Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: f5e5318ef6aa
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 0943e4adc630
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Apr 28, 2019

  1. nixos/sks: Fix the module (the pre-start script was broken) 

    Unfortunately the changes in ab5dcc7
introduced a typo (took me a while to spot that...) that broke the
whole module (or at least the sks-db systemd unit).

The systemd unit was failing with the following error message:
...-unit-script-sks-db-pre-start[xxx]: KDB/DB_CONFIG exists but is not a symlink.

(cherry picked from commit 753e1e0)
    @primeos
    primeos committed Apr 28, 2019
    Copy the full SHA
    47e9779 View commit details

  2. nixos/sks: Fix another regression from ab5dcc7 

    The two directories KDB and PTree do not exist before the SKS DB is
build for the first time. If /var/db/sks is empty and the module is
enabled via "services.sks.enable = true;" the following error will
occur:
...-unit-script-sks-db-pre-start[xxx]:
ln: failed to create symbolic link 'KDB/DB_CONFIG': No such file or directory

To avoid this both links have to be created after the DB is build.
Note: Creating the directories manually might be better but the initial
build might be skipped as a result:
unit-script-sks-db-pre-start[xxxxx]: KeyDB directory already exists.  Exiting.
unit-script-sks-db-pre-start[xxxxx]: PTree directory already exists.  Exiting.

(cherry picked from commit 6852c08)
    @primeos
    primeos committed Apr 28, 2019
    Copy the full SHA
    0943e4a View commit details
Showing with 13 additions and 11 deletions.
  1. +13 −11 nixos/modules/services/security/sks.nix
24 changes: 13 additions & 11 deletions nixos/modules/services/security/sks.nix
View file
Original file line number Diff line number Diff line change
@@ -116,20 +116,22 @@ in {
${lib.optionalString (cfg.webroot != null)
"ln -sfT \"${cfg.webroot}\" web"}
mkdir -p dump
# Check that both database configs are symlinks before overwriting them
if [ -e KDB/DB_CONFIG ] && [ ! -L KBD/DB_CONFIG ]; then
echo "KDB/DB_CONFIG exists but is not a symlink." >&2
exit 1
fi
if [ -e PTree/DB_CONFIG ] && [ ! -L PTree/DB_CONFIG ]; then
echo "PTree/DB_CONFIG exists but is not a symlink." >&2
exit 1
fi
ln -sf ${dbConfig} KDB/DB_CONFIG
ln -sf ${dbConfig} PTree/DB_CONFIG
${sksPkg}/bin/sks build dump/*.gpg -n 10 -cache 100 || true #*/
${sksPkg}/bin/sks cleandb || true
${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true
# Check that both database configs are symlinks before overwriting them
# TODO: The initial build will be without DB_CONFIG, but this will
# hopefully not cause any significant problems. It might be better to
# create both directories manually but we have to check that this does
# not affect the initial build of the DB.
for CONFIG_FILE in KDB/DB_CONFIG PTree/DB_CONFIG; do
if [ -e $CONFIG_FILE ] && [ ! -L $CONFIG_FILE ]; then
echo "$CONFIG_FILE exists but is not a symlink." >&2
echo "Please remove $PWD/$CONFIG_FILE manually to continue." >&2
exit 1
fi
ln -sf ${dbConfig} $CONFIG_FILE
done
'';
serviceConfig = {
WorkingDirectory = "~";