services: Use a fixed GID for the build group and use that for the store.
This partly reverts commit 185f669 ("services: Make sure the store's
group is the build group.")
* gnu/services/base.scm (guix-service)[activate]: Remove 'chown' call.
Add 'id' field to 'user-group' form.
* guix/build/install.scm (directives): Set the store's GID to 30000.
This commit is contained in:
Ludovic Courtès
parent
c6b76405ff
commit
e97c5be914
|
|
@ -369,16 +369,13 @@ When AUTHORIZE-HYDRA-KEY? is true, the hydra.gnu.org public key provided by
|
||||||
GUIX is authorized upon activation, meaning that substitutes from
|
GUIX is authorized upon activation, meaning that substitutes from
|
||||||
hydra.gnu.org are used by default."
|
hydra.gnu.org are used by default."
|
||||||
(define activate
|
(define activate
|
||||||
#~(begin
|
;; Assume that the store has BUILDER-GROUP as its group. We could
|
||||||
;; Make sure the store has BUILDER-GROUP as its group. This may fail
|
;; otherwise call 'chown' here, but the problem is that on a COW unionfs,
|
||||||
;; with EACCES when the store is a 9p mount, so catch exceptions.
|
;; chown leads to an entire copy of the tree, which is a bad idea.
|
||||||
(false-if-exception
|
|
||||||
(chown #$(%store-prefix) 0
|
|
||||||
(group:gid (getgrnam #$builder-group))))
|
|
||||||
|
|
||||||
;; Optionally authorize hydra.gnu.org's key.
|
;; Optionally authorize hydra.gnu.org's key.
|
||||||
#$(and authorize-hydra-key?
|
(and authorize-hydra-key?
|
||||||
(hydra-key-authorization guix))))
|
(hydra-key-authorization guix)))
|
||||||
|
|
||||||
(mlet %store-monad ((accounts (guix-build-accounts build-accounts
|
(mlet %store-monad ((accounts (guix-build-accounts build-accounts
|
||||||
#:group builder-group)))
|
#:group builder-group)))
|
||||||
|
|
@ -395,7 +392,11 @@ hydra.gnu.org are used by default."
|
||||||
(user-groups (list (user-group
|
(user-groups (list (user-group
|
||||||
(name builder-group)
|
(name builder-group)
|
||||||
(members (map user-account-name
|
(members (map user-account-name
|
||||||
user-accounts)))))
|
user-accounts))
|
||||||
|
|
||||||
|
;; Use a fixed GID so that we can create the
|
||||||
|
;; store with the right owner.
|
||||||
|
(id 30000))))
|
||||||
(activate activate)))))
|
(activate activate)))))
|
||||||
|
|
||||||
(define %base-services
|
(define %base-services
|
||||||
|
|
|
||||||
|
|
@ -73,9 +73,9 @@ directory TARGET."
|
||||||
(define (directives store)
|
(define (directives store)
|
||||||
"Return a list of directives to populate the root file system that will host
|
"Return a list of directives to populate the root file system that will host
|
||||||
STORE."
|
STORE."
|
||||||
`(;; Note: The store's group is changed to the "guixbuild" group at
|
`(;; Note: the store's GID is fixed precisely so we can set it here rather
|
||||||
;; activation time.
|
;; than at activation time.
|
||||||
(directory ,store 0 0)
|
(directory ,store 0 30000)
|
||||||
|
|
||||||
(directory "/etc")
|
(directory "/etc")
|
||||||
(directory "/var/log") ; for dmd
|
(directory "/var/log") ; for dmd
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue