etc: Add a systemd unit to bind-mount @storedir@ read-only.

* etc/gnu-store.mount.in: New file.
* nix/local.mk (nodist_systemdservice_DATA): Add it.
(etc/%.mount): New rule for it.
* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
* doc/guix.texi (Binary Installation): Document it.
* .gitignore: Ignore changes to it.
This commit is contained in:
Tobias Geerinckx-Rice 2020-05-14 15:13:12 +02:00
parent 0fe654ebcd
commit 1a1faa78b0
No known key found for this signature in database
GPG key ID: 0DB0FF884F556D79
5 changed files with 38 additions and 6 deletions

1
.gitignore vendored
View file

@ -66,6 +66,7 @@
/doc/stamp-vti /doc/stamp-vti
/doc/version.texi /doc/version.texi
/doc/version-*.texi /doc/version-*.texi
/etc/gnu-store.mount
/etc/guix-daemon.cil /etc/guix-daemon.cil
/etc/guix-daemon.conf /etc/guix-daemon.conf
/etc/guix-daemon.service /etc/guix-daemon.service

View file

@ -659,9 +659,10 @@ with these commands:
@c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html @c https://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
@example @example
# cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \ # cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
/etc/systemd/system/ /etc/systemd/system/
# systemctl enable --now guix-daemon # systemctl enable --now gnu-store.mount guix-daemon
@end example @end example
If your host distro uses the Upstart init system: If your host distro uses the Upstart init system:

14
etc/gnu-store.mount.in Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=Read-only @storedir@ for GNU Guix
DefaultDependencies=no
ConditionPathExists=@storedir@
Before=guix-daemon.service
[Install]
WantedBy=guix-daemon.service
[Mount]
What=@storedir@
Where=@storedir@
Type=none
Options=bind,ro

View file

@ -342,7 +342,13 @@ sys_enable_guix_daemon()
_msg "${PAS}enabled Guix daemon via upstart" _msg "${PAS}enabled Guix daemon via upstart"
;; ;;
systemd) systemd)
{ cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \ { # systemd .mount units must be named after the target directory.
# Here we assume a hard-coded name of /gnu/store.
cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
/etc/systemd/system/;
chmod 664 /etc/systemd/system/gnu-store.mount;
cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
/etc/systemd/system/; /etc/systemd/system/;
chmod 664 /etc/systemd/system/guix-daemon.service; chmod 664 /etc/systemd/system/guix-daemon.service;
@ -357,8 +363,8 @@ sys_enable_guix_daemon()
fi; fi;
systemctl daemon-reload && systemctl daemon-reload &&
systemctl start guix-daemon && systemctl start gnu-store.mount guix-daemon &&
systemctl enable guix-daemon; } && systemctl enable gnu-store.mount guix-daemon; } &&
_msg "${PAS}enabled Guix daemon via systemd" _msg "${PAS}enabled Guix daemon via systemd"
;; ;;
sysv-init) sysv-init)

View file

@ -155,7 +155,17 @@ noinst_HEADERS = \
# The '.service' files for systemd. # The '.service' files for systemd.
systemdservicedir = $(libdir)/systemd/system systemdservicedir = $(libdir)/systemd/system
nodist_systemdservice_DATA = etc/guix-daemon.service etc/guix-publish.service nodist_systemdservice_DATA = \
etc/gnu-store.mount \
etc/guix-daemon.service \
etc/guix-publish.service
etc/%.mount: etc/%.mount.in \
$(top_builddir)/config.status
$(AM_V_GEN)$(MKDIR_P) "`dirname $@`"; \
$(SED) -e 's|@''storedir''@|$(storedir)|' < \
"$<" > "$@.tmp"; \
mv "$@.tmp" "$@"
etc/guix-%.service: etc/guix-%.service.in \ etc/guix-%.service: etc/guix-%.service.in \
$(top_builddir)/config.status $(top_builddir)/config.status