Hi Oleg,
[...]
>> Are these chown still useful in the activation snippet?
>>
>> (define (nix-activation _)
>> ;; Return the activation gexp.
>> #~(begin
>> (use-modules (guix build utils)
>> (srfi srfi-26))
>> (for-each (cut mkdir-p <>) '("/nix/store" "/nix/var/log"
>> "/nix/var/nix/gcroots/per-user"
>> "/nix/var/nix/profiles/per-user"))
>> (chown "/nix/store"
>> (passwd:uid (getpw "root")) (group:gid (getpw "nixbld01")))
>> (chmod "/nix/store" #o775)
>> (for-each (cut chmod <> #o777) '("/nix/var/nix/profiles"
>> "/nix/var/nix/profiles/per-user"))))
>>
>> If they are useful only on the first time, perhaps we could catch the
>> exceptions for when it runs on an already read-only mounted /nix/store?
>
> Indeed, it is a good idea.
>
> A hotfix for the issue was discussed and implemented. It has already
> been pushed to the master branch. The fix involves a simple
> 'file-exists?' check. You can find more details in the discussion at
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=71320
>
> What do you think is preferable in this scenario – catching exceptions
> or sticking with '(unless (file-exists? ...))'? Your thoughts on the
> best approach here?
Exceptions are usually better than 'check then do' as they avoid the
TOCTTOU (time-of-check to time-of-use) class of bugs/vulnerabilities.
By the way, 'Reported-by:' is a fine git trailer to use :-). I also use
'Fixes:' as a git trailer (trailer means they should be found at the
bottom of the commit message -- these can be parsed with the 'git
interpret-trailers' command)
--
Thanks,
Maxim
