guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Make guix-publish's URL identical to cache file name

From: Ludovic Courtès
Subject: Re: Make guix-publish's URL identical to cache file name
Date: Sun, 08 Nov 2020 18:08:19 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) 
Hi,

Ricardo Wurmus <rekado@elephly.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> The simplest solution for now (I think that’s what Ricardo & co. had in
>> mind) would be for you to retrieve /var/cache/guix/publish on your
>> server, as is, and then run ‘guix publish’ on your sever: it will know
>> where to find files.  As I wrote to Jonathan, you can/should also run
>> nginx on top of that as a proxy to your local ‘guix publish’.
>>
>> Ricardo, can you remind us what the next steps would be?
>
> We need to make sure that *all* the files produced by “guix publish”
> have correct permissions; IIRC some of the files are not readable at all
> by users other than the owner of the files.

Oops, I had forgotten, my bad.  I’ll push the attached patch later
today.

Next we’ll need to update the ‘guix’ package, restart ‘guix publish’ on
berlin, and chmod a+r -R /var/cache/guix/publish.

> Once that’s done we just need to start the rsync daemon again,
> preferably as a shepherd service.

Yes.

Sounds like we have a plan!

Peng Mei Yu: make sure to ping us in the coming weeks if you don’t hear
from us by then!

Thanks,
Ludo’.


diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index e8faf379e2..e3c8711f5b 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -583,7 +583,10 @@ requested using POOL."
      ;; guarantee the TTL (see <https://bugs.gnu.org/28664>.)
      (with-atomic-file-output nar
        (lambda (port)
-         (write-file item port))))))
+         (write-file item port)
+         ;; Make the file world-readable, contrary to what
+         ;; 'with-atomic-file-output' does.
+         (chmod port (logand #o644 (lognot (umask)))))))))
 
 (define* (bake-narinfo+nar cache item
                            #:key ttl (compressions (list %no-compression))
@@ -615,7 +618,12 @@ requested using POOL."
                                           #:nar-path nar-path
                                           #:compressions compressions
                                           #:file-sizes sizes)
-                          port)))))
+                          port)))
+
+             ;; Make the cached narinfo world-readable, contrary to what
+             ;; 'with-atomic-file-output' does, so that other users can rsync
+             ;; the whole cache.
+             (chmod port (logand #o644 (lognot (umask))))))
 
          ;; Make narinfo files for OTHERS hard links to NARINFO such that the
          ;; atime-based cache eviction considers either all the nars or none
diff --git a/tests/publish.scm b/tests/publish.scm
index e46e6256b7..cafd0f13a2 100644
--- a/tests/publish.scm
+++ b/tests/publish.scm
@@ -434,6 +434,11 @@ References: ~%"
                  (< ttl 3600)))
 
               (wait-for-file cached)
+
+              ;; Both the narinfo and nar should be world-readable.
+              (= #o644 (stat:perms (lstat cached)))
+              (= #o644 (stat:perms (lstat nar)))
+
               (let* ((body         (http-get-port url))
                      (compressed   (http-get nar-url))
                      (uncompressed (http-get (string-append base "nar/"
reply via email to
[Prev in Thread] Current Thread [Next in Thread]