aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
authorMathieu Othacehe <othacehe@gnu.org>2020-08-13 14:16:12 +0200
committerMathieu Othacehe <othacehe@gnu.org>2020-09-02 17:05:23 +0200
commit8ce6f4dc2879919c12bc76a2f4b01200af97e019 (patch)
treebcdfea85d25af8ae24622310a035688ac8257dcc /gnu/services
parent5316dfc0f125b658e4a2acf7f00f49501663d943 (diff)
downloadguix-8ce6f4dc2879919c12bc76a2f4b01200af97e019.tar.gz
guix-8ce6f4dc2879919c12bc76a2f4b01200af97e019.zip
installer: Run the installation inside a container.
When the store overlay is mounted, other processes such as kmscon, udev and guix-daemon may open files from the store, preventing the underlying install support from being umounted. See: https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html. To avoid this situation, mount the store overlay inside a container, and run the installation from within that container. * gnu/build/shepherd.scm (fork+exec-command/container): New procedure. * gnu/services/base.scm (guix-shepherd-service): Support an optional PID argument passed to the "start" method. If that argument is passed, ensure that guix-daemon enters the given PID MNT namespace by using fork+exec-command/container procedure. * gnu/installer/final.scm (umount-cow-store): Remove it, (install-system): run the installation from within a container. * gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/base.scm115
1 files changed, 65 insertions, 50 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 491f35702a..d560ad5a13 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1558,57 +1558,72 @@ proxy of 'guix-daemon'...~%")
(provision '(guix-daemon))
(requirement '(user-processes))
(actions (list shepherd-set-http-proxy-action))
- (modules '((srfi srfi-1)))
+ (modules '((srfi srfi-1)
+ (ice-9 match)
+ (gnu build shepherd)))
(start
- #~(lambda _
- (define proxy
- ;; HTTP/HTTPS proxy. The 'http_proxy' variable is set by
- ;; the 'set-http-proxy' action.
- (or (getenv "http_proxy") #$http-proxy))
-
- (fork+exec-command
- (cons* #$(file-append guix "/bin/guix-daemon")
- "--build-users-group" #$build-group
- "--max-silent-time" #$(number->string max-silent-time)
- "--timeout" #$(number->string timeout)
- "--log-compression" #$(symbol->string log-compression)
- #$@(if use-substitutes?
- '()
- '("--no-substitutes"))
- "--substitute-urls" #$(string-join substitute-urls)
- #$@extra-options
-
- ;; Add CHROOT-DIRECTORIES and all their dependencies
- ;; (if these are store items) to the chroot.
- (append-map (lambda (file)
- (append-map (lambda (directory)
- (list "--chroot-directory"
- directory))
- (call-with-input-file file
- read)))
- '#$(map references-file
- chroot-directories)))
-
- #:environment-variables
- (append (list #$@(if tmpdir
- (list (string-append "TMPDIR=" tmpdir))
- '())
-
- ;; Make sure we run in a UTF-8 locale so that
- ;; 'guix offload' correctly restores nars that
- ;; contain UTF-8 file names such as
- ;; 'nss-certs'. See
- ;; <https://bugs.gnu.org/32942>.
- (string-append "GUIX_LOCPATH="
- #$glibc-utf8-locales
- "/lib/locale")
- "LC_ALL=en_US.utf8")
- (if proxy
- (list (string-append "http_proxy=" proxy)
- (string-append "https_proxy=" proxy))
- '()))
-
- #:log-file #$log-file)))
+ (with-imported-modules (source-module-closure
+ '((gnu build shepherd)))
+ #~(lambda args
+ (define proxy
+ ;; HTTP/HTTPS proxy. The 'http_proxy' variable is set by
+ ;; the 'set-http-proxy' action.
+ (or (getenv "http_proxy") #$http-proxy))
+
+ (fork+exec-command/container
+ (cons* #$(file-append guix "/bin/guix-daemon")
+ "--build-users-group" #$build-group
+ "--max-silent-time"
+ #$(number->string max-silent-time)
+ "--timeout" #$(number->string timeout)
+ "--log-compression"
+ #$(symbol->string log-compression)
+ #$@(if use-substitutes?
+ '()
+ '("--no-substitutes"))
+ "--substitute-urls" #$(string-join substitute-urls)
+ #$@extra-options
+
+ ;; Add CHROOT-DIRECTORIES and all their dependencies
+ ;; (if these are store items) to the chroot.
+ (append-map
+ (lambda (file)
+ (append-map (lambda (directory)
+ (list "--chroot-directory"
+ directory))
+ (call-with-input-file file
+ read)))
+ '#$(map references-file
+ chroot-directories)))
+
+ ;; When running the installer, we need guix-daemon to
+ ;; operate from within the same MNT namespace as the
+ ;; installation container. In that case only, enter the
+ ;; namespace of the process PID passed as start argument.
+ #:pid (match args
+ ((pid) (string->number pid))
+ (else (getpid)))
+
+ #:environment-variables
+ (append (list #$@(if tmpdir
+ (list (string-append "TMPDIR=" tmpdir))
+ '())
+
+ ;; Make sure we run in a UTF-8 locale so that
+ ;; 'guix offload' correctly restores nars
+ ;; that contain UTF-8 file names such as
+ ;; 'nss-certs'. See
+ ;; <https://bugs.gnu.org/32942>.
+ (string-append "GUIX_LOCPATH="
+ #$glibc-utf8-locales
+ "/lib/locale")
+ "LC_ALL=en_US.utf8")
+ (if proxy
+ (list (string-append "http_proxy=" proxy)
+ (string-append "https_proxy=" proxy))
+ '()))
+
+ #:log-file #$log-file))))
(stop #~(make-kill-destructor))))))
(define (guix-accounts config)