From f5dca5c07263181f80756f9840c81a18418ce364 Mon Sep 17 00:00:00 2001 From: Denis 'GNUtoo' Carikli Date: Mon, 2 Oct 2023 21:39:06 +0200 Subject: [PATCH] Fix automatic updates According to the operating-system-file fileld of unattended-upgrade-configuration in the manual, automatic updates don't work when "/run/current-system/configuration.scm [...] refers to extra files (SSH public keys, extra configuration files, etc.) via local-file and similar constructs.". So we need these files in the store and to point to them to make the automatic updates work. Signed-off-by: Denis 'GNUtoo' Carikli --- .gitignore | 2 ++ Makefile | 13 ++++++++++++- guix-installer-vm-system.scm | 35 ++++++++++++++++++++++++++++++++++- 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 25d704b..16baa60 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,8 @@ \#*\# guix-commit.txt guix-installer-vm.img +guix-installer-vm.tar +guix-installer-vm.tar.xz id_ed25519 id_ed25519.pub signing-key.pub diff --git a/Makefile b/Makefile index c938edc..7b9623d 100644 --- a/Makefile +++ b/Makefile @@ -27,13 +27,24 @@ guix-commit.txt: Makefile guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \ fi -IMAGE_SOURCE = \ +TARBALL_SOURCE = \ + first-boot.sh \ guix-commit.txt \ guix-installer-vm-system.scm \ id_ed25519.pub \ Makefile \ signing-key.pub +guix-installer-vm.tar: $(TARBALL_SOURCE) + tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE) + +guix-installer-vm.tar.xz: guix-installer-vm.tar + xz -f -9e --verbose $< + +IMAGE_SOURCE = \ + $(TARBALL_SOURCE) \ + guix-installer-vm.tar.xz + guix-installer-vm.img: $(IMAGE_SOURCE) install \ `guix system image \ diff --git a/guix-installer-vm-system.scm b/guix-installer-vm-system.scm index 5879445..2e5f4a1 100644 --- a/guix-installer-vm-system.scm +++ b/guix-installer-vm-system.scm @@ -30,6 +30,32 @@ #:use-module (guix utils) #:export (guix-installer-vm-operating-system)) +(define guix-installer-vm-config + (package + (name "guix-installer-vm-config") + (version "0.1") + ;; TODO: Make that tarball reproducible + (source (local-file "guix-installer-vm.tar.xz")) + (build-system copy-build-system) + (arguments + (list + #:install-plan + #~(list + '("first-boot.sh" "share/guix-installer-vm/configs/") + '("guix-commit.txt" "share/guix-installer-vm/configs/") + '("guix-installer-vm-system.scm" "share/guix-installer-vm/configs/") + '("id_ed25519.pub" "share/guix-installer-vm/configs/") + '("Makefile" "share/guix-installer-vm/configs/") + '("signing-key.pub" "share/guix-installer-vm/configs/") + '(#$source + "share/guix-installer-vm/configs/guix-installer-vm.tar.xz")))) + (synopsis "Full machine configuration.") + (description + "This contains all the configuration files of this machine. This is +needed for unattended upgrades to work.") + (home-page "DOMAIN") + (license license:gpl3+))) + (define first-boot-script (package (name "first-boot-script") @@ -70,6 +96,7 @@ (host-name "guix-installer-vm") (timezone "Europe/Paris") (packages (append (list first-boot-script + guix-installer-vm-config htop net-tools nss-certs @@ -122,7 +149,13 @@ `(("root" , (local-file "id_ed25519.pub")) ("gnutoo" ,(local-file "id_ed25519.pub")))))) ;; Unattended Upgrades - (service unattended-upgrade-service-type)) + (service + unattended-upgrade-service-type + (unattended-upgrade-configuration + (operating-system-file + (string-append "/run/current-system/profile" + "/share/guix-installer-vm/configs/" + "guix-installer-vm-system.scm"))))) (modify-services %base-services (guix-service-type config => (guix-configuration