| Age | Commit message (Collapse) | Author |
|---|
|
* gnu/build/marionette.scm (make-marionette): Add 'reconnect=1' socket
parameter.
* gnu/system/vm.scm (common-qemu-options): Remove '-no-reboot' option.
Change-Id: I5e100543ddddba0aea3ebe4e2f5cb8b0261c0d73
|
|
Fixes <https://issues.guix.gnu.org/61690>.
Until now, this would work:
guix shell --no-cwd -CWP -- guix shell -C coreutils -- ls -R /home
… but this would not:
$ guix shell --no-cwd -CWPN -- guix shell -C coreutils -- ls -R /home
guix shell: error: mount: mount "none" on "/tmp/guix-directory.Wnc2OI/sys": Operation not permitted
This is annoying and hardly understandable. Since we already disable
/sys mounts when sharing the global network namespace is asked (as in
‘guix shell -CN‘), for the very same reason, we can just as well disable
/sys mounts anytime it fails with EPERM.
* gnu/build/linux-container.scm (mount-file-systems): Silently ignore
EPERM when attempting to mount /sys.
Change-Id: If85b1d703ab58a98ea9873f4f8fed71a06b7aa63
|
|
This commit adds a Guix System service to handle allocation of subuid
and subgid requests. Users that don't care can just add themselves as a
subid-range and don't need to specify anything but their user name.
Users that care about specific ranges, such as possibly LXD, can specify
a start and a count.
* doc/guix.texi (Miscellaneous Services): Document it.
* gnu/build/activation.scm (activate-subuids+subgids): New variable.
* gnu/local.mk: Add gnu/tests/shadow.scm.
* gnu/system/accounts.scm (sexp->subid-range): New variable.
* gnu/system/shadow.scm (%root-subid): New variable;
(subids-configuration): new record;
(subid-range->gexp): new variable;
(assert-valid-subids): new variable;
(delete-duplicate-ranges): new variable;
(subids-activation): new variable;
(subids-extension): new record;
(append-subid-ranges): new variable;
(subids-extension-merge): new variable;
(subids-service-type): new variable.
* gnu/tests/shadow.scm (subids): New system test.
Change-Id: I3755e1c75771220c74fe8ae5de1a7d90f2376635
Signed-off-by: Giacomo Leidi <[email protected]>
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
This commit adds allocation logic for subid ranges. Subid ranges are
ranges of contiguous subids that are mapped to a user in the host
system. This patch implements a flexible allocation algorithm allowing
users that do not want (or need) to specify details of the subid ranges
that they are requesting to avoid doing so, while upholding requests of
users that need to have specific ranges.
* gnu/build/accounts.scm (%subordinate-id-min): New variable;
(%subordinate-id-max): new variable;
(%subordinate-id-count): new variable;
(subordinate-id?): new variable;
(&subordinate-id-error): new variable;
(&subordinate-id-overflow-error): new variable;
(&illegal-subid-range-error): new variable;
(&specific-subid-range-expected-error): new variable;
(&generic-subid-range-expected-error): new variable;
(within-interval?): new variable;
(allocate-unused-range): new variable;
(allocate-generic-range): new variable;
(allocate-specific-range): new variable;
(reserve-subids): new variable;
(range->entry): new variable;
(entry->range): new variable;
(allocate-subids): new variable;
(subuid+subgid-databases): new variable.
* gnu/system/accounts.scm (subid-range-end): New variable;
(subid-range-has-start?): new variable;
(subid-range-less): new variable.
* test/accounts.scm: Test them.
Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d
Co-Authored-By: Ludovic Courtès <[email protected]>
Signed-off-by: Giacomo Leidi <[email protected]>
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
This commit adds a new record type, <subid-entry> and serializers
and deserializers for it in (gnu build accounts). Each instance of this
record represents one line in either /etc/subuid or /etc/subgid. Since
Shadow uses the same representation for both files, it should be ok if
we do it as well.
This commit adds also <subid-range>, a user facing representation of
<subid-entry>. It is supposed to be usable directly in OS configurations.
* gnu/build/accounts.scm (subid-entry): New record;
(write-subgid): add serializer for subgids;
(write-subuid): add serializer for subuids;
(read-subgid): add serializer for subgids;
(read-subuid): add serializer for subuids.
* gnu/system/accounts.scm (subid-range): New record.
* test/accounts.scm: Test them.
Change-Id: I6b037e40e354c069bf556412bb5b626bd3ea1b2c
Signed-off-by: Giacomo Leidi <[email protected]>
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/hurd-boot.scm (boot-hurd-system): Check for stale shepherd socket
and remove it. Be chattier about /hurd symlink replacement.
Change-Id: I5e528c131ebeadb7ebc9727336a0f9301af3e68e
|
|
This supports using another than the default DISK0 PART1 and using LABEL or
UUID as root file-system specifier. It still defaults to DISK0 PART1 if
the file-system cannot be found, i.e., lives only at the build side: A
virtual machine/childhurd build.
* gnu/build/file-systems.scm (%hurd-device-spec-regexp, %device-spec-regexp):
New variables.
(device-name->hurd-device-name, hurd-device-name->device-name,
device-spec->device, device-spec->device-name): Use them in new procedures.
* gnu/bootloader/grub.scm (make-grub-configuration): Use them to remove
hardcoded partition number (root-index 1).
Change-Id: I49fa93dacc09883dfb4d695402c5eac2e0e17286
|
|
There is currently a window of time between when the desired directory is
created and when its permissions are changed. During this time, its
permissions are restricted only by the umask.
Of course, in the "directory already exists" case, this doesn't matter, but if
the directory has been specifically deleted ahead of time so that it is
created afresh, this is an unnecessary window.
We can avoid this by passing the caller-provided BITS to 'mkdirat' when
attempting to create the last directory.
* gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS
permissions.
Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/hurd-boot.scm (make-hurd-device-nodes): Cater for existing
directories (dev, servers).
(set-hurd-device-translators): Remove /servers/socket/1, that is created by
libexec/console-run. Cater for nonexistent /dev/console.
(boot-hurd-system): Call make-hurd-device-nodes on initial run.
|
|
* gnu/build/image.scm (make-btrfs-image): New variable.
* gnu/system/image.scm (system-disk-image): Support btrfs.
Change-Id: I80a5b52ec478ce5927d6208e324cbb70282c647a
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/image.scm (make-vfat-image): Use file system options.
Change-Id: I791aadd2803d1ef96fc79cf8910a74a0083d2b6e
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/file-systems.scm (%exfat-endianness): New syntax.
(exfat-superblock?, exfat-bytes-per-sector-shift)
(exfat-sectors-per-cluster-shift, exfat-root-directory-offset)
(exfat-cluster-size, read-exfat-superblock+root-directory-cluster)
(read-exfat-superblock, exfat-superblock-volume-name)
(exfat-superblock-uuid, check-exfat-file-system): New procedures.
(%partition-label-readers, %partition-uuid-readers): Register them.
Change-Id: I08bd3147d2d67e5766c9381ae2159bc01530b814
|
|
Fixes <https://issues.guix.gnu.org/47584>.
I removed the 'Based upon mkdir-p from (guix build utils)'
comment because it's quite a bit different now.
* gnu/build/activation.scm (verify-not-symbolic): Delete.
(mkdir-p/perms): Rewrite in terms of 'openat'.
Signed-off-by: Ludovic Courtès <[email protected]>
Change-Id: Id2f5bcbb903283afd45f6109190210d02eb383c7
|
|
I wrote these to fit on their lines, so the pointless widows bug me.
* gnu/build/image.scm (make-iso9660-image): M-q comments.
|
|
* gnu/system/privilege.scm (<privileged-program>): Add a field
representing the program's POSIX capabilities.
(privileged-program-capabilities): New public procedure.
* doc/guix.texi (Privileged Programs): Document it.
* gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP
package argument providing setcap(8) to apply said capabilities.
* gnu/services.scm (privileged-program->activation-gexp): Pass said
package argument where supported. Include privileged-program-capabilities
in the compatibility hack.
|
|
* gnu/build/activation.scm (activate-setuid-programs): Rename this…
(activate-privileged-programs): …to this.
Operate on a list of <privileged-program> records.
* gnu/services.scm (setuid-program->activation-gexp): Adjust caller.
|
|
Create /run/setuid-programs compatibility symlinks so that we can
migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
* gnu/build/activation.scm (%privileged-program-directory): New variable.
[activate-setuid-programs]: Put privileged copies in
%PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in
%SETUID-DIRECTORY.
* gnu/services.scm (setuid-program-service-type): Update docstring.
* doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
|
|
As files in the store and /etc/fstab are world readable, specifying the
password in the file-system record is suboptimal. To mitigate this,
`mount.cifs' supports reading `username', `password' and `domain' options from
a file named by the `credentials' or `cred' option.
* gnu/build/file-systems.scm (mount-file-system): Read mount options from the
file specified via the `credentials' or `cred' option if specified.
Change-Id: I786c5da373fc26d45fe7a876c56a8c4854d18532
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/file-systems.scm (check-file-system)[check-procedure]: Add cifs.
Change-Id: I891b18f03884ed45e92ac32556fe04b3087e20dd
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/file-systems (canonicalize-device-name): Do not attempt to resolve
CIFS formatted device specifications.
(mount-file-systems): Add mount-cifs nested function.
* gnu/machine/ssh.scm (machine-check-file-system-availability): Skip checking
for CIFS availability, similar to NFS.
* guix/scripts/system.scm (check-file-system-availability): Likewise.
Change-Id: I182e290eba64bbe5d1332815eb93bb68c01e0c3c
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/file-systems (mount-file-system): Split out getaddrinfo logic into a
dedicated function, (host-to-ip)
Change-Id: I522d70a10651ca79533a4fc60b96b884243a3526
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about
12%.
* gnu/packages/linux.scm (default-extra-linux-options)
[version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else
CONFIG_MODULE_COMPRESS_GZIP.
(make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment
variable to 19.
[native-inputs]: Add zstd.
* gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc.
(modinfo-section-contents): Extend support to Zstd compressed module.
(dot-ko): Register the 'zstd compression type.
(ensure-dot-ko, file-name->module-name, load-linux-module*)
(module-name->file-name/guess, write-module-name-database)
(write-module-alias-database, write-module-device-database): Update doc.
(module-name-lookup): Also consider zstd-compressed modules.
* gnu/installer.scm (installer-program): Add guile-zstd extension to gexp.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise.
Decompress zstd-compressed modules for use in initrd.
* guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp.
Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a
|
|
This is a follow-up to 8f8ec56052766aa5105d672b77ad9eaca5c1ab3c, which only
covers building initrd, while the booting code still tries to load nonexistent
files for builtin modules.
* gnu/build/linux-modules.scm (load-linux-modules-from-directory): Ignore
nonexistent module files.
Change-Id: I09ef207e82397e915e671c8464b92bcf90f03dcf
|
|
* gnu/build/activation.scm (activation-script): Ensure /var/run existence.
* gnu/build/install.scm (evaluate-populate-directive)
[directives]: Remove directory /run.
Change-Id: I19ca8e7605c0cff598ab89077a94e20390ba27b0
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/services.scm (activation-script): Ensure /var/run existence.
* gnu/build/install.scm (evaluate-populate-directive)
[directives]: Remove directory /var/run.
Change-Id: I5fb93d33b6b1f045f1e5ba206b9b0b74b5184260
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/file-systems (canonicalize-device-name): Fallback to tmpfs
if spec is "none".
Change-Id: Ia55c715d04c7611ba8c979f23f1ad4a8ed2e75b6
Signed-off-by: Ludovic Courtès <[email protected]>
|
|
* gnu/build/marionette.scm (wait-for-tcp-port): Add #:peek? parameter
and honor it.
Change-Id: Ie7515a5223299390ab8af6fe5aa3cf63ba5c8078
|
|
Until now, the secret service had a hard-coded TCP endpoint on port
1004. This change lets users specify arbitrary socket addresses.
* gnu/build/secret-service.scm (socket-address->string): New procedure,
taken from Shepherd.
(secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust
accordingly.
(secret-service-receive-secrets): Likewise.
* gnu/services/virtualization.scm (secret-service-shepherd-services):
Likewise.
(secret-service-operating-system): Add optional ‘address’ parameter and
honor it. Adjust ‘start’ method accordingly.
Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578
|
|
* gnu/build/chromium-extension.scm (make-chromium-extension): Make use of the
make-signing-key procedure inside the argument field, making sure that it is
not evaluated at file-load time. This would otherwise try to resolve gnutls
when we can't guarantee it's defined because of dependency cycles.
Change-Id: Ia7b13acfbca475c2df073e9a88fc8bb9264dd968
|
|
This was superseded by ‘least-authority-wrapper’.
* gnu/build/shepherd.scm (read-pid-file/container)
(make-forkexec-constructor/container): Remove.
Change-Id: I6acccdff2609a35807608f865a4d381146113a88
|
|
* gnu/build/cross-toolchain.scm (set-cross-path/avr): New procedure.
(cross-gcc-build-phases) [string-prefix? "avr"]: Return
set-cross-path/avr procedure.
Signed-off-by: Jean-Pierre De Jesus DIAZ <[email protected]>
Change-Id: I00bd39236ac2e31fef02164a7fffc8b56a166f0d
Signed-off-by: Efraim Flashner <[email protected]>
|
|
* gnu/build/cross-toolchain.scm (patch-multilib-shebang): New procedure.
* gnu/packages/avr.scm (make-avr-gcc): Remove uneeded phases and flags
for multilib.
* gnu/packages/cross-base (cross-gcc-arguments) <#:configure-flags>
[target-avr?]: Remove --disable-multilib and add --enable-multilib.
Change-Id: Id68d803057ac898f0a670f10487b08bf0891ab0b
Signed-off-by: Efraim Flashner <[email protected]>
|
|
This is an improvement for the purposes of ‘guix edit’ & co.
* gnu/build/icecat-extension.scm (make-icecat-extension): Add ‘location’
field.
Change-Id: I896ae6823b3fe4ea013fa74e2c536f45664d8042
|
|
* gnu/build/linux-boot.scm (boot-system): Postpone the MKDIR of /root.
Change-Id: I589316a5ddf41cada02173ed4dd5b7df09b795e8
|
|
* gnu/build/icecat-extension.scm: New file with a MAKE-ICECAT-EXTENSION
procedure that makes sure the add-on directory is a symlink, so that Icecat
can normalize it into a package store path.
* gnu/local.mk (dist_patch_DATA): Register it, as well as new patches.
* gnu/packages/browser-extensions.scm (ublock-origin)[properties]: Store the
add-on ID so that it is accessible in MAKE-ICECAT-EXTENSION.
[arguments]: Use the add-on ID as root directory.
(ublock-origin/icecat): New procedure.
* gnu/packages/gnuzilla.scm (icecat-minimal)[arguments]: Rewrite the unused
'apply-guix-specific-patches' phase so that it applies the following two
patches.
[native-search-paths]: New field.
* gnu/packages/patches/icecat-compare-paths.patch: New patch that compares
add-on paths (which are package store paths) to detect package changes.
* gnu/packages/patches/icecat-use-system-wide-dir.patch: New patch that
replaces "/usr/lib/mozilla" (the system-wide directory for extensions and
native manifests) with "$ICECAT_SYSTEM_DIR".
|
|
* gnu/build/linux-modules.scm (dot-ko): Make COMPRESSION optional,
as expected by callers RECURSIVE-MODULE-DEPENDENCIES and
LOAD-LINUX-MODULE*.
|
|
* gnu/build/accounts.scm (passwd->shadow): Fix typo in comment.
|
|
* gnu/build/accounts.scm (passwd->shadow): Add ‘max’ call so NOW is
greater than or equal to 1.
|
|
* gnu/build/secret-service.scm (secret-service-send-secrets):
Increase #:handshake-timeout.
|
|
The gnumach builtin IDE hd devices are still used, unless booting with
"noide".
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create /dev/hd{0..3},
/dev/hd{0..3}s{0..3}.
|
|
This reverts commit e9a5eebc785cb843034b38c5c5a6dd10904bdf2a, which
as far as I can tell breaks system roll-backs thusly:
[...]
In gnu/build/accounts.scm:
239:27 3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >)
In unknown file:
2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>)
In ice-9/boot-9.scm:
1685:16 1 (raise-exception _ #:continuable? _)
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure string-append: Wrong type (expecting string): #t
|
|
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.
Signed-off-by: Josselin Poiret <[email protected]>
|
|
* gnu/build/marionette.scm (%default-ocrad-arguments): New variable.
(invoke-ocrad-ocr, invoke-tesseract-ocr, marionette-screen-text)
[ocr-arguments]: New argument.
Signed-off-by: Maxim Cournoyer <[email protected]>
|
|
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Setup translators for
netdde, eth{0,1}. Create /servers/socket/{inet,inet6} symlinks.
Signed-off-by: Josselin Poiret <[email protected]>
|
|
* gnu/build/hurd-boot.scm (make-hurd-device-nodes): Create "servers/bus/pci.
(set-hurd-device-translators): Create transators for pci-arbiter, rumpdisk,
and /dev/wd0..3s1..4.
Signed-off-by: Josselin Poiret <[email protected]>
|
|
* gnu/build/image.scm (make-unformatted-image): New procedure.
(make-partition-image): Add support for unformatted partition.
* gnu/system/image.scm (system-disk-image)[partition->gpt-type]: Add
case for using unformatted partition uuid.
|
|
* gnu/build/hurd-boot.scm (boot-hurd-system): Symlink /hurd before setting up
translators.
Reviewed-by: Janneke Nieuwenhuizen <[email protected]>
|
|
* gnu/build/dbus-service.scm (sleep*): Pass #:ensure #f to 'resolve-module'.
* gnu/build/secret-service.scm (wait-for-readable-fd): Likewise.
|
|
This follows up on commit c0773455397746b10194bc14c7cef144f4095b65, and
adds a comment to avoid this in future.
* gnu/system/file-systems.scm (invalid-file-system-flags):
Add 'no-diratime to the list of KNOWN-FLAGS.
|
|
Fixes <https://issues.guix.gnu.org/61156>.
* gnu/build/linux-container.scm (container-excursion): Add extra call to
'primitive-fork' and invoke THUNK in the child process.
* tests/containers.scm ("container-excursion"): Remove extra
'primitive-fork' call, now unnecessary.
("container-excursion*, /proc"): New test.
|
