diff options
author | Tobias Geerinckx-Rice <me@tobias.gr> | 2020-05-14 15:13:12 +0200 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2020-05-16 15:37:41 +0200 |
commit | 1a1faa78b0498fbb71f1533beb4b65817c1d3f2a (patch) | |
tree | 26e517d245b551901679a6ca4e9fc6430f526b55 | |
parent | 0fe654ebcdf3399a950da65b50924096c947df42 (diff) | |
download | patches-1a1faa78b0498fbb71f1533beb4b65817c1d3f2a.tar patches-1a1faa78b0498fbb71f1533beb4b65817c1d3f2a.tar.gz |
etc: Add a systemd unit to bind-mount @storedir@ read-only.
* etc/gnu-store.mount.in: New file.
* nix/local.mk (nodist_systemdservice_DATA): Add it.
(etc/%.mount): New rule for it.
* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
* doc/guix.texi (Binary Installation): Document it.
* .gitignore: Ignore changes to it.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | doc/guix.texi | 5 | ||||
-rw-r--r-- | etc/gnu-store.mount.in | 14 | ||||
-rwxr-xr-x | etc/guix-install.sh | 12 | ||||
-rw-r--r-- | nix/local.mk | 12 |
5 files changed, 38 insertions, 6 deletions
diff --git a/.gitignore b/.gitignore index cc5ceb5e10..05a68b69ff 100644 --- a/.gitignore +++ b/.gitignore @@ -66,6 +66,7 @@ /doc/stamp-vti /doc/version.texi /doc/version-*.texi +/etc/gnu-store.mount /etc/guix-daemon.cil /etc/guix-daemon.conf /etc/guix-daemon.service diff --git a/doc/guix.texi b/doc/guix.texi index d043852ac3..90324ce291 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -659,9 +659,10 @@ with these commands: @c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html @example -# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \ +# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \ + ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \ /etc/systemd/system/ -# systemctl enable --now guix-daemon +# systemctl enable --now gnu-store.mount guix-daemon @end example If your host distro uses the Upstart init system: diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in new file mode 100644 index 0000000000..c94f2db72b --- /dev/null +++ b/etc/gnu-store.mount.in @@ -0,0 +1,14 @@ +[Unit] +Description=Read-only @storedir@ for GNU Guix +DefaultDependencies=no +ConditionPathExists=@storedir@ +Before=guix-daemon.service + +[Install] +WantedBy=guix-daemon.service + +[Mount] +What=@storedir@ +Where=@storedir@ +Type=none +Options=bind,ro diff --git a/etc/guix-install.sh b/etc/guix-install.sh index 4909d3f162..d252c132fb 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -342,7 +342,13 @@ sys_enable_guix_daemon() _msg "${PAS}enabled Guix daemon via upstart" ;; systemd) - { cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \ + { # systemd .mount units must be named after the target directory. + # Here we assume a hard-coded name of /gnu/store. + cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \ + /etc/systemd/system/; + chmod 664 /etc/systemd/system/gnu-store.mount; + + cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \ /etc/systemd/system/; chmod 664 /etc/systemd/system/guix-daemon.service; @@ -357,8 +363,8 @@ sys_enable_guix_daemon() fi; systemctl daemon-reload && - systemctl start guix-daemon && - systemctl enable guix-daemon; } && + systemctl start gnu-store.mount guix-daemon && + systemctl enable gnu-store.mount guix-daemon; } && _msg "${PAS}enabled Guix daemon via systemd" ;; sysv-init) diff --git a/nix/local.mk b/nix/local.mk index a64bdd2137..435fdd389a 100644 --- a/nix/local.mk +++ b/nix/local.mk @@ -155,7 +155,17 @@ noinst_HEADERS = \ # The '.service' files for systemd. systemdservicedir = $(libdir)/systemd/system -nodist_systemdservice_DATA = etc/guix-daemon.service etc/guix-publish.service +nodist_systemdservice_DATA = \ + etc/gnu-store.mount \ + etc/guix-daemon.service \ + etc/guix-publish.service + +etc/%.mount: etc/%.mount.in \ + $(top_builddir)/config.status + $(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \ + $(SED) -e 's|@''storedir''@|$(storedir)|' < \ + "$<" > "$@.tmp"; \ + mv "$@.tmp" "$@" etc/guix-%.service: etc/guix-%.service.in \ $(top_builddir)/config.status |