summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-06-06 00:09:12 +0200
committerLudovic Courtès <ludo@gnu.org>2014-06-06 00:28:21 +0200
commite97c5be914864674d024dd088eb1f2788ac49f46 (patch)
treeb18a5aeaae41dac7211e1d30cb384197f9dabb63
parentc6b76405ffedae1649f3ed68717c70c7f2443347 (diff)
downloadguix-e97c5be914864674d024dd088eb1f2788ac49f46.tar.gz
services: Use a fixed GID for the build group and use that for the store.
This partly reverts commit 185f669 ("services: Make sure the store's
group is the build group.")

* gnu/services/base.scm (guix-service)[activate]: Remove 'chown' call.
  Add 'id' field to 'user-group' form.
* guix/build/install.scm (directives): Set the store's GID to 30000.
-rw-r--r--gnu/services/base.scm21
-rw-r--r--guix/build/install.scm6
2 files changed, 14 insertions, 13 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 94fa919c0f..65a8ceefc4 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -369,16 +369,13 @@ When AUTHORIZE-HYDRA-KEY? is true, the hydra.gnu.org public key provided by
 GUIX is authorized upon activation, meaning that substitutes from
 hydra.gnu.org are used by default."
   (define activate
-    #~(begin
-        ;; Make sure the store has BUILDER-GROUP as its group.  This may fail
-        ;; with EACCES when the store is a 9p mount, so catch exceptions.
-        (false-if-exception
-         (chown #$(%store-prefix) 0
-                (group:gid (getgrnam #$builder-group))))
+    ;; Assume that the store has BUILDER-GROUP as its group.  We could
+    ;; otherwise call 'chown' here, but the problem is that on a COW unionfs,
+    ;; chown leads to an entire copy of the tree, which is a bad idea.
 
-        ;; Optionally authorize hydra.gnu.org's key.
-        #$(and authorize-hydra-key?
-               (hydra-key-authorization guix))))
+    ;; Optionally authorize hydra.gnu.org's key.
+    (and authorize-hydra-key?
+         (hydra-key-authorization guix)))
 
   (mlet %store-monad ((accounts (guix-build-accounts build-accounts
                                                      #:group builder-group)))
@@ -395,7 +392,11 @@ hydra.gnu.org are used by default."
              (user-groups (list (user-group
                                  (name builder-group)
                                  (members (map user-account-name
-                                               user-accounts)))))
+                                               user-accounts))
+
+                                 ;; Use a fixed GID so that we can create the
+                                 ;; store with the right owner.
+                                 (id 30000))))
              (activate activate)))))
 
 (define %base-services
diff --git a/guix/build/install.scm b/guix/build/install.scm
index ea787b63e2..2a76394faa 100644
--- a/guix/build/install.scm
+++ b/guix/build/install.scm
@@ -73,9 +73,9 @@ directory TARGET."
 (define (directives store)
   "Return a list of directives to populate the root file system that will host
 STORE."
-  `(;; Note: The store's group is changed to the "guixbuild" group at
-    ;; activation time.
-    (directory ,store 0 0)
+  `(;; Note: the store's GID is fixed precisely so we can set it here rather
+    ;; than at activation time.
+    (directory ,store 0 30000)
 
     (directory "/etc")
     (directory "/var/log")                          ; for dmd