From 1a1faa78b0498fbb71f1533beb4b65817c1d3f2a Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 14 May 2020 15:13:12 +0200 Subject: [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only. * etc/gnu-store.mount.in: New file. * nix/local.mk (nodist_systemdservice_DATA): Add it. (etc/%.mount): New rule for it. * etc/guix-install.sh (sys_enable_guix_daemon): Install it. * doc/guix.texi (Binary Installation): Document it. * .gitignore: Ignore changes to it. --- .gitignore | 1 + doc/guix.texi | 5 +++-- etc/gnu-store.mount.in | 14 ++++++++++++++ etc/guix-install.sh | 12 +++++++++--- nix/local.mk | 12 +++++++++++- 5 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 etc/gnu-store.mount.in diff --git a/.gitignore b/.gitignore index cc5ceb5e10..05a68b69ff 100644 --- a/.gitignore +++ b/.gitignore @@ -66,6 +66,7 @@ /doc/stamp-vti /doc/version.texi /doc/version-*.texi +/etc/gnu-store.mount /etc/guix-daemon.cil /etc/guix-daemon.conf /etc/guix-daemon.service diff --git a/doc/guix.texi b/doc/guix.texi index d043852ac3..90324ce291 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -659,9 +659,10 @@ with these commands: @c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html @example -# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \ +# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \ + ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \ /etc/systemd/system/ -# systemctl enable --now guix-daemon +# systemctl enable --now gnu-store.mount guix-daemon @end example If your host distro uses the Upstart init system: diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in new file mode 100644 index 0000000000..c94f2db72b --- /dev/null +++ b/etc/gnu-store.mount.in @@ -0,0 +1,14 @@ +[Unit] +Description=Read-only @storedir@ for GNU Guix +DefaultDependencies=no +ConditionPathExists=@storedir@ +Before=guix-daemon.service + +[Install] +WantedBy=guix-daemon.service + +[Mount] +What=@storedir@ +Where=@storedir@ +Type=none +Options=bind,ro diff --git a/etc/guix-install.sh b/etc/guix-install.sh index 4909d3f162..d252c132fb 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -342,7 +342,13 @@ sys_enable_guix_daemon() _msg "${PAS}enabled Guix daemon via upstart" ;; systemd) - { cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \ + { # systemd .mount units must be named after the target directory. + # Here we assume a hard-coded name of /gnu/store. + cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \ + /etc/systemd/system/; + chmod 664 /etc/systemd/system/gnu-store.mount; + + cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \ /etc/systemd/system/; chmod 664 /etc/systemd/system/guix-daemon.service; @@ -357,8 +363,8 @@ sys_enable_guix_daemon() fi; systemctl daemon-reload && - systemctl start guix-daemon && - systemctl enable guix-daemon; } && + systemctl start gnu-store.mount guix-daemon && + systemctl enable gnu-store.mount guix-daemon; } && _msg "${PAS}enabled Guix daemon via systemd" ;; sysv-init) diff --git a/nix/local.mk b/nix/local.mk index a64bdd2137..435fdd389a 100644 --- a/nix/local.mk +++ b/nix/local.mk @@ -155,7 +155,17 @@ noinst_HEADERS = \ # The '.service' files for systemd. systemdservicedir = $(libdir)/systemd/system -nodist_systemdservice_DATA = etc/guix-daemon.service etc/guix-publish.service +nodist_systemdservice_DATA = \ + etc/gnu-store.mount \ + etc/guix-daemon.service \ + etc/guix-publish.service + +etc/%.mount: etc/%.mount.in \ + $(top_builddir)/config.status + $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \ + $(SED) -e 's|@''storedir''@|$(storedir)|' < \ + "$<" > "$@.tmp"; \ + mv "$@.tmp" "$@" etc/guix-%.service: etc/guix-%.service.in \ $(top_builddir)/config.status