From a3b92748b5aa9d2ad33bf58c0c60fd9e220612be Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Thu, 12 Aug 2021 16:04:51 +0000
Subject: [PATCH] Instead of automatically moving user data around, stop
execution of old DB is found
---
nixos/modules/issuer.nix | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index b21bce89..93de02ef 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -170,19 +170,15 @@ in {
serviceConfig.StateDirectory = "zkapissuer";
serviceConfig.StateDirectoryMode = "0750";
- # Move the DB from its former (root-owned) location if it exists.
- # The "--verbose" option for cp and "--changes" for chown mean the
- # tools will report if they do something, and stay silent if not.
+ # Bail if there is still an old (root-owned) DB file on this system.
+ # If you hit this, and this /var/db/ file is indeed current, move it to
+ # /var/lib/zkapissuer/vouchers.sqlite3 and chown it to zkapissuer:zkapissuer.
+ #
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Command%20lines
- # > If the executable path is prefixed with "-", an exit code of the
- # > command normally considered a failure (i.e. non-zero exit status or
- # > abnormal exit due to signal) is recorded, but has no further effect
- # > and is considered equivalent to success.
- # [...]
- # > If the executable path is prefixed with "+" then the process is executed with full privileges.
+ # > If the executable path is prefixed with "+" then the process is
+ # > executed with full privileges.
serviceConfig.ExecStartPre = [
- "-+${pkgs.coreutils}/bin/cp --update --verbose /var/db/vouchers.sqlite3 /var/lib/zkapissuer/vouchers.sqlite3"
- "-+${pkgs.coreutils}/bin/chown --changes zkapissuer:zkapissuer /var/lib/zkapissuer/vouchers.sqlite3"
+ "+${pkgs.bash}/bin/bash -c '[ ! -f /var/db/vouchers.sqlite3 ]'"
];
script =
--
GitLab