diff options
| author | Christopher Baines <mail@cbaines.net> | 2021-03-05 22:56:40 +0000 |
|---|---|---|
| committer | Christopher Baines <mail@cbaines.net> | 2021-03-06 00:18:30 +0000 |
| commit | a8448da0f4a090818104e64dd79f90b0e50d5e77 (patch) | |
| tree | 494c58b4724f12cd9de0db9b0a7096de2b922c0f /etc | |
| parent | 4f4b749e75b38b8c08b4f67ef51c2c8740999e28 (diff) | |
| parent | a714af38d5d1046081524d859cde4cd8fd12a923 (diff) | |
| download | guix-a8448da0f4a090818104e64dd79f90b0e50d5e77.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/completion/fish/guix.fish | 7 | ||||
| -rw-r--r-- | etc/completion/zsh/_guix | 2 | ||||
| -rw-r--r-- | etc/news.scm | 80 |
3 files changed, 81 insertions, 8 deletions
diff --git a/etc/completion/fish/guix.fish b/etc/completion/fish/guix.fish index 73bd176112..422baab4bb 100644 --- a/etc/completion/fish/guix.fish +++ b/etc/completion/fish/guix.fish @@ -133,7 +133,7 @@ complete -f -c guix -n '__fish_guix_using_command pull' -l url -d 'download the complete -f -c guix -n '__fish_guix_using_command pull' -l bootstrap -d 'use the bootstrap Guile to build the new Guix' #### system -set -l remotecommands reconfigure roll-back switch-generation list-generations build container vm vm-image disk-image init extension-graph shepherd-graph load-path keep-failed keep-going dry-run fallback no-substitutes substitutes-urls no-grafts no-offload max-silent-time timeout verbosity rounds cores max-jobs derivation on-error image-size no-grub share expose full-boot +set -l remotecommands reconfigure roll-back switch-generation list-generations build container vm image init extension-graph shepherd-graph load-path keep-failed keep-going dry-run fallback no-substitutes substitutes-urls no-grafts no-offload max-silent-time timeout verbosity rounds cores max-jobs derivation on-error image-size no-grub share expose full-boot complete -f -c guix -n '__fish_guix_needs_command' -a system -d 'Build the operating system declared in FILE according to ACTION.' complete -f -c guix -n '__fish_guix_using_command system' -l reconfigure -d 'switch to a new operating system configuration' complete -f -c guix -n '__fish_guix_using_command system' -l roll-back -d 'switch to the previous operating system configuration' @@ -142,8 +142,7 @@ complete -f -c guix -n '__fish_guix_using_command system' -l list-generations -d complete -f -c guix -n '__fish_guix_using_command system' -l build -d 'build the operating system without installing anything' complete -f -c guix -n '__fish_guix_using_command system' -l container -d 'build a container that shares the host\'s store' complete -f -c guix -n '__fish_guix_using_command system' -l vm -d 'build a virtual machine image that shares the host\'s store' -complete -f -c guix -n '__fish_guix_using_command system' -l vm-image -d 'build a freestanding virtual machine image' -complete -f -c guix -n '__fish_guix_using_command system' -l disk-image -d 'build a disk image, suitable for a USB stick' +complete -f -c guix -n '__fish_guix_using_command system' -l image -d 'build a disk image, suitable for a USB stick' complete -f -c guix -n '__fish_guix_using_command system' -l init -d 'initialize a root file system to run GNU' complete -f -c guix -n '__fish_guix_using_command system' -l extension-graph -d 'emit the service extension graph in Dot format' complete -f -c guix -n '__fish_guix_using_command system' -l shepherd-graph -d 'emit the graph of shepherd services in Dot format' @@ -167,7 +166,7 @@ complete -f -c guix -n '__fish_guix_using_command system' -s M -d 'allow at most complete -f -c guix -n '__fish_guix_using_command system' -a "--max-jobs=" -d 'allow at most N build jobs' complete -f -c guix -n '__fish_guix_using_command system' -s d -l derivation -d 'return the derivation of the given system' complete -f -c guix -n '__fish_guix_using_command system' -a "--on-error=" -d 'apply STRATEGY when an error occurs while reading FILE' -complete -f -c guix -n '__fish_guix_using_command system' -a "--image-size=" -d 'for \'vm-image\', produce an image of SIZE' +complete -f -c guix -n '__fish_guix_using_command system' -a "--image-size=" -d 'for \'image\', produce an image of SIZE' complete -f -c guix -n '__fish_guix_using_command system' -l no-grub -d 'for \'init\', do not install GRUB' complete -f -c guix -n '__fish_guix_using_command system' -a "--share=" -d 'for \'vm\', share host file system according to SPEC' complete -f -c guix -n '__fish_guix_using_command system' -a "--expose=" -d 'for \'vm\', expose host file system according to SPEC' diff --git a/etc/completion/zsh/_guix b/etc/completion/zsh/_guix index ae93b62b1d..aa1a859e0d 100644 --- a/etc/completion/zsh/_guix +++ b/etc/completion/zsh/_guix @@ -383,7 +383,7 @@ _guix_list_installed_packages() '--max-jobs=[allow at most N build jobs]:N' \ '--derivation[return the derivation of the given system]' \ '--on-error=[apply STRATEGY when an error occurs while reading FILE]:STRATEGY' \ - '--image-size=[for "vm-image", produce an image of SIZE]:SIZE' \ + '--image-size=[for "image", produce an image of SIZE]:SIZE' \ '--no-grub[for "init", do not install GRUB]' \ '--share=[for "vm", share host file system according to SPEC]:SPEC' \ '--expose=[for "vm", expose host file system according to SPEC]:SPEC' \ diff --git a/etc/news.scm b/etc/news.scm index 1b92886dca..ff90afc8dc 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -7,9 +7,10 @@ ;; Copyright © 2019, 2020 Julien Lepiller <julien@lepiller.eu> ;; Copyright © 2019, 2020, 2021 Florian Pelz <pelzflorian@pelzflorian.de> ;; Copyright © 2020 Marius Bakke <mbakke@fastmail.com> -;; Copyright © 2020 Mathieu Othacehe <m.othacehe@gmail.com> +;; Copyright © 2020, 2021 Mathieu Othacehe <m.othacehe@gmail.com> ;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com> +;; Copyright © 2021 Leo Famulari <leo@famulari.name> ;; ;; Copying and distribution of this file, with or without modification, are ;; permitted in any medium without royalty provided the copyright notice and @@ -18,11 +19,72 @@ (channel-news (version 0) + (entry (commit "1b5b882120daf7d111aa351a919a90e818324347") + (title + (en "The @code{linux-libre} kernel is updated to 5.11.2") + (de "Der Kernel @code{linux-libre} wird auf 5.11.2 aktualisiert") + (fr "Le noyau @code{linux-libre} est mis à jour vers la 5.11.2") + (nl "De @code{linux-libre}-kernel werd bijgewertk naar 5.11.2")) + (body + (en "The default @code{linux-libre} kernel is now based on the 5.11 +stable kernel series, beginning with version 5.11.2. Promiment features include +improved Wine performance, unprivileged Overlayfs mounts, support for Intel SGX, +support for new graphics hardware, and improved performance of the Btrfs +file system.") + (de "Der standardmäßig verwendete @code{linux-libre}-Kernel basiert +jetzt auf der 5.11-„stable“-Versionsreihe, angefangen mit Version 5.11.2. Zu +den markanten Neuerungen gehören bessere Wine-Unterstützung, Einbinden per +Overlayfs für Nutzer ohne erweiterte Rechte, Unterstützung für Intel SGX, für +neue Grafikhardware und bessere Leistung beim Btrfs-Dateisystem.") + (fr "Le noyau @code{linux-libre} par défaut est maintenant basé sur la +lignée stable 5.11 du noyau, à commencer par la version 5.11.2. Parmi les +fonctionnalités notables on trouve des performances améliorées pour Wine, le +montage Overlayfs non privilégié, la prise en charge d'Intel SGX, celle des +nouveaux périphériques graphiques et de meilleures performances du système de +fichiers Btrfs.") + (nl "De standaard @code{linux-libre}-kernel is nu geëent op de +stabiele 5.11-reeks, te beginnen met versie 5.11.2. Deze update biedt onder +andere verbeterde prestaties voor Wine en het Btfrs-bestandssysteem, laat +gewone gebruikers toe om met Overlayfs bestandssystemen te combineren, en +ondersteunt Intel SGX en nieuwe grafische apparatuur."))) + + (entry (commit "6e8cdf1d26092cb9654e179b04730fff7c15c94f") + (title + (en "The @command{guix system image} command can now operate on image records") + (de "Der Befehl @command{guix system image} kann jetzt auch mit @code{image}-Verbundsobjekten umgehen") + (fr "La commande @command{guix system image} peut désormais fonctionner sur des images")) + (body + (en "The @command{guix system image} command can now operate on +@code{image} records. This means that the file parameter or the expression +passed to this command can return @code{image} or @code{operating-system} +records. + +The @file{gnu/system/images} directory contains default images that can be +built by running @command{guix system image gnu/system/images/pine64.scm} for +instance.") + (de "Sie können den Befehl @command{guix system image} jetzt auch auf +Verbundsobjekte vom Typ @code{image} anwenden. Das heißt, wenn Sie eine Datei +oder einen Ausdruck als Parameter übergeben, darf dieser ein Verbundsobjekt +vom Typ @code{image} oder @code{operating-system} zurückliefern. + +Im Verzeichnis @file{gnu/system/images} finden Sie vorkonfigurierte Abbilder +als @code{image}-Verbundsobjekte. Sie können zum Beispiel @command{guix system +image gnu/system/images/pine64.scm} ausführen, um das Abbild zu erstellen.") + (fr "La commande @command{guix system image} peut désormais +fonctionner sur des images. Cela signifie que le fichier ou l'expression +passé en paramètre de cette commande peuvent retourner une structure de type +@code{image} ou @code{operating-system}. + +Le dossier @file{gnu/system/images} contient des images par défaut qui peuvent +être construites en lançant la commande @command{guix system image +gnu/system/images/pine64.scm} par exemple."))) + (entry (commit "aa8de806252e3835d57fab351b02d13db762deac") (title (en "Risk of local privilege escalation @i{via} setuid programs") (de "Risiko lokaler Rechteausweitung bei setuid-Programmen") - (fr "Risque de gain local de privilèges @i{via} les programmes setuid")) + (fr "Risque de gain local de privilèges @i{via} les programmes setuid") + (zh "存在通过 setuid 程序进行本地提权的风险")) (body (en "On Guix System, setuid programs were, until now, installed as setuid-root @emph{and} setgid-root (in the @file{/run/setuid-programs} @@ -70,7 +132,19 @@ guix system reconfigure /run/current-system/configuration.scm Les usagers de Guix sur une distrib externe ne sont pas touché·es. Plus d'informations sont disponibles à @url{https://issues.guix.gnu.org/46395} (en -anglais)."))) +anglais).") + (zh "到目前为止,Guix 系统上的 setuid 程序(位于 @file{/run/setuid-programs}) +同时具有 setuid-root @emph{和} setgid-root 权限。然而,此类程序大多被设计为在拥有 +setuid 权限而非 setgid 权限时运行。因此,这样的设置可能会使系统受到本地提权攻击。 + +此漏洞已经被修复,同时建议用户使用下列命令升级他们的系统: + +@example +guix system reconfigure /run/current-system/configuration.scm +@end example + +在 ``第三方宿主系统'' 上使用 Guix 的用户不受此漏洞影响,详情请参阅 +@url{https://issues.guix.gnu.org/46395}。"))) (entry (commit "aedbc5ff32a62f45aeed74c6833399a6cf2c22dc") (title |