diff options
| author | Michael Weiss <dev.primeos@gmail.com> | 2019-04-28 14:18:06 +0200 |
|---|---|---|
| committer | Michael Weiss <dev.primeos@gmail.com> | 2019-04-28 14:45:21 +0200 |
| commit | 6852c080d8b5d2e88ca063b02de8bbdd5eb8970c (patch) | |
| tree | 90baf0a63bed8dd4756c056b8ff3d309676e4214 /nixos | |
| parent | 9dd1bbc9f39fced89aef15de3cc4f50da1fca3d6 (diff) | |
| download | nixpkgs-6852c080d8b5d2e88ca063b02de8bbdd5eb8970c.tar nixpkgs-6852c080d8b5d2e88ca063b02de8bbdd5eb8970c.tar.gz nixpkgs-6852c080d8b5d2e88ca063b02de8bbdd5eb8970c.tar.bz2 nixpkgs-6852c080d8b5d2e88ca063b02de8bbdd5eb8970c.tar.lz nixpkgs-6852c080d8b5d2e88ca063b02de8bbdd5eb8970c.tar.xz nixpkgs-6852c080d8b5d2e88ca063b02de8bbdd5eb8970c.tar.zst nixpkgs-6852c080d8b5d2e88ca063b02de8bbdd5eb8970c.zip | |
nixos/sks: Fix another regression from ab5dcc7068b
The two directories KDB and PTree do not exist before the SKS DB is build for the first time. If /var/db/sks is empty and the module is enabled via "services.sks.enable = true;" the following error will occur: ...-unit-script-sks-db-pre-start[xxx]: ln: failed to create symbolic link 'KDB/DB_CONFIG': No such file or directory To avoid this both links have to be created after the DB is build. Note: Creating the directories manually might be better but the initial build might be skipped as a result: unit-script-sks-db-pre-start[xxxxx]: KeyDB directory already exists. Exiting. unit-script-sks-db-pre-start[xxxxx]: PTree directory already exists. Exiting.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/security/sks.nix | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/nixos/modules/services/security/sks.nix b/nixos/modules/services/security/sks.nix index 2d717ac9474..1b7a2ad1398 100644 --- a/nixos/modules/services/security/sks.nix +++ b/nixos/modules/services/security/sks.nix @@ -116,20 +116,22 @@ in { ${lib.optionalString (cfg.webroot != null) "ln -sfT \"${cfg.webroot}\" web"} mkdir -p dump - # Check that both database configs are symlinks before overwriting them - if [ -e KDB/DB_CONFIG ] && [ ! -L KDB/DB_CONFIG ]; then - echo "KDB/DB_CONFIG exists but is not a symlink." >&2 - exit 1 - fi - if [ -e PTree/DB_CONFIG ] && [ ! -L PTree/DB_CONFIG ]; then - echo "PTree/DB_CONFIG exists but is not a symlink." >&2 - exit 1 - fi - ln -sf ${dbConfig} KDB/DB_CONFIG - ln -sf ${dbConfig} PTree/DB_CONFIG ${sksPkg}/bin/sks build dump/*.gpg -n 10 -cache 100 || true #*/ ${sksPkg}/bin/sks cleandb || true ${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true + # Check that both database configs are symlinks before overwriting them + # TODO: The initial build will be without DB_CONFIG, but this will + # hopefully not cause any significant problems. It might be better to + # create both directories manually but we have to check that this does + # not affect the initial build of the DB. + for CONFIG_FILE in KDB/DB_CONFIG PTree/DB_CONFIG; do + if [ -e $CONFIG_FILE ] && [ ! -L $CONFIG_FILE ]; then + echo "$CONFIG_FILE exists but is not a symlink." >&2 + echo "Please remove $PWD/$CONFIG_FILE manually to continue." >&2 + exit 1 + fi + ln -sf ${dbConfig} $CONFIG_FILE + done ''; serviceConfig = { WorkingDirectory = "~"; |