From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id IN8qMJxPvV6EDQAA0tVLHw (envelope-from ) for ; Thu, 14 May 2020 14:03:08 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id CAtyKpxPvV4EIgAAB5/wlQ (envelope-from ) for ; Thu, 14 May 2020 14:03:08 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B0C3194030A for ; Thu, 14 May 2020 14:03:05 +0000 (UTC) Received: from localhost ([::1]:47114 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jZES2-0002Ik-PH for larch@yhetil.org; Thu, 14 May 2020 10:03:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36444) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jZERy-0002Ek-41 for guix-patches@gnu.org; Thu, 14 May 2020 10:03:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50960) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jZERx-0001pc-QT for guix-patches@gnu.org; Thu, 14 May 2020 10:03:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jZERx-0004d0-Mo for guix-patches@gnu.org; Thu, 14 May 2020 10:03:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only. Resent-From: Julien Lepiller Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 14 May 2020 14:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41259 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Tobias Geerinckx-Rice ,41259@debbugs.gnu.org Received: via spool by 41259-submit@debbugs.gnu.org id=B41259.158946493317724 (code B ref 41259); Thu, 14 May 2020 14:03:01 +0000 Received: (at 41259) by debbugs.gnu.org; 14 May 2020 14:02:13 +0000 Received: from localhost ([127.0.0.1]:34273 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jZER5-0004bg-3u for submit@debbugs.gnu.org; Thu, 14 May 2020 10:02:12 -0400 Received: from lepiller.eu ([89.234.186.109]:57550) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jZEQz-0004bD-W9 for 41259@debbugs.gnu.org; Thu, 14 May 2020 10:02:06 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 3a38144a; Thu, 14 May 2020 14:01:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=O9myuVDsxP+laz7OC0gZvSGjM4uIVIMyJbjLsuPRI8U=; b=W1lRbQpo0tXK a6ZFHTaFu0sUHIZ0LxDx8BqPrypnFn7ws1kMEpZExFCq6YFyxgXPqYcWQXMvgrZf b3MdN/p9P7mL2joku241AQnMdV2C9yEAFdxuCFuX/0UkLJNvPsAWxSbBItRBQ8hL 0rGCc7P/q5J/U/Oonvyx3K1S2Fba8jpdA5SgEFnu9P8jgyIVLQJr/Pc+YLQhKnUI uNTmgSA1U4wBs1eLUQVmY87oOqcMTWaGuqVSyhBLdkArf/3x1lpu2fZp21kelYU/ evzgRfW1w6QUBsQxbIkxf18GyHLoveH5LR6X7oZIhY/W+eaW2bTJT3j9e4MnRSko dA5bkgKiqg== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id cc033e1b (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Thu, 14 May 2020 14:01:59 +0000 (UTC) Date: Thu, 14 May 2020 10:01:51 -0400 User-Agent: K-9 Mail for Android In-Reply-To: <20200514134846.29037-1-me@tobias.gr> References: <20200514134846.29037-1-me@tobias.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Julien Lepiller Message-ID: X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 X-Spam-Score: 1.59 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=lepiller.eu header.s=dkim header.b=W1lRbQpo; dmarc=fail reason="SPF not aligned (relaxed)" header.from=lepiller.eu (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Scan-Result: default: False [1.59 / 13.00]; GENERIC_REPUTATION(0.00)[-0.53838045611313]; MX_INVALID(1.00)[cached]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.51.188.0/24]; IP_REPUTATION_HAM(0.00)[asn: 22989(0.05), country: US(-0.00), ip: 209.51.188.17(-0.54)]; DWL_DNSWL_FAIL(0.00)[209.51.188.17:server fail]; R_DKIM_REJECT(1.00)[lepiller.eu:s=dkim]; DKIM_TRACE(0.00)[lepiller.eu:-]; RCPT_COUNT_TWO(0.00)[2]; MAILLIST(-0.20)[mailman]; FORGED_RECIPIENTS_MAILLIST(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:22989, ipnet:209.51.188.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[larch=yhetil.org]; FROM_NEQ_ENVFROM(0.00)[julien@lepiller.eu,guix-patches-bounces@gnu.org]; ARC_NA(0.00)[]; URIBL_BLOCKED(0.00)[configure.ac:url,gnu.org:email]; FROM_HAS_DN(0.00)[]; SPF_REPUTATION_HAM(0.00)[-0.56504145245432]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; DNSWL_BLOCKED(0.00)[209.51.188.17:from]; RCVD_COUNT_SEVEN(0.00)[8]; FORGED_SENDER_MAILLIST(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[lepiller.eu : SPF not aligned (relaxed),none] X-TUID: sZbqQxkNqDft Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via Guix-patches v= ia a =C3=A9crit : >* etc/gnu-store=2Emount=2Ein: New file=2E >* nix/local=2Emk (nodist_systemdservice_DATA): Add it=2E >(etc/%=2Emount): New rule=2E >* etc/guix-install=2Esh (sys_enable_guix_daemon): Install it=2E >* doc/guix=2Etexi (Binary Installation): Document it=2E >--- > >For >=2E > > doc/guix=2Etexi | 5 +++-- > etc/gnu-store=2Emount=2Ein | 14 ++++++++++++++ > etc/guix-install=2Esh | 12 +++++++++--- > nix/local=2Emk | 12 +++++++++++- > 4 files changed, 37 insertions(+), 6 deletions(-) > create mode 100644 etc/gnu-store=2Emount=2Ein > >diff --git a/doc/guix=2Etexi b/doc/guix=2Etexi >index d6fbd85fde=2E=2E5d80a7e405 100644 >--- a/doc/guix=2Etexi >+++ b/doc/guix=2Etexi >@@ -659,9 +659,10 @@ with these commands: > @c https://lists=2Egnu=2Eorg/archive/html/guix-devel/2017-01/msg01199=2E= html >=20 > @example >-# cp ~root/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Eservi= ce >\ >+# cp ~root/=2Econfig/guix/current/lib/systemd/system/gnu-store=2Emount \ >+ ~root/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Eservi= ce >\ > /etc/systemd/system/ >-# systemctl enable --now guix-daemon >+# systemctl enable --now gnu-store=2Emount guix-daemon > @end example >=20 > If your host distro uses the Upstart init system: >diff --git a/etc/gnu-store=2Emount=2Ein b/etc/gnu-store=2Emount=2Ein >new file mode 100644 >index 0000000000=2E=2Ec94f2db72b >--- /dev/null >+++ b/etc/gnu-store=2Emount=2Ein >@@ -0,0 +1,14 @@ >+[Unit] >+Description=3DRead-only @storedir@ for GNU Guix >+DefaultDependencies=3Dno >+ConditionPathExists=3D@storedir@ >+Before=3Dguix-daemon=2Eservice >+ >+[Install] >+WantedBy=3Dguix-daemon=2Eservice >+ >+[Mount] >+What=3D@storedir@ >+Where=3D@storedir@ >+Type=3Dnone >+Options=3Dbind,ro >diff --git a/etc/guix-install=2Esh b/etc/guix-install=2Esh >index 4909d3f162=2E=2Ed252c132fb 100755 >--- a/etc/guix-install=2Esh >+++ b/etc/guix-install=2Esh >@@ -342,7 +342,13 @@ sys_enable_guix_daemon() > _msg "${PAS}enabled Guix daemon via upstart" > ;; > systemd) >- { cp >"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Eser= vice" >\ >+ { # systemd =2Emount units must be named after the target >directory=2E >+ # Here we assume a hard-coded name of /gnu/store=2E >+ cp >"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/gnu-store=2Emount= " >\ >+ /etc/systemd/system/; >+ chmod 664 /etc/systemd/system/gnu-store=2Emount; >+ >+ cp >"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Eser= vice" >\ > /etc/systemd/system/; > chmod 664 /etc/systemd/system/guix-daemon=2Eservice; >=20 >@@ -357,8 +363,8 @@ sys_enable_guix_daemon() > fi; >=20 > systemctl daemon-reload && >- systemctl start guix-daemon && >- systemctl enable guix-daemon; } && >+ systemctl start gnu-store=2Emount guix-daemon && >+ systemctl enable gnu-store=2Emount guix-daemon; } && > _msg "${PAS}enabled Guix daemon via systemd" > ;; > sysv-init) >diff --git a/nix/local=2Emk b/nix/local=2Emk >index a64bdd2137=2E=2E435fdd389a 100644 >--- a/nix/local=2Emk >+++ b/nix/local=2Emk >@@ -155,7 +155,17 @@ noinst_HEADERS =3D \ >=20 > # The '=2Eservice' files for systemd=2E > systemdservicedir =3D $(libdir)/systemd/system >-nodist_systemdservice_DATA =3D etc/guix-daemon=2Eservice >etc/guix-publish=2Eservice >+nodist_systemdservice_DATA =3D \ >+ etc/gnu-store=2Emount \ >+ etc/guix-daemon=2Eservice \ >+ etc/guix-publish=2Eservice >+ >+etc/%=2Emount: etc/%=2Emount=2Ein \ >+ $(top_builddir)/config=2Estatus >+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \ >+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \ >+ "$<" > "$@=2Etmp"; \ >+ mv "$@=2Etmp" "$@" >=20 > etc/guix-%=2Eservice: etc/guix-%=2Eservice=2Ein \ > $(top_builddir)/config=2Estatus I see that's how it's done with the existing service, but why sed the =2Ei= n file when we could let configure=2Eac take care of it? I'll try that on a VM of a foreign distro soonish and report=2E Thanks!