From: Julien Lepiller <julien@lepiller.eu>
To: Tobias Geerinckx-Rice <me@tobias.gr>,41259@debbugs.gnu.org
Subject: [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
Date: Thu, 14 May 2020 10:01:51 -0400 [thread overview]
Message-ID: <A93A189C-73FB-4E7F-B1F7-B57A1366ABA3@lepiller.eu> (raw)
In-Reply-To: <20200514134846.29037-1-me@tobias.gr>
Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via Guix-patches via <guix-patches@gnu.org> a écrit :
>* etc/gnu-store.mount.in: New file.
>* nix/local.mk (nodist_systemdservice_DATA): Add it.
>(etc/%.mount): New rule.
>* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
>* doc/guix.texi (Binary Installation): Document it.
>---
>
>For
><https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
>
> doc/guix.texi | 5 +++--
> etc/gnu-store.mount.in | 14 ++++++++++++++
> etc/guix-install.sh | 12 +++++++++---
> nix/local.mk | 12 +++++++++++-
> 4 files changed, 37 insertions(+), 6 deletions(-)
> create mode 100644 etc/gnu-store.mount.in
>
>diff --git a/doc/guix.texi b/doc/guix.texi
>index d6fbd85fde..5d80a7e405 100644
>--- a/doc/guix.texi
>+++ b/doc/guix.texi
>@@ -659,9 +659,10 @@ with these commands:
> @c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
>
> @example
>-# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>\
>+# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
>+ ~root/.config/guix/current/lib/systemd/system/guix-daemon.service
>\
> /etc/systemd/system/
>-# systemctl enable --now guix-daemon
>+# systemctl enable --now gnu-store.mount guix-daemon
> @end example
>
> If your host distro uses the Upstart init system:
>diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
>new file mode 100644
>index 0000000000..c94f2db72b
>--- /dev/null
>+++ b/etc/gnu-store.mount.in
>@@ -0,0 +1,14 @@
>+[Unit]
>+Description=Read-only @storedir@ for GNU Guix
>+DefaultDependencies=no
>+ConditionPathExists=@storedir@
>+Before=guix-daemon.service
>+
>+[Install]
>+WantedBy=guix-daemon.service
>+
>+[Mount]
>+What=@storedir@
>+Where=@storedir@
>+Type=none
>+Options=bind,ro
>diff --git a/etc/guix-install.sh b/etc/guix-install.sh
>index 4909d3f162..d252c132fb 100755
>--- a/etc/guix-install.sh
>+++ b/etc/guix-install.sh
>@@ -342,7 +342,13 @@ sys_enable_guix_daemon()
> _msg "${PAS}enabled Guix daemon via upstart"
> ;;
> systemd)
>- { cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>\
>+ { # systemd .mount units must be named after the target
>directory.
>+ # Here we assume a hard-coded name of /gnu/store.
>+ cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount"
>\
>+ /etc/systemd/system/;
>+ chmod 664 /etc/systemd/system/gnu-store.mount;
>+
>+ cp
>"${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service"
>\
> /etc/systemd/system/;
> chmod 664 /etc/systemd/system/guix-daemon.service;
>
>@@ -357,8 +363,8 @@ sys_enable_guix_daemon()
> fi;
>
> systemctl daemon-reload &&
>- systemctl start guix-daemon &&
>- systemctl enable guix-daemon; } &&
>+ systemctl start gnu-store.mount guix-daemon &&
>+ systemctl enable gnu-store.mount guix-daemon; } &&
> _msg "${PAS}enabled Guix daemon via systemd"
> ;;
> sysv-init)
>diff --git a/nix/local.mk b/nix/local.mk
>index a64bdd2137..435fdd389a 100644
>--- a/nix/local.mk
>+++ b/nix/local.mk
>@@ -155,7 +155,17 @@ noinst_HEADERS = \
>
> # The '.service' files for systemd.
> systemdservicedir = $(libdir)/systemd/system
>-nodist_systemdservice_DATA = etc/guix-daemon.service
>etc/guix-publish.service
>+nodist_systemdservice_DATA = \
>+ etc/gnu-store.mount \
>+ etc/guix-daemon.service \
>+ etc/guix-publish.service
>+
>+etc/%.mount: etc/%.mount.in \
>+ $(top_builddir)/config.status
>+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \
>+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \
>+ "$<" > "$@.tmp"; \
>+ mv "$@.tmp" "$@"
>
> etc/guix-%.service: etc/guix-%.service.in \
> $(top_builddir)/config.status
I see that's how it's done with the existing service, but why sed the .in file when we could let configure.ac take care of it?
I'll try that on a VM of a foreign distro soonish and report. Thanks!
next prev parent reply other threads:[~2020-05-14 14:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-14 13:48 [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Tobias Geerinckx-Rice via Guix-patches via
2020-05-14 14:01 ` Julien Lepiller [this message]
2020-05-14 14:13 ` Marius Bakke
2020-05-14 14:25 ` Tobias Geerinckx-Rice via Guix-patches via
2020-05-14 14:21 ` Tobias Geerinckx-Rice via Guix-patches via
2020-05-14 16:35 ` Julien Lepiller
2020-05-14 18:49 ` Julien Lepiller
2020-05-14 14:24 ` Tobias Geerinckx-Rice via Guix-patches via
2020-05-15 7:34 ` Vincent Legoll
2020-05-15 16:25 ` [bug#41259] .gitignore ? Vincent Legoll
2020-05-15 16:52 ` Tobias Geerinckx-Rice via Guix-patches via
2020-05-15 16:55 ` Vincent Legoll
2020-05-16 12:38 ` Vincent Legoll
2020-05-16 14:04 ` Tobias Geerinckx-Rice via Guix-patches via
2021-08-03 19:56 ` bug#41259: [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=A93A189C-73FB-4E7F-B1F7-B57A1366ABA3@lepiller.eu \
--to=julien@lepiller.eu \
--cc=41259@debbugs.gnu.org \
--cc=me@tobias.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.