From d66a4eac4402614a1938fdc4ef0fde0c06badb52 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Oct 2020 13:21:26 +0200 Subject: doc: Produce stylable HTML for @deftp, @deffn, etc. 'makeinfo --help' uses and for those entries. Replace that with CSS classes. * doc/build.scm (html-manual-identifier-index)[build]: Adjust to handle rewritten forms of
entries. * doc/build.scm (syntax-highlighted-html)[build][syntax-highlight]: Handle
forms and replace them. [highlight-definition, space?]: New procedures. --- doc/build.scm | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/build.scm b/doc/build.scm index dac62493f4..7d17a16d2a 100644 --- a/doc/build.scm +++ b/doc/build.scm @@ -298,13 +298,17 @@ actual file name." (loop rest)) ((('strong _ ...) _ ...) #t) - (_ #f)))) + ((('span ('@ ('class "symbol-definition-category")) + (? string-or-entity?) ...) rest ...) + #t) + (x + #f)))) (let ((shtml (call-with-input-file file html->shtml))) (let loop ((shtml shtml) (anchors anchors)) (match shtml - (('dt ('@ ('id id)) rest ...) + (('dt ('@ ('id id) _ ...) rest ...) (if (and (string-prefix? "index-" id) (worthy-entry? rest)) (alist-cons (anchor-id->key id) @@ -479,6 +483,19 @@ its
 blocks (as produced by 'makeinfo --html')."
                    (pk 'unsupported-code-snippet something)
                    (primitive-exit 1)))))
 
+            (define (highlight-definition id category symbol args)
+              ;; Produce stylable HTML for the given definition (an @deftp,
+              ;; @deffn, or similar).
+              `(dt (@ (id ,id) (class "symbol-definition"))
+                   (span (@ (class "symbol-definition-category"))
+                         ,@category)
+                   (span (@ (class "symbol-definition-prototype"))
+                         ,symbol " " ,@args)))
+
+            (define (space? obj)
+              (and (string? obj)
+                   (string-every char-set:whitespace obj)))
+
             (define (syntax-highlight sxml anchors)
               ;; Recurse over SXML and syntax-highlight code snippets.
               (let loop ((sxml sxml))
@@ -497,6 +514,15 @@ its 
 blocks (as produced by 'makeinfo --html')."
                              (highlight lex-scheme
                                         (concatenate-snippets code-snippet)))
                             anchors)))
+
+                  ;; Replace the ugly  used for @deffn etc., which
+                  ;; translate to 
, with more stylable markup. + (('dt (@ ('id id)) category ... ('strong thing)) + (highlight-definition id category thing '())) + (('dt (@ ('id id)) category ... ('strong thing) + (? space?) ('em args ...)) + (highlight-definition id category thing args)) + ((tag ('@ attributes ...) body ...) `(,tag (@ ,@attributes) ,@(map loop body))) ((tag body ...) -- cgit 1.4.1 From 5800d2aae2490f4192823323b72d17f2645aeb9e Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sat, 10 Oct 2020 00:33:32 -0400 Subject: maint: update-guix-package: Prevent accidentally breaking guix pull. Fixes . This changes the 'update-guix-package' tool so that it: 1. Always uses a clean checkout to compute the hash of the updated 'guix' package. 2. Ensures the commit used in the updated 'guix' package definition has already been pushed upstream. * build-aux/update-guix-package.scm (%savannah-guix-git-repo-push-url): New variable. (with-input-pipe-to-string, with-temporary-git-worktree): New syntaxes. (find-origin-remote, git-add-worktree): New procedures. (commit-already-pushed?): New predicate. (main): Check the commit used has already been pushed upstream and compute the hash from a clean checkout. * doc/contributing.texi (Updating the Guix Package): Document it. * .dir-locals.el (scheme-mode): Fix indentation of with-temporary-git-worktree. --- .dir-locals.el | 1 + build-aux/update-guix-package.scm | 98 +++++++++++++++++++++++++++------------ doc/contributing.texi | 43 +++++++++++++++++ 3 files changed, 112 insertions(+), 30 deletions(-) (limited to 'doc') diff --git a/.dir-locals.el b/.dir-locals.el index 7f310d2612..19f15b3e1a 100644 --- a/.dir-locals.el +++ b/.dir-locals.el @@ -103,6 +103,7 @@ (eval . (put 'call-with-progress-reporter 'scheme-indent-function 1)) (eval . (put 'with-repository 'scheme-indent-function 2)) (eval . (put 'with-temporary-git-repository 'scheme-indent-function 2)) + (eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2)) (eval . (put 'with-environment-variables 'scheme-indent-function 1)) (eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1)) diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm index f695e91cfd..9b03b06c7c 100644 --- a/build-aux/update-guix-package.scm +++ b/build-aux/update-guix-package.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017, 2018 Ludovic Courtès +;;; Copyright © 2020 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,13 +25,20 @@ ;;; Code: (use-modules (guix) + (guix ui) (guix git-download) (guix upstream) (guix utils) (guix base32) (guix build utils) + (guix scripts hash) (gnu packages package-management) - (ice-9 match)) + (ice-9 match) + (ice-9 popen) + (ice-9 textual-ports) + (srfi srfi-1) + (srfi srfi-2) + (srfi srfi-26)) (define %top-srcdir (string-append (current-source-directory) "/..")) @@ -101,44 +109,74 @@ COMMIT." (exp (error "'guix' package definition is not as expected" exp))))) +(define (git-add-worktree directory commit) + "Create a new git worktree at DIRECTORY, detached on commit COMMIT." + (invoke "git" "worktree" "add" "--detach" directory commit)) + +(define-syntax-rule (with-temporary-git-worktree commit body ...) + "Execute BODY in the context of a temporary git worktree created from COMMIT." + (call-with-temporary-directory + (lambda (tmp-directory) + (dynamic-wind + (lambda () + #t) + (lambda () + (git-add-worktree tmp-directory commit) + (with-directory-excursion tmp-directory body ...)) + (lambda () + (invoke "git" "worktree" "remove" "--force" tmp-directory)))))) + +(define %savannah-guix-git-repo-push-url + "git.savannah.gnu.org/srv/git/guix.git") + +(define-syntax-rule (with-input-pipe-to-string prog arg ...) + (let* ((input-pipe (open-pipe* OPEN_READ prog arg ...)) + (output (get-string-all input-pipe)) + (exit-val (status:exit-val (close-pipe input-pipe)))) + (unless (zero? exit-val) + (error (format #f "Command ~s exited with non-zero exit status: ~s" + (string-join (list prog arg ...)) exit-val))) + (string-trim-both output))) + +(define (find-origin-remote) + "Find the name of the git remote with the Savannah Guix git repo URL." + (and-let* ((remotes (string-split (with-input-pipe-to-string + "git" "remote" "-v") + #\newline)) + (origin-entry (find (cut string-contains <> + (string-append + %savannah-guix-git-repo-push-url + " (push)")) + remotes))) + (first (string-split origin-entry #\tab)))) + +(define (commit-already-pushed? remote commit) + "True if COMMIT is found in the REMOTE repository." + (not (string-null? (with-input-pipe-to-string + "git" "branch" "-r" "--contains" commit + (string-append remote "/master"))))) + (define (main . args) (match args ((commit version) - (with-store store - (let* ((source (add-to-store store - "guix-checkout" ;dummy name - #t "sha256" %top-srcdir - #:select? version-controlled?)) - (hash (query-path-hash store source)) + (with-directory-excursion %top-srcdir + (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") + (commit-already-pushed? (find-origin-remote) commit) + (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit)) + (let* ((hash (with-temporary-git-worktree commit + (nix-base32-string->bytevector + (string-trim-both + (with-output-to-string + (lambda () + (guix-hash "-rx" "."))))))) (location (package-definition-location)) (old-hash (content-hash-value - (origin-hash (package-source guix))))) + (origin-hash (package-source guix))))) (edit-expression location (update-definition commit hash #:old-hash old-hash - #:version version)) - - ;; Re-add SOURCE to the store, but this time under the real name used - ;; in the 'origin'. This allows us to build the package without - ;; having to make a real checkout; thus, it also works when working - ;; on a private branch. - (reload-module - (resolve-module '(gnu packages package-management))) - - (let* ((source (add-to-store store - (origin-file-name (package-source guix)) - #t "sha256" source)) - (root (store-path-package-name source))) - - ;; Add an indirect GC root for SOURCE in the current directory. - (false-if-exception (delete-file root)) - (symlink source root) - (add-indirect-root store - (string-append (getcwd) "/" root)) - - (format #t "source code for commit ~a: ~a (GC root: ~a)~%" - commit source root))))) + #:version version))))) ((commit) ;; Automatically deduce the version and revision numbers. (main commit #f)))) diff --git a/doc/contributing.texi b/doc/contributing.texi index af3601442e..11a932a9bf 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -28,6 +28,7 @@ choice. * Submitting Patches:: Share your work. * Tracking Bugs and Patches:: Using Debbugs. * Commit Access:: Pushing to the official repository. +* Updating the Guix Package:: Updating the Guix package definition. @end menu @node Building from Git @@ -1323,3 +1324,45 @@ only push their own awesome changes, but also offer some of their time @emph{reviewing} and pushing other people's changes. As a committer, you're welcome to use your expertise and commit rights to help other contributors, too! + +@node Updating the Guix Package +@section Updating the Guix Package + +@cindex update-guix-package, updating the guix package +It is sometimes desirable to update the @code{guix} package itself (the +package defined in @code{(gnu packages package-management)}), for +example to make new daemon features available for use by the +@code{guix-service-type} service type. In order to simplify this task, +the following command can be used: + +@example +make update-guix-package +@end example + +The @code{update-guix-package} make target will use the last known +@emph{commit} corresponding to @code{HEAD} in your Guix checkout, +compute the hash of the Guix sources corresponding to that commit and +update the @code{commit}, @code{revision} and hash of the @code{guix} +package definition. + +To validate that the updated @code{guix} package hashes are correct and +that it can be built successfully, the following command can be run from +the directory of your Guix checkout: + +@example +./pre-inst-env guix build guix +@end example + +To guard against accidentally updating the @code{guix} package to a +commit that others can't refer to, a check is made that the commit used +has already been pushed to the Savannah-hosted Guix git repository. + +This check can be disabled, @emph{at your own peril}, by setting the +@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. + +To build the resulting 'guix' package when using a private commit, the +following command can be used: + +@example +./pre-inst-env guix build guix --with-git-url=guix=$PWD +@end example -- cgit 1.4.1 From 764d896668aa0f69514ef22de005fbf851949969 Mon Sep 17 00:00:00 2001 From: Reza Alizadeh Majd Date: Mon, 19 Oct 2020 23:58:49 +0300 Subject: services: Add LXQt desktop service. * gnu/services/desktop.scm (lxqt-desktop-service-type): New variable. (): New record type. (lxqt-desktop-configuration?): New procedure. * doc/guix.texi (Desktop Services): Document this. Co-authored-by: Oleg Pykhalov --- doc/guix.texi | 60 +++++++++++++++++++++++++++++++----------------- gnu/services/desktop.scm | 37 +++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 21 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 130985d30f..c46df88a4a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17606,27 +17606,27 @@ field of an @code{operating-system} declaration (@pxref{operating-system Reference, @code{services}}). Additionally, the @code{gnome-desktop-service-type}, -@code{xfce-desktop-service}, @code{mate-desktop-service-type} and -@code{enlightenment-desktop-service-type} procedures can add GNOME, Xfce, MATE -and/or Enlightenment to a system. To ``add GNOME'' means that system-level -services like the backlight adjustment helpers and the power management -utilities are added to the system, extending @code{polkit} and @code{dbus} -appropriately, allowing GNOME to operate with elevated privileges on a -limited number of special-purpose system interfaces. Additionally, -adding a service made by @code{gnome-desktop-service-type} adds the GNOME -metapackage to the system profile. Likewise, adding the Xfce service -not only adds the @code{xfce} metapackage to the system profile, but it -also gives the Thunar file manager the ability to open a ``root-mode'' -file management window, if the user authenticates using the -administrator's password via the standard polkit graphical interface. -To ``add MATE'' means that @code{polkit} and @code{dbus} are extended -appropriately, allowing MATE to operate with elevated privileges on a -limited number of special-purpose system interfaces. Additionally, -adding a service of type @code{mate-desktop-service-type} adds the MATE -metapackage to the system profile. ``Adding Enlightenment'' means that -@code{dbus} is extended appropriately, and several of Enlightenment's binaries -are set as setuid, allowing Enlightenment's screen locker and other -functionality to work as expected. +@code{xfce-desktop-service}, @code{mate-desktop-service-type}, +@code{lxqt-desktop-service-type} and @code{enlightenment-desktop-service-type} +procedures can add GNOME, Xfce, MATE and/or Enlightenment to a system. To +``add GNOME'' means that system-level services like the backlight adjustment +helpers and the power management utilities are added to the system, extending +@code{polkit} and @code{dbus} appropriately, allowing GNOME to operate with +elevated privileges on a limited number of special-purpose system interfaces. +Additionally, adding a service made by @code{gnome-desktop-service-type} adds +the GNOME metapackage to the system profile. Likewise, adding the Xfce +service not only adds the @code{xfce} metapackage to the system profile, but +it also gives the Thunar file manager the ability to open a ``root-mode'' file +management window, if the user authenticates using the administrator's +password via the standard polkit graphical interface. To ``add MATE'' means +that @code{polkit} and @code{dbus} are extended appropriately, allowing MATE +to operate with elevated privileges on a limited number of special-purpose +system interfaces. Additionally, adding a service of type +@code{mate-desktop-service-type} adds the MATE metapackage to the system +profile. ``Adding Enlightenment'' means that @code{dbus} is extended +appropriately, and several of Enlightenment's binaries are set as setuid, +allowing Enlightenment's screen locker and other functionality to work as +expected. The desktop environments in Guix use the Xorg display server by default. If you'd like to use the newer display server protocol @@ -17694,6 +17694,24 @@ The MATE package to use. @end table @end deftp +@deffn {Scheme Variable} lxqt-desktop-service-type +This is the type of the service that runs the @uref{https://lxqt.github.io, +LXQt desktop environment}. Its value is a @code{lxqt-desktop-configuration} +object (see below). + +This service adds the @code{lxqt} package to the system +profile. +@end deffn + +@deftp {Data Type} lxqt-desktop-configuration +Configuration record for the LXQt desktop environment. + +@table @asis +@item @code{lxqt} (default: @code{lxqt}) +The LXQT package to use. +@end table +@end deftp + @deffn {Scheme Variable} enlightenment-desktop-service-type Return a service that adds the @code{enlightenment} package to the system profile, and extends dbus with actions from @code{efl}. diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 3a3fd8fd1b..c4d6c93543 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2019 Tim Gesthuizen ;;; Copyright © 2019 David Wilson ;;; Copyright © 2020 Tobias Geerinckx-Rice +;;; Copyright © 2020 Reza Alizadeh Majd ;;; ;;; This file is part of GNU Guix. ;;; @@ -53,6 +54,7 @@ #:use-module (gnu packages suckless) #:use-module (gnu packages linux) #:use-module (gnu packages libusb) + #:use-module (gnu packages lxqt) #:use-module (gnu packages mate) #:use-module (gnu packages nfs) #:use-module (gnu packages enlightenment) @@ -127,6 +129,11 @@ mate-desktop-service mate-desktop-service-type + lxqt-desktop-configuration + lxqt-desktop-configuration? + lxqt-desktop-service + lxqt-desktop-service-type + xfce-desktop-configuration xfce-desktop-configuration? xfce-desktop-service @@ -1009,6 +1016,36 @@ system as root from within a user session, after the user has authenticated with the administrator's password." (service xfce-desktop-service-type config)) ++ +;;; +;;; Lxqt desktop service. +;;; + +(define-record-type* lxqt-desktop-configuration + make-lxqt-desktop-configuration + lxqt-desktop-configuration? + (lxqt lxqt-package + (default lxqt))) + +(define (lxqt-polkit-settings config) + "Return the list of LXQt dependencies that provide polkit actions and +rules." + (let ((lxqt (lxqt-package config))) + (map (lambda (name) + ((package-direct-input-selector name) lxqt)) + '("lxqt-admin")))) + +(define lxqt-desktop-service-type + (service-type + (name 'lxqt-desktop) + (extensions + (list (service-extension polkit-service-type + lxqt-polkit-settings) + (service-extension profile-service-type + (compose list lxqt-package)))) + (default-value (lxqt-desktop-configuration)) + (description "Run LXQt desktop environment."))) + ;;; ;;; X11 socket directory service -- cgit 1.4.1 From 39befb6261a073818f709cae6273e772f22c1cf9 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Oct 2020 20:21:02 +0200 Subject: doc: Document 'url-fetch', 'git-fetch', and 'git-reference'. * doc/guix.texi (origin Reference): Rewrite initial paragraph. Properly document 'method' and its protocol. Document 'url-fetch', 'git-fetch', and 'git-reference' separately. --- doc/guix.texi | 107 ++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 85 insertions(+), 22 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index c46df88a4a..36ba1dc811 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6607,8 +6607,12 @@ for more on build systems. @node origin Reference @subsection @code{origin} Reference -This section summarizes all the options available in @code{origin} -declarations (@pxref{Defining Packages}). +This section documents @dfn{origins}. An @code{origin} declaration +specifies data that must be ``produced''---downloaded, usually---and +whose content hash is known in advance. Origins are primarily used to +represent the source code of packages (@pxref{Defining Packages}). For +that reason, the @code{origin} form allows you to declare patches to +apply to the original source code as well as code snippets to modify it. @deftp {Data Type} origin This is the data type representing a source code origin. @@ -6620,28 +6624,18 @@ the @code{method} (see below). For example, when using the @var{url-fetch} method of @code{(guix download)}, the valid @code{uri} values are: a URL represented as a string, or a list thereof. +@cindex fixed-output derivations, for download @item @code{method} -A procedure that handles the URI. - -Examples include: - -@table @asis -@item @var{url-fetch} from @code{(guix download)} -download a file from the HTTP, HTTPS, or FTP URL specified in the -@code{uri} field; - -@vindex git-fetch -@item @var{git-fetch} from @code{(guix git-download)} -clone the Git version control repository, and check out the revision -specified in the @code{uri} field as a @code{git-reference} object; a -@code{git-reference} looks like this: +A monadic procedure that handles the given URI. The procedure must +accept at least three arguments: the value of the @code{uri} field and +the hash algorithm and hash value specified by the @code{hash} field. +It must return a store item or a derivation in the store monad +(@pxref{The Store Monad}); most methods return a fixed-output derivation +(@pxref{Derivations}). -@lisp -(git-reference - (url "https://git.savannah.gnu.org/git/hello.git") - (commit "v2.10")) -@end lisp -@end table +Commonly used methods include @code{url-fetch}, which fetches data from +a URL, and @code{git-fetch}, which fetches data from a Git repository +(see below). @item @code{sha256} A bytevector containing the SHA-256 hash of the source. This is @@ -6720,6 +6714,75 @@ It performs sanity checks at macro-expansion time, when possible, such as ensuring that @var{value} has the right size for @var{algorithm}. @end deftp +As we have seen above, how exactly the data an origin refers to is +retrieved is determined by its @code{method} field. The @code{(guix +download)} module provides the most common method, @code{url-fetch}, +described below. + +@deffn {Scheme Procedure} url-fetch @var{url} @var{hash-algo} @var{hash} @ + [name] [#:executable? #f] +Return a fixed-output derivation that fetches data from @var{url} (a +string, or a list of strings denoting alternate URLs), which is expected +to have hash @var{hash} of type @var{hash-algo} (a symbol). By default, +the file name is the base name of URL; optionally, @var{name} can +specify a different file name. When @var{executable?} is true, make the +downloaded file executable. + +When one of the URL starts with @code{mirror://}, then its host part is +interpreted as the name of a mirror scheme, taken from @file{%mirror-file}. + +Alternatively, when URL starts with @code{file://}, return the +corresponding file name in the store. +@end deffn + +Likewise, the @code{(guix git-download)} module defines the +@code{git-download} origin method, which fetches data from a Git version +control repository, and the @code{git-reference} data type to describe +the repository and revision to fetch. + +@deffn {Scheme Procedure} git-fetch @var{ref} @var{hash-algo} @var{hash} +Return a fixed-output derivation that fetches @var{ref}, a +@code{} object. The output is expected to have recursive +hash @var{hash} of type @var{hash-algo} (a symbol). Use @var{name} as +the file name, or a generic name if @code{#f}. +@end deffn + +@deftp {Data Type} git-reference +This data type represents a Git reference for @code{git-fetch} to +retrieve. + +@table @asis +@item @code{url} +The URL of the Git repository to clone. + +@item @code{commit} +This string denotes either the commit to fetch (a hexadecimal string, +either the full SHA1 commit or a ``short'' commit string; the latter is +not recommended) or the tag to fetch. + +@item @code{recursive?} (default: @code{#f}) +This Boolean indicates whether to recursively fetch Git sub-modules. +@end table + +The example below denotes the @code{v2.10} tag of the GNU@tie{}Hello +repository: + +@lisp +(git-reference + (url "https://git.savannah.gnu.org/git/hello.git") + (commit "v2.10")) +@end lisp + +This is equivalent to the reference below, which explicitly names the +commit: + +@lisp +(git-reference + (url "https://git.savannah.gnu.org/git/hello.git") + (commit "dc7dc56a00e48fe6f231a58f6537139fe2908fb9")) +@end lisp +@end deftp + @node Build Systems @section Build Systems -- cgit 1.4.1 From 5513d621e9a1523e4cda029c47ade9eff01f73e8 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Oct 2020 22:22:18 +0200 Subject: doc: Add "Build Phases" section. * doc/guix.texi (Build Phases): New section. (Build Systems): Remove 'modify-phases' example and add cross-reference to "Build Phases". (Build Utilities)[Build Phases]: Simplify intro and link to "Build Phases". (G-Expressions): Add index entries for "code staging" and add cross-reference to "Build Phases". --- doc/guix.texi | 187 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 169 insertions(+), 18 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 36ba1dc811..f5e31c5914 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -252,6 +252,7 @@ Programming Interface * Package Modules:: Packages from the programmer's viewpoint. * Defining Packages:: Defining new packages. * Build Systems:: Specifying how packages are built. +* Build Phases:: Phases of the build process of a package. * Build Utilities:: Helpers for your package definitions and more. * The Store:: Manipulating the package store. * Derivations:: Low-level interface to package derivations. @@ -6086,6 +6087,7 @@ package definitions. * Package Modules:: Packages from the programmer's viewpoint. * Defining Packages:: Defining new packages. * Build Systems:: Specifying how packages are built. +* Build Phases:: Phases of the build process of a package. * Build Utilities:: Helpers for your package definitions and more. * The Store:: Manipulating the package store. * Derivations:: Low-level interface to package derivations. @@ -6877,16 +6879,8 @@ The build-side module @code{(guix build gnu-build-system)} defines @code{%standard-phases} is a list of symbol/procedure pairs, where the procedure implements the actual phase. -The list of phases used for a particular package can be changed with the -@code{#:phases} parameter. For instance, passing: - -@example -#:phases (modify-phases %standard-phases (delete 'configure)) -@end example - -means that all the phases described above will be used, except the -@code{configure} phase. @xref{Build Utilities}, for more info on -@code{modify-phases} and build phases in general. +@xref{Build Phases}, for more info on build phases and ways to customize +them. In addition, this build system ensures that the ``standard'' environment for GNU packages is available. This includes tools such as GCC, libc, @@ -7716,6 +7710,162 @@ with @code{build-expression->derivation} (@pxref{Derivations, @code{build-expression->derivation}}). @end defvr +@node Build Phases +@section Build Phases + +@cindex build phases, for packages +Almost all package build systems implement a notion @dfn{build phases}: +a sequence of actions that the build system executes, when you build the +package, leading to the installed byproducts in the store. A notable +exception is the ``bare-bones'' @code{trivial-build-system} +(@pxref{Build Systems}). + +As discussed in the previous section, those build systems provide a +standard list of phases. For @code{gnu-build-system}, the standard +phases include an @code{unpack} phase to unpack the source code tarball, +a @command{configure} phase to run @code{./configure}, a @code{build} +phase to run @command{make}, and (among others) an @code{install} phase +to run @command{make install}; @pxref{Build Systems}, for a more +detailed view of these phases. Likewise, @code{cmake-build-system} +inherits these phases, but its @code{configure} phase runs +@command{cmake} instead of @command{./configure}. Other build systems, +such as @code{python-build-system}, have a wholly different list of +standard phases. All this code runs on the @dfn{build side}: it is +evaluated when you actually build the package, in a dedicated build +process spawned by the build daemon (@pxref{Invoking guix-daemon}). + +Build phases are represented as association lists or ``alists'' +(@pxref{Association Lists,,, guile, GNU Guile Reference Manual}) where +each key is a symbol for the name of the phase and the associated value +is a procedure that accepts an arbitrary number of arguments. By +convention, those procedures receive information about the build in the +form of @dfn{keyword parameters}, which they can use or ignore. + +For example, here is how @code{(guix build gnu-build-system)} defines +@code{%standard-phases}, the variable holding its alist of build +phases@footnote{We present a simplified view of those build phases, but +do take a look at @code{(guix build gnu-build-system)} to see all the +details!}: + +@lisp +;; The build phases of 'gnu-build-system'. + +(define* (unpack #:key source #:allow-other-keys) + ;; Extract the source tarball. + (invoke "tar" "xvf" source)) + +(define* (configure #:key outputs #:allow-other-keys) + ;; Run the 'configure' script. Install to output "out". + (let ((out (assoc-ref outputs "out"))) + (invoke "./configure" + (string-append "--prefix=" out)))) + +(define* (build #:allow-other-keys) + ;; Compile. + (invoke "make")) + +(define* (check #:key (test-target "check") (tests? #true) + #:allow-other-keys) + ;; Run the test suite. + (if tests? + (invoke "make" test-target) + (display "test suite not run\n"))) + +(define* (install #:allow-other-keys) + ;; Install files to the prefix 'configure' specified. + (invoke "make" "install")) + +(define %standard-phases + ;; The list of standard phases (quite a few are omitted + ;; for brevity). Each element is a symbol/procedure pair. + (list (cons 'unpack unpack) + (cons 'configure configure) + (cons 'build build) + (cons 'check check) + (cons 'install install))) +@end lisp + +This shows how @code{%standard-phases} is defined as a list of +symbol/procedure pairs (@pxref{Pairs,,, guile, GNU Guile Reference +Manual}). The first pair associates the @code{unpack} procedure with +the @code{unpack} symbol---a name; the second pair defines the +@code{configure} phase similarly, and so on. When building a package +that uses @code{gnu-build-system} with its default list of phases, those +phases are executed sequentially. You can see the name of each phase +started and completed in the build log of packages that you build. + +Let's now look at the procedures themselves. Each one is defined with +@code{define*}: @code{#:key} lists keyword parameters the procedure +accepts, possibly with a default value, and @code{#:allow-other-keys} +specifies that other keyword parameters are ignored (@pxref{Optional +Arguments,,, guile, GNU Guile Reference Manual}). + +The @code{unpack} procedure honors the @code{source} parameter, which +the build system uses to pass the file name of the source tarball (or +version control checkout), and it ignores other parameters. The +@code{configure} phase only cares about the @code{outputs} parameter, an +alist mapping package output names to their store file name +(@pxref{Packages with Multiple Outputs}). It extracts the file name of +for @code{out}, the default output, and passes it to +@command{./configure} as the installation prefix, meaning that +@command{make install} will eventually copy all the files in that +directory (@pxref{Configuration, configuration and makefile +conventions,, standards, GNU Coding Standards}). @code{build} and +@code{install} ignore all their arguments. @code{check} honors the +@code{test-target} argument, which specifies the name of the Makefile +target to run tests; it prints a message and skips tests when +@code{tests?} is false. + +@cindex build phases, customizing +The list of phases used for a particular package can be changed with the +@code{#:phases} parameter of the build system. Changing the set of +build phases boils down to building a new alist of phases based on the +@code{%standard-phases} alist described above. This can be done with +standard alist procedures such as @code{alist-delete} (@pxref{SRFI-1 +Association Lists,,, guile, GNU Guile Reference Manual}); however, it is +more convenient to do so with @code{modify-phases} (@pxref{Build +Utilities, @code{modify-phases}}). + +Here is an example of a package definition that removes the +@code{configure} phase of @code{%standard-phases} and inserts a new +phase before the @code{build} phase, called +@code{set-prefix-in-makefile}: + +@example +(define-public example + (package + (name "example") + ;; other fields omitted + (build-system gnu-build-system) + (arguments + '(#:phases (modify-phases %standard-phases + (delete 'configure) + (add-before 'build 'set-prefix-in-makefile + (lambda* (#:key outputs #:allow-other-keys) + ;; Modify the makefile so that its + ;; 'PREFIX' variable points to "out". + (let ((out (assoc-ref outputs "out"))) + (substitute* "Makefile" + (("PREFIX =.*") + (string-append "PREFIX = " + out "\n"))) + #true)))))))) +@end example + +The new phase that is inserted is written as an anonymous procedure, +introduced with @code{lambda*}; it honors the @code{outputs} parameter +we have seen before. @xref{Build Utilities}, for more about the helpers +used by this phase, and for more examples of @code{modify-phases}. + +@cindex code staging +@cindex staging, of code +Keep in mind that build phases are code evaluated at the time the +package is actually built. This explains why the whole +@code{modify-phases} expression above is quoted (it comes after the +@code{'} or apostrophe): it is @dfn{staged} for later execution. +@xref{G-Expressions}, for an explanation of code staging and the +@dfn{code strata} involved. + @node Build Utilities @section Build Utilities @@ -7929,13 +8079,12 @@ Return the complete file name for @var{program} as found in @subsection Build Phases @cindex build phases -The @code{(guix build utils)} also contains tools to manipulate -@dfn{build phases} as found in @code{gnu-build-system} and in fact most -build systems (@pxref{Build Systems}). Build phases are represented as -association lists or ``alists'' (@pxref{Association Lists,,, guile, GNU -Guile Reference Manual}) where each key is a symbol for the name of the -phase, and the associated value is a procedure that accepts an arbitrary -number of arguments. +The @code{(guix build utils)} also contains tools to manipulate build +phases as used by build systems (@pxref{Build Systems}). Build phases +are represented as association lists or ``alists'' (@pxref{Association +Lists,,, guile, GNU Guile Reference Manual}) where each key is a symbol +naming the phase and the associated value is a procedure (@pxref{Build +Phases}). Guile core and the @code{(srfi srfi-1)} module both provide tools to manipulate alists. The @code{(guix build utils)} module complements @@ -8681,6 +8830,8 @@ These build actions are performed when asking the daemon to actually build the derivations; they are run by the daemon in a container (@pxref{Invoking guix-daemon}). +@cindex code staging +@cindex staging, of code @cindex strata of code It should come as no surprise that we like to write these build actions in Scheme. When we do that, we end up with two @dfn{strata} of Scheme @@ -8692,7 +8843,7 @@ on this topic}, refers to this kind of code generation as @dfn{staging}.}: the ``host code''---code that defines packages, talks to the daemon, etc.---and the ``build code''---code that actually performs build actions, such as making directories, invoking -@command{make}, etc. +@command{make}, and so on (@pxref{Build Phases}). To describe a derivation and its build actions, one typically needs to embed build code inside host code. It boils down to manipulating build -- cgit 1.4.1 From ebe6e0394932b1b64f65acdc41535fafacc84254 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Oct 2020 22:37:39 +0200 Subject: doc: Fix misuses of @var in "Defining Packages". * doc/guix.texi (Defining Packages): Use @code instead of @var where appropriate. --- doc/guix.texi | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index f5e31c5914..1b29833dba 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6207,7 +6207,7 @@ With luck, you may be able to import part or all of the definition of the package you are interested in from another repository, using the @code{guix import} command (@pxref{Invoking guix import}). -In the example above, @var{hello} is defined in a module of its own, +In the example above, @code{hello} is defined in a module of its own, @code{(gnu packages hello)}. Technically, this is not strictly necessary, but it is convenient to do so: all the packages defined in modules under @code{(gnu packages @dots{})} are automatically known to @@ -6240,7 +6240,7 @@ Scheme expression to modify the source code. @item @cindex GNU Build System The @code{build-system} field specifies the procedure to build the -package (@pxref{Build Systems}). Here, @var{gnu-build-system} +package (@pxref{Build Systems}). Here, @code{gnu-build-system} represents the familiar GNU Build System, where packages may be configured, built, and installed with the usual @code{./configure && make && make check && make install} command sequence. @@ -6252,7 +6252,7 @@ Utilities}, for more on this. @item The @code{arguments} field specifies options for the build system (@pxref{Build Systems}). Here it is interpreted by -@var{gnu-build-system} as a request run @file{configure} with the +@code{gnu-build-system} as a request run @file{configure} with the @option{--enable-silent-rules} flag. @cindex quote @@ -6276,8 +6276,8 @@ Reference Manual}). @item The @code{inputs} field specifies inputs to the build process---i.e., build-time or run-time dependencies of the package. Here, we define an -input called @code{"gawk"} whose value is that of the @var{gawk} -variable; @var{gawk} is itself bound to a @code{} object. +input called @code{"gawk"} whose value is that of the @code{gawk} +variable; @code{gawk} is itself bound to a @code{} object. @cindex backquote (quasiquote) @findex ` @@ -6294,7 +6294,7 @@ value in that list (@pxref{Expression Syntax, unquote,, guile, GNU Guile Reference Manual}). Note that GCC, Coreutils, Bash, and other essential tools do not need to -be specified as inputs here. Instead, @var{gnu-build-system} takes care +be specified as inputs here. Instead, @code{gnu-build-system} takes care of ensuring that they are present (@pxref{Build Systems}). However, any other dependencies need to be specified in the -- cgit 1.4.1 From 93c251818dcd2bf5f60f42e595504293ee83371a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Oct 2020 22:46:35 +0200 Subject: doc: More uses of @lisp instead of @example. * doc/guix.texi (G-Expressions): Use @lisp for 'let-system' example. * doc/contributing.texi (Synopses and Descriptions): Use @lisp for second example. --- doc/contributing.texi | 4 ++-- doc/guix.texi | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/contributing.texi b/doc/contributing.texi index 11a932a9bf..26a4627464 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -605,11 +605,11 @@ to make recommendations or instructions visible to them by inserting special comments like this (@pxref{xgettext Invocation,,, gettext, GNU Gettext}): -@example +@lisp ;; TRANSLATORS: "X11 resize-and-rotate" should not be translated. (description "ARandR is designed to provide a simple visual front end for the X11 resize-and-rotate (RandR) extension. @dots{}") -@end example +@end lisp @node Snippets versus Phases @subsection Snippets versus Phases diff --git a/doc/guix.texi b/doc/guix.texi index 1b29833dba..7eba12aa44 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -9396,7 +9396,7 @@ cross-compiling. @code{let-system} is useful in the occasional case where the object spliced into the gexp depends on the target system, as in this example: -@example +@lisp #~(system* #+(let-system system (cond ((string-prefix? "armhf-" system) @@ -9406,7 +9406,7 @@ spliced into the gexp depends on the target system, as in this example: (else (error "dunno!")))) "-net" "user" #$image) -@end example +@end lisp @end deffn @deffn {Scheme Syntax} with-parameters ((@var{parameter} @var{value}) @dots{}) @var{exp} -- cgit 1.4.1 From b8085fccf2289fb3c64f21d6c5f811afe00fcedf Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 20 Oct 2020 09:32:45 +0200 Subject: doc: Replace @example with @lisp in "Build Phases". * doc/guix.texi (Build Phases): Use @lisp for second example. --- doc/guix.texi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 7eba12aa44..cffd806363 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -7831,7 +7831,7 @@ Here is an example of a package definition that removes the phase before the @code{build} phase, called @code{set-prefix-in-makefile}: -@example +@lisp (define-public example (package (name "example") @@ -7850,7 +7850,7 @@ phase before the @code{build} phase, called (string-append "PREFIX = " out "\n"))) #true)))))))) -@end example +@end lisp The new phase that is inserted is written as an anonymous procedure, introduced with @code{lambda*}; it honors the @code{outputs} parameter -- cgit 1.4.1 From 6aeda81602555fbeac0c0a209e74f5262093b513 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 9 Oct 2020 18:17:41 +0200 Subject: guix build: Add '--with-debug-info'. * guix/scripts/build.scm (transform-package-with-debug-info): New procedure. (%transformations): Add 'with-debug-info'. (%transformation-options, show-transformation-options-help): Add '--with-debug-info'. * tests/scripts-build.scm ("options->transformation, with-debug-info"): New test. * doc/guix.texi (Package Transformation Options): Document '--with-debug-info'. (Installing Debugging Files): Introduce sections. Remove bit about eventual "opt-out" since this is not happening. Document '--with-debug-info' under "Rebuilding with Debugging Info". --- doc/guix.texi | 121 ++++++++++++++++++++++++++++++++++++++++++++++-- guix/scripts/build.scm | 40 ++++++++++++++++ tests/scripts-build.scm | 17 +++++++ 3 files changed, 173 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index cffd806363..b63e2b6e54 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -352,6 +352,11 @@ Defining Services * Service Reference:: API reference. * Shepherd Services:: A particular type of service. +Installing Debugging Files + +* Separate Debug Info:: Installing 'debug' outputs. +* Rebuilding Debug Info:: Building missing debug info. + Bootstrapping * Reduced Binary Seed Bootstrap:: A Bootstrap worthy of GNU. @@ -9884,6 +9889,37 @@ must be compatible. If @var{replacement} is somehow incompatible with @var{package}, then the resulting package may be unusable. Use with care! +@cindex debugging info, rebuilding +@item --with-debug-info=@var{package} +Build @var{package} in a way that preserves its debugging info and graft +it onto packages that depend on it. This is useful if @var{package} +does not already provide debugging info as a @code{debug} output +(@pxref{Installing Debugging Files}). + +For example, suppose you're experiencing a crash in Inkscape and would +like to see what's up in GLib, a library deep down in Inkscape's +dependency graph. GLib lacks a @code{debug} output, so debugging is +tough. Fortunately, you rebuild GLib with debugging info and tack it on +Inkscape: + +@example +guix install inkscape --with-debug-info=glib +@end example + +Only GLib needs to be recompiled so this takes a reasonable amount of +time. @xref{Installing Debugging Files}, for more info. + +@quotation Note +Under the hood, this option works by passing the @samp{#:strip-binaries? +#f} to the build system of the package of interest (@pxref{Build +Systems}). Most build systems support that option but some do not. In +that case, an error is raised. + +Likewise, if a C/C++ package is built without @code{-g} (which is rarely +the case), debugging info will remain unavailable even when +@code{#:strip-binaries?} is false. +@end quotation + @cindex tool chain, changing the build tool chain of a package @item --with-c-toolchain=@var{package}=@var{toolchain} This option changes the compilation of @var{package} and everything that @@ -31688,6 +31724,18 @@ typically written in the ELF format, with a section containing debugger, GDB, to map binary code to source code; it is required to debug a compiled program in good conditions. +This chapter explains how to use separate debug info when packages +provide it, and how to rebuild packages with debug info when it's +missing. + +@menu +* Separate Debug Info:: Installing 'debug' outputs. +* Rebuilding Debug Info:: Building missing debug info. +@end menu + +@node Separate Debug Info +@section Separate Debug Info + The problem with debugging information is that is takes up a fair amount of disk space. For example, debugging information for the GNU C Library weighs in at more than 60 MiB. Thus, as a user, keeping all the @@ -31737,12 +31785,75 @@ directory using the @code{directory} command (@pxref{Source Path, @c XXX: keep me up-to-date The @code{debug} output mechanism in Guix is implemented by the @code{gnu-build-system} (@pxref{Build Systems}). Currently, it is -opt-in---debugging information is available only for the packages -with definitions explicitly declaring a @code{debug} output. This may be -changed to opt-out in the future if our build farm servers can handle -the load. To check whether a package has a @code{debug} output, use -@command{guix package --list-available} (@pxref{Invoking guix package}). +opt-in---debugging information is available only for the packages with +definitions explicitly declaring a @code{debug} output. To check +whether a package has a @code{debug} output, use @command{guix package +--list-available} (@pxref{Invoking guix package}). + +Read on for how to deal with packages lacking a @code{debug} output. + +@node Rebuilding Debug Info +@section Rebuilding Debug Info + +@cindex debugging info, rebuilding +As we saw above, some packages, but not all, provide debugging info in a +@code{debug} output. What can you do when debugging info is missing? +The @option{--with-debug-info} option provides a solution to that: it +allows you to rebuild the package(s) for which debugging info is +missing---and only those---and to graft those onto the application +you're debugging. Thus, while it's not as fast as installing a +@code{debug} output, it is relatively inexpensive. + +Let's illustrate that. Suppose you're experiencing a bug in Inkscape +and would like to see what's going on in GLib, a library that's deep +down in its dependency graph. As it turns out, GLib does not have a +@code{debug} output and the backtrace GDB shows is all sadness: + +@example +(gdb) bt +#0 0x00007ffff5f92190 in g_getenv () + from /gnu/store/@dots{}-glib-2.62.6/lib/libglib-2.0.so.0 +#1 0x00007ffff608a7d6 in gobject_init_ctor () + from /gnu/store/@dots{}-glib-2.62.6/lib/libgobject-2.0.so.0 +#2 0x00007ffff7fe275a in call_init (l=, argc=argc@@entry=1, argv=argv@@entry=0x7fffffffcfd8, + env=env@@entry=0x7fffffffcfe8) at dl-init.c:72 +#3 0x00007ffff7fe2866 in call_init (env=0x7fffffffcfe8, argv=0x7fffffffcfd8, argc=1, l=) + at dl-init.c:118 +@end example + +To address that, you install Inkscape linked against a variant GLib that +contains debug info: + +@example +guix install inkscape --with-debug-info=glib +@end example + +This time, debugging will be a whole lot nicer: + +@example +$ gdb --args sh -c 'exec inkscape' +@dots{} +(gdb) b g_getenv +Function "g_getenv" not defined. +Make breakpoint pending on future shared library load? (y or [n]) y +Breakpoint 1 (g_getenv) pending. +(gdb) r +Starting program: /gnu/store/@dots{}-profile/bin/sh -c exec\ inkscape +@dots{} +(gdb) bt +#0 g_getenv (variable=variable@@entry=0x7ffff60c7a2e "GOBJECT_DEBUG") at ../glib-2.62.6/glib/genviron.c:252 +#1 0x00007ffff608a7d6 in gobject_init () at ../glib-2.62.6/gobject/gtype.c:4380 +#2 gobject_init_ctor () at ../glib-2.62.6/gobject/gtype.c:4493 +#3 0x00007ffff7fe275a in call_init (l=, argc=argc@@entry=3, argv=argv@@entry=0x7fffffffd088, + env=env@@entry=0x7fffffffd0a8) at dl-init.c:72 +@dots{} +@end example + +Much better! +Note that there can be packages for which @option{--with-debug-info} +will not have the desired effect. @xref{Package Transformation Options, +@option{--with-debug-info}}, for more information. @node Security Updates @chapter Security Updates diff --git a/guix/scripts/build.scm b/guix/scripts/build.scm index e59e0ee67f..6ca669d172 100644 --- a/guix/scripts/build.scm +++ b/guix/scripts/build.scm @@ -474,6 +474,40 @@ the equal sign." obj) obj))) +(define (transform-package-with-debug-info specs) + "Return a procedure that, when passed a package, set its 'replacement' field +to the same package but with #:strip-binaries? #f in its 'arguments' field." + (define (non-stripped p) + (package + (inherit p) + (arguments + (substitute-keyword-arguments (package-arguments p) + ((#:strip-binaries? _ #f) #f))))) + + (define (package-with-debug-info p) + (if (member "debug" (package-outputs p)) + p + (let loop ((p p)) + (match (package-replacement p) + (#f + (package + (inherit p) + (replacement (non-stripped p)))) + (next + (package + (inherit p) + (replacement (loop next)))))))) + + (define rewrite + (package-input-rewriting/spec (map (lambda (spec) + (cons spec package-with-debug-info)) + specs))) + + (lambda (store obj) + (if (package? obj) + (rewrite obj) + obj))) + (define (transform-package-tests specs) "Return a procedure that, when passed a package, sets #:tests? #f in its 'arguments' field." @@ -505,6 +539,7 @@ the equal sign." (with-commit . ,transform-package-source-commit) (with-git-url . ,transform-package-source-git-url) (with-c-toolchain . ,transform-package-toolchain) + (with-debug-info . ,transform-package-with-debug-info) (without-tests . ,transform-package-tests))) (define (transformation-procedure key) @@ -536,6 +571,8 @@ the equal sign." (parser 'with-git-url)) (option '("with-c-toolchain") #t #f (parser 'with-c-toolchain)) + (option '("with-debug-info") #t #f + (parser 'with-debug-info)) (option '("without-tests") #t #f (parser 'without-tests))))) @@ -561,6 +598,9 @@ the equal sign." (display (G_ " --with-c-toolchain=PACKAGE=TOOLCHAIN build PACKAGE and its dependents with TOOLCHAIN")) + (display (G_ " + --with-debug-info=PACKAGE + build PACKAGE and preserve its debug info")) (display (G_ " --without-tests=PACKAGE build PACKAGE without running its tests"))) diff --git a/tests/scripts-build.scm b/tests/scripts-build.scm index 6925374baa..3a49759567 100644 --- a/tests/scripts-build.scm +++ b/tests/scripts-build.scm @@ -348,6 +348,23 @@ (with-store store (eq? (t store p) p)))) +(test-equal "options->transformation, with-debug-info" + '(#:strip-binaries? #f) + (let* ((dep (dummy-package "chbouib")) + (p (dummy-package "thingie" + (build-system gnu-build-system) + (inputs `(("foo" ,dep) + ("bar" ,grep))))) + (t (options->transformation + '((with-debug-info . "chbouib"))))) + (with-store store + (let ((new (t store p))) + (match (package-inputs new) + ((("foo" dep0) ("bar" dep1)) + (and (string=? (package-full-name dep1) + (package-full-name grep)) + (package-arguments (package-replacement dep0))))))))) + (test-assert "options->transformation, without-tests" (let* ((dep (dummy-package "dep")) (p (dummy-package "foo" -- cgit 1.4.1 From 6701f64f7329cdbeda70bcaf38523c9098e5a938 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 12 Oct 2020 15:16:51 +0200 Subject: guix build: Move package transformation options behind '--help-transform'. This change declutters the '--help' output. * guix/scripts/build.scm (show-build-options-help) (%standard-build-options): Add '--help-transform'. (show-transformation-options-help): Make private. (show-help): Remove call to 'show-transformation-options-help'. * guix/scripts/build.scm (show-help): Likewise. * guix/scripts/environment.scm (show-help): Likewise. * guix/scripts/graph.scm (show-help): Likewise. * guix/scripts/install.scm (show-help): Likewise. * guix/scripts/pack.scm (show-help): Likewise. * guix/scripts/package.scm (show-help): Likewise. * guix/scripts/upgrade.scm (show-help): Likewise. * doc/guix.texi (Package Transformation Options): Mention '--help-transform'. --- doc/guix.texi | 5 +++++ guix/scripts/build.scm | 14 ++++++++++---- guix/scripts/environment.scm | 2 -- guix/scripts/graph.scm | 5 +---- guix/scripts/install.scm | 2 -- guix/scripts/pack.scm | 2 -- guix/scripts/package.scm | 2 -- guix/scripts/upgrade.scm | 2 -- 8 files changed, 16 insertions(+), 18 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index b63e2b6e54..dc48948700 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -9803,6 +9803,11 @@ Package transformation options are preserved across upgrades: @command{guix upgrade} attempts to apply transformation options initially used when creating the profile to the upgraded packages. +The available options are listed below. Most commands support them and +also support a @option{--help-transform} option that lists all the +available options and a synopsis (these options are not shown in the +@option{--help} output for brevity). + @table @code @item --with-source=@var{source} diff --git a/guix/scripts/build.scm b/guix/scripts/build.scm index 6ca669d172..f4a8af035b 100644 --- a/guix/scripts/build.scm +++ b/guix/scripts/build.scm @@ -65,7 +65,6 @@ %transformation-options options->transformation manifest-entry-with-transformations - show-transformation-options-help guix-build register-root @@ -717,6 +716,8 @@ options handled by 'set-build-options-from-command-line', and listed in -c, --cores=N allow the use of up to N CPU cores for the build")) (display (G_ " -M, --max-jobs=N allow at most N build jobs")) + (display (G_ " + --help-transform list package transformation options not shown here")) (display (G_ " --debug=LEVEL produce debugging output at LEVEL"))) @@ -853,7 +854,14 @@ use '--no-offload' instead~%"))) (if c (apply values (alist-cons 'max-jobs c result) rest) (leave (G_ "not a number: '~a' option argument: ~a~%") - name arg))))))) + name arg))))) + (option '("help-transform") #f #f + (lambda _ + (format #t + (G_ "Available package transformation options:~%")) + (show-transformation-options-help) + (newline) + (exit 0))))) ;;; @@ -910,8 +918,6 @@ Build the given PACKAGE-OR-DERIVATION and return their output paths.\n")) (newline) (show-build-options-help) (newline) - (show-transformation-options-help) - (newline) (display (G_ " -h, --help display this help and exit")) (display (G_ " diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index 085f11a9d4..91ce2af9bb 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -179,8 +179,6 @@ COMMAND or an interactive shell in that environment.\n")) (newline) (show-build-options-help) (newline) - (show-transformation-options-help) - (newline) (display (G_ " -h, --help display this help and exit")) (display (G_ " diff --git a/guix/scripts/graph.scm b/guix/scripts/graph.scm index d7a08a4fe1..0d11fc9795 100644 --- a/guix/scripts/graph.scm +++ b/guix/scripts/graph.scm @@ -35,8 +35,7 @@ #:use-module ((guix diagnostics) #:select (location-file formatted-message)) #:use-module ((guix scripts build) - #:select (show-transformation-options-help - options->transformation + #:select (options->transformation %standard-build-options %transformation-options)) #:use-module (srfi srfi-1) @@ -546,8 +545,6 @@ Emit a representation of the dependency graph of PACKAGE...\n")) (display (G_ " -L, --load-path=DIR prepend DIR to the package module search path")) (newline) - (show-transformation-options-help) - (newline) (display (G_ " -h, --help display this help and exit")) (display (G_ " diff --git a/guix/scripts/install.scm b/guix/scripts/install.scm index 894e60f9da..5aafe3bd6d 100644 --- a/guix/scripts/install.scm +++ b/guix/scripts/install.scm @@ -38,8 +38,6 @@ This is an alias for 'guix package -i'.\n")) (newline) (show-build-options-help) (newline) - (show-transformation-options-help) - (newline) (display (G_ " -h, --help display this help and exit")) (display (G_ " diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index 0b66da01f9..a5a70d5162 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -1043,8 +1043,6 @@ last resort for relocation." Create a bundle of PACKAGE.\n")) (show-build-options-help) (newline) - (show-transformation-options-help) - (newline) (display (G_ " -f, --format=FORMAT build a pack in the given FORMAT")) (display (G_ " diff --git a/guix/scripts/package.scm b/guix/scripts/package.scm index 2f04652634..ba62d98682 100644 --- a/guix/scripts/package.scm +++ b/guix/scripts/package.scm @@ -397,8 +397,6 @@ Install, remove, or upgrade packages in a single transaction.\n")) (newline) (show-build-options-help) (newline) - (show-transformation-options-help) - (newline) (display (G_ " -h, --help display this help and exit")) (display (G_ " diff --git a/guix/scripts/upgrade.scm b/guix/scripts/upgrade.scm index 5ec844328e..c4527d56d9 100644 --- a/guix/scripts/upgrade.scm +++ b/guix/scripts/upgrade.scm @@ -41,8 +41,6 @@ This is an alias for 'guix package -u'.\n")) (newline) (show-build-options-help) (newline) - (show-transformation-options-help) - (newline) (display (G_ " -h, --help display this help and exit")) (display (G_ " -- cgit 1.4.1 From 93576e4475c7f72a2f8aa05293244f9f669154a3 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 2 Oct 2020 19:05:36 +0100 Subject: doc: Add subheadings in to the Databases section. To make it clearer where the relevant documentation for a particular service starts and ends. * doc/guix.texi (Database Services): Add subheadings. --- doc/guix.texi | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index dc48948700..9a80555827 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18451,6 +18451,8 @@ details. @cindex SQL The @code{(gnu services databases)} module provides the following services. +@subsubheading PostgreSQL + @deffn {Scheme Procedure} postgresql-service [#:postgresql postgresql] @ [#:config-file] [#:data-directory ``/var/lib/postgresql/data''] @ [#:port 5432] [#:locale ``en_US.utf8''] [#:extension-packages '()] @@ -18516,6 +18518,8 @@ dblink as they are already loadable by postgresql. This field is only required to add extensions provided by other packages. @end deffn +@subsubheading MariaDB/MySQL + @deffn {Scheme Procedure} mysql-service [#:config (mysql-configuration)] Return a service that runs @command{mysqld}, the MySQL or MariaDB database server. @@ -18540,6 +18544,8 @@ TCP port on which the database server listens for incoming connections. @end table @end deftp +@subsubheading Memcached + @defvr {Scheme Variable} memcached-service-type This is the service type for the @uref{https://memcached.org/, Memcached} service, which provides a distributed in memory cache. The @@ -18572,6 +18578,8 @@ Additional command line options to pass to @code{memcached}. @end table @end deftp +@subsubheading MongoDB + @defvr {Scheme Variable} mongodb-service-type This is the service type for @uref{https://www.mongodb.com/, MongoDB}. The value for the service type is a @code{mongodb-configuration} object. @@ -18598,6 +18606,8 @@ MongoDB is configured to use through the configuration file. @end table @end deftp +@subsubheading Redis + @defvr {Scheme Variable} redis-service-type This is the service type for the @uref{https://redis.io/, Redis} key/value store, whose value is a @code{redis-configuration} object. -- cgit 1.4.1 From a698df72d37aa5173c357b7d1e3873d2c2c64c32 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 2 Oct 2020 19:06:50 +0100 Subject: services: databases: Deprecate the postgresql-service procedure. Using the service type directly is a better approach, making it easier to configure the service. * gnu/services/databases.scm (postgresql-service): Deprecate this procedure. * doc/guix.texi (PostgreSQL): Update the documentation for the use of (service postgresql-service-type). --- doc/guix.texi | 40 +++++++++++++++++++++++++++++++--------- gnu/services/databases.scm | 14 ++++++++------ 2 files changed, 39 insertions(+), 15 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 9a80555827..582ab0fd2b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18453,15 +18453,12 @@ The @code{(gnu services databases)} module provides the following services. @subsubheading PostgreSQL -@deffn {Scheme Procedure} postgresql-service [#:postgresql postgresql] @ - [#:config-file] [#:data-directory ``/var/lib/postgresql/data''] @ - [#:port 5432] [#:locale ``en_US.utf8''] [#:extension-packages '()] -Return a service that runs @var{postgresql}, the PostgreSQL database -server. +The following example describes a PostgreSQL service with the default +configuration. -The PostgreSQL daemon loads its runtime configuration from @var{config-file}, -creates a database cluster with @var{locale} as the default -locale, stored in @var{data-directory}. It then listens on @var{port}. +@lisp +(service postgresql-service-type) +@end lisp If the services fails to start, it may be due to an incompatible cluster already present in @var{data-directory}. Adjust it (or, if you @@ -18481,6 +18478,29 @@ createuser --interactive createdb $MY_USER_LOGIN # Replace appropriately. @end example +@deftp {Data Type} postgresql-configuration +Data type representing the configuration for the +@code{postgresql-service-type}. + +@table @asis +@item @var{postgresql} (default: @code{postgresql}) +PostgreSQL package to use for the service. + +@item @var{port} (default: @code{5432}) +Port on which PostgreSQL should listen. + +@item @var{locale} (default: @code{"en_US.utf8"}) +Locale to use as the default when creating the database cluster. + +@item @var{config-file} (default: @code{(postgresql-config-file)}) +The configuration file to use when running PostgreSQL. The default +behaviour uses the postgresql-config-file record with the default values +for the fields. + +@item @var{data-directory} (default: @code{"/var/lib/postgresql/data"}) +Directory in which to store the data. + +@item @var{extension-packages} (default: @code{'()}) @cindex postgresql extension-packages Additional extensions are loaded from packages listed in @var{extension-packages}. Extensions are available at runtime. For instance, @@ -18516,7 +18536,9 @@ psql -U postgres There is no need to add this field for contrib extensions such as hstore or dblink as they are already loadable by postgresql. This field is only required to add extensions provided by other packages. -@end deffn + +@end table +@end deftp @subsubheading MariaDB/MySQL diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 2bddf70f71..7908a3e0f6 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -30,6 +30,7 @@ #:use-module (gnu packages databases) #:use-module (guix build-system trivial) #:use-module (guix build union) + #:use-module (guix deprecation) #:use-module (guix modules) #:use-module (guix packages) #:use-module (guix records) @@ -281,12 +282,13 @@ host all all ::1/128 md5")) (compose list postgresql-configuration-postgresql)))) (default-value (postgresql-configuration)))) -(define* (postgresql-service #:key (postgresql postgresql) - (port 5432) - (locale "en_US.utf8") - (config-file (postgresql-config-file)) - (data-directory "/var/lib/postgresql/data") - (extension-packages '())) +(define-deprecated (postgresql-service #:key (postgresql postgresql) + (port 5432) + (locale "en_US.utf8") + (config-file (postgresql-config-file)) + (data-directory "/var/lib/postgresql/data") + (extension-packages '())) + postgresql-service-type "Return a service that runs @var{postgresql}, the PostgreSQL database server. The PostgreSQL daemon loads its runtime configuration from @var{config-file} -- cgit 1.4.1 From bdcf4d88d58798eca7811c8b1fbd4638168d05c3 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 2 Oct 2020 19:15:44 +0100 Subject: services: databases: Don't specify a default postgresql version. Currently, if the postgresql package major version changes, this is going to break the service upon upgrade, because PostgreSQL will reject the data files from the differing major version of the service. Because it's important to either keep running a particular major version, or intentionally upgrade, I think the configuration would be better with no default. I think this is also going to be helpful when trying to assist users upgrading PostgreSQL. * gnu/services/databases.scm (): Remove default for postgresql. (postgresql-service-type): Remove the default value. * gnu/tests/databases.scm (%postgresql-os): Update accordingly. * gnu/tests/guix.scm (%guix-data-service-os): Update accordingly. * gnu/tests/monitoring.scm (%zabbix-os): Update accordingly. * gnu/tests/web.scm (patchwork-os): Update accordingly. * doc/guix.texi (PostgreSQL): Update accordingly. --- doc/guix.texi | 6 ++++-- gnu/services/databases.scm | 6 ++---- gnu/tests/databases.scm | 4 +++- gnu/tests/guix.scm | 1 + gnu/tests/monitoring.scm | 4 +++- gnu/tests/web.scm | 4 +++- 6 files changed, 16 insertions(+), 9 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 582ab0fd2b..05111d4327 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18457,7 +18457,9 @@ The following example describes a PostgreSQL service with the default configuration. @lisp -(service postgresql-service-type) +(service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10))) @end lisp If the services fails to start, it may be due to an incompatible @@ -18483,7 +18485,7 @@ Data type representing the configuration for the @code{postgresql-service-type}. @table @asis -@item @var{postgresql} (default: @code{postgresql}) +@item @var{postgresql} PostgreSQL package to use for the service. @item @var{port} (default: @code{5432}) diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 7908a3e0f6..d7b4594b9e 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -147,8 +147,7 @@ host all all ::1/128 md5")) (define-record-type* postgresql-configuration make-postgresql-configuration postgresql-configuration? - (postgresql postgresql-configuration-postgresql ; - (default postgresql)) + (postgresql postgresql-configuration-postgresql) ; (port postgresql-configuration-port (default 5432)) (locale postgresql-configuration-locale @@ -279,8 +278,7 @@ host all all ::1/128 md5")) (service-extension account-service-type (const %postgresql-accounts)) (service-extension profile-service-type - (compose list postgresql-configuration-postgresql)))) - (default-value (postgresql-configuration)))) + (compose list postgresql-configuration-postgresql)))))) (define-deprecated (postgresql-service #:key (postgresql postgresql) (port 5432) diff --git a/gnu/tests/databases.scm b/gnu/tests/databases.scm index e0544bbcd2..d3045cc3f7 100644 --- a/gnu/tests/databases.scm +++ b/gnu/tests/databases.scm @@ -215,7 +215,9 @@ (define %postgresql-os (simple-operating-system - (service postgresql-service-type))) + (service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10))))) (define (run-postgresql-test) "Run tests in %POSTGRESQL-OS." diff --git a/gnu/tests/guix.scm b/gnu/tests/guix.scm index 20b67d55d3..af7d8f0b21 100644 --- a/gnu/tests/guix.scm +++ b/gnu/tests/guix.scm @@ -156,6 +156,7 @@ (service dhcp-client-service-type) (service postgresql-service-type (postgresql-configuration + (postgresql postgresql-10) (config-file (postgresql-config-file (hba-file diff --git a/gnu/tests/monitoring.scm b/gnu/tests/monitoring.scm index 17b9edc3ac..7371b02fe1 100644 --- a/gnu/tests/monitoring.scm +++ b/gnu/tests/monitoring.scm @@ -307,7 +307,9 @@ zabbix||{} (let ((base-os (simple-operating-system (service dhcp-client-service-type) - (service postgresql-service-type) + (service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10))) (service zabbix-front-end-service-type (zabbix-front-end-configuration (db-password "zabbix"))) diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm index 7513eab2e4..7f4518acd2 100644 --- a/gnu/tests/web.scm +++ b/gnu/tests/web.scm @@ -567,7 +567,9 @@ HTTP-PORT." (config (httpd-config-file (listen '("8080")))))) - (service postgresql-service-type) + (service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10))) (service patchwork-service-type (patchwork-configuration (patchwork patchwork) -- cgit 1.4.1 From 8fe7c89f0c618075d8a31d997bd3eb86e6999f9d Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 20 Oct 2020 23:19:48 +0200 Subject: doc: Cookbook links to /manual/devel, not /manual. Since the Cookbook is built from the 'master' branch, it should point to the manual from that same branch. * doc/build.scm (guix-mono-node-indexes, guix-split-node-indexes): Link to /manual/devel when %MANUAL is not "guix". --- doc/build.scm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/build.scm b/doc/build.scm index 7d17a16d2a..d77fc0a700 100644 --- a/doc/build.scm +++ b/doc/build.scm @@ -1198,7 +1198,8 @@ by 'html-identifier-indexes'." #:manual-name "guix" #:base-url (if (string=? %manual "guix") (const "") - (cut string-append "/manual/" <>)) + (cut string-append + "/manual/devel/" <>)) #:languages %languages)) (define guix-split-node-indexes @@ -1207,8 +1208,9 @@ by 'html-identifier-indexes'." #:manual-name "guix" #:base-url (if (string=? %manual "guix") (const "") - (cut string-append "/manual/" <> - "/html_node")) + (cut string-append + "/manual/devel/" <> + "/html_node")) #:languages %languages)) (define mono-node-indexes -- cgit 1.4.1 From 481d2fbb912bc2cdad7ef97f2f1c26a0e33e6534 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 20 Oct 2020 23:48:04 +0200 Subject: doc: Fix typo in 'git-fetch' description. * doc/guix.texi (origin Reference): Replace "git-download" with "git-fetch" in one sentence. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 05111d4327..92bf290592 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6743,7 +6743,7 @@ corresponding file name in the store. @end deffn Likewise, the @code{(guix git-download)} module defines the -@code{git-download} origin method, which fetches data from a Git version +@code{git-fetch} origin method, which fetches data from a Git version control repository, and the @code{git-reference} data type to describe the repository and revision to fetch. -- cgit 1.4.1 From 004a9455f9fccfdd9a9af3d3312e6d0d2779d6a8 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 21 Oct 2020 17:19:58 +0200 Subject: doc: Fix typo in 'avahi-service-type' description. * doc/guix.texi (Networking Services): Change "zero-configuration" to "avahi-configuration". --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 92bf290592..5116de5e8c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16354,7 +16354,7 @@ The @code{(gnu services avahi)} provides the following definition. This is the service that runs @command{avahi-daemon}, a system-wide mDNS/DNS-SD responder that allows for service discovery and ``zero-configuration'' host name lookups (see @uref{https://avahi.org/}). -Its value must be a @code{zero-configuration} record---see below. +Its value must be an @code{avahi-configuration} record---see below. This service extends the name service cache daemon (nscd) so that it can resolve @code{.local} host names using -- cgit 1.4.1 From 2c9f6ff2ae51e024ecf6b2338c924b3a2028b302 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 21 Oct 2020 17:26:48 +0200 Subject: doc: Add an entry for the 'keyboard-layout' procedure. * doc/guix.texi (Keyboard Layout): Add @deffn entry for 'keyboard-layout'. --- doc/guix.texi | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 5116de5e8c..982b82e17f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13726,7 +13726,18 @@ the X Keyboard extension (XKB), each layout has four attributes: a name (often a language code such as ``fi'' for Finnish or ``jp'' for Japanese), an optional variant name, an optional keyboard model name, and a possibly empty list of additional options. In most cases the layout name is all you care -about. Here are a few example: +about. + +@deffn {Scheme Procedure} keyboard-layout @var{name} [@var{variant}] @ + [#:model] [#:options '()] +Return a new keyboard layout with the given @var{name} and @var{variant}. + +@var{name} must be a string such as @code{"fr"}; @var{variant} must be a +string such as @code{"bepo"} or @code{"nodeadkeys"}. See the +@code{xkeyboard-config} package for valid options. +@end deffn + +Here are a few examples: @lisp ;; The German QWERTZ layout. Here we assume a standard -- cgit 1.4.1 From 720fce6daef2763ded98817a0e31653d22e88e8b Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 21 Oct 2020 17:29:48 +0200 Subject: doc: Capitalize "Hurd" in 'operating-system' reference. * doc/guix.texi (operating-system Reference): Capitalize "Hurd". --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 982b82e17f..a8a4e1a0af 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12857,7 +12857,7 @@ available when building a virtual machine disk image.}. @cindex hurd @item @code{hurd} (default: @code{#f}) -The package object of the hurd to be started by the kernel. When this +The package object of the Hurd to be started by the kernel. When this field is set, produce a GNU/Hurd operating system. In that case, @code{kernel} must also be set to the @code{gnumach} package---the microkernel the Hurd runs on. -- cgit 1.4.1 From 3ddc47bc07439ab526013031f8e052e4c8c7cd92 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 21 Oct 2020 23:28:03 +0200 Subject: doc: Move documentation of singularity-service-type. Fixes . * doc/guix.texi: Move documentation of singularity-service-type from "Auditd Service" heading to "Docker Service" heading. --- doc/guix.texi | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index a8a4e1a0af..fa6251e8e1 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -29258,6 +29258,18 @@ Enable or disable the addition of iptables rules. @end table @end deftp +@cindex Singularity, container service +@defvr {Scheme Variable} singularity-service-type +This is the type of the service that allows you to run +@url{https://www.sylabs.io/singularity/, Singularity}, a Docker-style tool to +create and run application bundles (aka. ``containers''). The value for this +service is the Singularity package to use. + +The service does not install a daemon; instead, it installs helper programs as +setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke +@command{singularity run} and similar commands. +@end defvr + @cindex Audit @subsubheading Auditd Service @@ -29314,17 +29326,6 @@ instantiate on startup. @end table @end deftp -@defvr {Scheme Variable} singularity-service-type -This is the type of the service that allows you to run -@url{https://www.sylabs.io/singularity/, Singularity}, a Docker-style tool to -create and run application bundles (aka. ``containers''). The value for this -service is the Singularity package to use. - -The service does not install a daemon; instead, it installs helper programs as -setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke -@command{singularity run} and similar commands. -@end defvr - @cindex rshiny @subsubheading R-Shiny service -- cgit 1.4.1 From 59bb1ae3a9aeae75a75b20090253613a7a8800d8 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 12 Oct 2020 21:47:14 +0200 Subject: git: Require Guile-Git 0.3.0 or later. * guix/git.scm (auth-supported?): Remove. (clone*): Inline code that was dependent on AUTH-SUPPORTED?. (update-cached-checkout): Likewise. (resolve-reference): Remove check for 'object-lookup-prefix' and use it unconditionally. (load-git-submodules): Remove. (update-submodules): Use 'repository-submodules', 'submodule-lookup', etc. unconditionally. (update-cached-checkout): Use 'repository-close!' unconditionally. * m4/guix.m4 (GUIX_CHECK_GUILE_GIT): New macro. * configure.ac: Use it and error out when it fails. * doc/guix.texi (Requirements): Bump to Guile-Git 0.3.0. --- configure.ac | 5 ++++ doc/guix.texi | 4 +-- guix/git.scm | 86 +++++++++++++++++------------------------------------------ m4/guix.m4 | 22 +++++++++++++++ 4 files changed, 53 insertions(+), 64 deletions(-) (limited to 'doc') diff --git a/configure.ac b/configure.ac index 6861112eaf..6e718afdd1 100644 --- a/configure.ac +++ b/configure.ac @@ -144,6 +144,11 @@ if test "x$guix_cv_have_recent_guile_gcrypt" != "xyes"; then AC_MSG_ERROR([A recent Guile-Gcrypt could not be found; please install it.]) fi +GUIX_CHECK_GUILE_GIT +if test "x$guix_cv_have_recent_guile_git" != "xyes"; then + AC_MSG_ERROR([A recent Guile-Git could not be found; please install it.]) +fi + dnl Check for Guile-zlib. GUILE_MODULE_AVAILABLE([have_guile_zlib], [(zlib)]) if test "x$have_guile_zlib" != "xyes"; then diff --git a/doc/guix.texi b/doc/guix.texi index fa6251e8e1..b5061877e2 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -826,8 +826,8 @@ or later; @item @uref{https://notabug.org/guile-lzlib/guile-lzlib, Guile-lzlib}; @item @c FIXME: Specify a version number once a release has been made. -@uref{https://gitlab.com/guile-git/guile-git, Guile-Git}, from August -2017 or later; +@uref{https://gitlab.com/guile-git/guile-git, Guile-Git}, version 0.3.0 +or later; @item @uref{https://savannah.nongnu.org/projects/guile-json/, Guile-JSON} 4.3.0 or later; @item @url{https://www.gnu.org/software/make/, GNU Make}. diff --git a/guix/git.scm b/guix/git.scm index 637936c16a..cfb8d626f5 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -20,6 +20,7 @@ (define-module (guix git) #:use-module (git) #:use-module (git object) + #:use-module (git submodule) #:use-module (guix i18n) #:use-module (guix base32) #:use-module (gcrypt hash) @@ -116,10 +117,6 @@ the 'SSL_CERT_FILE' and 'SSL_CERT_DIR' environment variables." (string-append "R:" url) url)))))) -;; Authentication appeared in Guile-Git 0.3.0, check if it is available. -(define auth-supported? - (false-if-exception (resolve-interface '(git auth)))) - (define (clone* url directory) "Clone git repository at URL into DIRECTORY. Upon failure, make sure no empty directory is left behind." @@ -127,18 +124,10 @@ make sure no empty directory is left behind." (lambda () (mkdir-p directory) - ;; Note: Explicitly pass options to work around the invalid default - ;; value in Guile-Git: . - (if (module-defined? (resolve-interface '(git)) - 'clone-init-options) - (let ((auth-method (and auth-supported? - (%make-auth-ssh-agent)))) - (clone url directory - (if auth-supported? - (make-clone-options - #:fetch-options (make-fetch-options auth-method)) - (clone-init-options)))) - (clone url directory))) + (let ((auth-method (%make-auth-ssh-agent))) + (clone url directory + (make-clone-options + #:fetch-options (make-fetch-options auth-method))))) (lambda _ (false-if-exception (rmdir directory))))) @@ -167,12 +156,7 @@ corresponding Git object." ;; read out-of-bounds when passed a string shorter than 40 chars, ;; which is why we delay calls to it below. (if (< len 40) - (if (module-defined? (resolve-interface '(git object)) - 'object-lookup-prefix) - (object-lookup-prefix repository (string->oid commit) len) - (raise (condition - (&message - (message "long Git object ID is required"))))) + (object-lookup-prefix repository (string->oid commit) len) (object-lookup repository (string->oid commit))))) (('tag-or-commit . str) (if (or (> (string-length str) 40) @@ -234,40 +218,23 @@ dynamic extent of EXP." (lambda (key err) (report-git-error err)))) -(define (load-git-submodules) - "Attempt to load (git submodules), which was missing until Guile-Git 0.2.0. -Return true on success, false on failure." - (match (false-if-exception (resolve-interface '(git submodule))) - (#f - (set! load-git-submodules (const #f)) - #f) - (iface - (module-use! (resolve-module '(guix git)) iface) - (set! load-git-submodules (const #t)) - #t))) - (define* (update-submodules repository #:key (log-port (current-error-port))) "Update the submodules of REPOSITORY, a Git repository object." - ;; Guile-Git < 0.2.0 did not have (git submodule). - (if (load-git-submodules) - (for-each (lambda (name) - (let ((submodule (submodule-lookup repository name))) - (format log-port (G_ "updating submodule '~a'...~%") - name) - (submodule-update submodule) - - ;; Recurse in SUBMODULE. - (let ((directory (string-append - (repository-working-directory repository) - "/" (submodule-path submodule)))) - (with-repository directory repository - (update-submodules repository - #:log-port log-port))))) - (repository-submodules repository)) - (format (current-error-port) - (G_ "Support for submodules is missing; \ -please upgrade Guile-Git.~%")))) + (for-each (lambda (name) + (let ((submodule (submodule-lookup repository name))) + (format log-port (G_ "updating submodule '~a'...~%") + name) + (submodule-update submodule) + + ;; Recurse in SUBMODULE. + (let ((directory (string-append + (repository-working-directory repository) + "/" (submodule-path submodule)))) + (with-repository directory repository + (update-submodules repository + #:log-port log-port))))) + (repository-submodules repository))) (define-syntax-rule (false-if-git-not-found exp) "Evaluate EXP, returning #false if a GIT_ENOTFOUND error is raised." @@ -331,12 +298,9 @@ it unchanged." ;; Only fetch remote if it has not been cloned just before. (when (and cache-exists? (not (reference-available? repository ref))) - (if auth-supported? - (let ((auth-method (and auth-supported? - (%make-auth-ssh-agent)))) - (remote-fetch (remote-lookup repository "origin") - #:fetch-options (make-fetch-options auth-method))) - (remote-fetch (remote-lookup repository "origin")))) + (let ((auth-method (%make-auth-ssh-agent))) + (remote-fetch (remote-lookup repository "origin") + #:fetch-options (make-fetch-options auth-method)))) (when recursive? (update-submodules repository #:log-port log-port)) @@ -359,9 +323,7 @@ it unchanged." ;; Reclaim file descriptors and memory mappings associated with ;; REPOSITORY as soon as possible. - (when (module-defined? (resolve-interface '(git repository)) - 'repository-close!) - (repository-close! repository)) + (repository-close! repository) (values cache-directory (oid->string oid) relation))))) diff --git a/m4/guix.m4 b/m4/guix.m4 index 2fcc65e039..4fa7cdf737 100644 --- a/m4/guix.m4 +++ b/m4/guix.m4 @@ -204,6 +204,28 @@ AC_DEFUN([GUIX_CHECK_GUILE_GCRYPT], [ fi]) ]) +dnl GUIX_CHECK_GUILE_GIT +dnl +dnl Check whether a recent-enough Guile-Git is available. +AC_DEFUN([GUIX_CHECK_GUILE_GIT], [ + dnl Check whether we're using Guile-Git 0.3.0 or later. 0.3.0 + dnl introduced SSH authentication support and more. + AC_CACHE_CHECK([whether Guile-Git is available and recent enough], + [guix_cv_have_recent_guile_git], + [GUILE_CHECK([retval], + [(use-modules (git) (git auth) (git submodule)) + (let ((auth (%make-auth-ssh-agent))) + repository-close! + object-lookup-prefix + (make-clone-options + #:fetch-options (make-fetch-options auth)))]) + if test "$retval" = 0; then + guix_cv_have_recent_guile_git="yes" + else + guix_cv_have_recent_guile_git="no" + fi]) +]) + dnl GUIX_TEST_ROOT_DIRECTORY AC_DEFUN([GUIX_TEST_ROOT_DIRECTORY], [ AC_CACHE_CHECK([for unit test root directory], -- cgit 1.4.1 From ef6596a20cac24dbfd729098f2a903f00f4e33e2 Mon Sep 17 00:00:00 2001 From: Miguel Ángel Arruga Vivas Date: Sat, 24 Oct 2020 14:35:09 +0200 Subject: build: Add GUIX_GIT_KEYRING variable for make authenticate. * Makefile.am (GUIX_GIT_KEYRING): New variable. (authenticate): Use GUIX_GIT_KEYRING to select the keyring branch reference. * doc/contributing.texi (Building from Git): Add an example about the use of GUIX_GIT_KEYRING. --- Makefile.am | 2 ++ doc/contributing.texi | 10 ++++++++++ 2 files changed, 12 insertions(+) (limited to 'doc') diff --git a/Makefile.am b/Makefile.am index c509562567..e6cef9ec1a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -666,9 +666,11 @@ channel_intro_commit = 9edb3f66fd807b096b48283debdcddccfea34bad channel_intro_signer = BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA # Authenticate the current Git checkout by checking signatures on every commit. +GUIX_GIT_KEYRING = origin/keyring authenticate: $(AM_V_at)echo "Authenticating Git checkout..." ; \ guix git authenticate \ + --keyring=$(GUIX_GIT_KEYRING) \ --cache-key=channels/guix --stats \ "$(channel_intro_commit)" "$(channel_intro_signer)" diff --git a/doc/contributing.texi b/doc/contributing.texi index 26a4627464..d3f6325c3f 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -140,6 +140,16 @@ make authenticate The first run takes a couple of minutes, but subsequent runs are faster. +Or, when your configuration for your local Git repository doesn't match +the default one, you can provide the reference for the @code{keyring} +branch through the variable @code{GUIX_GIT_KEYRING}. The following +example assumes that you have a Git remote called @samp{myremote} +pointing to the official repository: + +@example +make authenticate GUIX_GIT_KEYRING=myremote/keyring +@end example + @quotation Note You are advised to run @command{make authenticate} after every @command{git pull} invocation. This ensures you keep receiving valid -- cgit 1.4.1 From 3b6e4e5fd05e72b8a32ff1a2d5e21464260e21e6 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 21 Oct 2020 16:17:26 +0200 Subject: services: guix: Make /etc/guix/acl really declarative by default. Fixes . Reported by Maxim Cournoyer . * gnu/services/base.scm (substitute-key-authorization): Symlink DEFAULT-ACL to /etc/guix/acl unconditionally. Add code to optionally back up /etc/guix/acl if it was possibly modified by hand. * doc/guix.texi (Base Services): Clarify the effect of setting 'authorize-keys?' to true. Mention the backup. Give an example showing how to authorize substitutes from another server. --- doc/guix.texi | 36 ++++++++++++++++++++++++++++++++++++ gnu/services/base.scm | 16 ++++++++++++---- gnu/services/virtualization.scm | 11 ++++++++++- 3 files changed, 58 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index b5061877e2..f2fc567865 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14582,11 +14582,26 @@ Whether to authorize the substitute keys listed in @code{authorized-keys}---by default that of @code{@value{SUBSTITUTE-SERVER}} (@pxref{Substitutes}). +When @code{authorize-key?} is true, @file{/etc/guix/acl} cannot be +changed by invoking @command{guix archive --authorize}. You must +instead adjust @code{guix-configuration} as you wish and reconfigure the +system. This ensures that your operating system configuration file is +self-contained. + +@quotation Note +When booting or reconfiguring to a system where @code{authorize-key?} +is true, the existing @file{/etc/guix/acl} file is backed up as +@file{/etc/guix/acl.bak} if it was determined to be a manually modified +file. This is to facilitate migration from earlier versions, which +allowed for in-place modifications to @file{/etc/guix/acl}. +@end quotation + @vindex %default-authorized-guix-keys @item @code{authorized-keys} (default: @code{%default-authorized-guix-keys}) The list of authorized key files for archive imports, as a list of string-valued gexps (@pxref{Invoking guix archive}). By default, it contains that of @code{@value{SUBSTITUTE-SERVER}} (@pxref{Substitutes}). +See @code{substitute-urls} below for an example on how to change it. @item @code{use-substitutes?} (default: @code{#t}) Whether to use substitutes. @@ -14594,6 +14609,27 @@ Whether to use substitutes. @item @code{substitute-urls} (default: @code{%default-substitute-urls}) The list of URLs where to look for substitutes by default. +Suppose you would like to fetch substitutes from @code{guix.example.org} +in addition to @code{@value{SUBSTITUTE-SERVER}}. You will need to do +two things: (1) add @code{guix.example.org} to @code{substitute-urls}, +and (2) authorize its signing key, having done appropriate checks +(@pxref{Substitute Server Authorization}). The configuration below does +exactly that: + +@lisp +(guix-configuration + (substitute-urls + (append (list "https://guix.example.org") + %default-substitute-urls)) + (authorized-keys + (append (list (local-file "./guix.example.org-key.pub")) + %default-authorized-guix-keys))) +@end lisp + +This example assumes that the file @file{./guix.example.org-key.pub} +contains the public key that @code{guix.example.org} uses to sign +substitutes. + @item @code{max-silent-time} (default: @code{0}) @itemx @code{timeout} (default: @code{0}) The number of seconds of silence and the number of seconds of activity, diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 04bc991356..37b0a13ea7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1476,10 +1476,18 @@ archive' public keys, with GUIX." #~(begin (use-modules (guix build utils)) - (unless (file-exists? "/etc/guix/acl") - (mkdir-p "/etc/guix") - (copy-file #+default-acl "/etc/guix/acl") - (chmod "/etc/guix/acl" #o600))))) + ;; If the ACL already exists, move it out of the way. Create a backup + ;; if it's a regular file: it's likely that the user manually updated + ;; it with 'guix archive --authorize'. + (if (file-exists? "/etc/guix/acl") + (if (and (symbolic-link? "/etc/guix/acl") + (store-file-name? (readlink "/etc/guix/acl"))) + (delete-file "/etc/guix/acl") + (rename-file "/etc/guix/acl" "/etc/guix/acl.bak")) + (mkdir-p "/etc/guix")) + + ;; Installed the declared ACL. + (symlink #+default-acl "/etc/guix/acl")))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index edd0b644f5..eaf0bbde43 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -875,7 +875,16 @@ that will be listening to receive secret keys on port 1004, TCP." (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) - %base-services/hurd)))) + + ;; By default, the secret service introduces a pre-initialized + ;; /etc/guix/acl file in the childhurd. Thus, clear + ;; 'authorize-key?' so that it's not overridden at activation + ;; time. + (modify-services %base-services/hurd + (guix-service-type config => + (guix-configuration + (inherit config) + (authorize-key? #f)))))))) (define-record-type* hurd-vm-configuration make-hurd-vm-configuration -- cgit 1.4.1 From c6ef627c97e5e6a94688baf20892ae3429f86897 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 21 Oct 2020 17:06:07 +0200 Subject: doc: Add "Getting Substitutes from Other Servers" section. * doc/guix.texi (Getting Substitutes from Other Servers): New node. (Invoking guix-daemon): Add cross-reference. (Substitute Server Authorization): Clarify that this is unnecessary on Guix System. (Invoking guix publish): Add cross-reference. --- doc/guix.texi | 122 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 115 insertions(+), 7 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index f2fc567865..efb4ea1c47 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -222,6 +222,7 @@ Substitutes * Official Substitute Server:: One particular source of substitutes. * Substitute Server Authorization:: How to enable or disable substitutes. +* Getting Substitutes from Other Servers:: Substitute diversity. * Substitute Authentication:: How Guix verifies substitutes. * Proxy Settings:: How to get substitutes via proxy. * Substitution Failure:: What happens when substitution fails. @@ -1467,8 +1468,8 @@ When the daemon runs with @option{--no-substitutes}, clients can still explicitly enable substitution @i{via} the @code{set-build-options} remote procedure call (@pxref{The Store}). -@item --substitute-urls=@var{urls} @anchor{daemon-substitute-urls} +@item --substitute-urls=@var{urls} Consider @var{urls} the default whitespace-separated list of substitute source URLs. When this option is omitted, @indicateurl{https://@value{SUBSTITUTE-SERVER}} is used. @@ -1476,6 +1477,9 @@ source URLs. When this option is omitted, This means that substitutes may be downloaded from @var{urls}, as long as they are signed by a trusted signature (@pxref{Substitutes}). +@xref{Getting Substitutes from Other Servers}, for more information on +how to configure the daemon to get substitutes from other servers. + @cindex offloading @item --no-offload Do not use offload builds to other machines (@pxref{Daemon Offload @@ -3554,6 +3558,7 @@ also result from derivation builds, can be available as substitutes. @menu * Official Substitute Server:: One particular source of substitutes. * Substitute Server Authorization:: How to enable or disable substitutes. +* Getting Substitutes from Other Servers:: Substitute diversity. * Substitute Authentication:: How Guix verifies substitutes. * Proxy Settings:: How to get substitutes via proxy. * Substitution Failure:: What happens when substitution fails. @@ -3603,6 +3608,11 @@ imports, using the @command{guix archive} command (@pxref{Invoking guix archive}). Doing so implies that you trust @code{@value{SUBSTITUTE-SERVER}} to not be compromised and to serve genuine substitutes. +@quotation Note +If you are using Guix System, you can skip this section: Guix System +authorizes substitutes from @code{@value{SUBSTITUTE-SERVER}} by default. +@end quotation + The public key for @code{@value{SUBSTITUTE-SERVER}} is installed along with Guix, in @code{@var{prefix}/share/guix/@value{SUBSTITUTE-SERVER}.pub}, where @var{prefix} is the installation prefix of Guix. If you installed Guix from source, @@ -3653,6 +3663,108 @@ guix-daemon}). It can also be disabled temporarily by passing the @option{--no-substitutes} option to @command{guix package}, @command{guix build}, and other command-line tools. +@node Getting Substitutes from Other Servers +@subsection Getting Substitutes from Other Servers + +@cindex substitute servers, adding more +Guix can look up and fetch substitutes from several servers. This is +useful when you are using packages from additional channels for which +the official server does not have substitutes but another server +provides them. Another situation where this is useful is when you would +prefer to download from your organization's substitute server, resorting +to the official server only as a fallback or dismissing it altogether. + +You can give Guix a list of substitute server URLs and it will check +them in the specified order. You also need to explicitly authorize the +public keys of substitute servers to instruct Guix to accept the +substitutes they sign. + +On Guix System, this is achieved by modifying the configuration of the +@code{guix} service. Since the @code{guix} service is part of the +default lists of services, @code{%base-services} and +@code{%desktop-services}, you can use @code{modify-services} to change +its configuration and add the URLs and substitute keys that you want +(@pxref{Service Reference, @code{modify-services}}). + +As an example, suppose you want to fetch substitutes from +@code{guix.example.org} and to authorize the signing key of that server, +in addition to the default @code{@value{SUBSTITUTE-SERVER}}. The +resulting operating system configuration will look something like: + +@lisp +(operating-system + ;; @dots{} + (services + ;; Assume we're starting from '%desktop-services'. Replace it + ;; with the list of services you're actually using. + (modify-services %desktop-services + (guix-service-type config => + (guix-configuration + (inherit config) + (substitute-urls + (append (list "https://guix.example.org") + %default-substitute-urls)) + (authorized-keys + (append (list (local-file "./key.pub")) + %default-authorized-guix-keys))))))) +@end lisp + +This assumes that the file @file{key.pub} contains the signing key of +@code{guix.example.org}. With this change in place in your operating +system configuration file (say @file{/etc/config.scm}), you can +reconfigure and restart the @code{guix-daemon} service or reboot so the +changes take effect: + +@example +$ sudo guix system reconfigure /etc/config.scm +$ sudo herd restart guix-daemon +@end example + +If you're running Guix on a ``foreign distro'', you would instead take +the following steps to get substitutes from additional servers: + +@enumerate +@item +Edit the service configuration file for @code{guix-daemon}; when using +systemd, this is normally +@file{/etc/systemd/system/guix-daemon.service}. Add the +@option{--substitute-urls} option on the @command{guix-daemon} command +line and list the URLs of interest (@pxref{daemon-substitute-urls, +@code{guix-daemon --substitute-urls}}): + +@example +@dots{} --substitute-urls='https://guix.example.org https://@value{SUBSTITUTE-SERVER}' +@end example + +@item +Restart the daemon. For systemd, it goes like this: + +@example +systemctl daemon-reload +systemctl restart guix-daemon.service +@end example + +@item +Authorize the key of the new server (@pxref{Invoking guix archive}): + +@example +guix archive --authorize < key.pub +@end example + +Again this assumes @file{key.pub} contains the public key that +@code{guix.example.org} uses to sign substitutes. +@end enumerate + +Now you're all set! Substitutes will be preferably taken from +@code{https://guix.example.org}, using @code{@value{SUBSTITUTE-SERVER}} +as a fallback. Of course you can list as many substitute servers as you +like, with the caveat that substitute lookup can be slowed down if too +many servers need to be contacted. + +Note that there are also situations where one may want to add the URL of +a substitute server @emph{without} authorizing its key. +@xref{Substitute Authentication}, to understand this fine point. + @node Substitute Authentication @subsection Substitute Authentication @@ -11873,12 +11985,8 @@ spawn an HTTP server on port 8080: guix publish @end example -Once a publishing server has been authorized (@pxref{Invoking guix -archive}), the daemon may download substitutes from it: - -@example -guix-daemon --substitute-urls=http://example.org:8080 -@end example +Once a publishing server has been authorized, the daemon may download +substitutes from it. @xref{Getting Substitutes from Other Servers}. By default, @command{guix publish} compresses archives on the fly as it serves them. This ``on-the-fly'' mode is convenient in that it requires -- cgit 1.4.1 From a95057ccee738adedc7207c624b976b50c1ae438 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sun, 25 Oct 2020 08:49:45 +0000 Subject: doc: Document the postgresql-config-file. * doc/guix.texi (PostgreSQL): Document the postgresql-config-file record. --- doc/guix.texi | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index efb4ea1c47..a8aa2de0a6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18697,6 +18697,54 @@ required to add extensions provided by other packages. @end table @end deftp +@deftp {Data Type} postgresql-config-file +Data type representing the PostgreSQL configuration file. As shown in +the following example, this can be used to customize the configuration +of PostgreSQL. Note that you can use any G-expression or filename in +place of this record, if you already have a configuration file you'd +like to use for example. + +@lisp +(service postgresql-service-type + (postgresql-configuration + (config-file + (postgresql-config-file + (log-destination "stderr") + (hba-file + (plain-file "pg_hba.conf" + " +local all all trust +host all all 127.0.0.1/32 md5 +host all all ::1/128 md5")) + (extra-config + '(("session_preload_libraries" "'auto_explain'") + ("random_page_cost" "2") + ("auto_explain.log_min_duration" "'100ms'") + ("work_mem" "'500MB'") + ("logging_collector" "on") + ("log_directory" "'/var/log/postgresql'"))))))) +@end lisp + +@table @asis +@item @code{log-destination} (default: @code{"syslog"}) +The logging method to use for PostgreSQL. Multiple values are accepted, +separated by commas. + +@item @code{hba-file} (default: @code{%default-postgres-hba}) +Filename or G-expression for the host-based authentication +configuration. + +@item @code{ident-file} (default: @code{%default-postgres-ident}) +Filename or G-expression for the user name mapping configuration. + +@item @code{extra-config} (default: @code{'()}) +List of additional keys and values to include in the PostgreSQL config +file. Each entry in the list should be a list where the first element +is the key, and the remaining elements are the values. + +@end table +@end deftp + @subsubheading MariaDB/MySQL @deffn {Scheme Procedure} mysql-service [#:config (mysql-configuration)] -- cgit 1.4.1 From aa7edc9449a7cf796892f5a0369295a95ddbbcf8 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 26 Oct 2020 23:19:26 +0100 Subject: doc: Fix xref translation macro. * doc/local.mk (xref_command): Wrap loop body in 'if [ -n "$$e" ]'. This avoids shell syntax errors when producing doc/guix-cookbook.de.texi, which for some reason gets an empty 'e' at one point. Quote the first argument to 'head'. --- doc/local.mk | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'doc') diff --git a/doc/local.mk b/doc/local.mk index aca1958edd..97122c737d 100644 --- a/doc/local.mk +++ b/doc/local.mk @@ -96,14 +96,16 @@ define xref_command cat "$@.tmp" | egrep '@p?x?ref' -A1 | sed 'N;s|--\n||g;P;D' | sed 's|^| |g' | \ tr -d '\012' | sed 's|\(@p\?x\?ref\)|\n\1|g' | egrep '@p?x?ref' | \ sed 's|^.*@p\?x\?ref{\([^,}]*\).*$$|\1|g' | sort | uniq | while read e; do \ - line=$$(grep -n "^msgid \"$$e\"" "$<" | cut -f1 --delimiter=":") ;\ - ((line++)) ;\ - if [ "$$line" != "1" ]; then \ - translation=$$(head -n $$line "$<" | tail -1 | grep msgstr | sed 's|msgstr "\(.*\)"|\1|') ;\ - if [ "$$translation" != "" ]; then \ - sed "N;s@\(p\?x\?ref\){$$(echo $$e | sed 's| |[\\n ]|g')\(,\|}\)@\1{$$translation\2@g;P;D" -i "$@.tmp" ;\ - fi ;\ - fi ;\ + if [ -n "$$e" ]; then \ + line=$$(grep -n "^msgid \"$$e\"" "$<" | cut -f1 --delimiter=":") ;\ + ((line++)) ;\ + if [ "$$line" != "1" ]; then \ + translation=$$(head -n "$$line" "$<" | tail -1 | grep msgstr | sed 's|msgstr "\(.*\)"|\1|') ;\ + if [ "$$translation" != "" ]; then \ + sed "N;s@\(p\?x\?ref\){$$(echo $$e | sed 's| |[\\n ]|g')\(,\|}\)@\1{$$translation\2@g;P;D" -i "$@.tmp" ;\ + fi ;\ + fi ;\ + fi ;\ done endef -- cgit 1.4.1 From 2ade5bdeb8978d252f298df7150b8d1a359e618d Mon Sep 17 00:00:00 2001 From: Alexandru-Sergiu Marton Date: Sun, 25 Oct 2020 02:19:39 +0300 Subject: services: Add gmnisrv web service. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/web.scm (): New record type. (%default-gmnisrv-config-file): New variable. (%gmnisrv-accounts, %gmnisrv-activation): New variables. (gmnisrv-shepherd-service): New procedure. (gmnisrv-service-type): New variable. * doc/guix.texi (Web Services): Document it. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 35 +++++++++++++++++++++++++ gnu/services/web.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index a8aa2de0a6..0a7857f0ea 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -81,6 +81,7 @@ Copyright @copyright{} 2020 R Veera Kumar@* Copyright @copyright{} 2020 Pierre Langlois@* Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 André Batista@* +Copyright @copyright{} 2020 Alexandru-Sergiu Marton@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -23549,6 +23550,40 @@ Thus, make sure to add @code{nss-certs} or another certificate package to the more information on X.509 certificates. @end quotation +@subsubheading gmnisrv + +@cindex gmnisrv +The @uref{https://git.sr.ht/~sircmpwn/gmnisrv, gmnisrv} program is a +simple @uref{https://gemini.circumlunar.space/, Gemini} protocol server. + +@deffn {Scheme Variable} gmnisrv-service-type +This is the type of the gmnisrv service, whose value should be a +@code{gmnisrv-configuration} object, as in this example: + +@lisp +(service gmnisrv-service-type + (gmnisrv-configuration + (config-file (local-file "./my-gmnisrv.ini")))) +@end lisp +@end deffn + +@deftp {Data Type} gmnisrv-configuration +Data type representing the configuration of gmnisrv. + +@table @asis +@item @code{package} (default: @var{gmnisrv}) +Package object of the gmnisrv server. + +@item @code{config-file} (default: @code{%default-gmnisrv-config-file}) +File-like object of the gmnisrv configuration file to use. The default +configuration listens on port 1965 and serves files from +@file{/srv/gemini}. Certificates are stored in +@file{/var/lib/gemini/certs}. For more information, run @command{man +gmnisrv} and @command{man gmnisrv.ini}. + +@end table +@end deftp + @node Certificate Services @subsection Certificate Services diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 2384ec691c..7e17dac6e2 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2020 Tobias Geerinckx-Rice ;;; Copyright © 2020 Arun Isaac ;;; Copyright © 2020 Oleg Pykhalov +;;; Copyright © 2020 Alexandru-Sergiu Marton ;;; ;;; This file is part of GNU Guix. ;;; @@ -1798,3 +1799,75 @@ WSGIPassAuthorization On "Run Mumi, a Web interface to the Debbugs bug-tracking server.") (default-value (mumi-configuration)))) + +(define %default-gmnisrv-config-file + (plain-file "gmnisrv.ini" " +listen=0.0.0.0:1965 [::]:1965 + +[:tls] +store=/var/lib/gemini/certs + +organization=gmnisrv on Guix user + +[localhost] +root=/srv/gemini +")) + +(define-record-type* + gmnisrv-configuration make-gmnisrv-configuration + gmnisrv-configuration? + (package gmnisrv-configuration-package + (default gmnisrv)) + (config-file gmnisrv-configuration-config-file + (default %default-gmnisrv-config-file))) + +(define gmnisrv-shepherd-service + (match-lambda + (($ package config-file) + (list (shepherd-service + (provision '(gmnisrv)) + (requirement '(networking)) + (documentation "Run the gmnisrv Gemini server.") + (start (let ((gmnisrv (file-append package "/bin/gmnisrv"))) + #~(make-forkexec-constructor + (list #$gmnisrv "-C" #$config-file) + #:user "gmnisrv" #:group "gmnisrv" + #:log-file "/var/log/gmnisrv.log"))) + (stop #~(make-kill-destructor))))))) + +(define %gmnisrv-accounts + (list (user-group (name "gmnisrv") (system? #t)) + (user-account + (name "gmnisrv") + (group "gmnisrv") + (system? #t) + (comment "gmnisrv Gemini server") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define %gmnisrv-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (mkdir-p "/var/lib/gemini/certs") + (let* ((pw (getpwnam "gmnisrv")) + (uid (passwd:uid pw)) + (gid (passwd:gid pw))) + (chown "/var/lib/gemini" uid gid) + (chown "/var/lib/gemini/certs" uid gid))))) + +(define gmnisrv-service-type + (service-type + (name 'guix) + (extensions + (list (service-extension activation-service-type + (const %gmnisrv-activation)) + (service-extension account-service-type + (const %gmnisrv-accounts)) + (service-extension shepherd-root-service-type + gmnisrv-shepherd-service))) + (description + "Run the gmnisrv Gemini server.") + (default-value + (gmnisrv-configuration)))) -- cgit 1.4.1 From 729d4ba025bc8556d00041f9af5b6609eeec9d80 Mon Sep 17 00:00:00 2001 From: Lulu Date: Sun, 25 Oct 2020 20:46:57 +0300 Subject: doc: Fix various minor typos. * doc/guix.texi (Top): Add end of line period to menu entry in the node listing. (Invoking guix time-machine): Remove duplicate word. (Invoking guix environment): As above. (PAM Mount Service): As above. (Running Guix in a Virtual Machine): Remove erroneous hyphen and duplicate word. Signed-off-by: Leo Famulari --- doc/guix.texi | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 0a7857f0ea..717ca146dc 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -260,7 +260,7 @@ Programming Interface * Derivations:: Low-level interface to package derivations. * The Store Monad:: Purely functional interface to the store. * G-Expressions:: Manipulating build expressions. -* Invoking guix repl:: Programming Guix in Guile +* Invoking guix repl:: Programming Guix in Guile. Defining Packages @@ -4423,7 +4423,7 @@ Scheme code that evaluates to a list of channel objects. @end table As for @command{guix pull}, the absence of any options means that the -the latest commit on the master branch will be used. The command +latest commit on the master branch will be used. The command @example guix time-machine -- build hello @@ -5499,7 +5499,7 @@ Another typical use case for containers is to run security-sensitive applications such as a web browser. To run Eolie, we must expose and share some files and directories; we include @code{nss-certs} and expose @file{/etc/ssl/certs/} for HTTPS authentication; finally we preserve the -the @env{DISPLAY} environment variable since containerized graphical +@env{DISPLAY} environment variable since containerized graphical applications won't display without it. @example @@ -28733,8 +28733,8 @@ The configuration rules that will be used to generate @file{/etc/security/pam_mount.conf.xml}. The configuration rules are SXML elements (@pxref{SXML,,, guile, GNU -Guile Reference Manual}), and the the default ones don't mount anything -for anyone at login: +Guile Reference Manual}), and the default ones don't mount anything for +anyone at login: @lisp `((debug (@@ (enable "0"))) @@ -31158,7 +31158,7 @@ decompress with @command{xz -d}, and then you can pass it to an emulator such as QEMU (see below for details). This image boots the Xfce graphical environment and it contains some -commonly-used tools. You can install more software in the image by running +commonly used tools. You can install more software in the image by running @command{guix package} in a terminal (@pxref{Invoking guix package}). You can also reconfigure the system based on its initial configuration file available as @file{/run/current-system/configuration.scm} (@pxref{Using the @@ -31218,8 +31218,8 @@ better performance than if it were emulating a complete disk drive. See the QEMU and KVM documentation for more info. @item -drive if=none,file=/tmp/qemu-image,id=myhd -Use our QCOW image, the @file{/tmp/qemu-image} file, as the backing store the -the ``myhd'' drive. +Use our QCOW image, the @file{/tmp/qemu-image} file, as the backing +store of the ``myhd'' drive. @end table The default @command{run-vm.sh} script that is returned by an invocation of -- cgit 1.4.1 From e2f16ea1cf7e6815a9ec13d2d30bc4fc31bb77e2 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Tue, 27 Oct 2020 09:51:38 +0000 Subject: doc: Use @code rather than @var for data type items. In the couple of cases where it's inconsistent. * doc/guix.texi (PostgreSQL, Sound Services): Replace @var with @code within data type sections. --- doc/guix.texi | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 717ca146dc..2e48f81e92 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18565,20 +18565,20 @@ without a @code{pulseaudio} package, consider enabling it through the Data type representing the configuration for @code{pulseaudio-service}. @table @asis -@item @var{client-conf} (default: @code{'()}) +@item @code{client-conf} (default: @code{'()}) List of settings to set in @file{client.conf}. Accepts a list of strings or a symbol-value pairs. A string will be inserted as-is with a newline added. A pair will be formatted as ``key = value'', again with a newline added. -@item @var{daemon-conf} (default: @code{'((flat-volumes . no))}) +@item @code{daemon-conf} (default: @code{'((flat-volumes . no))}) List of settings to set in @file{daemon.conf}, formatted just like @var{client-conf}. -@item @var{script-file} (default: @code{(file-append pulseaudio "/etc/pulse/default.pa")}) +@item @code{script-file} (default: @code{(file-append pulseaudio "/etc/pulse/default.pa")}) Script file to use as @file{default.pa}. -@item @var{system-script-file} (default: @code{(file-append pulseaudio "/etc/pulse/system.pa")}) +@item @code{system-script-file} (default: @code{(file-append pulseaudio "/etc/pulse/system.pa")}) Script file to use as @file{system.pa}. @end table @end deftp @@ -18641,24 +18641,24 @@ Data type representing the configuration for the @code{postgresql-service-type}. @table @asis -@item @var{postgresql} +@item @code{postgresql} PostgreSQL package to use for the service. -@item @var{port} (default: @code{5432}) +@item @code{port} (default: @code{5432}) Port on which PostgreSQL should listen. -@item @var{locale} (default: @code{"en_US.utf8"}) +@item @code{locale} (default: @code{"en_US.utf8"}) Locale to use as the default when creating the database cluster. -@item @var{config-file} (default: @code{(postgresql-config-file)}) +@item @code{config-file} (default: @code{(postgresql-config-file)}) The configuration file to use when running PostgreSQL. The default behaviour uses the postgresql-config-file record with the default values for the fields. -@item @var{data-directory} (default: @code{"/var/lib/postgresql/data"}) +@item @code{data-directory} (default: @code{"/var/lib/postgresql/data"}) Directory in which to store the data. -@item @var{extension-packages} (default: @code{'()}) +@item @code{extension-packages} (default: @code{'()}) @cindex postgresql extension-packages Additional extensions are loaded from packages listed in @var{extension-packages}. Extensions are available at runtime. For instance, -- cgit 1.4.1 From 0105b8624dbba539677ebbfd0dc0bd35143c6fad Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Wed, 28 Oct 2020 13:01:48 +0000 Subject: doc: Update the PostgreSQL extension packages example. * doc/guix.texi (PostgreSQL): Update the extension packages example. --- doc/guix.texi | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 2e48f81e92..ba7bb9612e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18676,7 +18676,10 @@ configure the postgresql-service as in this example: (packages (cons* postgresql %base-packages)) (services (cons* - (postgresql-service #:extension-packages (list postgis)) + (service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10) + (extension-packages (list postgis)))) %base-services))) @end lisp -- cgit 1.4.1 From ecaa102a58ad3ab0b42e04a3d10d7c761c05ec98 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sat, 24 Oct 2020 16:31:18 +0200 Subject: publish: Add '--cache-bypass-threshold'. * guix/scripts/publish.scm (show-help, %options): Add '--cache-bypass-threshold'. (low-compression): New procedure. (cache-bypass-threshold): New parameter. (bypass-cache?): New procedure. (render-narinfo/cached): Call 'render-narinfo' when 'bypass-cache?' returns true. (render-nar/cached): Call 'render-nar' when 'bypass-cache?' returns true. (guix-publish): Parameterize 'cache-bypass-threshold'. * tests/publish.scm ("with cache", "with cache, lzip + gzip") ("with cache, uncompressed"): Pass '--cache-bypass-threshold=0'. ("with cache, vanishing item"): Expect 200 for RESPONSE. ("with cache, cache bypass"): New test. --- doc/guix.texi | 24 ++++++++++++- guix/scripts/publish.scm | 87 ++++++++++++++++++++++++++++++++++++++---------- tests/publish.scm | 43 +++++++++++++++++++++--- 3 files changed, 131 insertions(+), 23 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index ba7bb9612e..22bddf10e3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12086,13 +12086,20 @@ in advance, so @command{guix publish} does not add a prevents clients from knowing the amount of data being downloaded. Conversely, when @option{--cache} is used, the first request for a store -item (@i{via} a @code{.narinfo} URL) returns 404 and triggers a +item (@i{via} a @code{.narinfo} URL) triggers a background process to @dfn{bake} the archive---computing its @code{.narinfo} and compressing the archive, if needed. Once the archive is cached in @var{directory}, subsequent requests succeed and are served directly from the cache, which guarantees that clients get the best possible bandwidth. +That first @code{.narinfo} request nonetheless returns 200, provided the +requested store item is ``small enough'', below the cache bypass +threshold---see @option{--cache-bypass-threshold} below. That way, +clients do not have to wait until the archive is baked. For larger +store items, the first @code{.narinfo} request returns 404, meaning that +clients have to wait until the archive is baked. + The ``baking'' process is performed by worker threads. By default, one thread per CPU core is created, but this can be customized. See @option{--workers} below. @@ -12118,6 +12125,21 @@ Additionally, when @option{--cache} is used, cached entries that have not been accessed for @var{ttl} and that no longer have a corresponding item in the store, may be deleted. +@item --cache-bypass-threshold=@var{size} +When used in conjunction with @option{--cache}, store items smaller than +@var{size} are immediately available, even when they are not yet in +cache. @var{size} is a size in bytes, or it can be prefixed by @code{M} +for megabytes and so on. The default is @code{10M}. + +``Cache bypass'' allows you to reduce the publication delay for clients +at the expense of possibly additional I/O and CPU use on the server +side: depending on the client access patterns, those store items can end +up being baked several times until a copy is available in cache. + +Increasing the threshold may be useful for sites that have few users, or +to guarantee that users get substitutes even for store items that are +not popular. + @item --nar-path=@var{path} Use @var{path} as the prefix for the URLs of ``nar'' files (@pxref{Invoking guix archive, normalized archives}). diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index 1741b93309..9706b52844 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -82,6 +82,9 @@ Publish ~a over HTTP.\n") %store-directory) compress archives with METHOD at LEVEL")) (display (G_ " -c, --cache=DIRECTORY cache published items to DIRECTORY")) + (display (G_ " + --cache-bypass-threshold=SIZE + serve store items below SIZE even when not cached")) (display (G_ " --workers=N use N workers to bake items")) (display (G_ " @@ -135,6 +138,12 @@ if ITEM is already compressed." (list %no-compression) requested)) +(define (low-compression c) + "Return of the same type as C, but optimized for low CPU +usage." + (compression (compression-type c) + (min (compression-level c) 2))) + (define %options (list (option '(#\h "help") #f #f (lambda _ @@ -185,6 +194,10 @@ if ITEM is already compressed." (option '(#\c "cache") #t #f (lambda (opt name arg result) (alist-cons 'cache arg result))) + (option '("cache-bypass-threshold") #t #f + (lambda (opt name arg result) + (alist-cons 'cache-bypass-threshold (size->number arg) + result))) (option '("workers") #t #f (lambda (opt name arg result) (alist-cons 'workers (string->number* arg) @@ -435,7 +448,7 @@ items. Failing that, we could eventually have to recompute them and return (expiration-time file)))))) (define (hash-part->path* store hash cache) - "Like 'hash-part->path' but cached results under CACHE. This ensures we can + "Like 'hash-part->path' but cache results under CACHE. This ensures we can still map HASH to the corresponding store file name, even if said store item vanished from the store in the meantime." (let ((cached (hash-part-mapping-cache-file cache hash))) @@ -455,6 +468,18 @@ vanished from the store in the meantime." result)) (apply throw args)))))) +(define cache-bypass-threshold + ;; Maximum size of a store item that may be served by the '/cached' handlers + ;; below even when not in cache. + (make-parameter (* 10 (expt 2 20)))) + +(define (bypass-cache? store item) + "Return true if we allow ITEM to be downloaded before it is cached. ITEM is +interpreted as the basename of a store item." + (guard (c ((store-error? c) #f)) + (< (path-info-nar-size (query-path-info store item)) + (cache-bypass-threshold)))) + (define* (render-narinfo/cached store request hash #:key ttl (compressions (list %no-compression)) (nar-path "nar") @@ -514,9 +539,20 @@ requested using POOL." (nar-expiration-time ttl) #:delete-entry delete-entry #:cleanup-period ttl)))) - (not-found request - #:phrase "We're baking it" - #:ttl 300)) ;should be available within 5m + + ;; If ITEM passes 'bypass-cache?', render a temporary narinfo right + ;; away, with a short TTL. The narinfo is temporary because it + ;; lacks 'FileSize', for instance, which the cached narinfo will + ;; have. Chances are that the nar will be baked by the time the + ;; client asks for it. + (if (bypass-cache? store item) + (render-narinfo store request hash + #:ttl 300 ;temporary + #:nar-path nar-path + #:compressions compressions) + (not-found request + #:phrase "We're baking it" + #:ttl 300))) ;should be available within 5m (else (not-found request #:phrase ""))))) @@ -628,19 +664,31 @@ return it; otherwise, return 404. When TTL is true, use it as the 'Cache-Control' expiration time." (let ((cached (nar-cache-file cache store-item #:compression compression))) - (if (file-exists? cached) - (values `((content-type . (application/octet-stream - (charset . "ISO-8859-1"))) - ,@(if ttl - `((cache-control (max-age . ,ttl))) - '()) - - ;; XXX: We're not returning the actual contents, deferring - ;; instead to 'http-write'. This is a hack to work around - ;; . - (x-raw-file . ,cached)) - #f) - (not-found request)))) + (cond ((file-exists? cached) + (values `((content-type . (application/octet-stream + (charset . "ISO-8859-1"))) + ,@(if ttl + `((cache-control (max-age . ,ttl))) + '()) + + ;; XXX: We're not returning the actual contents, deferring + ;; instead to 'http-write'. This is a hack to work around + ;; . + (x-raw-file . ,cached)) + #f)) + ((let* ((hash (and=> (string-index store-item #\-) + (cut string-take store-item <>))) + (item (and hash + (guard (c ((store-error? c) #f)) + (hash-part->path store hash))))) + (and item (bypass-cache? store item))) + ;; Render STORE-ITEM live. We reach this because STORE-ITEM is + ;; being baked but clients are already asking for it. Thus, we're + ;; duplicating work, but doing so allows us to reduce delays. + (render-nar store request store-item + #:compression (low-compression compression))) + (else + (not-found request))))) (define (render-content-addressed-file store request name algo hash) @@ -1077,7 +1125,10 @@ methods, return the applicable compression." consider using the '--user' option!~%"))) (parameterize ((%public-key public-key) - (%private-key private-key)) + (%private-key private-key) + (cache-bypass-threshold + (or (assoc-ref opts 'cache-bypass-threshold) + (cache-bypass-threshold)))) (info (G_ "publishing ~a on ~a, port ~d~%") %store-directory (inet-ntop (sockaddr:fam address) (sockaddr:addr address)) diff --git a/tests/publish.scm b/tests/publish.scm index 13f667aa7e..84aa6e5d73 100644 --- a/tests/publish.scm +++ b/tests/publish.scm @@ -413,7 +413,8 @@ References: ~%" (call-with-new-thread (lambda () (guix-publish "--port=6797" "-C2" - (string-append "--cache=" cache))))))) + (string-append "--cache=" cache) + "--cache-bypass-threshold=0")))))) (wait-until-ready 6797) (let* ((base "http://localhost:6797/") (part (store-path-hash-part %item)) @@ -462,7 +463,8 @@ References: ~%" (call-with-new-thread (lambda () (guix-publish "--port=6794" "-Cgzip:2" "-Clzip:2" - (string-append "--cache=" cache))))))) + (string-append "--cache=" cache) + "--cache-bypass-threshold=0")))))) (wait-until-ready 6794) (let* ((base "http://localhost:6794/") (part (store-path-hash-part %item)) @@ -517,7 +519,8 @@ References: ~%" (call-with-new-thread (lambda () (guix-publish "--port=6796" "-C2" "--ttl=42h" - (string-append "--cache=" cache))))))) + (string-append "--cache=" cache) + "--cache-bypass-threshold=0")))))) (wait-until-ready 6796) (let* ((base "http://localhost:6796/") (part (store-path-hash-part item)) @@ -581,12 +584,44 @@ References: ~%" (basename item) ".narinfo")) (response (http-get url))) - (and (= 404 (response-code response)) + (and (= 200 (response-code response)) ;we're below the threshold (wait-for-file cached) (begin (delete-paths %store (list item)) (response-code (pk 'response (http-get url)))))))))) +(test-equal "with cache, cache bypass" + 200 + (call-with-temporary-directory + (lambda (cache) + (let ((thread (with-separate-output-ports + (call-with-new-thread + (lambda () + (guix-publish "--port=6788" "-C" "gzip" + (string-append "--cache=" cache))))))) + (wait-until-ready 6788) + + (let* ((base "http://localhost:6788/") + (item (add-text-to-store %store "random" (random-text))) + (part (store-path-hash-part item)) + (narinfo (string-append base part ".narinfo")) + (nar (string-append base "nar/gzip/" (basename item))) + (cached (string-append cache "/gzip/" (basename item) + ".narinfo"))) + ;; We're below the default cache bypass threshold, so NAR and NARINFO + ;; should immediately return 200. The NARINFO request should trigger + ;; caching, and the next request to NAR should return 200 as well. + (and (let ((response (pk 'r1 (http-get nar)))) + (and (= 200 (response-code response)) + (not (response-content-length response)))) ;not known + (= 200 (response-code (http-get narinfo))) + (begin + (wait-for-file cached) + (let ((response (pk 'r2 (http-get nar)))) + (and (> (response-content-length response) + (stat:size (stat item))) + (response-code response)))))))))) + (test-equal "/log/NAME" `(200 #t application/x-bzip2) (let ((drv (run-with-store %store -- cgit 1.4.1 From 83c60bb0622440afe98930820186ddfa1e6e8b2f Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 28 Oct 2020 19:11:58 +0100 Subject: doc: Fix claimed archive timestamps. Reported by Leo Famulari . * doc/guix.texi (Binary Installation): Use a correct timestamp of 1 instead of an incorrect one of 0. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 22bddf10e3..f2d34d1254 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -669,7 +669,7 @@ not emit warnings about ``implausibly old time stamps'' (such warnings were triggered by GNU@tie{}tar 1.26 and older; recent versions are fine). They stem from the fact that all the -files in the archive have their modification time set to zero (which +files in the archive have their modification time set to 1 (which means January 1st, 1970). This is done on purpose to make sure the archive content is independent of its creation time, thus making it reproducible. -- cgit 1.4.1 From 80c7f02468c16778b5f08844546193a4243a7dae Mon Sep 17 00:00:00 2001 From: zimoun Date: Wed, 28 Oct 2020 17:51:11 +0100 Subject: scripts: lint: Fix '--no-network' option. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/scripts/lint.scm: (show-help): Add '--no-network' option message. (%options, parse-options): Fix argument order. * doc/guix.texi (Invoking guix lint): Document it. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 4 ++++ guix/scripts/lint.scm | 18 ++++++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index f2d34d1254..e3b92d86f9 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11528,6 +11528,10 @@ and exit. Only enable the checkers specified in a comma-separated list using the names returned by @option{--list-checkers}. +@item --no-network +@itemx -n +Only enable the checkers that do not depend on Internet access. + @item --load-path=@var{directory} @itemx -L @var{directory} Add @var{directory} to the front of the package module search path diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm index 979d4f8363..6833c60741 100644 --- a/guix/scripts/lint.scm +++ b/guix/scripts/lint.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2017 Tobias Geerinckx-Rice ;;; Copyright © 2017, 2018 Efraim Flashner ;;; Copyright © 2018, 2019 Arun Isaac -;;; Copyright © 2019 Simon Tournier +;;; Copyright © 2019, 2020 Simon Tournier ;;; ;;; This file is part of GNU Guix. ;;; @@ -98,6 +98,9 @@ run the checkers on all packages.\n")) (display (G_ " -c, --checkers=CHECKER1,CHECKER2... only run the specified checkers")) + (display (G_ " + -n, --no-network only run checkers that do not access the network")) + (display (G_ " -L, --load-path=DIR prepend DIR to the package module search path")) (newline) @@ -132,10 +135,7 @@ run the checkers on all packages.\n")) result)))) (option '(#\n "no-network") #f #f (lambda (opt name arg result) - (alist-cons 'checkers - %local-checkers - (alist-delete 'checkers - result)))) + (alist-cons 'no-network? #t result))) (find (lambda (option) (member "load-path" (option-names option))) %standard-build-options) @@ -172,7 +172,13 @@ run the checkers on all packages.\n")) value) (_ #f)) (reverse opts))) - (checkers (or (assoc-ref opts 'checkers) %all-checkers))) + (the-checkers (or (assoc-ref opts 'checkers) %all-checkers)) + (checkers + (if (assoc-ref opts 'no-network?) + (filter (lambda (checker) + (member checker %local-checkers)) + the-checkers) + the-checkers))) (when (assoc-ref opts 'list?) (list-checkers-and-exit checkers)) -- cgit 1.4.1 From 58db2e6877e68442a72d88bced5a0193001be290 Mon Sep 17 00:00:00 2001 From: zimoun Date: Wed, 28 Oct 2020 17:51:12 +0100 Subject: scripts: lint: Add '--exclude' option. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/scripts/lint.scm (%options, parse-options): Add '--exclude' option. (option-checker): New helper function. * doc/guix.texi (Invoking guix lint): Document it. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 5 +++++ guix/scripts/lint.scm | 44 +++++++++++++++++++++++++++++--------------- 2 files changed, 34 insertions(+), 15 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index e3b92d86f9..eddf77c7ab 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11528,6 +11528,11 @@ and exit. Only enable the checkers specified in a comma-separated list using the names returned by @option{--list-checkers}. +@item --exclude +@itemx -x +Only disable the checkers specified in a comma-separated list using the +names returned by @option{--list-checkers}. + @item --no-network @itemx -n Only enable the checkers that do not depend on Internet access. diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm index 6833c60741..18cd167537 100644 --- a/guix/scripts/lint.scm +++ b/guix/scripts/lint.scm @@ -98,6 +98,9 @@ run the checkers on all packages.\n")) (display (G_ " -c, --checkers=CHECKER1,CHECKER2... only run the specified checkers")) + (display (G_ " + -x, --exclude=CHECKER1,CHECKER2... + exclude the specified checkers")) (display (G_ " -n, --no-network only run checkers that do not access the network")) @@ -113,26 +116,34 @@ run the checkers on all packages.\n")) (newline) (show-bug-report-information)) +(define (option-checker short-long) + ;; Factorize the creation of the two options -c/--checkers and -x/--exclude, + ;; see %options. The parameter SHORT-LONG is the list containing the short + ;; and long name. The alist uses the long name as symbol. + (option short-long #t #f + (lambda (opt name arg result) + (let ((names (map string->symbol (string-split arg #\,))) + (checker-names (map lint-checker-name %all-checkers)) + (option-name (string->symbol (match short-long + ((short long) long))))) + (for-each (lambda (c) + (unless (memq c checker-names) + (leave (G_ "~a: invalid checker~%") c))) + names) + (alist-cons option-name + (filter (lambda (checker) + (member (lint-checker-name checker) + names)) + %all-checkers) + result))))) (define %options ;; Specification of the command-line options. ;; TODO: add some options: ;; * --certainty=[low,medium,high]: only run checkers that have at least this ;; 'certainty'. - (list (option '(#\c "checkers") #t #f - (lambda (opt name arg result) - (let ((names (map string->symbol (string-split arg #\,))) - (checker-names (map lint-checker-name %all-checkers))) - (for-each (lambda (c) - (unless (memq c checker-names) - (leave (G_ "~a: invalid checker~%") c))) - names) - (alist-cons 'checkers - (filter (lambda (checker) - (member (lint-checker-name checker) - names)) - %all-checkers) - result)))) + (list (option-checker '(#\c "checkers")) + (option-checker '(#\x "exclude")) (option '(#\n "no-network") #f #f (lambda (opt name arg result) (alist-cons 'no-network? #t result))) @@ -172,7 +183,10 @@ run the checkers on all packages.\n")) value) (_ #f)) (reverse opts))) - (the-checkers (or (assoc-ref opts 'checkers) %all-checkers)) + (no-checkers (or (assoc-ref opts 'exclude) '())) + (the-checkers (filter (lambda (checker) + (not (member checker no-checkers))) + (or (assoc-ref opts 'checkers) %all-checkers))) (checkers (if (assoc-ref opts 'no-network?) (filter (lambda (checker) -- cgit 1.4.1 From 81c3dd9cad29f2b0999aa1f22b3a7d4c04f1a842 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 23 Oct 2020 11:46:21 +0200 Subject: services: swap: Allow for UUIDs and file system labels. * gnu/services/base.scm (swap-service-type)[device-lookup, device-name]: New variables. Add 'modules' field to 'shepherd-service'. In 'start' and 'stop', use 'device-lookup' to resolve UUIDs and labels. * doc/guix.texi (operating-system Reference): Adjust accordingly. --- doc/guix.texi | 34 +++++++++++++++++++++++++++----- gnu/services/base.scm | 54 +++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 71 insertions(+), 17 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index eddf77c7ab..2319bba2ba 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13075,14 +13075,38 @@ A list of mapped devices. @xref{Mapped Devices}. @item @code{file-systems} A list of file systems. @xref{File Systems}. -@item @code{swap-devices} (default: @code{'()}) @cindex swap devices -A list of strings identifying devices or files to be used for ``swap +@cindex swap space +@item @code{swap-devices} (default: @code{'()}) +A list of UUIDs, file system labels, or strings identifying devices or +files to be used for ``swap space'' (@pxref{Memory Concepts,,, libc, The GNU C Library Reference -Manual}). For example, @code{'("/dev/sda3")} or @code{'("/swapfile")}. +Manual}). Here are some examples: + +@table @code +@item (list (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")) +Use the swap partition with the given UUID. You can learn the UUID of a +Linux swap partition by running @command{swaplabel @var{device}}, where +@var{device} is the @file{/dev} file name of that partition. + +@item (list (file-system-label "swap")) +Use the partition with label @code{swap}. Again, the +@command{swaplabel} command allows you to view and change the label of a +Linux swap partition. + +@item (list "/swapfile") +Use the file @file{/swapfile} as swap space. + +@item (list "/dev/sda3" "/dev/sdb2") +Use the @file{/dev/sda3} and @file{/dev/sdb2} partitions as swap space. +We recommend referring to swap devices by UUIDs or labels as shown above +instead. +@end table + It is possible to specify a swap file in a file system on a mapped -device, provided that the necessary device mapping and file system are -also specified. @xref{Mapped Devices} and @ref{File Systems}. +device (under @file{/dev/mapper}), provided that the necessary device +mapping and file system are also specified. @xref{Mapped Devices} and +@ref{File Systems}. @item @code{users} (default: @code{%base-user-accounts}) @itemx @code{groups} (default: @code{%base-groups}) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 37b0a13ea7..07d9089b0a 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -2104,22 +2104,52 @@ instance." 'swap (lambda (device) (define requirement - (if (string-prefix? "/dev/mapper/" device) + (if (and (string? device) + (string-prefix? "/dev/mapper/" device)) (list (symbol-append 'device-mapping- (string->symbol (basename device)))) '())) - (shepherd-service - (provision (list (symbol-append 'swap- (string->symbol device)))) - (requirement `(udev ,@requirement)) - (documentation "Enable the given swap device.") - (start #~(lambda () - (restart-on-EINTR (swapon #$device)) - #t)) - (stop #~(lambda _ - (restart-on-EINTR (swapoff #$device)) - #f)) - (respawn? #f))))) + (define (device-lookup device) + ;; The generic 'find-partition' procedures could return a partition + ;; that's not swap space, but that's unlikely. + (cond ((uuid? device) + #~(find-partition-by-uuid #$(uuid-bytevector device))) + ((file-system-label? device) + #~(find-partition-by-label + #$(file-system-label->string device))) + (else + device))) + + (define service-name + (symbol-append 'swap- + (string->symbol + (cond ((uuid? device) + (string-take (uuid->string device) 6)) + ((file-system-label? device) + (file-system-label->string device)) + (else + device))))) + + (with-imported-modules (source-module-closure '((gnu build file-systems))) + (shepherd-service + (provision (list service-name)) + (requirement `(udev ,@requirement)) + (documentation "Enable the given swap device.") + (modules `((gnu build file-systems) + ,@%default-modules)) + (start #~(lambda () + (let ((device #$(device-lookup device))) + (and device + (begin + (restart-on-EINTR (swapon device)) + #t))))) + (stop #~(lambda _ + (let ((device #$(device-lookup device))) + (when device + (restart-on-EINTR (swapoff device))) + #f))) + (respawn? #f)))))) (define (swap-service device) "Return a service that uses @var{device} as a swap device." -- cgit 1.4.1 From 2b2ab7796ac186d88060793b8873fc0e21462758 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 30 Oct 2020 12:31:18 +0100 Subject: services: guix-publish: Add 'cache-bypass-threshold' field. This is a followup to ecaa102a58ad3ab0b42e04a3d10d7c761c05ec98. * gnu/services/base.scm ()[cache-bypass-threshold]: New field. (guix-publish-shepherd-service): Honor it. --- doc/guix.texi | 6 ++++++ gnu/services/base.scm | 10 ++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 2319bba2ba..5e3e0435b4 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15041,6 +15041,12 @@ When it is an integer, this is the number of worker threads used for caching; when @code{#f}, the number of processors is used. @xref{Invoking guix publish, @option{--workers}}, for more information. +@item @code{cache-bypass-threshold} (default: 10 MiB) +When @code{cache} is true, this is the maximum size in bytes of a store +item for which @command{guix publish} may bypass its cache in case of a +cache miss. @xref{Invoking guix publish, +@option{--cache-bypass-threshold}}, for more information. + @item @code{ttl} (default: @code{#f}) When it is an integer, this denotes the @dfn{time-to-live} in seconds of the published archives. @xref{Invoking guix publish, @option{--ttl}}, diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 07d9089b0a..f1298c3776 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1740,6 +1740,8 @@ proxy of 'guix-daemon'...~%") (default "nar")) (cache guix-publish-configuration-cache ;#f | string (default #f)) + (cache-bypass-threshold guix-publish-configuration-cache-bypass-threshold + (default (* 10 (expt 2 20)))) ;integer (workers guix-publish-configuration-workers ;#f | integer (default #f)) (ttl guix-publish-configuration-ttl ;#f | integer @@ -1774,7 +1776,7 @@ raise a deprecation warning if the 'compression-level' field was used." lst)))) (match-record config - (guix port host nar-path cache workers ttl) + (guix port host nar-path cache workers ttl cache-bypass-threshold) (list (shepherd-service (provision '(guix-publish)) (requirement '(guix-daemon)) @@ -1796,7 +1798,11 @@ raise a deprecation warning if the 'compression-level' field was used." "s")) #~()) #$@(if cache - #~((string-append "--cache=" #$cache)) + #~((string-append "--cache=" #$cache) + #$(string-append + "--cache-bypass-threshold=" + (number->string + cache-bypass-threshold))) #~())) ;; Make sure we run in a UTF-8 locale so we can produce -- cgit 1.4.1 From 95460da83b6ffd2bf3b96b3ab7cd302ab76be38a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 29 Oct 2020 23:35:35 +0100 Subject: doc: Add "Defining Package Variants" section. * doc/guix.texi (Defining Packages): Move documentation of 'package-input-rewriting' & co. to... (Defining Package Variants): ... here. New node. Also document 'inherit' and 'options->transformation'. --- doc/guix.texi | 283 +++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 209 insertions(+), 74 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 5e3e0435b4..d74f59f148 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -253,6 +253,7 @@ Programming Interface * Package Modules:: Packages from the programmer's viewpoint. * Defining Packages:: Defining new packages. +* Defining Package Variants:: Customizing packages. * Build Systems:: Specifying how packages are built. * Build Phases:: Phases of the build process of a package. * Build Utilities:: Helpers for your package definitions and more. @@ -260,7 +261,7 @@ Programming Interface * Derivations:: Low-level interface to package derivations. * The Store Monad:: Purely functional interface to the store. * G-Expressions:: Manipulating build expressions. -* Invoking guix repl:: Programming Guix in Guile. +* Invoking guix repl:: Programming Guix in Guile Defining Packages @@ -6204,6 +6205,7 @@ package definitions. @menu * Package Modules:: Packages from the programmer's viewpoint. * Defining Packages:: Defining new packages. +* Defining Package Variants:: Customizing packages. * Build Systems:: Specifying how packages are built. * Build Phases:: Phases of the build process of a package. * Build Utilities:: Helpers for your package definitions and more. @@ -6473,79 +6475,8 @@ and operating system, such as @code{"aarch64-linux-gnu"} (@pxref{Specifying Target Triplets,,, autoconf, Autoconf}). @end deffn -@cindex package transformations -@cindex input rewriting -@cindex dependency tree rewriting -Packages can be manipulated in arbitrary ways. An example of a useful -transformation is @dfn{input rewriting}, whereby the dependency tree of -a package is rewritten by replacing specific inputs by others: - -@deffn {Scheme Procedure} package-input-rewriting @var{replacements} @ - [@var{rewrite-name}] [#:deep? #t] -Return a procedure that, when passed a package, replaces its direct and -indirect dependencies, including implicit inputs when @var{deep?} is -true, according to @var{replacements}. @var{replacements} is a list of -package pairs; the first element of each pair is the package to replace, -and the second one is the replacement. - -Optionally, @var{rewrite-name} is a one-argument procedure that takes -the name of a package and returns its new name after rewrite. -@end deffn - -@noindent -Consider this example: - -@lisp -(define libressl-instead-of-openssl - ;; This is a procedure to replace OPENSSL by LIBRESSL, - ;; recursively. - (package-input-rewriting `((,openssl . ,libressl)))) - -(define git-with-libressl - (libressl-instead-of-openssl git)) -@end lisp - -@noindent -Here we first define a rewriting procedure that replaces @var{openssl} -with @var{libressl}. Then we use it to define a @dfn{variant} of the -@var{git} package that uses @var{libressl} instead of @var{openssl}. -This is exactly what the @option{--with-input} command-line option does -(@pxref{Package Transformation Options, @option{--with-input}}). - -The following variant of @code{package-input-rewriting} can match packages to -be replaced by name rather than by identity. - -@deffn {Scheme Procedure} package-input-rewriting/spec @var{replacements} [#:deep? #t] -Return a procedure that, given a package, applies the given -@var{replacements} to all the package graph, including implicit inputs -unless @var{deep?} is false. @var{replacements} is a list of -spec/procedures pair; each spec is a package specification such as -@code{"gcc"} or @code{"guile@@2"}, and each procedure takes a matching -package and returns a replacement for that package. -@end deffn - -The example above could be rewritten this way: - -@lisp -(define libressl-instead-of-openssl - ;; Replace all the packages called "openssl" with LibreSSL. - (package-input-rewriting/spec `(("openssl" . ,(const libressl))))) -@end lisp - -The key difference here is that, this time, packages are matched by spec and -not by identity. In other words, any package in the graph that is called -@code{openssl} will be replaced. - -A more generic procedure to rewrite a package dependency graph is -@code{package-mapping}: it supports arbitrary changes to nodes in the -graph. - -@deffn {Scheme Procedure} package-mapping @var{proc} [@var{cut?}] [#:deep? #f] -Return a procedure that, given a package, applies @var{proc} to all the packages -depended on and returns the resulting package. The procedure stops recursion -when @var{cut?} returns true for a given package. When @var{deep?} is true, @var{proc} is -applied to implicit inputs as well. -@end deffn +Once you have package definitions, you can easily define @emph{variants} +of those packages. @xref{Defining Package Variants}, for more on that. @menu * package Reference:: The package data type. @@ -6903,6 +6834,205 @@ commit: @end lisp @end deftp +@node Defining Package Variants +@section Defining Package Variants + +@cindex customizing packages +@cindex variants, of packages +One of the nice things with Guix is that, given a package definition, +you can easily @emph{derive} variants of that package---for a different +upstream version, with different dependencies, different compilation +options, and so on. Some of these custom packages can be defined +straight from the command line (@pxref{Package Transformation Options}). +This section describes how to define package variants in code. This can +be useful in ``manifests'' (@pxref{profile-manifest, +@option{--manifest}}) and in your own package collection +(@pxref{Creating a Channel}), among others! + +@cindex inherit, for package definitions +As discussed earlier, packages are first-class objects in the Scheme +language. The @code{(guix packages)} module provides the @code{package} +construct to define new package objects (@pxref{package Reference}). +The easiest way to define a package variant is using the @code{inherit} +keyword together with @code{package}. This allows you to inherit from a +package definition while overriding the fields you want. + +For example, given the @code{hello} variable, which contains a +definition for the current version of GNU@tie{}Hello, here's how you +would define a variant for version 2.2 (released in 2006, it's +vintage!): + +@lisp +(use-modules (gnu packages base)) ;for 'hello' + +(define hello-2.2 + (package + (inherit hello) + (version "2.2") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/hello/hello-" version + ".tar.gz")) + (sha256 + (base32 + "0lappv4slgb5spyqbh6yl5r013zv72yqg2pcl30mginf3wdqd8k9")))))) +@end lisp + +The example above corresponds to what the @option{--with-source} package +transformation option does. Essentially @code{hello-2.2} preserves all +the fields of @code{hello}, except @code{version} and @code{source}, +which it overrides. Note that the original @code{hello} variable is +still there, in the @code{(gnu packages base)} module, unchanged. When +you define a custom package like this, you are really @emph{adding} a +new package definition; the original one remains available. + +You can just as well define variants with a different set of +dependencies than the original package. For example, the default +@code{gdb} package depends on @code{guile}, but since that is an +optional dependency, you can define a variant that removes that +dependency like so: + +@lisp +(use-modules (gnu packages gdb) ;for 'gdb' + (srfi srfi-1)) ;for 'alist-delete' + +(define gdb-sans-guile + (package + (inherit gdb) + (inputs (alist-delete "guile" + (package-inputs gdb))))) +@end lisp + +The @code{alist-delete} call above removes the tuple from the +@code{inputs} field that has @code{"guile"} as its first element +(@pxref{SRFI-1 Association Lists,,, guile, GNU Guile Reference +Manual}). + +@cindex package transformations +These are pretty simple package variants. As a convenience, the +@code{(guix transformations)} module provides a high-level interface +that directly maps to package transformation options (@pxref{Package +Transformation Options}): + +@deffn {Scheme Procedure} options->transformation @var{opts} +Return a procedure that, when passed an object to build (package, +derivation, etc.), applies the transformations specified by @var{opts} and returns +the resulting objects. @var{opts} must be a list of symbol/string pairs such as: + +@example +((with-branch . "guile-gcrypt=master") + (without-tests . "libgcrypt")) +@end example + +Each symbol names a transformation and the corresponding string is an argument +to that transformation. +@end deffn + +For instance, a manifest equivalent to this command: + +@example +guix build guix \ + --with-branch=guile-gcrypt=master \ + --with-debug-info=zlib +@end example + +@noindent +... would look like this: + +@lisp +(use-modules (guix transformations)) + +(define transform + ;; The package transformation procedure. + (options->transformation + '((with-branch . "guile-gcrypt=master") + (with-debug-info . "zlib")))) + +(packages->manifest + (list (transform (specification->package "guix")))) +@end lisp + +@cindex input rewriting +@cindex dependency graph rewriting +The @code{options->transformation} procedure is convenient, but it's +perhaps also not as flexible as you may like. How is it implemented? +The astute reader probably noticed that most package transformation +options go beyond the superficial changes shown in the first examples of +this section: they involve @dfn{input rewriting}, whereby the dependency +graph of a package is rewritten by replacing specific inputs by others. + +Dependency graph rewriting, for the purposes of swapping packages in the +graph, is what the @code{package-input-rewriting} procedure in +@code{(guix packages)} implements. + +@deffn {Scheme Procedure} package-input-rewriting @var{replacements} @ + [@var{rewrite-name}] [#:deep? #t] +Return a procedure that, when passed a package, replaces its direct and +indirect dependencies, including implicit inputs when @var{deep?} is +true, according to @var{replacements}. @var{replacements} is a list of +package pairs; the first element of each pair is the package to replace, +and the second one is the replacement. + +Optionally, @var{rewrite-name} is a one-argument procedure that takes +the name of a package and returns its new name after rewrite. +@end deffn + +@noindent +Consider this example: + +@lisp +(define libressl-instead-of-openssl + ;; This is a procedure to replace OPENSSL by LIBRESSL, + ;; recursively. + (package-input-rewriting `((,openssl . ,libressl)))) + +(define git-with-libressl + (libressl-instead-of-openssl git)) +@end lisp + +@noindent +Here we first define a rewriting procedure that replaces @var{openssl} +with @var{libressl}. Then we use it to define a @dfn{variant} of the +@var{git} package that uses @var{libressl} instead of @var{openssl}. +This is exactly what the @option{--with-input} command-line option does +(@pxref{Package Transformation Options, @option{--with-input}}). + +The following variant of @code{package-input-rewriting} can match packages to +be replaced by name rather than by identity. + +@deffn {Scheme Procedure} package-input-rewriting/spec @var{replacements} [#:deep? #t] +Return a procedure that, given a package, applies the given +@var{replacements} to all the package graph, including implicit inputs +unless @var{deep?} is false. @var{replacements} is a list of +spec/procedures pair; each spec is a package specification such as +@code{"gcc"} or @code{"guile@@2"}, and each procedure takes a matching +package and returns a replacement for that package. +@end deffn + +The example above could be rewritten this way: + +@lisp +(define libressl-instead-of-openssl + ;; Replace all the packages called "openssl" with LibreSSL. + (package-input-rewriting/spec `(("openssl" . ,(const libressl))))) +@end lisp + +The key difference here is that, this time, packages are matched by spec and +not by identity. In other words, any package in the graph that is called +@code{openssl} will be replaced. + +A more generic procedure to rewrite a package dependency graph is +@code{package-mapping}: it supports arbitrary changes to nodes in the +graph. + +@deffn {Scheme Procedure} package-mapping @var{proc} [@var{cut?}] [#:deep? #f] +Return a procedure that, given a package, applies @var{proc} to all the packages +depended on and returns the resulting package. The procedure stops recursion +when @var{cut?} returns true for a given package. When @var{deep?} is true, @var{proc} is +applied to implicit inputs as well. +@end deffn + + @node Build Systems @section Build Systems @@ -10155,6 +10285,11 @@ that does not respect a @code{#:tests? #f} setting. Therefore, @end table +Wondering how to achieve the same effect using Scheme code, for example +in your manifest, or how to write your own package transformation? +@xref{Defining Package Variants}, for an overview of the programming +interfaces available. + @node Additional Build Options @subsection Additional Build Options -- cgit 1.4.1 From a57b0c9edafbbb9094f5987009947ff63bdb9e0c Mon Sep 17 00:00:00 2001 From: Miguel Ángel Arruga Vivas Date: Sun, 1 Nov 2020 01:38:10 +0100 Subject: doc: Add missing period at the end of the sentence. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index d74f59f148..69e7d5f85c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -261,7 +261,7 @@ Programming Interface * Derivations:: Low-level interface to package derivations. * The Store Monad:: Purely functional interface to the store. * G-Expressions:: Manipulating build expressions. -* Invoking guix repl:: Programming Guix in Guile +* Invoking guix repl:: Programming Guix in Guile. Defining Packages -- cgit 1.4.1 From 34f7c5b61afdc9573437f24ffb25deb3166a955e Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sun, 1 Nov 2020 16:56:13 +0100 Subject: doc: Fix typo. * doc/guix.texi (Sound Services): Fix typo. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 69e7d5f85c..8d66375c74 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18743,7 +18743,7 @@ via @code{pulseaudio-configuration}, see below. @quotation Warning This service overrides per-user configuration files. If you want -PulseAudio to honor configuraton files in @file{~/.config/pulse} you +PulseAudio to honor configuration files in @file{~/.config/pulse} you have to unset the environment variables @env{PULSE_CONFIG} and @env{PULSE_CLIENTCONFIG} in your @file{~/.bash_profile}. @end quotation -- cgit 1.4.1 From 2d05f1fc39862ba5793e845d4119473556ac23d4 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sun, 1 Nov 2020 19:49:02 +0100 Subject: doc: Fix typo. * doc/guix.texi (DNS Services): Fix typo. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 8d66375c74..524c6dfece 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -24433,7 +24433,7 @@ The list of knot-zone-configuration used by this configuration. @subsubheading Knot Resolver Service @deffn {Scheme Variable} knot-resolver-service-type -This this the type of the knot resolver service, whose value should be +This is the type of the knot resolver service, whose value should be an @code{knot-resolver-configuration} object as in this example: @lisp -- cgit 1.4.1 From 794928a9062529cb75c019454d7bd31b8cf83cb7 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Mon, 2 Nov 2020 11:01:41 -0500 Subject: doc: Complete sentence in earlyoom-configuration doc. * doc/guix.texi (Linux Services): Complete sentence in earlyoom-configuration doc. Reported-by: Julien Lepiller --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 524c6dfece..c94499d658 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -29262,7 +29262,7 @@ disabled by default. @item @code{ignore-positive-oom-score-adj?} (default: @code{#f}) A boolean indicating whether the positive adjustments set in -@file{/proc/*/oom_score_adj}. +@file{/proc/*/oom_score_adj} should be ignored. @item @code{show-debug-messages?} (default: @code{#f}) A boolean indicating whether debug messages should be printed. The logs -- cgit 1.4.1 From 1077d54f6e0e13383b64bfe9176ccf5f6e5e1ad6 Mon Sep 17 00:00:00 2001 From: Miguel Ángel Arruga Vivas Date: Mon, 2 Nov 2020 20:24:08 +0100 Subject: doc: Fix typo. * doc/guix.texi (Invoking guix publish): The unit suffixes the numeric value. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index c94499d658..3255ebac2e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12272,7 +12272,7 @@ item in the store, may be deleted. @item --cache-bypass-threshold=@var{size} When used in conjunction with @option{--cache}, store items smaller than @var{size} are immediately available, even when they are not yet in -cache. @var{size} is a size in bytes, or it can be prefixed by @code{M} +cache. @var{size} is a size in bytes, or it can be suffixed by @code{M} for megabytes and so on. The default is @code{10M}. ``Cache bypass'' allows you to reduce the publication delay for clients -- cgit 1.4.1 From dbf572e0077fba3a67c404d830da38861dda4587 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 3 Nov 2020 10:40:25 +0100 Subject: doc: Use '@lisp' for 'options->transformation' example. * doc/guix.texi (Defining Package Variants): Use @lisp for 'options->transformation' example. --- doc/guix.texi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 3255ebac2e..a20e54f8ae 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6919,10 +6919,10 @@ Return a procedure that, when passed an object to build (package, derivation, etc.), applies the transformations specified by @var{opts} and returns the resulting objects. @var{opts} must be a list of symbol/string pairs such as: -@example +@lisp ((with-branch . "guile-gcrypt=master") (without-tests . "libgcrypt")) -@end example +@end lisp Each symbol names a transformation and the corresponding string is an argument to that transformation. -- cgit 1.4.1 From 1566cb05cd2c58e4bd8c6337169b0560025512d8 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 3 Nov 2020 11:01:37 +0100 Subject: doc: Illustrate procedures that return packages. * doc/guix.texi (Defining Package Variants): Illustrate procedures that return packages. --- doc/guix.texi | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index a20e54f8ae..b7f1bc1f00 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6908,11 +6908,44 @@ The @code{alist-delete} call above removes the tuple from the (@pxref{SRFI-1 Association Lists,,, guile, GNU Guile Reference Manual}). +In some cases, you may find it useful to write functions +(``procedures'', in Scheme parlance) that return a package based on some +parameters. For example, consider the @code{luasocket} library for the +Lua programming language. We want to create @code{luasocket} packages +for major versions of Lua. One way to do that is to define a procedure +that takes a Lua package and returns a @code{luasocket} package that +depends on it: + +@lisp +(define (make-lua-socket name lua) + ;; Return a luasocket package built with LUA. + (package + (name name) + (version "3.0") + ;; several fields omitted + (inputs + `(("lua" ,lua))) + (synopsis "Socket library for Lua"))) + +(define-public lua5.1-socket + (make-lua-socket "lua5.1-socket" lua-5.1)) + +(define-public lua5.2-socket + (make-lua-socket "lua5.2-socket" lua-5.2)) +@end lisp + +Here we have defined packages @code{lua5.1-socket} and +@code{lua5.2-socket} by calling @code{make-lua-socket} with different +arguments. @xref{Procedures,,, guile, GNU Guile Reference Manual}, for +more info on procedures. Having top-level public definitions for these +two packages means that they can be referred to from the command line +(@pxref{Package Modules}). + @cindex package transformations These are pretty simple package variants. As a convenience, the @code{(guix transformations)} module provides a high-level interface -that directly maps to package transformation options (@pxref{Package -Transformation Options}): +that directly maps to the more sophisticated package transformation +options (@pxref{Package Transformation Options}): @deffn {Scheme Procedure} options->transformation @var{opts} Return a procedure that, when passed an object to build (package, -- cgit 1.4.1 From fe1cd098d2b83737e96f19438612291f5a9316e4 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: services: Add yggdrasil-service-type. * gnu/services/networking.scm (yggdrasil-configuration) (yggdrasil-configuration?, yggdrasil-configuration-package) (yggdrasil-configuration-auto-conf, yggdrasil-configuration-log-level) (yggdrasil-configuration-log-to): New procedures. (yggdrasil-service-type): New variable. * doc/guix.texi: Document it. * gnu/system/examples/yggdrasil.tmpl: Provide example. Signed-off-by: Julien Lepiller --- doc/guix.texi | 96 ++++++++++++++++++++++++++++++ gnu/services/networking.scm | 117 ++++++++++++++++++++++++++++++++++++- gnu/system/examples/yggdrasil.tmpl | 60 +++++++++++++++++++ 3 files changed, 272 insertions(+), 1 deletion(-) create mode 100644 gnu/system/examples/yggdrasil.tmpl (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index b7f1bc1f00..217ed7a8a8 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -82,6 +82,7 @@ Copyright @copyright{} 2020 Pierre Langlois@* Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 André Batista@* Copyright @copyright{} 2020 Alexandru-Sergiu Marton@* +Copyright @copyright{} 2020 raingloom@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -16848,6 +16849,101 @@ Use this to add additional options and manage shared secrets out-of-band. @end table @end deftp +@defvr {Scheme Variable} yggdrasil-service-type +The service type for connecting to the @uref{https://yggdrasil-network.github.io/, +Yggdrasil network}, an early-stage implementation of a fully end-to-end +encrypted IPv6 network. + +@quotation +Yggdrasil provides name-independent routing with cryptographically generated +addresses. Static addressing means you can keep the same address as long as +you want, even if you move to a new location, or generate a new address (by +generating new keys) whenever you want. +@uref{https://yggdrasil-network.github.io/2018/07/28/addressing.html} +@end quotation + +Pass it a value of @code{yggdrasil-configuration} to connect it to public +peers and/or local peers. + +Here is an example using public peers and a static address. The static +signing and encryption keys are defined in @file{/etc/yggdrasil-private.conf} +(the default value for @code{config-file}). + +@lisp +;; part of the operating-system declaration +(service yggdrasil-service-type + (yggdrasil-configuration + (autoconf? #f) ;; use only the public peers + (json-config + ;; choose one from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + ;; /etc/yggdrasil-private.conf is the default value for config-file + )) +@end lisp +@example +# sample content for /etc/yggdrasil-private.conf +@{ + # Your public encryption key. Your peers may ask you for this to put + # into their AllowedEncryptionPublicKeys configuration. + EncryptionPublicKey: 378dc5... + + # Your private encryption key. DO NOT share this with anyone! + EncryptionPrivateKey: 0777... + + # Your public signing key. You should not ordinarily need to share + # this with anyone. + SigningPublicKey: e1664... + + # Your private signing key. DO NOT share this with anyone! + SigningPrivateKey: 0589d... +@} +@end example +@end defvr + +@deftp {Data Type} yggdrasil-configuration +Data type representing the configuration of Yggdrasil. + +@table @asis +@item @code{package} (default: @code{yggdrasil}) +Package object of Yggdrasil. + +@item @code{json-config} (default: @code{'()}) +Contents of @file{/etc/yggdrasil.conf}. Will be merged with +@file{/etc/yggdrasil-private.conf}. Note that these settings are stored in +the Guix store, which is readable to all users. @strong{Do not store your +private keys in it}. See the output of @code{yggdrasil -genconf} for a +quick overview of valid keys and their default values. + +@item @code{autoconf?} (default: @code{#f}) +Whether to use automatic mode. Enabling it makes Yggdrasil use adynamic IP +and peer with IPv6 neighbors. + +@item @code{log-level} (default: @code{'info}) +How much detail to include in logs. Use @code{'debug} for more detail. + +@item @code{log-to} (default: @code{'stdout}) +Where to send logs. By default, the service logs standard output to +@file{/var/log/yggdrasil.log}. The alternative is @code{'syslog}, which +sends output to the running syslog service. + +@item @code{config-file} (default: @code{"/etc/yggdrasil-private.conf"}) +What HJSON file to load sensitive data from. This is where private keys +should be stored, which are necessary to specify if you don't want a +randomized address after each restart. Use @code{#f} to disable. Options +defined in this file take precedence over @code{json-config}. Use the output +of @code{yggdrasil -genconf} as a starting point. To configure a static +address, delete everything except these options: + +@itemize +@item @code{EncryptionPublicKey} +@item @code{EncryptionPrivateKey} +@item @code{SigningPublicKey} +@item @code{SigningPrivateKey} +@end itemize +@end table +@end deftp + @node Unattended Upgrades @subsection Unattended Upgrades diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 64f54e787f..9ec0f6a9ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,17 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-autoconf? + yggdrasil-configuration-config-file + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to + yggdrasil-configuration-json-config + yggdrasil-configuration-package)) ;;; Commentary: ;;; @@ -1750,4 +1762,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) + +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log" + #:group "yggdrasil")) + (stop #~(make-kill-destructor))))) + +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package)))))) + ;;; networking.scm ends here diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl new file mode 100644 index 0000000000..be80bf4de9 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,60 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin curl networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + ;; adding her to the yggdrasil group means she can use + ;; yggdrasilctl to modify the configuration + (supplementary-groups '("wheel" "yggdrasil"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen curl %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + ;; If you add an /etc/yggdrasil-private.conf, you can log in to ssh + ;; using your Yggdrasil IPv6 address from another machine running Yggdrasil. + ;; Alternatively, the client can sit behind a router that has Yggdrasil. + ;; That file is specifically _not_ handled by Guix, because we don't want its + ;; contents to sit in the world-readable /gnu/store. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose a few from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + (config-file #f))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) -- cgit 1.4.1 From 83dee0e5b29dee75cffd5aa2a7748697eb73b036 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 6 Nov 2020 13:17:00 +0100 Subject: doc: Fix Zabbix ‘db-secret-file’ documentation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc/guix.texi (Monitoring Services): Clarify ‘db-secret-file’'s (lack of) structure and gexp support. --- doc/guix.texi | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 217ed7a8a8..35bf5177e6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -22168,9 +22168,10 @@ Defaults to @samp{""}. @end deftypevr @deftypevr {@code{zabbix-front-end-configuration} parameter} string db-secret-file -Secret file which will be appended to @file{zabbix.conf.php} file. This -file contains credentials for use by Zabbix front-end. You are expected -to create it manually. +Secret file containing the credentials for the Zabbix front-end. The value +must be a local file name, not a G-expression. You are expected to create +this file manually. Its contents will be copied into @file{zabbix.conf.php} +as the value of @code{$DB['PASSWORD']}. Defaults to @samp{""}. -- cgit 1.4.1 From e3ae31347882b25e1513e4475616fb6e4497e280 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 1 Nov 2020 11:16:08 -0500 Subject: gnu: mingetty-shepherd-service: Make 'clear-on-logout' configurable. Also change the default configuration to clear on logout, which is the upstream default. * gnu/services/base.scm (): Add 'clear-on-logout?' field. (mingetty-shepherd-service): Pass the "--noclear" option to mingetty only if 'clear-on-logout?' is #false. * doc/guix.texi (Base Services): Document the 'clear-on-logout?' field. --- doc/guix.texi | 3 +++ gnu/services/base.scm | 28 ++++++++++++++++------------ 2 files changed, 19 insertions(+), 12 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 35bf5177e6..eb0f47a6af 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14528,6 +14528,9 @@ the name of the log-in program. When set to @code{#t} in conjunction with @var{auto-login}, the user will have to press a key before the log-in shell is launched. +@item @code{clear-on-logout?} (default: @code{#t}) +When set to @code{#t}, the screen will be cleared after logout. + @item @code{mingetty} (default: @var{mingetty}) The Mingetty package to use. diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 499e50bfd7..416bc02a96 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2015, 2016 Alex Kost -;;; Copyright © 2015, 2016 Mark H Weaver +;;; Copyright © 2015, 2016, 2020 Mark H Weaver ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2016, 2017 Leo Famulari ;;; Copyright © 2016 David Craven @@ -1024,20 +1024,22 @@ the tty to run, among other things." (define-record-type* mingetty-configuration make-mingetty-configuration mingetty-configuration? - (mingetty mingetty-configuration-mingetty ; - (default mingetty)) - (tty mingetty-configuration-tty) ;string - (auto-login mingetty-auto-login ;string | #f - (default #f)) - (login-program mingetty-login-program ;gexp - (default #f)) - (login-pause? mingetty-login-pause? ;Boolean - (default #f))) + (mingetty mingetty-configuration-mingetty ; + (default mingetty)) + (tty mingetty-configuration-tty) ;string + (auto-login mingetty-auto-login ;string | #f + (default #f)) + (login-program mingetty-login-program ;gexp + (default #f)) + (login-pause? mingetty-login-pause? ;Boolean + (default #f)) + (clear-on-logout? mingetty-clear-on-logout? ;Boolean + (default #t))) (define mingetty-shepherd-service (match-lambda (($ mingetty tty auto-login login-program - login-pause?) + login-pause? clear-on-logout?) (list (shepherd-service (documentation "Run mingetty on an tty.") @@ -1050,7 +1052,6 @@ the tty to run, among other things." (start #~(make-forkexec-constructor (list #$(file-append mingetty "/sbin/mingetty") - "--noclear" ;; Avoiding 'vhangup' allows us to avoid 'setfont' ;; errors down the path where various ioctls get @@ -1058,6 +1059,9 @@ the tty to run, among other things." ;; in Linux. "--nohangup" #$tty + #$@(if clear-on-logout? + #~() + #~("--noclear")) #$@(if auto-login #~("--autologin" #$auto-login) #~()) -- cgit 1.4.1 From 3de898b43c1388a9244bdedd2d9f11511c9571d2 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Mon, 9 Nov 2020 13:14:31 -0500 Subject: maint: update-guix-package: Optionally add sources to store. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Following discussions in , keeping a copy of the updated package source is desirable when generating a release. * build-aux/update-guix-package.scm (version-controlled?): Remove variable. (call-with-temporary-git-worktree): Renamed from 'with-temporary-git-worktree'. Update doc. Do not change directory implicitly. Define as a procedure, not a syntax. (keep-source-in-store): New procedure. (main): Adjust to use with call-with-temporary-git-worktree. Add the sources to the store when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. Exit gracefully when FIND-ORIGIN-REMOTE returns #f. (%savannah-guix-git-repo-push-url-regexp): Adjust match for a potential colon separator. * Makefile.am (GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT): Adjust. * .dir-locals.el (scheme-mode): Remove entry for with-temporary-git-worktree. * doc/contributing.texi (Updating the Guix Package): Update doc. Co-authored-by: Ludovic Courtès --- .dir-locals.el | 1 - Makefile.am | 14 ++++---- build-aux/update-guix-package.scm | 73 ++++++++++++++++++++++++++++----------- doc/contributing.texi | 11 ++---- 4 files changed, 63 insertions(+), 36 deletions(-) (limited to 'doc') diff --git a/.dir-locals.el b/.dir-locals.el index 8e5d3902e3..b1cb936a55 100644 --- a/.dir-locals.el +++ b/.dir-locals.el @@ -123,7 +123,6 @@ (eval . (put 'call-with-progress-reporter 'scheme-indent-function 1)) (eval . (put 'with-repository 'scheme-indent-function 2)) (eval . (put 'with-temporary-git-repository 'scheme-indent-function 2)) - (eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2)) (eval . (put 'with-environment-variables 'scheme-indent-function 1)) (eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1)) diff --git a/Makefile.am b/Makefile.am index e7053ee4f4..6faf8c9349 100644 --- a/Makefile.am +++ b/Makefile.am @@ -826,9 +826,10 @@ release: dist-with-updated-version $(MKDIR_P) "$(releasedir)" rm -f "$(releasedir)"/* mv $(SOURCE_TARBALLS) "$(releasedir)" - $(top_builddir)/pre-inst-env "$(GUILE)" \ - $(top_srcdir)/build-aux/update-guix-package.scm \ - "`git rev-parse HEAD`" "$(PACKAGE_VERSION)" + GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \ + $(top_builddir)/pre-inst-env "$(GUILE)" \ + $(top_srcdir)/build-aux/update-guix-package.scm \ + "`git rev-parse HEAD`" "$(PACKAGE_VERSION)" git add $(top_srcdir)/gnu/packages/package-management.scm git commit -m "gnu: guix: Update to $(PACKAGE_VERSION)." $(top_builddir)/pre-inst-env guix build $(GUIX_FOR_BINARY_TARBALL) \ @@ -840,9 +841,10 @@ release: dist-with-updated-version mv "guix-binary.$$system.tar.xz" \ "$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \ done - $(top_builddir)/pre-inst-env "$(GUILE)" \ - $(top_srcdir)/build-aux/update-guix-package.scm \ - "`git rev-parse HEAD`" + GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \ + $(top_builddir)/pre-inst-env "$(GUILE)" \ + $(top_srcdir)/build-aux/update-guix-package.scm \ + "`git rev-parse HEAD`" git add $(top_srcdir)/gnu/packages/package-management.scm git commit -m "gnu: guix: Update to `git rev-parse HEAD | cut -c1-7`." $(top_builddir)/pre-inst-env guix build guix \ diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm index ff6b105468..9fe6c201cc 100644 --- a/build-aux/update-guix-package.scm +++ b/build-aux/update-guix-package.scm @@ -44,9 +44,6 @@ (define %top-srcdir (string-append (current-source-directory) "/..")) -(define version-controlled? - (git-predicate %top-srcdir)) - (define (package-definition-location) "Return the source properties of the definition of the 'guix' package." (call-with-input-file (location-file (package-location guix)) @@ -114,8 +111,9 @@ COMMIT." "Create a new git worktree at DIRECTORY, detached on commit COMMIT." (invoke "git" "worktree" "add" "--detach" directory commit)) -(define-syntax-rule (with-temporary-git-worktree commit body ...) - "Execute BODY in the context of a temporary git worktree created from COMMIT." +(define (call-with-temporary-git-worktree commit proc) + "Execute PROC in the context of a temporary git worktree created from +COMMIT. PROC receives the temporary directory file name as an argument." (call-with-temporary-directory (lambda (tmp-directory) (dynamic-wind @@ -123,12 +121,12 @@ COMMIT." #t) (lambda () (git-add-worktree tmp-directory commit) - (with-directory-excursion tmp-directory body ...)) + (proc tmp-directory)) (lambda () (invoke "git" "worktree" "remove" "--force" tmp-directory)))))) (define %savannah-guix-git-repo-push-url-regexp - "git.(savannah|sv).gnu.org/srv/git/guix.git \\(push\\)") + "git.(savannah|sv).gnu.org:?/srv/git/guix.git \\(push\\)") (define-syntax-rule (with-input-pipe-to-string prog arg ...) (let* ((input-pipe (open-pipe* OPEN_READ prog arg ...)) @@ -156,27 +154,60 @@ COMMIT." "git" "branch" "-r" "--contains" commit (string-append remote "/master"))))) +(define (keep-source-in-store store source) + "Add SOURCE to the store under the name that the 'guix' package expects." + + ;; Add SOURCE to the store, but this time under the real name used in the + ;; 'origin'. This allows us to build the package without having to make a + ;; real checkout; thus, it also works when working on a private branch. + (reload-module + (resolve-module '(gnu packages package-management))) + + (let* ((source (add-to-store store + (origin-file-name (package-source guix)) + #t "sha256" source + #:select? (git-predicate source))) + (root (store-path-package-name source))) + + ;; Add an indirect GC root for SOURCE in the current directory. + (false-if-exception (delete-file root)) + (symlink source root) + (add-indirect-root store + (string-append (getcwd) "/" root)) + + (info (G_ "source code kept in ~a (GC root: ~a)~%") + source root))) + (define (main . args) (match args ((commit version) (with-directory-excursion %top-srcdir (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") - (commit-already-pushed? (find-origin-remote) commit) + (let ((remote (find-origin-remote))) + (unless remote + (leave (G_ "Failed to find the origin git remote.~%"))) + (commit-already-pushed? remote commit)) (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit)) - (let* ((hash (with-temporary-git-worktree commit - (nix-base32-string->bytevector - (string-trim-both - (with-output-to-string - (lambda () - (guix-hash "-rx" "."))))))) - (location (package-definition-location)) - (old-hash (content-hash-value - (origin-hash (package-source guix))))) - (edit-expression location - (update-definition commit hash - #:old-hash old-hash - #:version version))))) + (call-with-temporary-git-worktree commit + (lambda (tmp-directory) + (let* ((hash (nix-base32-string->bytevector + (string-trim-both + (with-output-to-string + (lambda () + (guix-hash "-rx" tmp-directory)))))) + (location (package-definition-location)) + (old-hash (content-hash-value + (origin-hash (package-source guix))))) + (edit-expression location + (update-definition commit hash + #:old-hash old-hash + #:version version)) + ;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are + ;; added to the store. This is used as part of 'make release'. + (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") + (with-store store + (keep-source-in-store store tmp-directory)))))))) ((commit) ;; Automatically deduce the version and revision numbers. (main commit #f)))) diff --git a/doc/contributing.texi b/doc/contributing.texi index d3f6325c3f..d8de71055a 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1368,11 +1368,6 @@ commit that others can't refer to, a check is made that the commit used has already been pushed to the Savannah-hosted Guix git repository. This check can be disabled, @emph{at your own peril}, by setting the -@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. - -To build the resulting 'guix' package when using a private commit, the -following command can be used: - -@example -./pre-inst-env guix build guix --with-git-url=guix=$PWD -@end example +@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. When +this variable is set, the updated package source is also added to the +store. This is used as part of the release process of Guix. -- cgit 1.4.1 From e365f8b26c01d295e68dd0352a63cf274403f4fd Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 14 Nov 2020 09:51:17 +0000 Subject: doc: Fix Guix Build Coordinator agent configuration defaults. * doc/guix.texi (Guix Build Coordinator): Fix some guix-build-coordinator-agent-configuration defaults. --- doc/guix.texi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index eb0f47a6af..bbc9523bde 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -29226,18 +29226,18 @@ the password from can also be specified, and this is more secure. A file containing the password to use when connecting to the coordinator. -@item @code{systems} (default: @var{#f}) +@item @code{systems} (default: @code{#f}) The systems for which this agent should fetch builds. The agent process will use the current system it's running on as the default. @item @code{max-parallel-builds} (default: @code{1}) The number of builds to perform in parallel. -@item @code{derivation-substitute-urls} (default: @code{1}) +@item @code{derivation-substitute-urls} (default: @code{#f}) URLs from which to attempt to fetch substitutes for derivations, if the derivations aren't already available. -@item @code{non-derivation-substitute-urls} (default: @code{1}) +@item @code{non-derivation-substitute-urls} (default: @code{#f}) URLs from which to attempt to fetch substitutes for build inputs, if the input store items aren't already available. -- cgit 1.4.1 From 289b20ef62ce1d23befcf2593b191e2a686c7b6c Mon Sep 17 00:00:00 2001 From: Holger Peters Date: Sun, 1 Nov 2020 10:50:25 +0100 Subject: doc: Document hg-fetch. * doc/guix.texi (origin Reference): Add documentation for hg-fetch. Signed-off-by: Christopher Baines --- doc/guix.texi | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index bbc9523bde..8440ffffc7 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6835,6 +6835,18 @@ commit: @end lisp @end deftp +For Mercurial repositories, the module @code{(guix hg-download)} defines +the @code{hg-fetch} origin method and @code{hg-reference} data type for +support of the Mercurial version control system. + +@deffn {Scheme Procedure} hg-fetch @var{ref} @var{hash-algo} @var{hash} @ + [name] +Return a fixed-output derivation that fetches @var{ref}, a +@code{} object. The output is expected to have recursive +hash @var{hash} of type @var{hash-algo} (a symbol). Use @var{name} as +the file name, or a generic name if @code{#false}. +@end deffn + @node Defining Package Variants @section Defining Package Variants -- cgit 1.4.1 From 16144199c3689def649ec65a45766a7d5862e868 Mon Sep 17 00:00:00 2001 From: Matthew Kraai Date: Sat, 14 Nov 2020 04:44:05 -0800 Subject: doc: Remove superfluous comma. * doc/guix.texi (Managing Software the Guix Way): Remove comma. Signed-off-by: Leo Famulari --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 8440ffffc7..2864c65e00 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -405,7 +405,7 @@ using a different distro underneath!}. @xref{GNU Distribution}. @cindex user interfaces Guix provides a command-line package management interface (@pxref{Package Management}), tools to help with software development -(@pxref{Development}), command-line utilities for more advanced usage, +(@pxref{Development}), command-line utilities for more advanced usage (@pxref{Utilities}), as well as Scheme programming interfaces (@pxref{Programming Interface}). @cindex build daemon -- cgit 1.4.1 From 0fd87768e47f9e429d8c0ec9ac4e7928832ff33b Mon Sep 17 00:00:00 2001 From: Daniel Brooks Date: Sat, 14 Nov 2020 08:04:30 -0800 Subject: doc: Add a note about SELinux relabeling after upgrades to guix-daemon. * doc/guix.texi (SELinux Support): Add note about upgrades. Signed-off-by: Marius Bakke --- doc/guix.texi | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 2864c65e00..2f3a474866 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -83,6 +83,7 @@ Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 André Batista@* Copyright @copyright{} 2020 Alexandru-Sergiu Marton@* Copyright @copyright{} 2020 raingloom@* +Copyright @copyright{} 2020 Daniel Brooks@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1398,6 +1399,11 @@ install and run it, which lifts it into the @code{guix_daemon_t} domain. At that point SELinux could not prevent it from accessing files that are allowed for processes in that domain. +You will need to relabel the store directory after all upgrades to +@file{guix-daemon}, such as after running @code{guix pull}. Assuming the +store is in @file{/gnu}, you can do this with @code{restorecon -vR /gnu}, +or by other means provided by your operating system. + We could generate a much more restrictive policy at installation time, so that only the @emph{exact} file name of the currently installed @code{guix-daemon} executable would be labelled with -- cgit 1.4.1 From ac96f2c8369c13dd7d27878ad9426fcda140ef3a Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 11 Nov 2020 22:43:14 -0500 Subject: doc: Detail which bootloader get used with disk-image or vm-image. * doc/guix.texi (Invoking guix system): Extend doc. --- doc/guix.texi | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 2f3a474866..104e771562 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -31027,11 +31027,25 @@ a value. Docker images are built to contain exactly what they need, so the @option{--image-size} option is ignored in the case of @code{docker-image}. +@cindex disk-image, creating disk images The @code{disk-image} command can produce various image types. The image type can be selected using the @command{--image-type} option. It -defaults to @code{raw}. When its value is @code{iso9660}, the +defaults to @code{raw}. When its value is @code{iso9660}, the @option{--label} option can be used to specify a volume ID with -@code{disk-image}. +@code{disk-image}. When using @code{disk-image}, the bootloader +installed on the generated image is taken from the provided +@code{operating-system} definition. The following example demonstrates +how to generate an image that uses the @code{grub-efi-bootloader} +bootloader and boot it with QEMU: + +@example +image=$(guix system disk-image --image-type=qcow2 \ + gnu/system/examples/lightweight-desktop.tmpl) +cp $image /tmp/my-image.qcow2 +chmod +w /tmp/my-image.qcow2 +qemu-system-x86_64 -enable-kvm -hda /tmp/my-image.qcow2 -m 1000 + -bios $(guix build ovmf)/share/firmware/ovmf_x64.bin +@end example When using the @code{raw} image type, a raw disk image is produced; it can be copied as is to a USB stick, for instance. Assuming @@ -31045,10 +31059,17 @@ the image to it using the following command: The @code{--list-image-types} command lists all the available image types. +@cindex vm-image, creating virtual machine images When using @code{vm-image}, the returned image is in qcow2 format, which -the QEMU emulator can efficiently use. @xref{Running Guix in a VM}, -for more information on how to run the image in a virtual machine. - +the QEMU emulator can efficiently use. @xref{Running Guix in a VM}, for +more information on how to run the image in a virtual machine. The +@code{grub-bootloader} bootloader is always used independently of what +is declared in the @code{operating-system} file passed as argument. +This is to make it easier to work with QEMU, which uses the SeaBIOS BIOS +by default, expecting a bootloader to be installed in the Master Boot +Record (MBR). + +@cindex docker-image, creating docker images When using @code{docker-image}, a Docker image is produced. Guix builds the image from scratch, not from a pre-existing Docker base image. As a result, it contains @emph{exactly} what you define in the operating -- cgit 1.4.1 From 41f27bf8702838f19b1dc5ffee8eec1d4315d4e6 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 11 Nov 2020 23:48:12 -0500 Subject: guix: system: Make disk-image root file system non-volatile by default. And add a new '--volatile' option to have it volatile otherwise. * guix/scripts/system.scm (%options)[volatile-root?]: New boolean option. (%default-options): Set its default value to #f. (show-help): Add help doc. * guix/scripts/system.scm (perform-action): Propagate option... (system-derivation-for-action): ...here. Use it to set the volatile-root? field of the image object passed to SYSTEM-IMAGE. * doc/guix.texi (Invoking guix system): Document it. --- doc/guix.texi | 6 ++++-- guix/scripts/system.scm | 21 +++++++++++++++++---- 2 files changed, 21 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 104e771562..cca57140d6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -31029,10 +31029,12 @@ the @option{--image-size} option is ignored in the case of @cindex disk-image, creating disk images The @code{disk-image} command can produce various image types. The -image type can be selected using the @command{--image-type} option. It +image type can be selected using the @option{--image-type} option. It defaults to @code{raw}. When its value is @code{iso9660}, the @option{--label} option can be used to specify a volume ID with -@code{disk-image}. When using @code{disk-image}, the bootloader +@code{disk-image}. By default, the root file system of a disk image is +mounted non-volatile; the @option{--volatile} option can be provided to +make it volatile instead. When using @code{disk-image}, the bootloader installed on the generated image is taken from the provided @code{operating-system} definition. The following example demonstrates how to generate an image that uses the @code{grub-efi-bootloader} diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index ad998156c2..db80e0be8f 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -674,7 +674,8 @@ checking this by themselves in their 'check' procedure." (define* (system-derivation-for-action os action #:key image-size image-type full-boot? container-shared-network? - mappings label) + mappings label + volatile-root?) "Return as a monadic value the derivation for OS according to ACTION." (mlet %store-monad ((target (current-target-system))) (case action @@ -706,7 +707,8 @@ checking this by themselves in their 'check' procedure." base-image)) (target (or base-target target)) (size image-size) - (operating-system os)))))) + (operating-system os) + (volatile-root? volatile-root?)))))) ((docker-image) (system-docker-image os #:shared-network? container-shared-network?))))) @@ -761,6 +763,7 @@ and TARGET arguments." dry-run? derivations-only? use-substitutes? bootloader-target target image-size image-type + volatile-root? full-boot? label container-shared-network? (mappings '()) (gc-root #f)) @@ -768,7 +771,8 @@ and TARGET arguments." bootloader; BOOTLOADER-TAGET is the target for the bootloader; TARGET is the target root directory; IMAGE-SIZE is the size of the image to be built, for the 'vm-image' and 'disk-image' actions. IMAGE-TYPE is the type of image to -be built. +be built. When VOLATILE-ROOT? is #t, the root file system is mounted +volatile. FULL-BOOT? is used for the 'vm' action; it determines whether to boot directly to the kernel or to the bootloader. CONTAINER-SHARED-NETWORK? @@ -816,6 +820,7 @@ static checks." #:label label #:image-type image-type #:image-size image-size + #:volatile-root? volatile-root? #:full-boot? full-boot? #:container-shared-network? container-shared-network? #:mappings mappings)) @@ -974,6 +979,8 @@ Some ACTIONS support additional ARGS.\n")) --image-size=SIZE for 'vm-image', produce an image of SIZE")) (display (G_ " --no-bootloader for 'init', do not install a bootloader")) + (display (G_ " + --volatile for 'disk-image', make the root file system volatile")) (display (G_ " --label=LABEL for 'disk-image', label disk image with LABEL")) (display (G_ " @@ -1048,6 +1055,9 @@ Some ACTIONS support additional ARGS.\n")) (option '("no-bootloader" "no-grub") #f #f (lambda (opt name arg result) (alist-cons 'install-bootloader? #f result))) + (option '("volatile") #f #f + (lambda (opt name arg result) + (alist-cons 'volatile-root? #t result))) (option '("label") #t #f (lambda (opt name arg result) (alist-cons 'label arg result))) @@ -1109,7 +1119,8 @@ Some ACTIONS support additional ARGS.\n")) (image-type . raw) (image-size . guess) (install-bootloader? . #t) - (label . #f))) + (label . #f) + (volatile-root? . #f))) (define (verbosity-level opts) "Return the verbosity level based on OPTS, the alist of parsed options." @@ -1206,6 +1217,8 @@ resulting from command-line parsing." #:image-type (lookup-image-type-by-name (assoc-ref opts 'image-type)) #:image-size (assoc-ref opts 'image-size) + #:volatile-root? + (assoc-ref opts 'volatile-root?) #:full-boot? (assoc-ref opts 'full-boot?) #:container-shared-network? (assoc-ref opts 'container-shared-network?) -- cgit 1.4.1 From 11d37090f9ef9610cd1a0dd75cc69ee06dd033ae Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 17 Nov 2020 21:43:22 -0500 Subject: doc: Add a backslash escape to the disk-image example. * doc/guix.texi (Invoking guix system): Add a backslash escape. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index cca57140d6..a609d64ee0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -31045,7 +31045,7 @@ image=$(guix system disk-image --image-type=qcow2 \ gnu/system/examples/lightweight-desktop.tmpl) cp $image /tmp/my-image.qcow2 chmod +w /tmp/my-image.qcow2 -qemu-system-x86_64 -enable-kvm -hda /tmp/my-image.qcow2 -m 1000 +qemu-system-x86_64 -enable-kvm -hda /tmp/my-image.qcow2 -m 1000 \ -bios $(guix build ovmf)/share/firmware/ovmf_x64.bin @end example -- cgit 1.4.1 From 8490fa0253fa8ee5613a89851273e007494ea79b Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Wed, 18 Nov 2020 09:53:23 +0100 Subject: services: cups: Add some extensions by default. * gnu/services/cups.scm (cups-configuration): Add some extensions by default. doc/guix.texi (Printing Services): Document the default value. --- doc/guix.texi | 2 +- gnu/services/cups.scm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index a609d64ee0..99068fccfa 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17541,7 +17541,7 @@ Available @code{cups-configuration} fields are: The CUPS package. @end deftypevr -@deftypevr {@code{cups-configuration} parameter} package-list extensions +@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list escpr hplip-minimal foomatic-filters)}) Drivers and other extensions to the CUPS package. @end deftypevr diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index 16d6f76c1a..7d2defacaa 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -482,7 +482,7 @@ programs.") (package cups) "The CUPS package.") (extensions - (package-list (list cups-filters)) + (package-list (list cups-filters escpr hplip-minimal foomatic-filters)) "Drivers and other extensions to the CUPS package.") (files-configuration (files-configuration (files-configuration)) -- cgit 1.4.1 From 5221df34149465c5bbc1a76f83cb09f8911279f5 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Wed, 18 Nov 2020 14:57:29 +0100 Subject: gnu: vpn: Make ca, key and cert optional. * gnu/services/vpn.scm (openvpn-client-configuration) (openvpn-server-configuration): Make ca, key an cert fields optional. * doc/guix.texi (VPN Services): Document the change. --- doc/guix.texi | 20 ++++++++++++++------ gnu/services/vpn.scm | 6 +++--- 2 files changed, 17 insertions(+), 9 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 99068fccfa..d021384b73 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -24909,14 +24909,18 @@ Defaults to @samp{tun}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string ca +If you do not have some of these files (eg.@: you use a username and +password), you can disable any of the following three fields by setting +it to @code{'disabled}. + +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string ca The certificate authority to check connections against. Defaults to @samp{"/etc/openvpn/ca.crt"}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string cert +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string cert The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}. @@ -24924,7 +24928,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string key +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string key The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}. @@ -25060,14 +25064,18 @@ Defaults to @samp{tun}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string ca +If you do not have some of these files (eg.@: you use a username and +password), you can disable any of the following three fields by setting +it to @code{'disabled}. + +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string ca The certificate authority to check connections against. Defaults to @samp{"/etc/openvpn/ca.crt"}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string cert +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string cert The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}. @@ -25075,7 +25083,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string key +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string key The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}. diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 658d5c3e88..70f2617c7e 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -273,16 +273,16 @@ servers.") "The device type used to represent the VPN connection.") (ca - (string "/etc/openvpn/ca.crt") + (maybe-string "/etc/openvpn/ca.crt") "The certificate authority to check connections against.") (cert - (string "/etc/openvpn/client.crt") + (maybe-string "/etc/openvpn/client.crt") "The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}.") (key - (string "/etc/openvpn/client.key") + (maybe-string "/etc/openvpn/client.key") "The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}.") -- cgit 1.4.1 From 0b57c1b09efb74f0b30fd74c7c1eb2da1f5957bc Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 19 Nov 2020 00:01:51 +0100 Subject: gnu: Rename escpr to epson-inkjet-printer-escpr. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ‘escpr’ is nice and short, but everyone else calls this package ‘epson-inkjet-printer-escpr’. More importantly, so does upstream. * gnu/packages/cups.scm (escpr, epson-inkjet-printer-escpr,): Rename escpr to epson-inkjet-printer-escpr, redefining escpr as deprecated-package. Adjust all users. --- doc/guix.texi | 11 ++++++----- gnu/packages/cups.scm | 7 +++++-- gnu/services/cups.scm | 3 ++- 3 files changed, 13 insertions(+), 8 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index d021384b73..1f1510f5f5 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17503,16 +17503,17 @@ CUPS service will generate a self-signed certificate if needed, for secure connections to the print server. Suppose you want to enable the Web interface of CUPS and also add -support for Epson printers @i{via} the @code{escpr} package and for HP -printers @i{via} the @code{hplip-minimal} package. You can do that directly, -like this (you need to use the @code{(gnu packages cups)} module): +support for Epson printers @i{via} the @code{epson-inkjet-printer-escpr} +package and for HP printers @i{via} the @code{hplip-minimal} package. +You can do that directly, like this (you need to use the +@code{(gnu packages cups)} module): @lisp (service cups-service-type (cups-configuration (web-interface? #t) (extensions - (list cups-filters escpr hplip-minimal)))) + (list cups-filters epson-inkjet-printer-escpr hplip-minimal)))) @end lisp Note: If you wish to use the Qt5 based GUI which comes with the hplip @@ -17541,7 +17542,7 @@ Available @code{cups-configuration} fields are: The CUPS package. @end deftypevr -@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list escpr hplip-minimal foomatic-filters)}) +@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list epson-inkjet-printer-escpr hplip-minimal foomatic-filters)}) Drivers and other extensions to the CUPS package. @end deftypevr diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index b2d7b952b9..bfe24027fb 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -744,9 +744,9 @@ HP@tie{}LaserJet, and possibly other printers. See @file{README} for details.") (license (list license:expat ; icc2ps/*.[ch] license:gpl2+)))) ; everything else -(define-public escpr +(define-public epson-inkjet-printer-escpr (package - (name "escpr") + (name "epson-inkjet-printer-escpr") (version "1.7.8") ;; XXX: This currently works. But it will break as soon as a newer ;; version is available since the URLs for older versions are not @@ -806,6 +806,9 @@ language.") (home-page "http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX") (license license:gpl2+))) +(define-public escpr + (deprecated-package "escpr" epson-inkjet-printer-escpr)) + (define-public splix ;; Last released in 2009 . ;; Last SVN commit was 2013 . diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index 7d2defacaa..6194fc37ad 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -482,7 +482,8 @@ programs.") (package cups) "The CUPS package.") (extensions - (package-list (list cups-filters escpr hplip-minimal foomatic-filters)) + (package-list (list cups-filters epson-inkjet-printer-escpr + foomatic-filters hplip-minimal)) "Drivers and other extensions to the CUPS package.") (files-configuration (files-configuration (files-configuration)) -- cgit 1.4.1 From 13180f6accf815253107420d264e0c82ad064608 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sat, 21 Nov 2020 15:39:27 +0100 Subject: services: cups: Add Splix by default. * gnu/services/cups.scm (cups-configuration): Add splix to the default extensions. * doc/guix.texi (Printing Services): Document it. --- doc/guix.texi | 2 +- gnu/services/cups.scm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 1f1510f5f5..ea220fbd63 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17542,7 +17542,7 @@ Available @code{cups-configuration} fields are: The CUPS package. @end deftypevr -@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list epson-inkjet-printer-escpr hplip-minimal foomatic-filters)}) +@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list epson-inkjet-printer-escpr hplip-minimal foomatic-filters splix)}) Drivers and other extensions to the CUPS package. @end deftypevr diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index 6194fc37ad..e8957c6859 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -483,7 +483,7 @@ programs.") "The CUPS package.") (extensions (package-list (list cups-filters epson-inkjet-printer-escpr - foomatic-filters hplip-minimal)) + foomatic-filters hplip-minimal splix)) "Drivers and other extensions to the CUPS package.") (files-configuration (files-configuration (files-configuration)) -- cgit 1.4.1 From 984124173bc6a7aba3ac0d54d943742492024119 Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Tue, 24 Nov 2020 07:41:34 +0300 Subject: doc: Fix a typo in WebSSH configuration documentation. * doc/guix.texi (Networking Services): Fix a typo in webssh-configuration. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index ea220fbd63..c5a88b15fa 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16718,7 +16718,7 @@ Connection policy. @var{reject} policy requires to specify @var{known-hosts}. List of hosts which allowed for SSH connection from @command{webssh}. @item @code{log-file} (default: @file{"/var/log/webssh.log"}) -Name of the file where @command{rsync} writes its log file. +Name of the file where @command{webssh} writes its log file. @item @code{log-level} (default: @var{#f}) Logging level. -- cgit 1.4.1 From 788df2ecd62d5c2fc0d94928f45c947e6393e20b Mon Sep 17 00:00:00 2001 From: Mikhail Tsykalov Date: Fri, 6 Nov 2020 12:47:37 +0300 Subject: mapped-devices: Allow target to be list of strings. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/system/mapped-devices.scm (): Rename constructor to %mapped-device. [target]: Remove field. [targets]: New field. Adjust users. (mapped-device-compatibility-helper, mapped-device): New macros. (mapped-device-target): New deprecated procedure. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 3 + gnu/services/base.scm | 3 +- gnu/system.scm | 11 +-- gnu/system/linux-initrd.scm | 10 +-- gnu/system/mapped-devices.scm | 174 +++++++++++++++++++++++++----------------- 5 files changed, 119 insertions(+), 82 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index c5a88b15fa..13fb4b1531 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13780,6 +13780,9 @@ specifying @code{"my-partition"} leads to the creation of the @code{"/dev/mapper/my-partition"} device. For RAID devices of type @code{raid-device-mapping}, the full device name such as @code{"/dev/md0"} needs to be given. +@item targets +This list of strings specifies names of the resulting mapped devices in case +there are several. The format is identical to @var{target}. @item type This must be a @code{mapped-device-kind} object, which specifies how diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 029df5ac16..3fc4d5f885 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -298,7 +298,8 @@ FILE-SYSTEM." (define (mapped-device->shepherd-service-name md) "Return the symbol that denotes the shepherd service of MD, a ." (symbol-append 'device-mapping- - (string->symbol (mapped-device-target md)))) + (string->symbol (string-join + (mapped-device-targets md) "-")))) (define dependency->shepherd-service-name (match-lambda diff --git a/gnu/system.scm b/gnu/system.scm index b257ea0385..fcf3310fa3 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -475,9 +475,9 @@ marked as 'needed-for-boot'." (let ((device (file-system-device fs))) (if (string? device) ;title is 'device (filter (lambda (md) - (string=? (string-append "/dev/mapper/" - (mapped-device-target md)) - device)) + (any (cut string=? device <>) + (map (cut string-append "/dev/mapper" <>) + (mapped-device-targets md)))) (operating-system-mapped-devices os)) '()))) @@ -497,11 +497,12 @@ marked as 'needed-for-boot'." (define (mapped-device-users device file-systems) "Return the subset of FILE-SYSTEMS that use DEVICE." - (let ((target (string-append "/dev/mapper/" (mapped-device-target device)))) + (let ((targets (map (cut string-append "/dev/mapper/" <>) + (mapped-device-targets device)))) (filter (lambda (fs) (or (member device (file-system-dependencies fs)) (and (string? (file-system-device fs)) - (string=? (file-system-device fs) target)))) + (any (cut string=? (file-system-device fs) <>) targets)))) file-systems))) (define (operating-system-user-mapped-devices os) diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm index b8a30c0abc..3e2f1282cc 100644 --- a/gnu/system/linux-initrd.scm +++ b/gnu/system/linux-initrd.scm @@ -195,11 +195,11 @@ upon error." (define device-mapping-commands ;; List of gexps to open the mapped devices. (map (lambda (md) - (let* ((source (mapped-device-source md)) - (target (mapped-device-target md)) - (type (mapped-device-type md)) - (open (mapped-device-kind-open type))) - (open source target))) + (let* ((source (mapped-device-source md)) + (targets (mapped-device-targets md)) + (type (mapped-device-type md)) + (open (mapped-device-kind-open type))) + (open source targets))) mapped-devices)) (define kodir diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index 31c50c4e40..8b5aec983d 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -28,6 +28,7 @@ formatted-message &fix-hint &error-location)) + #:use-module (guix deprecation) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system uuid) @@ -42,10 +43,12 @@ #:use-module (srfi srfi-35) #:use-module (ice-9 match) #:use-module (ice-9 format) - #:export (mapped-device + #:export (%mapped-device + mapped-device mapped-device? mapped-device-source mapped-device-target + mapped-device-targets mapped-device-type mapped-device-location @@ -70,15 +73,36 @@ ;;; ;;; Code: -(define-record-type* mapped-device +(define-record-type* %mapped-device make-mapped-device mapped-device? (source mapped-device-source) ;string | list of strings - (target mapped-device-target) ;string + (targets mapped-device-targets) ;list of strings (type mapped-device-type) ; (location mapped-device-location (default (current-source-location)) (innate))) +(define-syntax mapped-device-compatibility-helper + (syntax-rules (target) + ((_ () (fields ...)) + (%mapped-device fields ...)) + ((_ ((target exp) rest ...) (others ...)) + (%mapped-device others ... + (targets (list exp)) + rest ...)) + ((_ (field rest ...) (others ...)) + (mapped-device-compatibility-helper (rest ...) + (others ... field))))) + +(define-syntax-rule (mapped-device fields ...) + "Build an record, automatically converting 'target' field +specifications to 'targets'." + (mapped-device-compatibility-helper (fields ...) ())) + +(define-deprecated (mapped-device-target md) + mapped-device-targets + (car (mapped-device-targets md))) + (define-record-type* mapped-device-kind make-mapped-device-kind mapped-device-kind? @@ -97,14 +121,14 @@ (shepherd-service-type 'device-mapping (match-lambda - (($ source target + (($ source targets ($ open close)) (shepherd-service - (provision (list (symbol-append 'device-mapping- (string->symbol target)))) + (provision (list (symbol-append 'device-mapping- (string->symbol (string-join targets "-"))))) (requirement '(udev)) (documentation "Map a device node using Linux's device mapper.") - (start #~(lambda () #$(open source target))) - (stop #~(lambda _ (not #$(close source target)))) + (start #~(lambda () #$(open source targets))) + (stop #~(lambda _ (not #$(close source targets)))) (respawn? #f)))))) (define (device-mapping-service mapped-device) @@ -162,48 +186,52 @@ option of @command{guix system}.\n") ;;; Common device mappings. ;;; -(define (open-luks-device source target) +(define (open-luks-device source targets) "Return a gexp that maps SOURCE to TARGET as a LUKS device, using 'cryptsetup'." (with-imported-modules (source-module-closure '((gnu build file-systems))) - #~(let ((source #$(if (uuid? source) - (uuid-bytevector source) - source))) - ;; XXX: 'use-modules' should be at the top level. - (use-modules (rnrs bytevectors) ;bytevector? - ((gnu build file-systems) - #:select (find-partition-by-luks-uuid))) - - ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the - ;; whole world inside the initrd (for when we're in an initrd). - (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") - "open" "--type" "luks" - - ;; Note: We cannot use the "UUID=source" syntax here - ;; because 'cryptsetup' implements it by searching the - ;; udev-populated /dev/disk/by-id directory but udev may - ;; be unavailable at the time we run this. - (if (bytevector? source) - (or (let loop ((tries-left 10)) - (and (positive? tries-left) - (or (find-partition-by-luks-uuid source) - ;; If the underlying partition is - ;; not found, try again after - ;; waiting a second, up to ten - ;; times. FIXME: This should be - ;; dealt with in a more robust way. - (begin (sleep 1) - (loop (- tries-left 1)))))) - (error "LUKS partition not found" source)) - source) - - #$target))))) - -(define (close-luks-device source target) + (match targets + ((target) + #~(let ((source #$(if (uuid? source) + (uuid-bytevector source) + source))) + ;; XXX: 'use-modules' should be at the top level. + (use-modules (rnrs bytevectors) ;bytevector? + ((gnu build file-systems) + #:select (find-partition-by-luks-uuid))) + + ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the + ;; whole world inside the initrd (for when we're in an initrd). + (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") + "open" "--type" "luks" + + ;; Note: We cannot use the "UUID=source" syntax here + ;; because 'cryptsetup' implements it by searching the + ;; udev-populated /dev/disk/by-id directory but udev may + ;; be unavailable at the time we run this. + (if (bytevector? source) + (or (let loop ((tries-left 10)) + (and (positive? tries-left) + (or (find-partition-by-luks-uuid source) + ;; If the underlying partition is + ;; not found, try again after + ;; waiting a second, up to ten + ;; times. FIXME: This should be + ;; dealt with in a more robust way. + (begin (sleep 1) + (loop (- tries-left 1)))))) + (error "LUKS partition not found" source)) + source) + + #$target))))))) + +(define (close-luks-device source targets) "Return a gexp that closes TARGET, a LUKS device." - #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") - "close" #$target))) + (match targets + ((target) + #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") + "close" #$target))))) (define* (check-luks-device md #:key needed-for-boot? @@ -235,36 +263,40 @@ option of @command{guix system}.\n") (close close-luks-device) (check check-luks-device))) -(define (open-raid-device sources target) +(define (open-raid-device sources targets) "Return a gexp that assembles SOURCES (a list of devices) to the RAID device TARGET (e.g., \"/dev/md0\"), using 'mdadm'." - #~(let ((sources '#$sources) - - ;; XXX: We're not at the top level here. We could use a - ;; non-top-level 'use-modules' form but that doesn't work when the - ;; code is eval'd, like the Shepherd does. - (every (@ (srfi srfi-1) every)) - (format (@ (ice-9 format) format))) - (let loop ((attempts 0)) - (unless (every file-exists? sources) - (when (> attempts 20) - (error "RAID devices did not show up; bailing out" - sources)) - - (format #t "waiting for RAID source devices~{ ~a~}...~%" - sources) - (sleep 1) - (loop (+ 1 attempts)))) - - ;; Use 'mdadm-static' rather than 'mdadm' to avoid pulling its whole - ;; closure (80 MiB) in the initrd when a RAID device is needed for boot. - (zero? (apply system* #$(file-append mdadm-static "/sbin/mdadm") - "--assemble" #$target sources)))) - -(define (close-raid-device sources target) + (match targets + ((target) + #~(let ((sources '#$sources) + + ;; XXX: We're not at the top level here. We could use a + ;; non-top-level 'use-modules' form but that doesn't work when the + ;; code is eval'd, like the Shepherd does. + (every (@ (srfi srfi-1) every)) + (format (@ (ice-9 format) format))) + (let loop ((attempts 0)) + (unless (every file-exists? sources) + (when (> attempts 20) + (error "RAID devices did not show up; bailing out" + sources)) + + (format #t "waiting for RAID source devices~{ ~a~}...~%" + sources) + (sleep 1) + (loop (+ 1 attempts)))) + + ;; Use 'mdadm-static' rather than 'mdadm' to avoid pulling its whole + ;; closure (80 MiB) in the initrd when a RAID device is needed for boot. + (zero? (apply system* #$(file-append mdadm-static "/sbin/mdadm") + "--assemble" #$target sources)))))) + +(define (close-raid-device sources targets) "Return a gexp that stops the RAID device TARGET." - #~(zero? (system* #$(file-append mdadm-static "/sbin/mdadm") - "--stop" #$target))) + (match targets + ((target) + #~(zero? (system* #$(file-append mdadm-static "/sbin/mdadm") + "--stop" #$target))))) (define raid-device-mapping ;; The type of RAID mapped devices. -- cgit 1.4.1 From a9a2fdaabcc78e7a54d9a6bcfa4ee3de308e9a90 Mon Sep 17 00:00:00 2001 From: Mikhail Tsykalov Date: Fri, 6 Nov 2020 12:47:38 +0300 Subject: mapped-devices: Add 'lvm-device-mapping'. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/system/mapped-devices.scm (lvm-device-mapping, open-lvm-device, close-lvm-device): New variables. * gnu/tests/install.scm (%lvm-separate-home-os, %lvm-separate-home-os-source, %lvm-separate-home-installation-script, %test-lvm-separate-home-os): New variables. * gnu/system/linux-initrd.scm (raw-initrd): Add (srfi srfi-1) to initrd expression. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 25 ++++++++++++- gnu/system/linux-initrd.scm | 1 + gnu/system/mapped-devices.scm | 25 ++++++++++++- gnu/tests/install.scm | 87 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 134 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 13fb4b1531..22102972a3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13758,7 +13758,6 @@ Guix extends this notion by considering any device or set of devices that are @dfn{transformed} in some way to create a new device; for instance, RAID devices are obtained by @dfn{assembling} several other devices, such as hard disks or partitions, into a new one that behaves as one partition. -Other examples, not yet implemented, are LVM logical volumes. Mapped devices are declared using the @code{mapped-device} form, defined as follows; for examples, see below. @@ -13771,7 +13770,8 @@ the system boots up. @item source This is either a string specifying the name of the block device to be mapped, such as @code{"/dev/sda3"}, or a list of such strings when several devices -need to be assembled for creating a new one. +need to be assembled for creating a new one. In case of LVM this is a +string specifying name of the volume group to be mapped. @item target This string specifies the name of the resulting mapped device. For @@ -13780,6 +13780,9 @@ specifying @code{"my-partition"} leads to the creation of the @code{"/dev/mapper/my-partition"} device. For RAID devices of type @code{raid-device-mapping}, the full device name such as @code{"/dev/md0"} needs to be given. +LVM logical volumes of type @code{lvm-device-mapping} need to +be specified as @code{"VGNAME-LVNAME"}. + @item targets This list of strings specifies names of the resulting mapped devices in case there are several. The format is identical to @var{target}. @@ -13803,6 +13806,11 @@ module for the appropriate RAID level to be loaded, such as @code{raid456} for RAID-4, RAID-5 or RAID-6, or @code{raid10} for RAID-10. @end defvr +@defvr {Scheme Variable} lvm-device-mapping +This defines LVM logical volume(s). Volume group is activated by +@command{vgchange} command from the package @code{lvm2}. +@end defvr + @cindex disk encryption @cindex LUKS The following example specifies a mapping from @file{/dev/sda3} to @@ -13860,6 +13868,19 @@ Note that the RAID level need not be given; it is chosen during the initial creation and formatting of the RAID device and is determined automatically later. +LVM logical volumes ``alpha'' and ``beta'' from volume group ``vg0'' can +be declared as follows: + +@lisp +(mapped-device + (source "vg0") + (target (list "vg0-alpha" "vg0-beta")) + (type lvm-device-mapping)) +@end lisp + +Devices @file{/dev/mapper/vg0-alpha} and @file{/dev/mapper/vg0-beta} can +then be used as the @code{device} of a @code{file-system} declaration +(@pxref{File Systems}). @node User Accounts @section User Accounts diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm index 3e2f1282cc..85e493fecb 100644 --- a/gnu/system/linux-initrd.scm +++ b/gnu/system/linux-initrd.scm @@ -217,6 +217,7 @@ upon error." (gnu system file-systems) ((guix build utils) #:hide (delete)) (guix build bournish) ;add the 'bournish' meta-command + (srfi srfi-1) ;for lvm-device-mapping (srfi srfi-26) ;; FIXME: The following modules are for diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index 8b5aec983d..559c27bb28 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -36,7 +36,7 @@ #:autoload (gnu build linux-modules) (missing-modules) #:autoload (gnu packages cryptsetup) (cryptsetup-static) - #:autoload (gnu packages linux) (mdadm-static) + #:autoload (gnu packages linux) (mdadm-static lvm2-static) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) @@ -64,7 +64,8 @@ check-device-initrd-modules ;XXX: needs a better place luks-device-mapping - raid-device-mapping)) + raid-device-mapping + lvm-device-mapping)) ;;; Commentary: ;;; @@ -304,4 +305,24 @@ TARGET (e.g., \"/dev/md0\"), using 'mdadm'." (open open-raid-device) (close close-raid-device))) +(define (open-lvm-device source targets) + #~(and + (zero? (system* #$(file-append lvm2-static "/sbin/lvm") + "vgchange" "--activate" "ay" #$source)) + ; /dev/mapper nodes are usually created by udev, but udev may be unavailable at the time we run this. So we create them here. + (zero? (system* #$(file-append lvm2-static "/sbin/lvm") + "vgscan" "--mknodes")) + (every file-exists? (map (lambda (file) (string-append "/dev/mapper/" file)) + '#$targets)))) + + +(define (close-lvm-device source targets) + #~(zero? (system* #$(file-append lvm2-static "/sbin/lvm") + "vgchange" "--activate" "n" #$source))) + +(define lvm-device-mapping + (mapped-device-kind + (open open-lvm-device) + (close close-lvm-device))) + ;;; mapped-devices.scm ends here diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm index 2d62a873ca..71caa3a493 100644 --- a/gnu/tests/install.scm +++ b/gnu/tests/install.scm @@ -67,6 +67,7 @@ %test-btrfs-root-on-subvolume-os %test-jfs-root-os %test-f2fs-root-os + %test-lvm-separate-home-os %test-gui-installed-os %test-gui-installed-os-encrypted @@ -796,6 +797,92 @@ build (current-guix) and then store a couple of full system images.") (run-basic-test %encrypted-root-os command "encrypted-root-os" #:initialization enter-luks-passphrase))))) + +;;; +;;; Separate /home on LVM +;;; + +;; Since LVM support in guix currently doesn't allow root-on-LVM we use /home on LVM +(define-os-with-source (%lvm-separate-home-os %lvm-separate-home-os-source) + (use-modules (gnu) (gnu tests)) + + (operating-system + (host-name "separate-home-on-lvm") + (timezone "Europe/Paris") + (locale "en_US.utf8") + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/vdb"))) + (kernel-arguments '("console=ttyS0")) + + (mapped-devices (list (mapped-device + (source "vg0") + (target "vg0-home") + (type lvm-device-mapping)))) + (file-systems (cons* (file-system + (device (file-system-label "root-fs")) + (mount-point "/") + (type "ext4")) + (file-system + (device "/dev/mapper/vg0-home") + (mount-point "/home") + (type "ext4") + (dependencies mapped-devices)) + %base-file-systems)) + (users %base-user-accounts) + (services (cons (service marionette-service-type + (marionette-configuration + (imported-modules '((gnu services herd) + (guix combinators))))) + %base-services)))) + +(define %lvm-separate-home-installation-script + "\ +. /etc/profile +set -e -x +guix --version + +export GUIX_BUILD_OPTIONS=--no-grafts +parted --script /dev/vdb mklabel gpt \\ + mkpart primary ext2 1M 3M \\ + mkpart primary ext2 3M 1.6G \\ + mkpart primary 1.6G 3.2G \\ + set 1 boot on \\ + set 1 bios_grub on +pvcreate /dev/vdb3 +vgcreate vg0 /dev/vdb3 +lvcreate -L 1.6G -n home vg0 +vgchange -ay +mkfs.ext4 -L root-fs /dev/vdb2 +mkfs.ext4 /dev/mapper/vg0-home +mount /dev/vdb2 /mnt +mkdir /mnt/home +mount /dev/mapper/vg0-home /mnt/home +df -h /mnt /mnt/home +herd start cow-store /mnt +mkdir /mnt/etc +cp /etc/target-config.scm /mnt/etc/config.scm +guix system init /mnt/etc/config.scm /mnt --no-substitutes +sync +reboot\n") + +(define %test-lvm-separate-home-os + (system-test + (name "lvm-separate-home-os") + (description + "Test functionality of an OS installed with a LVM /home partition") + (value + (mlet* %store-monad ((image (run-install %lvm-separate-home-os + %lvm-separate-home-os-source + #:script + %lvm-separate-home-installation-script + #:packages (list lvm2-static) + #:target-size (* 3200 MiB))) + (command (qemu-command/writable-image image))) + (run-basic-test %lvm-separate-home-os + `(,@command) "lvm-separate-home-os"))))) + ;;; ;;; Btrfs root file system. -- cgit 1.4.1 From c350a99bea137186842164ae59161c3dd2dec783 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 25 Nov 2020 23:58:02 +0100 Subject: doc: Tweak LVM-related info. * doc/guix.texi (Limitations): Remove LVM support. (Mapped Devices): Add link the to LVM web site. Tweak wording. --- doc/guix.texi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 22102972a3..484c11162e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1954,9 +1954,6 @@ Nevertheless, before you proceed with the installation, be aware of the following noteworthy limitations applicable to version @value{VERSION}: @itemize -@item -Support for the Logical Volume Manager (LVM) is missing. - @item More and more system services are provided (@pxref{Services}), but some may be missing. @@ -13806,9 +13803,12 @@ module for the appropriate RAID level to be loaded, such as @code{raid456} for RAID-4, RAID-5 or RAID-6, or @code{raid10} for RAID-10. @end defvr +@cindex LVM, logical volume manager @defvr {Scheme Variable} lvm-device-mapping -This defines LVM logical volume(s). Volume group is activated by -@command{vgchange} command from the package @code{lvm2}. +This defines one or more logical volumes for the Linux +@uref{https://www.sourceware.org/lvm2/, Logical Volume Manager (LVM)}. +The volume group is activated by the @command{vgchange} command from the +@code{lvm2} package. @end defvr @cindex disk encryption -- cgit 1.4.1 From 3c881facced4cad373b7e0770fff9e5c5b01333f Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 26 Nov 2020 23:17:23 +0100 Subject: doc: Fix typo. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc/guix.texi (Version Control Services): Fix ‘trough’ typo. Reported by guixy on #guix. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 484c11162e..32b91272cf 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27954,7 +27954,7 @@ over HTTP. @deftp {Data Type} git-http-configuration Data type representing the configuration for a future @code{git-http-service-type}; can currently be used to configure Nginx -trough @code{git-http-nginx-location-configuration}. +through @code{git-http-nginx-location-configuration}. @table @asis @item @code{package} (default: @var{git}) -- cgit 1.4.1 From bb15471e7302cdf26289e03f82e2c098f5b9a32a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 27 Nov 2020 22:11:16 +0100 Subject: doc: Remove lzlib from the requirements. This is a followup to 4c0c65acfade63ce0549115d19db4b639c1e9992. * doc/guix.texi (Requirements): Remove lzlib. --- doc/guix.texi | 5 ----- 1 file changed, 5 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 32b91272cf..6a68b84dc7 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -848,11 +848,6 @@ Support for build offloading (@pxref{Daemon Offload Setup}) and @uref{https://github.com/artyom-poptsov/guile-ssh, Guile-SSH}, version 0.13.0 or later. -@item -When @url{https://www.nongnu.org/lzip/lzlib.html, lzlib} is available, lzlib -substitutes can be used and @command{guix publish} can compress substitutes -with lzlib. - @item When @url{http://www.bzip.org, libbz2} is available, @command{guix-daemon} can use it to compress build logs. -- cgit 1.4.1 From b229803a78963429793967e309c455508f9811d1 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 27 Nov 2020 22:12:32 +0100 Subject: doc: Update mcron example. This is a followup to 0468455e7d279c89ea3ad1b51935efb2b785ec47, which added mcron to %BASE-SERVICES. * doc/guix.texi (Scheduled Job Execution): Use 'simple-service'. --- doc/guix.texi | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 6a68b84dc7..b0126b961d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15350,11 +15350,15 @@ gexps to introduce job definitions that are passed to mcron (operating-system ;; @dots{} - (services (cons (service mcron-service-type - (mcron-configuration - (jobs (list garbage-collector-job - updatedb-job - idutils-job)))) + + ;; %BASE-SERVICES already includes an instance of + ;; 'mcron-service-type', which we extend with additional + ;; jobs using 'simple-service'. + (services (cons (simple-service 'my-cron-jobs + mcron-service-type + (list garbage-collector-job + updatedb-job + idutils-job)) %base-services))) @end lisp -- cgit 1.4.1 From 89b704a456ef1cdef855a6c483832a05e1117f24 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 27 Nov 2020 13:56:38 +0100 Subject: services: MySQL: Deprecate 'mysql-service'. * gnu/services/databases.scm (mysql-service): Define in terms of DEFINE-DEPRECATED. * gnu/tests/databases.scm (%mysql-os): Adjust accordingly. * doc/guix.texi (Database Services): Adjust the MariaDB/MySQL section to document MYSQL-SERVICE-TYPE instead of MYSQL-SERVICE. While at it, document the EXTRA-CONTENT field. --- doc/guix.texi | 18 ++++++++++-------- gnu/services/databases.scm | 8 ++------ gnu/tests/databases.scm | 2 +- 3 files changed, 13 insertions(+), 15 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index b0126b961d..f0c95f586c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19121,16 +19121,14 @@ is the key, and the remaining elements are the values. @subsubheading MariaDB/MySQL -@deffn {Scheme Procedure} mysql-service [#:config (mysql-configuration)] -Return a service that runs @command{mysqld}, the MySQL or MariaDB -database server. - -The optional @var{config} argument specifies the configuration for -@command{mysqld}, which should be a @code{} object. -@end deffn +@defvr {Scheme Variable} mysql-service-type +This is the service type for a MySQL or MariaDB database server. Its value +is a @code{mysql-configuration} object that specifies which package to use, +as well as various settings for the @command{mysqld} daemon. +@end defvr @deftp {Data Type} mysql-configuration -Data type representing the configuration of @var{mysql-service}. +Data type representing the configuration of @var{mysql-service-type}. @table @asis @item @code{mysql} (default: @var{mariadb}) @@ -19142,6 +19140,10 @@ For MariaDB, the root password is empty. @item @code{port} (default: @code{3306}) TCP port on which the database server listens for incoming connections. + +@item @code{extra-content} (default: @code{""}) +Additional settings for the @file{my.cnf} configuration file. + @end table @end deftp diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index d7b4594b9e..bb0a0c28f2 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -568,12 +568,8 @@ FLUSH PRIVILEGES; mysql-shepherd-service))) (default-value (mysql-configuration)))) -(define* (mysql-service #:key (config (mysql-configuration))) - "Return a service that runs @command{mysqld}, the MySQL or MariaDB -database server. - -The optional @var{config} argument specifies the configuration for -@command{mysqld}, which should be a @code{} object." +(define-deprecated (mysql-service #:key (config (mysql-configuration))) + mysql-service-type (service mysql-service-type config)) diff --git a/gnu/tests/databases.scm b/gnu/tests/databases.scm index d3045cc3f7..1d7f53ec3e 100644 --- a/gnu/tests/databases.scm +++ b/gnu/tests/databases.scm @@ -271,7 +271,7 @@ (define %mysql-os (simple-operating-system - (mysql-service))) + (service mysql-service-type))) (define* (run-mysql-test) "Run tests in %MYSQL-OS." -- cgit 1.4.1 From 27d7cdbf87e7a4520f93ee3914139215abf94e68 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 28 Nov 2020 01:46:22 +0100 Subject: services: MySQL: Bind to localhost only by default. * gnu/services/databases.scm (): Add BIND-ADDRESS field. (mysql-configuration-file): Adjust accordingly. * doc/guix.texi (Database Services): Document it. --- doc/guix.texi | 4 ++++ gnu/services/databases.scm | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index f0c95f586c..ae43fb6965 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19138,6 +19138,10 @@ or @var{mysql}. For MySQL, a temporary root password will be displayed at activation time. For MariaDB, the root password is empty. +@item @code{bind-address} (default: @code{"127.0.0.1"}) +The IP on which to listen for network connections. Use @code{"0.0.0.0"} +to bind to all available network interfaces. + @item @code{port} (default: @code{3306}) TCP port on which the database server listens for incoming connections. diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index bb0a0c28f2..8fd87a563d 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -465,6 +465,7 @@ storage: mysql-configuration make-mysql-configuration mysql-configuration? (mysql mysql-configuration-mysql (default mariadb)) + (bind-address mysql-configuration-bind-address (default "127.0.0.1")) (port mysql-configuration-port (default 3306)) (extra-content mysql-configuration-extra-content (default ""))) @@ -481,10 +482,11 @@ storage: (define mysql-configuration-file (match-lambda - (($ mysql port extra-content) + (($ mysql bind-address port extra-content) (mixed-text-file "my.cnf" "[mysqld] datadir=/var/lib/mysql socket=/run/mysqld/mysqld.sock +bind-address=" bind-address " port=" (number->string port) " " extra-content " ")))) -- cgit 1.4.1 From 927bf98e0e35cbd6d3c8416742f695def8faf90b Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 28 Nov 2020 16:31:41 +0100 Subject: services: MySQL: Make the socket configurable. * gnu/services/databases.scm (): Add SOCKET field. (mysql-configuration-file): Adjust accordingly. * doc/guix.texi (Database Services): Likewise. --- doc/guix.texi | 3 +++ gnu/services/databases.scm | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index ae43fb6965..bef42e160a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19145,6 +19145,9 @@ to bind to all available network interfaces. @item @code{port} (default: @code{3306}) TCP port on which the database server listens for incoming connections. +@item @code{socket} (default: @code{"/run/mysqld/mysqld.sock"}) +Socket file to use for local (non-network) connections. + @item @code{extra-content} (default: @code{""}) Additional settings for the @file{my.cnf} configuration file. diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 8fd87a563d..5a88b70d74 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -467,6 +467,7 @@ storage: (mysql mysql-configuration-mysql (default mariadb)) (bind-address mysql-configuration-bind-address (default "127.0.0.1")) (port mysql-configuration-port (default 3306)) + (socket mysql-configuration-socket (default "/run/mysqld/mysqld.sock")) (extra-content mysql-configuration-extra-content (default ""))) (define %mysql-accounts @@ -482,10 +483,10 @@ storage: (define mysql-configuration-file (match-lambda - (($ mysql bind-address port extra-content) + (($ mysql bind-address port socket extra-content) (mixed-text-file "my.cnf" "[mysqld] datadir=/var/lib/mysql -socket=/run/mysqld/mysqld.sock +socket=" socket " bind-address=" bind-address " port=" (number->string port) " " extra-content " -- cgit 1.4.1 From e20388ad7f94e72a7a71272a742031fb5c1fbb4b Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 28 Nov 2020 17:42:22 +0100 Subject: services: MySQL: Upgrade database schemas automatically. * gnu/services/databases.scm (): Add AUTO-UPGRADE? field. (mysql-upgrade-wrapper, mysql-upgrade-shepherd-service, mysql-shepherd-services): New variables. (mysql-service-type): Use MYSQL-SHEPHERD-SERVICES instead of MYSQL-SHEPHERD-SERVICE. * doc/guix.texi (Database Services): Document the AUTO-UPGRADE? field of MYSQL-SERVICE-TYPE. * gnu/tests/databases.scm (run-mysql-test): Test that mysql_upgrade has run. --- doc/guix.texi | 6 ++++++ gnu/services/databases.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++-- gnu/tests/databases.scm | 4 ++++ 3 files changed, 60 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index bef42e160a..2a98dda324 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19151,6 +19151,12 @@ Socket file to use for local (non-network) connections. @item @code{extra-content} (default: @code{""}) Additional settings for the @file{my.cnf} configuration file. +@item @code{auto-upgrade?} (default: @code{#t}) +Whether to automatically run @command{mysql_upgrade} after starting the +service. This is necessary to upgrade the @dfn{system schema} after +``major'' updates (such as switching from MariaDB 10.4 to 10.5), but can +be disabled if you would rather do that manually. + @end table @end deftp diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 5a88b70d74..60b31e0373 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2018 Clément Lassieur ;;; Copyright © 2018 Julien Lepiller ;;; Copyright © 2019 Robert Vollmert +;;; Copyright © 2020 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -468,7 +469,8 @@ storage: (bind-address mysql-configuration-bind-address (default "127.0.0.1")) (port mysql-configuration-port (default 3306)) (socket mysql-configuration-socket (default "/run/mysqld/mysqld.sock")) - (extra-content mysql-configuration-extra-content (default ""))) + (extra-content mysql-configuration-extra-content (default "")) + (auto-upgrade? mysql-configuration-auto-upgrade? (default #t))) (define %mysql-accounts (list (user-group @@ -559,6 +561,52 @@ FLUSH PRIVILEGES; #:user "mysql" #:group "mysql"))) (stop #~(make-kill-destructor))))) +(define (mysql-upgrade-wrapper mysql socket-file) + ;; The MySQL socket and PID file may appear before the server is ready to + ;; accept connections. Ensure the socket is responsive before attempting + ;; to run the upgrade script. + (program-file + "mysql-upgrade-wrapper" + #~(begin + (let ((mysql-upgrade #$(file-append mysql "/bin/mysql_upgrade")) + (timeout 10)) + (begin + (let loop ((i 0)) + (catch 'system-error + (lambda () + (let ((sock (socket PF_UNIX SOCK_STREAM 0))) + (connect sock AF_UNIX #$socket-file) + (close-port sock) + ;; The socket is ready! + (execl mysql-upgrade mysql-upgrade + (string-append "--socket=" #$socket-file)))) + (lambda args + (if (< i timeout) + (begin + (sleep 1) + (loop (+ 1 i))) + ;; No luck, give up. + (throw 'timeout-error + "MySQL server did not appear in time!")))))))))) + +(define (mysql-upgrade-shepherd-service config) + (list (shepherd-service + (provision '(mysql-upgrade)) + (requirement '(mysql)) + (one-shot? #t) + (documentation "Upgrade MySQL database schemas.") + (start (let ((mysql (mysql-configuration-mysql config)) + (socket (mysql-configuration-socket config))) + #~(make-forkexec-constructor + (list #$(mysql-upgrade-wrapper mysql socket)) + #:user "mysql" #:group "mysql")))))) + +(define (mysql-shepherd-services config) + (if (mysql-configuration-auto-upgrade? config) + (append (mysql-shepherd-service config) + (mysql-upgrade-shepherd-service config)) + (mysql-shepherd-service config))) + (define mysql-service-type (service-type (name 'mysql) @@ -568,7 +616,7 @@ FLUSH PRIVILEGES; (service-extension activation-service-type %mysql-activation) (service-extension shepherd-root-service-type - mysql-shepherd-service))) + mysql-shepherd-services))) (default-value (mysql-configuration)))) (define-deprecated (mysql-service #:key (config (mysql-configuration))) diff --git a/gnu/tests/databases.scm b/gnu/tests/databases.scm index 1d7f53ec3e..dd1af1dbcc 100644 --- a/gnu/tests/databases.scm +++ b/gnu/tests/databases.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Christopher Baines +;;; Copyright © 2020 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -311,6 +312,9 @@ ((pid) (number? pid)))))) marionette)) + (test-assert "mysql_upgrade completed" + (wait-for-file "/var/lib/mysql/mysql_upgrade_info" marionette)) + (test-end) (exit (= (test-runner-fail-count (test-runner-current)) 0))))) -- cgit 1.4.1 From fe5c9051cc25bd81aa6c88f5de06f10ff9532441 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 28 Nov 2020 22:36:59 +0100 Subject: doc: Fix typo. * doc/guix.texi (Database Services): Replace comma with full stop for Memcached documentation. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 2a98dda324..2b18bf316b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19183,7 +19183,7 @@ The Memcached package to use. Network interfaces on which to listen. @item @code{tcp-port} (default: @code{11211}) -Port on which to accept connections on, +Port on which to accept connections on. @item @code{udp-port} (default: @code{11211}) Port on which to accept UDP connections on, a value of 0 will disable -- cgit 1.4.1 From 5e9311844879ba79a890f51f57939b6c1be37171 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sat, 28 Nov 2020 22:51:33 +0100 Subject: doc: Fix another typo. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc/guix.texi (Database Services): Remove a duplicate ‘on’ from the memcached section. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index b0710ebf06..07da51f131 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19180,7 +19180,7 @@ The Memcached package to use. Network interfaces on which to listen. @item @code{tcp-port} (default: @code{11211}) -Port on which to accept connections on. +Port on which to accept connections. @item @code{udp-port} (default: @code{11211}) Port on which to accept UDP connections on, a value of 0 will disable -- cgit 1.4.1