gnu: vm: Add build users.
* gnu/system/shadow.scm (guix-build-accounts): New procedure. * gnu/system/vm.scm (system-qemu-image): Use it. Add the "guixbuild" group. * gnu/system/dmd.scm (guix-service): Add 'builder-group' parameter. Pass 'guix-daemon' the '--build-users-group' option.master
Ludovic Courtès
parent
3abf9b440b
commit
d0c66871b1
|
|
@ -146,14 +146,16 @@
|
||||||
(inputs `(("inetutils" ,inetutils)
|
(inputs `(("inetutils" ,inetutils)
|
||||||
("syslog.conf" ,syslog.conf))))))
|
("syslog.conf" ,syslog.conf))))))
|
||||||
|
|
||||||
(define* (guix-service store #:key (guix guix))
|
(define* (guix-service store #:key (guix guix) (builder-group "guixbuild"))
|
||||||
"Return a service that runs the build daemon from GUIX."
|
"Return a service that runs the build daemon from GUIX."
|
||||||
(let* ((drv (package-derivation store guix))
|
(let* ((drv (package-derivation store guix))
|
||||||
(daemon (string-append (derivation->output-path drv)
|
(daemon (string-append (derivation->output-path drv)
|
||||||
"/bin/guix-daemon")))
|
"/bin/guix-daemon")))
|
||||||
(service
|
(service
|
||||||
(provision '(guix-daemon))
|
(provision '(guix-daemon))
|
||||||
(start `(make-forkexec-constructor ,daemon))
|
(start `(make-forkexec-constructor ,daemon
|
||||||
|
"--build-users-group"
|
||||||
|
,builder-group))
|
||||||
(inputs `(("guix" ,guix))))))
|
(inputs `(("guix" ,guix))))))
|
||||||
|
|
||||||
(define* (static-networking-service store interface ip
|
(define* (static-networking-service store interface ip
|
||||||
|
|
|
||||||
|
|
@ -18,8 +18,14 @@
|
||||||
|
|
||||||
(define-module (gnu system shadow)
|
(define-module (gnu system shadow)
|
||||||
#:use-module (guix store)
|
#:use-module (guix store)
|
||||||
#:use-module (ice-9 match)
|
|
||||||
#:use-module (guix records)
|
#:use-module (guix records)
|
||||||
|
#:use-module (guix packages)
|
||||||
|
#:use-module ((gnu packages system)
|
||||||
|
#:select (shadow))
|
||||||
|
#:use-module (srfi srfi-1)
|
||||||
|
#:use-module (srfi srfi-26)
|
||||||
|
#:use-module (ice-9 match)
|
||||||
|
#:use-module (ice-9 format)
|
||||||
#:export (user-account
|
#:export (user-account
|
||||||
user-account?
|
user-account?
|
||||||
user-account-name
|
user-account-name
|
||||||
|
|
@ -38,7 +44,8 @@
|
||||||
user-group-members
|
user-group-members
|
||||||
|
|
||||||
passwd-file
|
passwd-file
|
||||||
group-file))
|
group-file
|
||||||
|
guix-build-accounts))
|
||||||
|
|
||||||
;;; Commentary:
|
;;; Commentary:
|
||||||
;;;
|
;;;
|
||||||
|
|
@ -110,4 +117,25 @@ file."
|
||||||
(add-text-to-store store (if shadow? "shadow" "passwd")
|
(add-text-to-store store (if shadow? "shadow" "passwd")
|
||||||
contents '()))
|
contents '()))
|
||||||
|
|
||||||
|
(define* (guix-build-accounts store count #:key
|
||||||
|
(first-uid 30001)
|
||||||
|
(gid 30000)
|
||||||
|
(shadow shadow))
|
||||||
|
"Return a list of COUNT user accounts for Guix build users, with UIDs
|
||||||
|
starting at FIRST-UID, and under GID."
|
||||||
|
(let* ((gid* gid)
|
||||||
|
(no-login (string-append (package-output store shadow) "/sbin/nologin")))
|
||||||
|
(unfold (cut > <> count)
|
||||||
|
(lambda (n)
|
||||||
|
(user-account
|
||||||
|
(name (format #f "guixbuilder~2,'0d" n))
|
||||||
|
(password "!")
|
||||||
|
(uid (+ first-uid n -1))
|
||||||
|
(gid gid*)
|
||||||
|
(comment (format #f "Guix Build User ~2d" n))
|
||||||
|
(home-directory "/var/empty")
|
||||||
|
(shell no-login)))
|
||||||
|
1+
|
||||||
|
1)))
|
||||||
|
|
||||||
;;; shadow.scm ends here
|
;;; shadow.scm ends here
|
||||||
|
|
|
||||||
|
|
@ -462,6 +462,9 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
|
||||||
(static-networking-service store "eth0" "10.0.2.10"
|
(static-networking-service store "eth0" "10.0.2.10"
|
||||||
#:gateway "10.0.2.2")))
|
#:gateway "10.0.2.2")))
|
||||||
|
|
||||||
|
(define build-accounts
|
||||||
|
(guix-build-accounts store 10))
|
||||||
|
|
||||||
(define resolv.conf
|
(define resolv.conf
|
||||||
;; Name resolution for default QEMU settings.
|
;; Name resolution for default QEMU settings.
|
||||||
(add-text-to-store store "resolv.conf"
|
(add-text-to-store store "resolv.conf"
|
||||||
|
|
@ -482,7 +485,7 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
|
||||||
(dmd-file (string-append (derivation->output-path dmd-drv)
|
(dmd-file (string-append (derivation->output-path dmd-drv)
|
||||||
"/bin/dmd"))
|
"/bin/dmd"))
|
||||||
(dmd-conf (dmd-configuration-file store %dmd-services))
|
(dmd-conf (dmd-configuration-file store %dmd-services))
|
||||||
(accounts (list (user-account
|
(accounts (cons* (user-account
|
||||||
(name "root")
|
(name "root")
|
||||||
(password "")
|
(password "")
|
||||||
(uid 0) (gid 0)
|
(uid 0) (gid 0)
|
||||||
|
|
@ -495,7 +498,8 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
|
||||||
(uid 1000) (gid 100)
|
(uid 1000) (gid 100)
|
||||||
(comment "Guest of GNU")
|
(comment "Guest of GNU")
|
||||||
(home-directory "/home/guest")
|
(home-directory "/home/guest")
|
||||||
(shell bash-file))))
|
(shell bash-file))
|
||||||
|
build-accounts))
|
||||||
(passwd (passwd-file store accounts))
|
(passwd (passwd-file store accounts))
|
||||||
(shadow (passwd-file store accounts #:shadow? #t))
|
(shadow (passwd-file store accounts #:shadow? #t))
|
||||||
(group (group-file store
|
(group (group-file store
|
||||||
|
|
@ -505,7 +509,12 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
|
||||||
(user-group
|
(user-group
|
||||||
(name "users")
|
(name "users")
|
||||||
(id 100)
|
(id 100)
|
||||||
(members '("guest"))))))
|
(members '("guest")))
|
||||||
|
(user-group
|
||||||
|
(name "guixbuild")
|
||||||
|
(id 30000)
|
||||||
|
(members (map user-account-name
|
||||||
|
build-accounts))))))
|
||||||
(pam.d-drv (pam-services->directory store %pam-services))
|
(pam.d-drv (pam-services->directory store %pam-services))
|
||||||
(pam.d (derivation->output-path pam.d-drv))
|
(pam.d (derivation->output-path pam.d-drv))
|
||||||
|
|
||||||
|
|
|
||||||
Reference in New Issue