nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

services: Make sure the store's group is the build group. 

* gnu/services/base.scm (guix-service)[activate]: New variable.  Add
  'chown' call for (%store-prefix).  Set the 'activate' field to
  ACTIVATE.
* guix/build/install.scm (directives): Add comment about STORE's group.
This commit is contained in:
Ludovic Courtès 2014-06-04 22:19:30 +02:00
parent 3d116a70f9
commit 185f669109
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
gnu/services/base.scm
View File

@ -17,6 +17,8 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services base) (define-module (gnu services base)
#:use-module ((guix store)
#:select (%store-prefix))
#:use-module (gnu services) #:use-module (gnu services)
#:use-module (gnu system shadow) ; 'user-account', etc. #:use-module (gnu system shadow) ; 'user-account', etc.
#:use-module (gnu system linux) ; 'pam-service', etc. #:use-module (gnu system linux) ; 'pam-service', etc.
@ -348,7 +350,6 @@ GUIX."
(port (open-file key "r0b"))) (port (open-file key "r0b")))
(format #t "registering public key '~a'...~%" key) (format #t "registering public key '~a'...~%" key)
(close-port (current-input-port)) (close-port (current-input-port))
;; (close-fdes 0)
(dup port 0) (dup port 0)
(execl (string-append #$guix "/bin/guix") (execl (string-append #$guix "/bin/guix")
"guix" "archive" "--authorize") "guix" "archive" "--authorize")
@ -367,6 +368,18 @@ BUILD-ACCOUNTS user accounts available under BUILD-USER-GID.
When AUTHORIZE-HYDRA-KEY? is true, the hydra.gnu.org public key provided by When AUTHORIZE-HYDRA-KEY? is true, the hydra.gnu.org public key provided by
GUIX is authorized upon activation, meaning that substitutes from GUIX is authorized upon activation, meaning that substitutes from
hydra.gnu.org are used by default." hydra.gnu.org are used by default."
(define activate
#~(begin
;; Make sure the store has BUILDER-GROUP as its group. This may fail
;; with EACCES when the store is a 9p mount, so catch exceptions.
(false-if-exception
(chown #$(%store-prefix) 0
(group:gid (getgrnam #$builder-group))))
;; Optionally authorize hydra.gnu.org's key.
#$(and authorize-hydra-key?
(hydra-key-authorization guix))))
(mlet %store-monad ((accounts (guix-build-accounts build-accounts (mlet %store-monad ((accounts (guix-build-accounts build-accounts
#:group builder-group))) #:group builder-group)))
(return (service (return (service
@ -383,8 +396,7 @@ hydra.gnu.org are used by default."
(name builder-group) (name builder-group)
(members (map user-account-name (members (map user-account-name
user-accounts))))) user-accounts)))))
(activate (and authorize-hydra-key? (activate activate)))))
(hydra-key-authorization guix)))))))
(define %base-services (define %base-services
;; Convenience variable holding the basic services. ;; Convenience variable holding the basic services.

5
guix/build/install.scm
View File

@ -73,7 +73,10 @@ directory TARGET."
(define (directives store) (define (directives store)
"Return a list of directives to populate the root file system that will host "Return a list of directives to populate the root file system that will host
STORE." STORE."
`((directory ,store 0 0) `(;; Note: The store's group is changed to the "guixbuild" group at
;; activation time.
(directory ,store 0 0)
(directory "/etc") (directory "/etc")
(directory "/var/log") ; for dmd (directory "/var/log") ; for dmd
(directory "/var/guix/gcroots") (directory "/var/guix/gcroots")