mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-04-06 13:10:33 +02:00
services: package-database: Run ‘guix locate’ without root privileges.
* gnu/services/admin.scm (%package-database-file) (%package-database-accounts, %package-database-activation): New variables. (package-database-shepherd-services): Pass explicit ‘--database’ flag to ‘guix locate’. Pass #:user and #:group to ‘command’. Pass #:log-file. (package-database-service-type): Extend ‘activation-service-type’ and ‘account-service-type’. Change-Id: Ifbf65e004766d049d99a16e163339ac168c1f73c Signed-off-by: Ludovic Courtès <ludo@gnu.org> Merges: #7527
This commit is contained in:
Ludovic Courtès
@@ -1,6 +1,6 @@
|
|||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
|
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
|
||||||
;;; Copyright © 2016-2025 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2016-2026 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
|
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
|
||||||
;;; Copyright © 2023 Giacomo Leidi <therewasa@fishinthecalculator.me>
|
;;; Copyright © 2023 Giacomo Leidi <therewasa@fishinthecalculator.me>
|
||||||
;;; Copyright © 2024 Gabriel Wicki <gabriel@erlikon.ch>
|
;;; Copyright © 2024 Gabriel Wicki <gabriel@erlikon.ch>
|
||||||
@@ -380,6 +380,31 @@ terms of CPU and input/output.")
|
|||||||
"G-exp denoting the channels to use when updating the database
|
"G-exp denoting the channels to use when updating the database
|
||||||
(@pxref{Channels})."))
|
(@pxref{Channels})."))
|
||||||
|
|
||||||
|
(define %package-database-file
|
||||||
|
;; System-wide package database used by 'guix locate'.
|
||||||
|
;; See 'system-database-file' in (guix scripts locate).
|
||||||
|
"/var/cache/guix/locate/db.sqlite")
|
||||||
|
|
||||||
|
(define %package-database-accounts
|
||||||
|
(list (user-account
|
||||||
|
(name "guix-locate")
|
||||||
|
(group "guix-locate")
|
||||||
|
(system? #t)
|
||||||
|
(comment "Account running 'guix locate'")
|
||||||
|
(home-directory "/var/run/guix-locate"))
|
||||||
|
(user-group
|
||||||
|
(name "guix-locate")
|
||||||
|
(system? #t))))
|
||||||
|
|
||||||
|
(define %package-database-activation
|
||||||
|
;; Create the package database directory at activation time. Make it
|
||||||
|
;; writable by 'guix-locate' and world-readable.
|
||||||
|
#~(begin
|
||||||
|
(use-modules (guix build utils))
|
||||||
|
(let ((directory #$(dirname %package-database-file))
|
||||||
|
(owner (getpwnam "guix-locate")))
|
||||||
|
(mkdir-p/perms directory owner #o755))))
|
||||||
|
|
||||||
(define (package-database-shepherd-services configuration)
|
(define (package-database-shepherd-services configuration)
|
||||||
(match-record configuration <package-database-configuration>
|
(match-record configuration <package-database-configuration>
|
||||||
(package schedule method channels)
|
(package schedule method channels)
|
||||||
@@ -388,8 +413,6 @@ terms of CPU and input/output.")
|
|||||||
(provision '(package-database-update))
|
(provision '(package-database-update))
|
||||||
(requirement '(user-processes guix-daemon))
|
(requirement '(user-processes guix-daemon))
|
||||||
(modules '((shepherd service timer)))
|
(modules '((shepherd service timer)))
|
||||||
;; XXX: The whole thing's running as "root" just because it needs
|
|
||||||
;; write access to /var/cache/guix/locate.
|
|
||||||
(start #~(make-timer-constructor
|
(start #~(make-timer-constructor
|
||||||
#$(if (string? schedule)
|
#$(if (string? schedule)
|
||||||
#~(cron-string->calendar-event #$schedule)
|
#~(cron-string->calendar-event #$schedule)
|
||||||
@@ -397,8 +420,13 @@ terms of CPU and input/output.")
|
|||||||
(command '(#$(file-append package "/bin/guix")
|
(command '(#$(file-append package "/bin/guix")
|
||||||
"time-machine" "-C" #$channels
|
"time-machine" "-C" #$channels
|
||||||
"--" "locate" "--update"
|
"--" "locate" "--update"
|
||||||
|
#$(string-append "--database="
|
||||||
|
%package-database-file)
|
||||||
#$(string-append
|
#$(string-append
|
||||||
"--method=" (symbol->string method))))
|
"--method=" (symbol->string method)))
|
||||||
|
#:user "guix-locate"
|
||||||
|
#:group "guix-locate")
|
||||||
|
#:log-file "/var/log/guix-locate.log"
|
||||||
#:wait-for-termination? #t))
|
#:wait-for-termination? #t))
|
||||||
(stop #~(make-timer-destructor))
|
(stop #~(make-timer-destructor))
|
||||||
(documentation
|
(documentation
|
||||||
@@ -410,7 +438,11 @@ be queried by the 'guix locate' command.")
|
|||||||
(service-type
|
(service-type
|
||||||
(name 'package-database)
|
(name 'package-database)
|
||||||
(extensions (list (service-extension shepherd-root-service-type
|
(extensions (list (service-extension shepherd-root-service-type
|
||||||
package-database-shepherd-services)))
|
package-database-shepherd-services)
|
||||||
|
(service-extension activation-service-type
|
||||||
|
(const %package-database-activation))
|
||||||
|
(service-extension account-service-type
|
||||||
|
(const %package-database-accounts))))
|
||||||
(description
|
(description
|
||||||
"Periodically update the package database used by the @code{guix locate} command,
|
"Periodically update the package database used by the @code{guix locate} command,
|
||||||
which lets you search for packages that provide a given file.")
|
which lets you search for packages that provide a given file.")
|
||||||
|
|||||||
Reference in New Issue
Block a user