From debbugs-submit-bounces@debbugs.gnu.org Thu May 14 14:49:56 2020 Received: (at 41259) by debbugs.gnu.org; 14 May 2020 18:49:56 +0000 Received: from localhost ([127.0.0.1]:34819 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jZIvV-000704-Aw for submit@debbugs.gnu.org; Thu, 14 May 2020 14:49:56 -0400 Received: from lepiller.eu ([89.234.186.109]:57728) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jZIvQ-0006zr-48 for 41259@debbugs.gnu.org; Thu, 14 May 2020 14:49:48 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 3af5939e; Thu, 14 May 2020 18:49:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=p+jyHuVc+4yorLoy+DLV4qHu5bky1q1bEW7SaPmAFqw=; b=LP+8FM5M2EGz 6tp+oUgiO9uJzE2hkZgBFaWvMLcv/q6T9Xn+pCQ7Y644Q7lsvgSxgQSAMpD2LJi9 sUTKkkAgjNu/pc8bjijC+7reeGhvFpihKWRZdewSH4lP01cudMYO8pwVhHX8HusX /1eVZCl+AWTsqWhW2Vgb0h6fqCRQPx0yWg6yKu1jVAzqDZBsEAobzfEgE7WnJWkf iChuwTlpCp01QDhS+iwSud+r3rKhx/RK+LNnx1H6LTYa1q8AOVvp73vx0Q4GbDsF mEHC03SCT3ZDNHRmWe7x9FaVkGVFKUeC+X/vq33CmbT11YGaUP6kkpOUP6jGVsDp C7XfBn4X8A== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id f3a7f343 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Thu, 14 May 2020 18:49:38 +0000 (UTC) Date: Thu, 14 May 2020 14:49:15 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: <20200514134846.29037-1-me@tobias.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [bug#41259] [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only. To: 41259@debbugs.gnu.org,me@tobias.gr From: Julien Lepiller Message-ID: <0CDBC9C6-B6B1-4696-A2C0-7D5BD3BA887D@lepiller.eu> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 41259 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Le 14 mai 2020 12:35:12 GMT-04:00, Julien Lepiller a= =C3=A9crit : >Le 14 mai 2020 10:01:51 GMT-04:00, Julien Lepiller >a =C3=A9crit : >>Le 14 mai 2020 09:48:46 GMT-04:00, Tobias Geerinckx-Rice via >>Guix-patches via a =C3=A9crit : >>>* etc/gnu-store=2Emount=2Ein: New file=2E >>>* nix/local=2Emk (nodist_systemdservice_DATA): Add it=2E >>>(etc/%=2Emount): New rule=2E >>>* etc/guix-install=2Esh (sys_enable_guix_daemon): Install it=2E >>>* doc/guix=2Etexi (Binary Installation): Document it=2E >>>--- >>> >>>For >>>=2E >>> >>> doc/guix=2Etexi | 5 +++-- >>> etc/gnu-store=2Emount=2Ein | 14 ++++++++++++++ >>> etc/guix-install=2Esh | 12 +++++++++--- >>> nix/local=2Emk | 12 +++++++++++- >>> 4 files changed, 37 insertions(+), 6 deletions(-) >>> create mode 100644 etc/gnu-store=2Emount=2Ein >>> >>>diff --git a/doc/guix=2Etexi b/doc/guix=2Etexi >>>index d6fbd85fde=2E=2E5d80a7e405 100644 >>>--- a/doc/guix=2Etexi >>>+++ b/doc/guix=2Etexi >>>@@ -659,9 +659,10 @@ with these commands: >>> @c >>https://lists=2Egnu=2Eorg/archive/html/guix-devel/2017-01/msg01199=2Ehtm= l >>>=20 >>> @example >>>-# cp >>~root/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Eservice >>>\ >>>+# cp ~root/=2Econfig/guix/current/lib/systemd/system/gnu-store=2Emount= \ >>>+ =20 >>~root/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Eservice >>>\ >>> /etc/systemd/system/ >>>-# systemctl enable --now guix-daemon >>>+# systemctl enable --now gnu-store=2Emount guix-daemon >>> @end example >>>=20 >>> If your host distro uses the Upstart init system: >>>diff --git a/etc/gnu-store=2Emount=2Ein b/etc/gnu-store=2Emount=2Ein >>>new file mode 100644 >>>index 0000000000=2E=2Ec94f2db72b >>>--- /dev/null >>>+++ b/etc/gnu-store=2Emount=2Ein >>>@@ -0,0 +1,14 @@ >>>+[Unit] >>>+Description=3DRead-only @storedir@ for GNU Guix >>>+DefaultDependencies=3Dno >>>+ConditionPathExists=3D@storedir@ >>>+Before=3Dguix-daemon=2Eservice >>>+ >>>+[Install] >>>+WantedBy=3Dguix-daemon=2Eservice >>>+ >>>+[Mount] >>>+What=3D@storedir@ >>>+Where=3D@storedir@ >>>+Type=3Dnone >>>+Options=3Dbind,ro >>>diff --git a/etc/guix-install=2Esh b/etc/guix-install=2Esh >>>index 4909d3f162=2E=2Ed252c132fb 100755 >>>--- a/etc/guix-install=2Esh >>>+++ b/etc/guix-install=2Esh >>>@@ -342,7 +342,13 @@ sys_enable_guix_daemon() >>> _msg "${PAS}enabled Guix daemon via upstart" >>> ;; >>> systemd) >>>- { cp >>>"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Es= ervice" >>>\ >>>+ { # systemd =2Emount units must be named after the target >>>directory=2E >>>+ # Here we assume a hard-coded name of /gnu/store=2E >>>+ cp >>>"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/gnu-store=2Emou= nt" >>>\ >>>+ /etc/systemd/system/; >>>+ chmod 664 /etc/systemd/system/gnu-store=2Emount; >>>+ >>>+ cp >>>"${ROOT_HOME}/=2Econfig/guix/current/lib/systemd/system/guix-daemon=2Es= ervice" >>>\ >>> /etc/systemd/system/; >>> chmod 664 /etc/systemd/system/guix-daemon=2Eservice; >>>=20 >>>@@ -357,8 +363,8 @@ sys_enable_guix_daemon() >>> fi; >>>=20 >>> systemctl daemon-reload && >>>- systemctl start guix-daemon && >>>- systemctl enable guix-daemon; } && >>>+ systemctl start gnu-store=2Emount guix-daemon && >>>+ systemctl enable gnu-store=2Emount guix-daemon; } && >>> _msg "${PAS}enabled Guix daemon via systemd" >>> ;; >>> sysv-init) >>>diff --git a/nix/local=2Emk b/nix/local=2Emk >>>index a64bdd2137=2E=2E435fdd389a 100644 >>>--- a/nix/local=2Emk >>>+++ b/nix/local=2Emk >>>@@ -155,7 +155,17 @@ noinst_HEADERS =3D \ >>>=20 >>> # The '=2Eservice' files for systemd=2E >>> systemdservicedir =3D $(libdir)/systemd/system >>>-nodist_systemdservice_DATA =3D etc/guix-daemon=2Eservice >>>etc/guix-publish=2Eservice >>>+nodist_systemdservice_DATA =3D \ >>>+ etc/gnu-store=2Emount \ >>>+ etc/guix-daemon=2Eservice \ >>>+ etc/guix-publish=2Eservice >>>+ >>>+etc/%=2Emount: etc/%=2Emount=2Ein \ >>>+ $(top_builddir)/config=2Estatus >>>+ $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \ >>>+ $(SED) -e 's|@''storedir''@|$(storedir)|' < \ >>>+ "$<" > "$@=2Etmp"; \ >>>+ mv "$@=2Etmp" "$@" >>>=20 >>> etc/guix-%=2Eservice: etc/guix-%=2Eservice=2Ein \ >>> $(top_builddir)/config=2Estatus >> >>I see that's how it's done with the existing service, but why sed the >>=2Ein file when we could let configure=2Eac take care of it? >> >>I'll try that on a VM of a foreign distro soonish and report=2E Thanks! > >I tested it on a debian VM and it worked well=2E I tested the installer >script and it fails at installing the =2Emount unit, because it does not >exist in the tarball=2E > >After installing the unit manually, I could start the =2Emount service >and found that I was not able to remove store store items with rm=2E I >checked that Guix is able to install new store items=2E For non systemd distros, adding the following line to /etc/fstab works: @storedir@ @storedir@ none defaults,bind,ro 0 0 Then running "mount -a" remounts the store read-only=2E I'm not sure how to integrate this properly in the installer script=2E