Age | Commit message (Collapse) | Author |
|
Conflicts:
gnu/packages/bioinformatics.scm
gnu/packages/cmake.scm
gnu/packages/curl.scm
gnu/packages/emacs-xyz.scm
gnu/packages/gpodder.scm
gnu/packages/music.scm
gnu/packages/patches/glibc-bootstrap-system.patch
gnu/packages/python-xyz.scm
gnu/packages/shells.scm
gnu/packages/statistics.scm
|
|
New record <setuid-program> with fields for setting the specific user
and group, as well as specifically selecting the setuid and setgid bits,
for a program within the setuid-program-service.
* gnu/services.scm (setuid-program-file-like-deprecated): New function.
(setuid-program-service-type): Make use of
setuid-program->activation-gexp. Adjust the extend property to handle
<setuid-program>.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
<setuid-record> list for each program entry.
* gnu/system.scm: (operating-system-setuid-programs): Renamed to
%operating-system-setuid-programs and replace it with new procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Replace
operating-system-setuid-programs with
%operating-system-setuid-programs.
* gnu/system/setuid.scm: New file.
* doc/guix.texi (Setuid Programs): Document <setuid-program>.
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
|
|
Note: this merge actually changes the 'curl' and 'python-attrs' derivations,
as part of solving caf4a7a2770ef4d05a6e18f40d602e51da749ddc and
12964df69a99de6190422c752fef65ef813f3b6b respectively.
4604d43c0e (gnu: gnutls@3.6.16: Fix cross-compilation.) was ignored because it
cannot currently be tested.
Conflicts:
gnu/local.mk
gnu/packages/aidc.scm
gnu/packages/boost.scm
gnu/packages/curl.scm
gnu/packages/nettle.scm
gnu/packages/networking.scm
gnu/packages/python-xyz.scm
gnu/packages/tls.scm
|
|
* gnu/build/linux-boot.scm (boot-system): Sleep for "rootdelay=SECONDS"
when specified on the kernel command line.
|
|
Conflicts:
gnu/local.mk
gnu/packages/algebra.scm
gnu/packages/bioinformatics.scm
gnu/packages/curl.scm
gnu/packages/docbook.scm
gnu/packages/emacs-xyz.scm
gnu/packages/maths.scm
gnu/packages/plotutils.scm
gnu/packages/python-web.scm
gnu/packages/python-xyz.scm
gnu/packages/radio.scm
gnu/packages/readline.scm
gnu/packages/tls.scm
gnu/packages/xml.scm
gnu/packages/xorg.scm
|
|
* gnu/build/linux-boot.scm (mount-root-file-system): Take a new #:CHECK?
keyword argument. Add it to the docstring. Conditionally call
CHECK-FILE-SYSTEM.
(boot-system): Adjust its only caller to pass the <file-system>'s CHECK?
option through, if available.
|
|
Conflicts:
gnu/local.mk
gnu/packages/bioinformatics.scm
gnu/packages/django.scm
gnu/packages/gtk.scm
gnu/packages/llvm.scm
gnu/packages/python-web.scm
gnu/packages/python.scm
gnu/packages/tex.scm
guix/build-system/asdf.scm
guix/build/emacs-build-system.scm
guix/profiles.scm
|
|
* gnu/build/file-systems.scm (read-bcachefs-superblock): Make comment
less damned negative.
|
|
* gnu/build/file-systems.scm (check-bcachefs-file-system): Handle a STATUS:EXIT-VAL of #F.
|
|
Previously, (read-partition-uuid "/does/not/exist") would return #f.
With this change, a 'system-error exception is raised as expected.
* gnu/build/file-systems.scm (ENOENT-safe): Clarify docstring.
(partition-field-reader): Remove use of 'ENOENT-safe'.
(partition-predicate): Wrap READER in 'ENOENT-safe'.
|
|
* gnu/build/image.scm: Fix typo.
|
|
Conflicts:
gnu/local.mk
gnu/packages/boost.scm
gnu/packages/chez.scm
gnu/packages/compression.scm
gnu/packages/crates-io.scm
gnu/packages/docbook.scm
gnu/packages/engineering.scm
gnu/packages/gcc.scm
gnu/packages/gl.scm
gnu/packages/gtk.scm
gnu/packages/nettle.scm
gnu/packages/python-check.scm
gnu/packages/python-xyz.scm
gnu/packages/radio.scm
gnu/packages/rust.scm
gnu/packages/sqlite.scm
guix/build-system/node.scm
|
|
Fixes <https://bugs.gnu.org/47584>.
* gnu/build/activation.scm (copy-account-skeletons): Do not chown the
home directory; leave this to 'activate-user-home'.
(activate-user-home): Only chown the home directory after the account
skeletons have been copied.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
|
|
|
|
Fixes <https://bugs.gnu.org/47007>.
Reported by Jelle Licht <jlicht@fsfe.org>.
Since commit dcb640f02b1f9590c3bd4301a22bf31bd60c56d4, we could end up
applying the wrong mount flags because the (find ...) expression could
pick the "wrong" mount point in the presence of bind mounts.
* gnu/build/file-systems.scm (mount-file-system): Use 'statfs' to
compute FLAGS whe FS is a bind mount.
|
|
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
Fixes <https://bugs.gnu.org/46292>.
* gnu/build/file-systems.scm (mount-file-system): If FS is a bind mount,
add its original mount flags to FLAGS.
|
|
|
|
Fixes <https://bugs.gnu.org/46395>.
Reported by Duncan Overbruck <mail@duncano.de>.
* gnu/build/activation.scm (activate-setuid-programs): Change TARGET
mode to not be setgid.
|
|
Conflicts:
gnu/local.mk
gnu/packages/cmake.scm
gnu/packages/curl.scm
gnu/packages/gl.scm
gnu/packages/glib.scm
gnu/packages/guile.scm
gnu/packages/node.scm
gnu/packages/openldap.scm
gnu/packages/package-management.scm
gnu/packages/python-xyz.scm
gnu/packages/python.scm
gnu/packages/tls.scm
gnu/packages/vpn.scm
gnu/packages/xorg.scm
|
|
* gnu/build/linux-boot.scm (boot-system): Check for "hibernate=noresume"
in addition to "noresume".
|
|
It is now up to the caller to deduplicate store contents.
* guix/store/database.scm (register-items): Remove #:deduplicate?
parameter and call to 'deduplicate'.
(register-path): Call 'deduplicate' when #:deduplicate? is true.
* gnu/build/image.scm (register-closure): Adjust call accordingly.
* gnu/build/vm.scm (register-closure): Likewise.
* guix/nar.scm (finalize-store-file): Likewise.
* guix/scripts/pack.scm (store-database): Likewise.
|
|
* gnu/build/image.scm (register-closure): Remove #:deduplicate?
parameter and pass #:deduplicate? #f to 'register-items'.
(initialize-root-partition): Adjust accordingly.
* gnu/build/vm.scm (register-closure, root-partition-initializer):
Likewise.
|
|
Until now deduplication was performed as an additional pass after
copying files, which involve re-traversing all the files that had just
been copied.
* guix/store/deduplication.scm (copy-file/deduplicate): New procedure.
* tests/store-deduplication.scm ("copy-file/deduplicate"): New test.
* guix/build/store-copy.scm (populate-store): Add #:deduplicate?
parameter and honor it.
* tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f
to 'populate-store'.
* gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate?
to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
* gnu/build/install.scm (populate-single-profile-directory): Pass
#:deduplicate? #f to 'populate-store'.
* gnu/build/linux-initrd.scm (build-initrd): Likewise.
* guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New
procedure.
[build]: Pass it as an argument to 'source-module-closure'.
* guix/scripts/pack.scm (squashfs-image)[build]: Wrap in
'with-extensions'.
* gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New
procedure.
[builder]: Pass it to 'source-module-closure'.
* gnu/system/install.scm (cow-store-service-type)[import-module?]: New
procedure. Pass it to 'source-module-closure'.
|
|
The assumption now is that the caller took care of resetting timestamps
and permissions.
* guix/store/database.scm (register-items): Remove #:reset-timestamps?
parameter and the call to 'reset-timestamps'.
(register-path): Adjust accordingly and add call to 'reset-timestamps'.
* gnu/build/image.scm (register-closure): Remove #:reset-timestamps?
parameter to 'register-items'.
* gnu/build/vm.scm (register-closure): Likewise.
* guix/nar.scm (finalize-store-file): Adjust accordingly.
* guix/scripts/pack.scm (store-database)[build]: Likewise.
|
|
* gnu/build/image.scm (register-closure): Remove #:reset-timestamps?
parameter. Pass #:reset-timestamps? #f to 'register-items'.
(initialize-root-partition): Adjust accordingly.
* gnu/build/vm.scm (register-closure, root-partition-initializer):
Likewise.
|
|
Until now, 'populate-store' would reset permissions but not timestamps,
so callers would resort to going through an extra directory traversal to
reset timestamps.
* guix/build/store-copy.scm (reset-permissions): Remove.
(copy-recursively): New procedure.
(populate-store): Pass #:keep-permissions? to 'copy-recursively'.
Remove call to 'reset-permissions'.
* tests/gexp.scm ("gexp->derivation, store copy"): In BUILD-DRV, check
whether 'populate-store' canonicalizes permissions and timestamps.
* gnu/build/image.scm (initialize-root-partition): Pass #:reset-timestamps? #f
to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
|
|
This broke 'guix environment --container' on non-Debian distributions.
Fixes <https://bugs.gnu.org/45066>. Reported by luhux <luhux@outlook.com>.
This reverts commit 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e.
|
|
Bit 1 means the target device was mounted read-only whilst checking.
This should never happen in an initrd context but is not an error.
* gnu/build/file-systems.scm (check-bcachefs-file-system): Ignore status
bits that don't signal an error. Remove the 'reboot-required case.
|
|
Fixes <https://bugs.gnu.org/31977>.
Reported by Paul Garlick <pgarlick@tourbillion-technology.com>.
* gnu/build/linux-container.scm (unprivileged-user-namespace-supported?):
Return #f when the 'userns-file' does not exist.
|
|
|
|
* gnu/build/linux-initrd.scm (write-cpio-archive): Mention timestamps in
docstring.
(build-initrd): Remove unnecessary timestamp reset phase.
|
|
* gnu/build/chromium-extension.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
|
|
* gnu/build/linux-boot.scm (resume-if-hibernated): New procedure.
(boot-system): Call it.
|
|
* gnu/build/file-systems.scm (%bcachefs-endianness): New syntax.
(bcachefs-superblock?, read-bcachefs-superblock)
(bcachefs-superblock-external-uuid, bcachefs-superblock-volume-name)
(check-bcachefs-file-system): New procedures.
(%partition-label-readers, %partition-uuid-readers, check-file-system):
Register them.
|
|
Since commit 8ce6f4dc2879919c12bc76a2f4b01200af97e019, importing this
module in a gexp would pull in (guix config) from the host, thereby
leading to non-reproducible derivations. Users in (gnu services ...) do
not expect that so simply remove the (guix utils) dependency for now.
* gnu/build/shepherd.scm (fork+exec-command/container)[strip-pid]: New
procedure.
Use it instead of 'strip-keyword-arguments'.
|
|
* gnu/build/image.scm (make-partition-image): Use 'raise' instead of
'format' when TYPE is not supported.
(convert-disk-image): Remove unneeded 'begin'.
|
|
Fixes: <https://issues.guix.gnu.org/44101>.
* gnu/build/bootloader.scm (write-file-on-device): Pass 'no-fail flag instead
of 'no-create. Use a latin-1 transcoder.
* guix/scripts/system/reconfigure.scm (install-bootloader-program): Add a
"disk-installer" argument and use it as a fallback.
(install-bootloader): Adapt accordingly.
* gnu/tests/reconfigure.scm (run-install-bootloader-test): Ditto.
|
|
* gnu/build/file-systems.scm (%linux-swap-magic, %page-size): New
variables.
(linux-swap-superblock?, read-linux-swap-superblock)
(linux-swap-superblock-uuid, linux-swap-superblock-volume-name): New
procedures.
(%partition-label-readers, %partition-uuid-readers): Add them.
|
|
Conflicts:
gnu/packages/admin.scm
gnu/packages/commencement.scm
gnu/packages/gdb.scm
gnu/packages/llvm.scm
gnu/packages/package-management.scm
gnu/packages/tls.scm
|
|
* gnu/build/vm.scm (load-in-linux-vm): Rename the RNG.
* gnu/system/vm.scm (common-qemu-options): Likewise.
(system-docker-image): Rename the ROOT-DIRECTORY.
* gnu/packages/crypto.scm (eschalot)[arguments]: Use a different
arbitrary string.
* gnu/packages/wicd.scm (wicd)[arguments]: Remove unused configure flag.
* gnu/packages/xorg.scm (xorg-server): Set a more accurate OS vendor.
|
|
* gnu/build/image.scm (estimate-partition-size): Fix typo in docstring.
* guix/build/copy-build-system.scm (install): Likewise.
* guix/build/lisp-utils.scm (generate-executable): Likewise.
* guix/build/maven/pom.scm (find-parent, fix-pom-dependencies): Likewise.
* guix/build-system/cargo.scm (expand-crate-sources): Likewise.
|
|
* gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Add
"/dev/fd".
|
|
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create
/servers/crash.
|
|
This is a follow-up of f19cf27c2b9ff92e2c0fd931ef7fde39c376adaa. The
bootloader installation must be done on the final disk-image, hence using
"disk-image-installer" instead of "installer" callback.
* gnu/bootloader/u-boot.scm: Turn all installer callbacks into
disk-image-installer callbacks.
* gnu/build/bootloader.scm (write-file-on-device): Open the output file with
'no-truncate and 'no-create options.
* gnu/system/image.scm (with-imported-modules*): Add (gnu build bootloader)
module.
|
|
* gnu/build/linux-container.scm (mount-file-systems): Add 'chmod' call.
* tests/containers.scm
("call-with-container, mnt namespace, root permissions"): New test.
|
|
* gnu/build/secret-service.scm (log): New macro.
(secret-service-send-secrets, secret-service-receive-secrets): Use it
instead of raw 'format' calls.
|
|
This allows the client running on the host to know when it's actually
connect to the server running in the guest. Failing that, the client
would connect right away to QEMU and send secrets even though the server
is not running yet in the guest, which is unreliable.
* gnu/build/secret-service.scm (secret-service-send-secrets): Add
#:handshake-timeout. Read from SOCK an initial message from the
server. Return #f on error.
(secret-service-receive-secrets): Send 'secret-service-server' message
to the client. Close SOCK upon timeout.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start'
method returns #f when 'secret-service-send-secrets' returns #f.
|
|
* gnu/build/secret-service.scm (secret-service-send-secrets): Use
'call-with-input-file' instead of 'open-input-file'.
|