >>"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Ese= rvice" >>\ >> /etc/systemd/system/; >> chmod 664 /etc/systemd/system/guix-daemon=2Eservice; >>=20 >>@@ -357,8 +363,8 @@ sys_enable_guix_daemon() >> fi; >>=20 >> systemctl daemon-reload && >>- systemctl start guix-daemon && >>- systemctl enable guix-daemon; } && >>+ systemctl start gnu-store=2Emount guix-daemon && >>+ systemctl enable gnu-store=2Emount guix-daemon; } && >> _msg "${PAS}enabled Guix daemon via systemd" >> ;; >> sysv-init) >>diff --git a/nix/local=2Emk b/nix/local=2Emk >>index a64bdd2137=2E=2E435fdd389a 100644 >>--- a/nix/local=2Emk >>+++ b/nix/local=2Emk >>@@ -155,7 +155,17 @@ noinst_HEADERS =3D \ >>=20 >> # The '=2Eservice' files for systemd=2E >> systemdservicedir =3D $(libdir)/systemd/system >>-nodist_systemdservice_DATA =3D etc/guix-daemon=2Eservice >>etc/guix-publish=2Eservice >>+nodist_systemdservice_DATA =3D \ >>+ etc/gnu-store=2Emount \ >>+ etc/guix-daemon=2Eservice \ >>+ etc/guix-publish=2Eservice >>+ >>+etc/%=2Emount: etc/%=2Emount=2Ein \ >>+ $(top_builddir)/config=2Estatus >>+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \ >>+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \ >>+ "$<" > "$@=2Etmp"; \ >>+ mv "$@=2Etmp" "$@" >>=20 >> etc/guix-%=2Eservice: etc/guix-%=2Eservice=2Ein \ >> $(top_builddir)/config=2Estatus > >I see that's how it's done with the existing service, but why sed the >=2Ein file when we could let configure=2Eac take care of it? > >I'll try that on a VM of a foreign distro soonish and report=2E Thanks! I tested it on a debian VM and it worked well=2E I tested the installer sc= ript and it fails at installing the =2Emount unit, because it does not exis= t in the tarball=2E After installing the unit manually, I could start the =2Emount service and= found that I was not able to remove store store items with rm=2E I checked= that Guix is able to install new store items=2E