bug#41259: closed ([PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.)

[GNU bug Tracking System]

Your message dated Tue, 03 Aug 2021 15:56:20 -0400
with message-id <87pmuu8fq3.fsf_-_@gmail.com>
and subject line Re: bug#41259: [PATCH] etc: Add a systemd unit to bind-mount 
@storedir@ read-only.
has caused the debbugs.gnu.org bug report #41259,
regarding [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
41259: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=41259
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
>
>
>
>
> Date: 
>
> Thu, 14 May 2020 15:48:46 +0200
>
>
>
>
> * etc/gnu-store.mount.in: New file.
> * nix/local.mk (nodist_systemdservice_DATA): Add it.
> (etc/%.mount): New rule.
> * etc/guix-install.sh (sys_enable_guix_daemon): Install it.
> * doc/guix.texi (Binary Installation): Document it.
> ---
>
> For <https://lists.gnu.org/archive/html/help-guix/2020-05/msg00097.html>.
>
>  doc/guix.texi          |  5 +++--
>  etc/gnu-store.mount.in | 14 ++++++++++++++
>  etc/guix-install.sh    | 12 +++++++++---
>  nix/local.mk           | 12 +++++++++++-
>  4 files changed, 37 insertions(+), 6 deletions(-)
>  create mode 100644 etc/gnu-store.mount.in
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index d6fbd85fde..5d80a7e405 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -659,9 +659,10 @@ with these commands:
>  @c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
>  
>  @example
> -# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
> +# cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
> +     ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
>       /etc/systemd/system/
> -# systemctl enable --now guix-daemon
> +# systemctl enable --now gnu-store.mount guix-daemon
>  @end example
>  
>  If your host distro uses the Upstart init system:
> diff --git a/etc/gnu-store.mount.in b/etc/gnu-store.mount.in
> new file mode 100644
> index 0000000000..c94f2db72b
> --- /dev/null
> +++ b/etc/gnu-store.mount.in
> @@ -0,0 +1,14 @@
> +[Unit]
> +Description=Read-only @storedir@ for GNU Guix
> +DefaultDependencies=no
> +ConditionPathExists=@storedir@
> +Before=guix-daemon.service
> +
> +[Install]
> +WantedBy=guix-daemon.service
> +
> +[Mount]
> +What=@storedir@
> +Where=@storedir@
> +Type=none
> +Options=bind,ro
> diff --git a/etc/guix-install.sh b/etc/guix-install.sh
> index 4909d3f162..d252c132fb 100755
> --- a/etc/guix-install.sh
> +++ b/etc/guix-install.sh
> @@ -342,7 +342,13 @@ sys_enable_guix_daemon()
>                  _msg "${PAS}enabled Guix daemon via upstart"
>              ;;
>          systemd)
> -            { cp 
> "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
> +            { # systemd .mount units must be named after the target directory.
> +              # Here we assume a hard-coded name of /gnu/store.
> +              cp 
> "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
> +                 /etc/systemd/system/;
> +              chmod 664 /etc/systemd/system/gnu-store.mount;
> +
> +              cp 
> "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
>                   /etc/systemd/system/;
>                chmod 664 /etc/systemd/system/guix-daemon.service;
>  
> @@ -357,8 +363,8 @@ sys_enable_guix_daemon()
>               fi;
>  
>                systemctl daemon-reload &&
> -                  systemctl start guix-daemon &&
> -                  systemctl enable guix-daemon; } &&
> +                  systemctl start  gnu-store.mount guix-daemon &&
> +                  systemctl enable gnu-store.mount guix-daemon; } &&
>                  _msg "${PAS}enabled Guix daemon via systemd"
>              ;;
>          sysv-init)
> diff --git a/nix/local.mk b/nix/local.mk
> index a64bdd2137..435fdd389a 100644
> --- a/nix/local.mk
> +++ b/nix/local.mk
> @@ -155,7 +155,17 @@ noinst_HEADERS =                                           
> \
>  
>  # The '.service' files for systemd.
>  systemdservicedir = $(libdir)/systemd/system
> -nodist_systemdservice_DATA = etc/guix-daemon.service etc/guix-publish.service
> +nodist_systemdservice_DATA =                   \
> +  etc/gnu-store.mount                          \
> +  etc/guix-daemon.service                      \
> +  etc/guix-publish.service
> +
> +etc/%.mount: etc/%.mount.in    \
> +                        $(top_builddir)/config.status
> +       $(AM_V_GEN)$(MKDIR_P) "`dirname $@`";   \
> +       $(SED) -e 's|@''storedir''@|$(storedir)|' <     \
> +              "$<" > "$@.tmp";         \
> +       mv "$@.tmp" "$@"
>  
>  etc/guix-%.service: etc/guix-%.service.in      \
>                          $(top_builddir)/config.status
> -- 
> 2.26.2
>
>
>
>
> --- End Message ---
> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: bug#41259: [PATCH] etc: Add a systemd unit to bind-mount @storedir@ read-only.
>
>
>
>
> Date: 
>
> Tue, 03 Aug 2021 15:56:20 -0400
>
>
>
>
> User-agent: 
>
> Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
>
>
>
>
> Tobias Geerinckx-Rice <me@tobias.gr> writes:
>
> > Vincent,
> >
> > Vincent Legoll 写道：
> >> yesterday's today is in fact today's today...
> >
> > I've tried to stop that but to no avail.
> >
> >> I was too pessimistic, I'm not getting any merge conflict.
> >
> > Happy to hear it.  Git can be remarkably clever with 3-way merges
> > sometimes (and disappointingly dense at others).
> >
> >> Your patch seems to be working nicely, I tested on a range
> >> of VMs:
> >>
> >> x86_64: alpine devuan fedora debian_stretch debian_buster
> >> i686: void
> >
> > Thank you for being so thorough.  You've given me the confidence to
> > push this to master as 1a1faa78b0498fbb71f1533beb4b65817c1d3f2a.
> > Guess I'll leave this bug open since it only solves it for systemd.
>
> That's a patch, not a bug, though :-).
>
> I'll close it now to spare someone else the time it took me to read
> through and see whether bits had gone uncommitted :-).
>
> Thank you,
>
> Maxim
>
>
> --- End Message ---