diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2025-03-25 17:41:57 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2025-04-20 18:52:59 +0200 |
| commit | e2583b5a17bfdedc1d24b3bab2d752fbf8fa6db6 (patch) | |
| tree | 58437a302bea35fc2d8e2267e9b1ca0397eb2f0b /gnu/tests/base.scm | |
| parent | 2c7c059e0b8f086979af070fe9c61fa793bb0e3f (diff) | |
services: guix: Allow ‘guix-daemon’ to run without root privileges.
* gnu/services/base.scm (run-with-writable-store)
(guix-ownership-change-program): New procedures.
(<guix-configuration>)[privileged?]: New field.
(guix-shepherd-service): Rename to…
(guix-shepherd-services): … this. Add the ‘guix-ownership’ service.
Change ‘guix-daemon’ service to depend on it; when unprivileged,
prefix ‘daemon-command’ by ‘run-with-writable-store’ and
omit ‘--build-users-group’; adjust socket activation endpoints.
(guix-accounts): When unprivileged, create the “guix-daemon” user and
group in addition to the others.
(guix-service-type)[extensions]: Adjust to name change.
* gnu/tests/base.scm (run-guix-daemon-test): Add ‘name’ parameter.
(%test-guix-daemon): Adjust accordingly.
(%test-guix-daemon-unprivileged): New test.
* doc/guix.texi (Base Services): Document ‘privileged?’.
(Migrating to the Unprivileged Daemon): Explain that this is automatic
on Guix System.
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: I28a9a22e617416c551dccb24e43a253b544ba163
Diffstat (limited to 'gnu/tests/base.scm')
| -rw-r--r-- | gnu/tests/base.scm | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm index 83e047f7e64..ef05e56e5f7 100644 --- a/gnu/tests/base.scm +++ b/gnu/tests/base.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016-2020, 2022, 2024 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2016-2020, 2022, 2024-2025 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; Copyright © 2022 Marius Bakke <marius@gnu.org> @@ -63,7 +63,8 @@ %hello-dependencies-manifest guix-daemon-test-cases - %test-guix-daemon)) + %test-guix-daemon + %test-guix-daemon-unprivileged)) (define %simple-os (simple-operating-system)) @@ -1121,7 +1122,7 @@ test." (system-error-errno args))) #$marionette)))) -(define (run-guix-daemon-test os) +(define (run-guix-daemon-test os name) (define test-image (image (operating-system os) (format 'compressed-qcow2) @@ -1168,7 +1169,7 @@ test." (test-end)))) - (gexp->derivation "guix-daemon-test" test)) + (gexp->derivation name test)) (define %test-guix-daemon (system-test @@ -1190,4 +1191,34 @@ test." %base-user-accounts))) #:imported-modules '((gnu services herd) (guix combinators))))) - (run-guix-daemon-test os))))) + (run-guix-daemon-test os "guix-daemon-test"))))) + +(define %test-guix-daemon-unprivileged + (system-test + (name "guix-daemon-unprivileged") + (description + "Test 'guix-daemon' behavior on a multi-user system, where 'guix-daemon' +runs unprivileged.") + (value + (let ((os (marionette-operating-system + (let ((base (operating-system-with-gc-roots + %daemon-os + (list (profile + (name "hello-build-dependencies") + (content %hello-dependencies-manifest)))))) + (operating-system + (inherit base) + (kernel-arguments '("console=ttyS0")) + (users (cons (user-account + (name "user") + (group "users")) + %base-user-accounts)) + (services + (modify-services (operating-system-user-services base) + (guix-service-type + config => (guix-configuration + (inherit config) + (privileged? #f))))))) + #:imported-modules '((gnu services herd) + (guix combinators))))) + (run-guix-daemon-test os "guix-daemon-unprivileged-test"))))) |