aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-06-04 22:19:30 +0200
committerLudovic Courtès <ludo@gnu.org>2014-06-04 22:19:30 +0200
commit185f669109eb56b61c3d51dc8b2e3eeded9b2be9 (patch)
tree8024e91e4f644e3de117307fe4c08510f820ad41
parent3d116a70f9b18027b31be2e11e8c9c9192622607 (diff)
downloadguix-185f669109eb56b61c3d51dc8b2e3eeded9b2be9.tar
guix-185f669109eb56b61c3d51dc8b2e3eeded9b2be9.tar.gz
services: Make sure the store's group is the build group.
* gnu/services/base.scm (guix-service)[activate]: New variable. Add 'chown' call for (%store-prefix). Set the 'activate' field to ACTIVATE. * guix/build/install.scm (directives): Add comment about STORE's group.
-rw-r--r--gnu/services/base.scm18
-rw-r--r--guix/build/install.scm5
2 files changed, 19 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 3f7f453c9b..94fa919c0f 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -17,6 +17,8 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services base)
+ #:use-module ((guix store)
+ #:select (%store-prefix))
#:use-module (gnu services)
#:use-module (gnu system shadow) ; 'user-account', etc.
#:use-module (gnu system linux) ; 'pam-service', etc.
@@ -348,7 +350,6 @@ GUIX."
(port (open-file key "r0b")))
(format #t "registering public key '~a'...~%" key)
(close-port (current-input-port))
- ;; (close-fdes 0)
(dup port 0)
(execl (string-append #$guix "/bin/guix")
"guix" "archive" "--authorize")
@@ -367,6 +368,18 @@ BUILD-ACCOUNTS user accounts available under BUILD-USER-GID.
When AUTHORIZE-HYDRA-KEY? is true, the hydra.gnu.org public key provided by
GUIX is authorized upon activation, meaning that substitutes from
hydra.gnu.org are used by default."
+ (define activate
+ #~(begin
+ ;; Make sure the store has BUILDER-GROUP as its group. This may fail
+ ;; with EACCES when the store is a 9p mount, so catch exceptions.
+ (false-if-exception
+ (chown #$(%store-prefix) 0
+ (group:gid (getgrnam #$builder-group))))
+
+ ;; Optionally authorize hydra.gnu.org's key.
+ #$(and authorize-hydra-key?
+ (hydra-key-authorization guix))))
+
(mlet %store-monad ((accounts (guix-build-accounts build-accounts
#:group builder-group)))
(return (service
@@ -383,8 +396,7 @@ hydra.gnu.org are used by default."
(name builder-group)
(members (map user-account-name
user-accounts)))))
- (activate (and authorize-hydra-key?
- (hydra-key-authorization guix)))))))
+ (activate activate)))))
(define %base-services
;; Convenience variable holding the basic services.
diff --git a/guix/build/install.scm b/guix/build/install.scm
index afa7d1dd8f..ea787b63e2 100644
--- a/guix/build/install.scm
+++ b/guix/build/install.scm
@@ -73,7 +73,10 @@ directory TARGET."
(define (directives store)
"Return a list of directives to populate the root file system that will host
STORE."
- `((directory ,store 0 0)
+ `(;; Note: The store's group is changed to the "guixbuild" group at
+ ;; activation time.
+ (directory ,store 0 0)
+
(directory "/etc")
(directory "/var/log") ; for dmd
(directory "/var/guix/gcroots")