summary refs log tree commit diff
path: root/gnu/build
AgeCommit message (Collapse)Author
2021-07-29Merge branch 'master' into core-updates-frozenMarius Bakke
Conflicts: gnu/packages/bioinformatics.scm gnu/packages/cmake.scm gnu/packages/curl.scm gnu/packages/emacs-xyz.scm gnu/packages/gpodder.scm gnu/packages/music.scm gnu/packages/patches/glibc-bootstrap-system.patch gnu/packages/python-xyz.scm gnu/packages/shells.scm gnu/packages/statistics.scm
2021-07-29services: setuid: More configurable setuid support.Chris Lemmer-Webber
New record <setuid-program> with fields for setting the specific user and group, as well as specifically selecting the setuid and setgid bits, for a program within the setuid-program-service. * gnu/services.scm (setuid-program-file-like-deprecated): New function. (setuid-program-service-type): Make use of setuid-program->activation-gexp. Adjust the extend property to handle <setuid-program>. * gnu/build/activation.scm (activate-setuid-programs): Update to expect a <setuid-record> list for each program entry. * gnu/system.scm: (operating-system-setuid-programs): Renamed to %operating-system-setuid-programs and replace it with new procedure. (operating-system-default-essential-services, hurd-default-essential-services): Replace operating-system-setuid-programs with %operating-system-setuid-programs. * gnu/system/setuid.scm: New file. * doc/guix.texi (Setuid Programs): Document <setuid-program>. Co-authored-by: Brice Waegeneire <brice@waegenei.re>
2021-06-19Merge branch 'master' into core-updatesMarius Bakke
Note: this merge actually changes the 'curl' and 'python-attrs' derivations, as part of solving caf4a7a2770ef4d05a6e18f40d602e51da749ddc and 12964df69a99de6190422c752fef65ef813f3b6b respectively. 4604d43c0e (gnu: gnutls@3.6.16: Fix cross-compilation.) was ignored because it cannot currently be tested. Conflicts: gnu/local.mk gnu/packages/aidc.scm gnu/packages/boost.scm gnu/packages/curl.scm gnu/packages/nettle.scm gnu/packages/networking.scm gnu/packages/python-xyz.scm gnu/packages/tls.scm
2021-06-16gnu: Respect ‘rootdelay’ kernel command-line argument.Tobias Geerinckx-Rice
* gnu/build/linux-boot.scm (boot-system): Sleep for "rootdelay=SECONDS" when specified on the kernel command line.
2021-06-06Merge branch 'master' into core-updatesMarius Bakke
Conflicts: gnu/local.mk gnu/packages/algebra.scm gnu/packages/bioinformatics.scm gnu/packages/curl.scm gnu/packages/docbook.scm gnu/packages/emacs-xyz.scm gnu/packages/maths.scm gnu/packages/plotutils.scm gnu/packages/python-web.scm gnu/packages/python-xyz.scm gnu/packages/radio.scm gnu/packages/readline.scm gnu/packages/tls.scm gnu/packages/xml.scm gnu/packages/xorg.scm
2021-05-23gnu: Respect the root file-system's CHECK? field.Tobias Geerinckx-Rice
* gnu/build/linux-boot.scm (mount-root-file-system): Take a new #:CHECK? keyword argument. Add it to the docstring. Conditionally call CHECK-FILE-SYSTEM. (boot-system): Adjust its only caller to pass the <file-system>'s CHECK? option through, if available.
2021-05-09Merge branch 'master' into core-updatesMarius Bakke
Conflicts: gnu/local.mk gnu/packages/bioinformatics.scm gnu/packages/django.scm gnu/packages/gtk.scm gnu/packages/llvm.scm gnu/packages/python-web.scm gnu/packages/python.scm gnu/packages/tex.scm guix/build-system/asdf.scm guix/build/emacs-build-system.scm guix/profiles.scm
2021-05-04file-systems: Rewrite comment.Tobias Geerinckx-Rice
* gnu/build/file-systems.scm (read-bcachefs-superblock): Make comment less damned negative.
2021-05-04file-systems: Handle abnormal ‘bcachefs fsck’ exits.Tobias Geerinckx-Rice
* gnu/build/file-systems.scm (check-bcachefs-file-system): Handle a STATUS:EXIT-VAL of #F.
2021-04-23file-systems: read-partition-{uuid,label} don't swallow ENOENT & co.Ludovic Courtès
Previously, (read-partition-uuid "/does/not/exist") would return #f. With this change, a 'system-error exception is raised as expected. * gnu/build/file-systems.scm (ENOENT-safe): Clarify docstring. (partition-field-reader): Remove use of 'ENOENT-safe'. (partition-predicate): Wrap READER in 'ENOENT-safe'.
2021-04-21image: Fix spelling of "evaluate"Vagrant Cascadian
* gnu/build/image.scm: Fix typo.
2021-04-16Merge remote-tracking branch 'origin/master' into core-updatesEfraim Flashner
Conflicts: gnu/local.mk gnu/packages/boost.scm gnu/packages/chez.scm gnu/packages/compression.scm gnu/packages/crates-io.scm gnu/packages/docbook.scm gnu/packages/engineering.scm gnu/packages/gcc.scm gnu/packages/gl.scm gnu/packages/gtk.scm gnu/packages/nettle.scm gnu/packages/python-check.scm gnu/packages/python-xyz.scm gnu/packages/radio.scm gnu/packages/rust.scm gnu/packages/sqlite.scm guix/build-system/node.scm
2021-04-03activation: Do not dereference symlinks during home directory creation.Maxime Devos
Fixes <https://bugs.gnu.org/47584>. * gnu/build/activation.scm (copy-account-skeletons): Do not chown the home directory; leave this to 'activate-user-home'. (activate-user-home): Only chown the home directory after the account skeletons have been copied. Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
2021-03-24Merge remote-tracking branch 'origin/master' into core-updatesEfraim Flashner
2021-03-10file-systems: 'mount-file-system' preserves the right mount flags.Ludovic Courtès
Fixes <https://bugs.gnu.org/47007>. Reported by Jelle Licht <jlicht@fsfe.org>. Since commit dcb640f02b1f9590c3bd4301a22bf31bd60c56d4, we could end up applying the wrong mount flags because the (find ...) expression could pick the "wrong" mount point in the presence of bind mounts. * gnu/build/file-systems.scm (mount-file-system): Use 'statfs' to compute FLAGS whe FS is a bind mount.
2021-03-10services: Prevent following symlinks during activation.Maxime Devos
This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-03-06Merge branch 'master' into core-updatesChristopher Baines
2021-02-25file-systems: 'mount-file-system' preserves source flags for bind mounts.Ludovic Courtès
Fixes <https://bugs.gnu.org/46292>. * gnu/build/file-systems.scm (mount-file-system): If FS is a bind mount, add its original mount flags to FLAGS.
2021-02-11Merge branch 'master' into core-updatesDanny Milosavljevic
2021-02-09activation: Do not make setuid programs setgid-root [security].Ludovic Courtès
Fixes <https://bugs.gnu.org/46395>. Reported by Duncan Overbruck <mail@duncano.de>. * gnu/build/activation.scm (activate-setuid-programs): Change TARGET mode to not be setgid.
2021-01-13Merge branch 'staging' into 'core-updates'.Maxim Cournoyer
Conflicts: gnu/local.mk gnu/packages/cmake.scm gnu/packages/curl.scm gnu/packages/gl.scm gnu/packages/glib.scm gnu/packages/guile.scm gnu/packages/node.scm gnu/packages/openldap.scm gnu/packages/package-management.scm gnu/packages/python-xyz.scm gnu/packages/python.scm gnu/packages/tls.scm gnu/packages/vpn.scm gnu/packages/xorg.scm
2020-12-17linux-boot: Fix noresume argument parsing.Tobias Geerinckx-Rice
* gnu/build/linux-boot.scm (boot-system): Check for "hibernate=noresume" in addition to "noresume".
2020-12-15database: Remove #:deduplicate? from 'register-items'.Ludovic Courtès
It is now up to the caller to deduplicate store contents. * guix/store/database.scm (register-items): Remove #:deduplicate? parameter and call to 'deduplicate'. (register-path): Call 'deduplicate' when #:deduplicate? is true. * gnu/build/image.scm (register-closure): Adjust call accordingly. * gnu/build/vm.scm (register-closure): Likewise. * guix/nar.scm (finalize-store-file): Likewise. * guix/scripts/pack.scm (store-database): Likewise.
2020-12-15image: 'register-closure' leaves it up to the caller to deduplicate.Ludovic Courtès
* gnu/build/image.scm (register-closure): Remove #:deduplicate? parameter and pass #:deduplicate? #f to 'register-items'. (initialize-root-partition): Adjust accordingly. * gnu/build/vm.scm (register-closure, root-partition-initializer): Likewise.
2020-12-15store-copy: 'populate-store' can optionally deduplicate files.Ludovic Courtès
Until now deduplication was performed as an additional pass after copying files, which involve re-traversing all the files that had just been copied. * guix/store/deduplication.scm (copy-file/deduplicate): New procedure. * tests/store-deduplication.scm ("copy-file/deduplicate"): New test. * guix/build/store-copy.scm (populate-store): Add #:deduplicate? parameter and honor it. * tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f to 'populate-store'. * gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate? to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'. * gnu/build/vm.scm (root-partition-initializer): Likewise. * gnu/build/install.scm (populate-single-profile-directory): Pass #:deduplicate? #f to 'populate-store'. * gnu/build/linux-initrd.scm (build-initrd): Likewise. * guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New procedure. [build]: Pass it as an argument to 'source-module-closure'. * guix/scripts/pack.scm (squashfs-image)[build]: Wrap in 'with-extensions'. * gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New procedure. [builder]: Pass it to 'source-module-closure'. * gnu/system/install.scm (cow-store-service-type)[import-module?]: New procedure. Pass it to 'source-module-closure'.
2020-12-15database: Remove #:reset-timestamps? from 'register-items'.Ludovic Courtès
The assumption now is that the caller took care of resetting timestamps and permissions. * guix/store/database.scm (register-items): Remove #:reset-timestamps? parameter and the call to 'reset-timestamps'. (register-path): Adjust accordingly and add call to 'reset-timestamps'. * gnu/build/image.scm (register-closure): Remove #:reset-timestamps? parameter to 'register-items'. * gnu/build/vm.scm (register-closure): Likewise. * guix/nar.scm (finalize-store-file): Adjust accordingly. * guix/scripts/pack.scm (store-database)[build]: Likewise.
2020-12-15image: 'register-closure' assumes already-reset timestamps.Ludovic Courtès
* gnu/build/image.scm (register-closure): Remove #:reset-timestamps? parameter. Pass #:reset-timestamps? #f to 'register-items'. (initialize-root-partition): Adjust accordingly. * gnu/build/vm.scm (register-closure, root-partition-initializer): Likewise.
2020-12-15store-copy: 'populate-store' resets timestamps.Ludovic Courtès
Until now, 'populate-store' would reset permissions but not timestamps, so callers would resort to going through an extra directory traversal to reset timestamps. * guix/build/store-copy.scm (reset-permissions): Remove. (copy-recursively): New procedure. (populate-store): Pass #:keep-permissions? to 'copy-recursively'. Remove call to 'reset-permissions'. * tests/gexp.scm ("gexp->derivation, store copy"): In BUILD-DRV, check whether 'populate-store' canonicalizes permissions and timestamps. * gnu/build/image.scm (initialize-root-partition): Pass #:reset-timestamps? #f to 'register-closure'. * gnu/build/vm.scm (root-partition-initializer): Likewise.
2020-12-06Revert "linux-container: Correct test for unprivileged user namespace support."Marius Bakke
This broke 'guix environment --container' on non-Debian distributions. Fixes <https://bugs.gnu.org/45066>. Reported by luhux <luhux@outlook.com>. This reverts commit 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e.
2020-12-06file-systems: Fix ‘bcachefs fsck’ exit value logic.Tobias Geerinckx-Rice
Bit 1 means the target device was mounted read-only whilst checking. This should never happen in an initrd context but is not an error. * gnu/build/file-systems.scm (check-bcachefs-file-system): Ignore status bits that don't signal an error. Remove the 'reboot-required case.
2020-12-03linux-container: Correct test for unprivileged user namespace support.Paul Garlick
Fixes <https://bugs.gnu.org/31977>. Reported by Paul Garlick <pgarlick@tourbillion-technology.com>. * gnu/build/linux-container.scm (unprivileged-user-namespace-supported?): Return #f when the 'userns-file' does not exist.
2020-11-29Merge remote-tracking branch 'origin/master' into core-updatesChristopher Baines
2020-11-21linux-initrd: Remove unnecessary timestamp reset phase.Ludovic Courtès
* gnu/build/linux-initrd.scm (write-cpio-archive): Mention timestamps in docstring. (build-initrd): Remove unnecessary timestamp reset phase.
2020-11-08Add (gnu build chromium-extension).Marius Bakke
* gnu/build/chromium-extension.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
2020-11-07linux-boot: Resume from hibernation.Tobias Geerinckx-Rice
* gnu/build/linux-boot.scm (resume-if-hibernated): New procedure. (boot-system): Call it.
2020-11-07file-systems: Add support for bcachefs.Tobias Geerinckx-Rice
* gnu/build/file-systems.scm (%bcachefs-endianness): New syntax. (bcachefs-superblock?, read-bcachefs-superblock) (bcachefs-superblock-external-uuid, bcachefs-superblock-volume-name) (check-bcachefs-file-system): New procedures. (%partition-label-readers, %partition-uuid-readers, check-file-system): Register them.
2020-11-05shepherd: Remove dependency on (guix utils).Ludovic Courtès
Since commit 8ce6f4dc2879919c12bc76a2f4b01200af97e019, importing this module in a gexp would pull in (guix config) from the host, thereby leading to non-reproducible derivations. Users in (gnu services ...) do not expect that so simply remove the (guix utils) dependency for now. * gnu/build/shepherd.scm (fork+exec-command/container)[strip-pid]: New procedure. Use it instead of 'strip-keyword-arguments'.
2020-11-05image: Error out when passed an unsupported partition type.Ludovic Courtès
* gnu/build/image.scm (make-partition-image): Use 'raise' instead of 'format' when TYPE is not supported. (convert-disk-image): Remove unneeded 'begin'.
2020-11-03system: reconfigure: Use the disk-installer if provided.Mathieu Othacehe
Fixes: <https://issues.guix.gnu.org/44101>. * gnu/build/bootloader.scm (write-file-on-device): Pass 'no-fail flag instead of 'no-create. Use a latin-1 transcoder. * guix/scripts/system/reconfigure.scm (install-bootloader-program): Add a "disk-installer" argument and use it as a fallback. (install-bootloader): Adapt accordingly. * gnu/tests/reconfigure.scm (run-install-bootloader-test): Ditto.
2020-10-30file-systems: Allow swap space lookup by UUID/label.Ludovic Courtès
* gnu/build/file-systems.scm (%linux-swap-magic, %page-size): New variables. (linux-swap-superblock?, read-linux-swap-superblock) (linux-swap-superblock-uuid, linux-swap-superblock-volume-name): New procedures. (%partition-label-readers, %partition-uuid-readers): Add them.
2020-10-19Merge branch 'staging'Maxim Cournoyer
Conflicts: gnu/packages/admin.scm gnu/packages/commencement.scm gnu/packages/gdb.scm gnu/packages/llvm.scm gnu/packages/package-management.scm gnu/packages/tls.scm
2020-10-16Remove the last vestiges of GuixSD.Tobias Geerinckx-Rice
* gnu/build/vm.scm (load-in-linux-vm): Rename the RNG. * gnu/system/vm.scm (common-qemu-options): Likewise. (system-docker-image): Rename the ROOT-DIRECTORY. * gnu/packages/crypto.scm (eschalot)[arguments]: Use a different arbitrary string. * gnu/packages/wicd.scm (wicd)[arguments]: Remove unused configure flag. * gnu/packages/xorg.scm (xorg-server): Set a more accurate OS vendor.
2020-10-16build: Fix docstring typos.Tobias Geerinckx-Rice
* gnu/build/image.scm (estimate-partition-size): Fix typo in docstring. * guix/build/copy-build-system.scm (install): Likewise. * guix/build/lisp-utils.scm (generate-executable): Likewise. * guix/build/maven/pom.scm (find-parent, fix-pom-dependencies): Likewise. * guix/build-system/cargo.scm (expand-crate-sources): Likewise.
2020-10-14hurd-boot: Set /hurd/magic on /dev/fd.Ludovic Courtès
* gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Add "/dev/fd".
2020-10-08hurd-boot: Create /servers/crash.Ludovic Courtès
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create /servers/crash.
2020-10-05bootloader: Fix u-boot installation.Mathieu Othacehe
This is a follow-up of f19cf27c2b9ff92e2c0fd931ef7fde39c376adaa. The bootloader installation must be done on the final disk-image, hence using "disk-image-installer" instead of "installer" callback. * gnu/bootloader/u-boot.scm: Turn all installer callbacks into disk-image-installer callbacks. * gnu/build/bootloader.scm (write-file-on-device): Open the output file with 'no-truncate and 'no-create options. * gnu/system/image.scm (with-imported-modules*): Add (gnu build bootloader) module.
2020-10-01linux-container: Reset jailed root permissions.Jelle Licht
* gnu/build/linux-container.scm (mount-file-systems): Add 'chmod' call. * tests/containers.scm ("call-with-container, mnt namespace, root permissions"): New test.
2020-09-29secret-service: Add proper logging procedure and log to syslog.Ludovic Courtès
* gnu/build/secret-service.scm (log): New macro. (secret-service-send-secrets, secret-service-receive-secrets): Use it instead of raw 'format' calls.
2020-09-29services: secret-service: Add initial client/server handshake.Ludovic Courtès
This allows the client running on the host to know when it's actually connect to the server running in the guest. Failing that, the client would connect right away to QEMU and send secrets even though the server is not running yet in the guest, which is unreliable. * gnu/build/secret-service.scm (secret-service-send-secrets): Add #:handshake-timeout. Read from SOCK an initial message from the server. Return #f on error. (secret-service-receive-secrets): Send 'secret-service-server' message to the client. Close SOCK upon timeout. * gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start' method returns #f when 'secret-service-send-secrets' returns #f.
2020-09-29secret-service: Fix file port leak in 'secret-service-send-secrets'.Ludovic Courtès
* gnu/build/secret-service.scm (secret-service-send-secrets): Use 'call-with-input-file' instead of 'open-input-file'.