summary refs log tree commit diff
path: root/gnu/system
AgeCommit message (Collapse)Author
2024-08-19install: Set ‘privileged-programs’ rather than ‘setuid-programs’.Ludovic Courtès
* gnu/system/install.scm (installation-os)[setuid-programs]: Remove. [privileged-programs]: New field. Change-Id: I5c93f282f5ec790f13ac076e0ab0f6d59d92d59d
2024-08-19system: hurd: Empty default ‘privileged-programs’ list.Ludovic Courtès
Fixes a bug whereby Hurd systems would find themselves including ‘%default-privileged-programs’ in addition to ‘%setuid-programs/hurd’. * gnu/system/hurd.scm (%hurd-default-operating-system)[privileged-programs]: New field. Change-Id: I5b6a55a8df7e6af697d22166e9f483f6dd816e64
2024-08-11privilege: Add POSIX capabilities(7) support.Tobias Geerinckx-Rice
* gnu/system/privilege.scm (<privileged-program>): Add a field representing the program's POSIX capabilities. (privileged-program-capabilities): New public procedure. * doc/guix.texi (Privileged Programs): Document it. * gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP package argument providing setcap(8) to apply said capabilities. * gnu/services.scm (privileged-program->activation-gexp): Pass said package argument where supported. Include privileged-program-capabilities in the compatibility hack.
2024-08-11system: (gnu system setuid) wraps (gnu system privilege).Tobias Geerinckx-Rice
* gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a <privileged-program> record that is setuid by default. (setuid-program?, setuid-program-program, setuid-program-setuid?) (setuid-program-setgid?, setuid-program-user, setuid-program-group): Alias their privileged-program equivalent.
2024-08-11system: Add (gnu system privilege).Tobias Geerinckx-Rice
* gnu/system/privilege.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
2024-06-04services: base: Add optional delayed mount of file-systemsRichard Sent
Add a mechanism to only require mounting a subset of file-system entries during early Shepherd initialization. Any file-system with additional Shepherd service requirements (e.g. networking) is not required to provision 'file-systems. * gnu/services/base.scm (file-system-shepherd-service): Splice file-system-requirements into the Shepherd service requirement list. (file-system-shepherd-services): Provision 'file-system only when file system services without additional Shepherd requirements are started. * gnu/system/file-systems.scm (file-system): Add shepherd-requirements field to the file-system record. This field is used for adding additional Shepherd requirements to a file-system Shepherd service. * doc/guix.texi: Add documentation for file-system shepherd-requirements. Change-Id: If0392db03d48e8820aa53df1df482c12ec72e1a5 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-05-29gnu: linux-libre: Enable Zstd compression of kernel modules.Maxim Cournoyer
This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about 12%. * gnu/packages/linux.scm (default-extra-linux-options) [version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else CONFIG_MODULE_COMPRESS_GZIP. (make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment variable to 19. [native-inputs]: Add zstd. * gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc. (modinfo-section-contents): Extend support to Zstd compressed module. (dot-ko): Register the 'zstd compression type. (ensure-dot-ko, file-name->module-name, load-linux-module*) (module-name->file-name/guess, write-module-name-database) (write-module-alias-database, write-module-device-database): Update doc. (module-name-lookup): Also consider zstd-compressed modules. * gnu/installer.scm (installer-program): Add guile-zstd extension to gexp. * gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise. Decompress zstd-compressed modules for use in initrd. * guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp. Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a
2024-05-27mapped-devices: lvm: Add missing module import.Lars-Dominik Braun
Tested with (locally fixed) lvm-separate-home-os system test. * gnu/system/mapped-devices.scm (lvm-device-mapping): Add SRFI-1 to modules. Change-Id: I8c155b47c29004bdc59057391dfba94ce33bdbc2
2024-05-22system: images: Add visionfive2 module.Zheng Junjie
* gnu/system/images/visionfive2.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Change-Id: I8831f1148bcddb0d604e1174034fca85cd2887a1
2024-05-22image: Raise error when use both grub-efi* bootloader and not gpt image.Zheng Junjie
* gnu/system/image.scm: Switch Inversion logic, it allow we use customize bootloader with gpt image. Change-Id: I801327f6e826a37588b8f0f5246ca820e742f721
2024-05-13file-systems: Add "virtiofs" to the list of pseudo file system types.Massimo Zaniboni
* gnu/system/file-systems.scm (%pseudo-file-system-types): Add "virtiofs" to the list of pseudo file system types. Change-Id: Ib1d99127e65f6543c592faec1c54bd0c5eae3ad7 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-04-29linux-initrd: Further strip the static Guile.Ludovic Courtès
‘guile-static-initrd’ weighs in at 46 MiB, compared to 54 MiB for ‘guile-static-stripped’ (15% reduction). * gnu/packages/make-bootstrap.scm (make-guile-static-stripped): Add ‘directories-to-remove’ parameter and honor it. (%guile-static-initrd): New variable. * gnu/system/linux-initrd.scm (expression->initrd): Default to ‘%guile-static-initrd’. * doc/guix.texi (Initial RAM Disk): Adjust accordingly. Change-Id: I2baf06fed7a3698433e7c83b1d7726054a8c746e
2024-04-29locale: Shrink ‘%default-locale-definitions’ from 34 to 10 locales.Ludovic Courtès
This reduces the default set of locales from 92 MiB to 28 MiB. * gnu/system/locale.scm (%default-locale-definitions): Reduce to 10 locales. Change-Id: I3c092604301d69db591957bcfd62a062c3ac5ab0
2024-04-29system: Remove ‘glibc-2.33’ from ‘%default-locale-libcs’.Ludovic Courtès
The transition from glibc 2.33 to 2.35 was done in c919bfefd98bf2e29549539b4e28e6dc2a8a6f32 (one year ago), so we can assume that the backward-compatible locales are no longer needed by default. This removes 92 MiB from the system closure. * gnu/system/locale.scm (%default-locale-libcs): Remove GLIBC-2.33. Change-Id: I85948bbe6b2d424f9f158eeafdb5543688c66c6b
2024-04-18system: Remove nss-certs from OS templates, adjust doc.Maxim Cournoyer
This is a follow-up to commit 86afaadb51 ("system: Add 'nss-certs' to %base-packages-networking.") * doc/guix-cookbook.texi (Running Guix on a Linode Server): Remove nss-certs from operating system's packages field. (Running Guix on a Kimsufi Server): Likewise. * doc/guix.texi (Using the Configuration System): Likewise. (X.509 Certificates): Adjust to mention nss-certs *is* part of %base-packages. * gnu/installer/services.scm (%system-services): Remove recommendation to install nss-certs. * gnu/system/examples/bare-bones.tmpl (host-name): Remove obsolete comments. * gnu/system/examples/desktop.tmpl (packages): Remove nss-certs. * gnu/system/examples/lightweight-desktop.tmpl (packages): Likewise. * gnu/system/examples/plasma.tmpl (packages): Likewise. * gnu/system/examples/raspberry-pi-64-nfs-root.tmpl (packages): Likewise. * gnu/system/examples/raspberry-pi-64.tmpl (packages): Likewise. * gnu/system/examples/vm-image.tmpl (packages): Likewise. * gnu/system/images/orangepi-r1-plus-lts-rk3328.scm (packages): Likewise. * gnu/system/images/pine64.scm (packages): Likewise. * gnu/system/install.scm (installation-os) [packages]: Likewise. Change-Id: If09123a69b987178bcb0aab61c4570c14fc1286f
2024-04-17linux-initrd: Gracefully handle lack of “modules.builtin” file.Ludovic Courtès
Fixes a regression introduced in 8f8ec56052766aa5105d672b77ad9eaca5c1ab3c, whereby passing a “fake” kernel package would no longer work. Fixes <https://issues.guix.gnu.org/70239>. * gnu/system/linux-initrd.scm (flat-linux-module-directory)[build-exp]: Gracefully handle lack of “modules.builtin” file. Reported-by: Tomas Volf <~@wolfsden.cz> Change-Id: I3acf48123b20f0b6a3b9cc0bf22f76cec3e64361
2024-04-17vm: Always use a native emulator in ‘guix system vm’.Ludovic Courtès
Suggested by Zheng Junjie <zhengjunjie@iscas.ac.cn>. * gnu/system/vm.scm (system-qemu-image/shared-store-script)[qemu-exec]: Wrap first element in ‘with-parameters’. Change-Id: Iab9905aaa7e80bad0372c1ee7c3ea88a89564f8f
2024-04-08mapped-devices: luks: Specify modules needed at the top-level.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/70266>. * gnu/system/mapped-devices.scm (luks-device-mapping)[modules]: New field. (open-luks-device): Remove non-top-level ‘use-modules’ form. * gnu/system/linux-initrd.scm (raw-initrd): Remove modules that were added specifically for ‘luks-device-mapping’. Change-Id: I4253c3dd5e3cbcee41ec84fd57227abd428d1bd6
2024-04-08mapped-devices: <mapped-device-type> can specify modules to import.Ludovic Courtès
* gnu/system/mapped-devices.scm (<mapped-device-type>)[modules]: New field. (device-mapping-service-type): Honor it. * gnu/system/linux-initrd.scm (raw-initrd): Likewise. Change-Id: Icc702cb6f281741975e33203f87fbc1ffa9856da
2024-03-31vm: If not the same local architecture, don't enable kvm.Zheng Junjie
* gnu/system/vm.scm (common-qemu-options): Add target keyword. Change-Id: Ic9bf18cf60ac5ce623289df31ea050a22c6e604e Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-03-31vm: add arguments to use virt machine type for qemu-riscv64.Zheng Junjie
* gnu/system/vm.scm (system-qemu-image/shared-store-script): When target riscv64, add arguments to set qemu virt machine type. Change-Id: I974c82fdd2d5bfc01caff9e6411db38e472b5cd4 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-03-31linux-initrd: don't add hid-apple module for riscv64-linux.Zheng Junjie
* gnu/system/linux-initrd.scm(default-initrd-modules): when target-riscv64, don't add hid-apple module. Change-Id: I633468421db0cb1ebd61e0603021fa1c79038473 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-03-31vm: When target riscv64-linux, use u-boot-qemu-riscv64-bootloader.Zheng Junjie
* gnu/system/vm.scm (virtualized-operating-system) When target riscv64-linux, use u-boot-qemu-riscv64-bootloader. Add system, target keyword. Change-Id: I22d64d00670a705e4b81427e44a83d504598b536 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-03-31vm: use #$ for kernel-arguments.Zheng Junjie
Use #$ allow cross-compile to with support current system kernel. e.g. linux-libre-riscv64-generic. * gnu/system/vm.scm(system-qemu-image/shared-store-script) (linux-image-startup-command): use #$ for kernel-arguments. Change-Id: I9d2e7df296ce590b95cd30996b33f8ca692ac1b1 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-03-09linux-initrd: Avoid looking up builtin modules.Hilton Chain
* gnu/system/linux-initrd.scm (flat-linux-module-directory) [build-exp]<builtin-modules,modules-to-lookup>: New variables. <modules>: Use ‘modules-to-lookup’ to avoid looking up builtin modules. Change-Id: I60fdae0211bb6632508b1c63582e013e78186cd1
2024-02-28system: default-bash-profile: Add Guix Home search paths as well.Florian Pelz
Ordinary .guix-profile is searched already. Also this makes desktop environments find packages installed in Guix Home. * gnu/system/shadow.scm (%default-bash-profile): Add Home search paths.
2024-02-10services: Add ‘virtual-build-machine’ service.Ludovic Courtès
* gnu/services/virtualization.scm (<virtual-build-machine>): New record type. (%build-vm-ssh-port, %build-vm-secrets-port, %x86-64-intel-cpu-models): New variables. (qemu-cpu-model-for-date, virtual-build-machine-ssh-port) (virtual-build-machine-secrets-port): New procedures. (%minimal-vm-syslog-config, %virtual-build-machine-operating-system): New variables. (virtual-build-machine-default-image): (virtual-build-machine-account-name) (virtual-build-machine-accounts) (build-vm-shepherd-services) (initialize-build-vm-substitutes) (build-vm-activation) (virtual-build-machine-offloading-ssh-key) (virtual-build-machine-activation) (virtual-build-machine-secret-root) (check-vm-availability) (build-vm-guix-extension): New procedures. (initialize-hurd-vm-substitutes): Remove. (hurd-vm-activation): Rewrite in terms of ‘build-vm-activation’. * gnu/system/vm.scm (linux-image-startup-command): New procedure. (operating-system-for-image): Export. * gnu/tests/virtualization.scm (run-command-over-ssh): New procedure, extracted from… (run-childhurd-test): … here. [test]: Adjust accordingly. (%build-vm-os): New variable. (run-build-vm-test): New procedure. (%test-build-vm): New variable. * doc/guix.texi (Virtualization Services)[Virtual Build Machines]: New section. (Build Environment Setup): Add cross-reference. Change-Id: I0a47652a583062314020325aedb654f11cb2499c
2024-02-10vm: Add ‘cpu-count’ field to <virtual-machine>.Ludovic Courtès
* gnu/system/vm.scm (<virtual-machine>)[cpu-count]: New field. (virtual-machine-compiler): Honor it. Change-Id: I907a89365f32ac7a9981c4ae5f59cf6eb199c3cc
2024-02-10vm: Export <virtual-machine> accessors.Ludovic Courtès
* gnu/system/vm.scm: Export. Change-Id: If65d96f4052d070af5baee26f3dd9b233b8480f4
2024-02-10vm: Add ‘date’ field to <virtual-machine>.Ludovic Courtès
* gnu/system/vm.scm (<virtual-machine>)[date]: New field. (virtual-machine-compiler): Honor it. Change-Id: Idab1c152466d57cbc6784c031a99fdfd37080bcb
2024-02-05linux-container: Inherit essential services.Leo Nikkilä
Currently it's not possible to set `essential-services' when building operating systems for containers, since `container-essential-services' always uses the defaults. It's possible to reference `essential-services' from the operating system that's passed in, but since it's thunked, the operating system needs to be defined in two passes to avoid an infinite loop. * gnu/system/linux-container.scm (container-essential-services): Use operating-system-essential-services instead of the defaults to allow overriding the base services. (containerized-operating-system): Update accordingly. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Change-Id: I81452487ef1ad01d3fa874c26d93a67d58ce6062
2024-01-17image: Consider grub-efi-removable-bootloader to be EFI bootloader.Tomas Volf
Without this change, trying to create a system image with efi-raw type while using grub-efi-removable-bootloader fails with fairly confusing message: EFI bootloader required with GPT partitioning * gnu/system/image.scm (system-disk-image): Consider grub-efi-removable-bootloader to be EFI bootloader. Change-Id: I5f5e1a94e825fd29d6880c5bafb330e16a5ac962
2024-01-17system: default-zprofile: Sync with home zprofile.Efraim Flashner
The removed fields are already sourced in /etc/profile. * gnu/system/shadow.scm (%default-zprofile): Sync with default zprofile from (gnu home services shells). Change-Id: I419eadf636344e23e8fd2f7006efa81f45527756
2024-01-17system: Add default guix-home-config.Efraim Flashner
* gnu/system/shadow.scm (%deafult-skeleton-home-config): New variable. (default-skeletons): Add it. Change-Id: Ida4cca8b1b3674491a4f18d94bc1b12d426575ba
2024-01-17system: Export default guile config.Efraim Flashner
* gnu/system/shadow.scm (%default-dotguile): Extract from default-skeletons, export. (default-skeletons): Use %default-dotguile. Change-Id: Ibe91b3b517ae542bd28070a08e14152f87ed75ec
2024-01-17system: Export default nanorc.Efraim Flashner
* gnu/system/shadow.scm (%default-nanorc): Extract from default-skeletons, export. (default-skeletons): Use %default-nanorc. Change-Id: I0d07b13ed4894b1152a08b96d9ef8527dde073ce
2024-01-17system: Export default gdbinit.Efraim Flashner
* gnu/system/shadow.scm (%default-gdbinit): Extract from default-skeletons, export. (default-skeletons): Use %default-gdbinit. Change-Id: Ia5188f8083a83ad4cdb96e234dbd730b1bfe0072
2024-01-17system: Export default xdefaults.Efraim Flashner
* gnu/system/shadow.scm (%default-xdefaults): Extract from default-skeletons, export. (default-skeletons): Use %default-xdefaults. Change-Id: I44018516ec3687a68d32ca5c86c41bc29507a273
2024-01-17system: Export default zprofile.Efraim Flashner
* gnu/system/shadow.scm (%default-zprofile): Extract from default-skeletons, export. (default-skeletons): Use %default-zprofile. Change-Id: I6c6e158bca2e462a2eae709fbc2c25a2c7f3f8b4
2024-01-17system: Export default bash-profile.Efraim Flashner
gnu/system/shadow.scm (%default-bash-profile): Extract from default-skeletons, export. (default-skeletons): Use %default-bash-profile. Change-Id: I45641b1091daee3495a5f92bdc1a63050e0cc59e
2024-01-14mapped-devices: Allow unlocking by a key file.Tomas Volf
Requiring the user to input their password in order to unlock a device is not always reasonable, so having an option to unlock the device using a key file is a nice quality of life change. * gnu/system/mapped-devices.scm (open-luks-device): Add #:key-file argument. (luks-device-mapping-with-options): New procedure. * doc/guix.texi (Mapped Devices): Describe the new procedure. Change-Id: I1de4e045f8c2c11f9a94f1656e839c785b0c11c4 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-01-08system: hurd: Use the Shepherd 0.10.x.Ludovic Courtès
* gnu/system.scm (hurd-default-essential-services): Remove reference to ‘shepherd-0.8’. * gnu/system/hurd.scm (%base-packages/hurd): Replace ‘shepherd-0.8’ with ‘shepherd-0.10’. Change-Id: I9f1800693cda456286450d3d0bb6f7e3da85d55e
2024-01-08scripts: system: Build layered images.Oleg Pykhalov
* guix/scripts/system.scm (show-help, %docker-format-options, %options, %default-options, show-docker-format-options, show-docker-format-options/detailed, process-action): Handle '--max-layers' option. * gnu/system/image.scm (system-docker-image): Same. * gnu/image.scm (<image>)[max-layers]: New record field. Change-Id: I2726655aefd6688b976057fd5a38e9972ebfc292
2023-12-30gnu: vm-image.tmpl: Improve SPICE dynamic resizing.Maxim Cournoyer
* gnu/system/examples/vm-image.tmpl (auto-update-resolution-crutch): Delete variable. (operating-system) [packages]: Add x-resize. [services]: Remove auto-update-resolution-crutch mcron service. Fixes: https://issues.guix.gnu.org/57068 Reported-by: Ludovic Courtès <ludo@gnu.org> Change-Id: I45cd3d79b94ece2511d324c7b180f8f37bd9ba49
2023-12-22images: Add orangepi-r1-plus-lts image.Herman Rimm
* gnu/local.mk: Register image. * gnu/system/images/orangepi-r1-plus-lts-rk3328.scm: New file. * gnu/system/install.scm (orangepi-r1-plus-lts-rk3328-installation-os): New variable. Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
2023-12-10file-systems: Add tracefs to %pseudo-file-system-types.Leo Nikkilä
* gnu/system/file-systems.scm (%pseudo-file-system-types): Add tracefs. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-12-02gnu: Use ‘libc-utf8-locales-for-target’.Janneke Nieuwenhuizen
* guix/packages.scm (%standard-patch-inputs): Use ‘libc-utf8-locales-for-target’ instead of ‘glibc-utf8-locales’. * guix/self.scm (%packages): Likewise. * gnu/home/services/ssh.scm (file-join): Likewise * gnu/installer.scm (build-compiled-file): Likewise. * gnu/packages/chromium.scm (ungoogled-chromium/wayland): Likewise. * gnu/packages/gnome.scm (libgweather4, tracker): Likewise. * gnu/packages/javascript.scm (js-mathjax): Likewise. * gnu/packages/package-management.scm (guix, flatpak): Likewise. * gnu/packages/raspberry-pi.scm (raspi-arm64-chainloader): Likewise. * gnu/packages/suckless.scm (svkbd): Likewise. * gnu/services.scm (cleanup-gexp): Likewise. * gnu/services/base.scm (guix-publish-shepherd-service): Likewise. * gnu/services/guix.scm (guix-build-coordinator-shepherd-services) (guix-build-coordinator-agent-shepherd-services): Likewise. * gnu/services/guix.scm (guix-build-coordinator-queue-builds-shepherd-services): (guix-data-service-shepherd-services) (nar-herder-shepherd-services) (bffe-shepherd-services): Likewise. * gnu/services/web.scm (anonip-shepherd-service) (mumi-shepherd-services): Likewise. * gnu/system/image.scm (system-disk-image, system-iso9660-image) (system-docker-image, system-tarball-image): Likewise. * gnu/system/install.scm (%installation-services): Likewise. * guix/profiles.scm (info-dir-file): Likewise. (ca-certificate-bundle, profile-derivation): Likewise. * guix/scripts/pack.scm (store-database, set-utf8-locale): Likewise. * tests/pack.scm: Likewise. * tests/profiles.scm ("profile-derivation, cross-compilation"): Likewise. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Co-authored-by: Christopher Baines <mail@cbaines.net> Change-Id: I24239f427bcc930c29d2ba5d00dc615960a6c374
2023-10-29system: vm: Include the cirrus driver in the initrd.Tobias Geerinckx-Rice
This is Ludo's suggestion at <https://issues.guix.gnu.org/36069#26>, with an added guard against duplicates and a tweaked comment. * gnu/system/vm.scm (virtualized-operating-system): Add "cirrus" to the list of INITRD-MODULES. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Change-Id: I1a86286586eee0b8c39706544778c7911a86da33
2023-10-30gnu: file-systems: Add xenfs to %pseudo-file-system-types.Skyler Ferris
* gnu/system/file-systems.scm (%pseudo-file-system-types): Add xenfs. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-10-06system: Modify bash skeleton to colorize 'ip' output.Bruno Victal
* gnu/system/shadow.scm (%default-bashrc): Add an alias for 'ip' that enables output colorization. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>