In order to be able to provide decryption keys for the LUKS device, they need
to be available in the initial ram disk. However they cannot be stored inside
the usual initrd, since it is stored in the store and being a
world-readable (as files in the store are) is not a desired property for a
initrd containing decryption keys. This commit adds an option to load
additional initrd during the boot, one that is not stored inside the store and
therefore can contain secrets.
Since only grub supports encrypted /boot, only grub is modified to use the
extra-initrd. There is no use case for the other bootloaders.
* doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd
field.
* gnu/bootloader.scm (<bootloader-configuration>): Add extra-initrd field.
* gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I995989bb623bb594ccdafbf4a1a6de941bd4189f
Requiring the user to input their password in order to unlock a device is not
always reasonable, so having an option to unlock the device using a key file
is a nice quality of life change.
* gnu/system/mapped-devices.scm (open-luks-device): Add #:key-file argument.
(luks-device-mapping-with-options): New procedure.
* doc/guix.texi (Mapped Devices): Describe the new procedure.
Change-Id: I1de4e045f8c2c11f9a94f1656e839c785b0c11c4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* doc/guix.texi (Invoking guix import): Mention '--allow-yanked'.
* guix/import/crate.scm (make-crate-sexp): Add yanked? argument. For
yanked packages, use the full version suffixed by "-yanked" for
generated variable names and add a comment and package property.
(crate->guix-package): Add allow-yanked? argument and if it is set to #t,
allow importing yanked crates if no other version matching the
requirements exists.
[find-package-version]: Packages previously marked as yanked are only
included if allow-yanked? is #t and then take the lowest priority.
[find-crate-version]: If allow-yanked? is #t, also consider yanked
versions with the lowest priority.
[dependency-name+version]: Rename to ...
[dependency-name+version+yanked] ...this. Honor allow-yanked? and choose
between an existing package and an upstream package. Exit with an error
message if no version fulfilling the requirement is found.
[version*]: Exit with an error message if the crate version is not found.
(cargo-recursive-import): Add allow-yanked? argument.
* guix/read-print.scm: Export <comment>.
* guix/scripts/import/crate.scm: Add "--allow-yanked".
* tests/crate.scm: Add test 'crate-recursive-import-only-yanked-available'.
[sort-map-dependencies]: Adjust accordingly.
[remove-yanked-info]: New variable.
Adjust test 'crate-recursive-import-honors-existing-packages'.
(test-bar-dependencies): Add yanked dev-dependencies.
(test-leaf-bob-crate): Add yanked versions.
(rust-leaf-bob-3.0.2-yanked): New variable.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
Change-Id: I175d89b39774e6b57dcd1f05bf68718d23866bb7
If --recursive-dev-dependencies is specified, development dependencies
are also included for all recursively imported packages.
* doc/guix.texi (Invoking guix import): Mention --recursive-dev-dependencies.
* guix/import/crate.scm (crate-recursive-import): Add
recursive-dev-dependencies? argument.
* guix/scripts/import/crate.scm (show-help, guix-import-crate): Add
"--recursive-dev-dependencies".
* tests/crate.scm: Test both #f and #t for #:recursive-dev-dependencies?
in the 'cargo-recursive-import' test.
(test-root-dependencies): Add intermediate-c as dev-dependency.
(test-intermediate-c-crate, test-intermediate-c-dependencies): New
variables.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
Change-Id: Iae89794681155d77f128733120e60f03bc297717
Having a timeout seems generally preferable as it makes sure build slots
are not kept busy for no good reason (few package builds, if any, are
expected to exceed these values).
* nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’
and ‘buildTimeout’.
* gnu/services/base.scm (<guix-configuration>)[max-silent-time]
[timeout]: Change default values.
* doc/guix.texi (Invoking guix-daemon, Base Services): Adjust
accordingly.
Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8
'M-x debbugs-gnu' does not prompt for which bugs to show.
'C-u M-x debbugs-gnu' would.
Follow-up to 19fe24c5b9.
* doc/contributing.texi (Viewing Bugs within Emacs): Make comment
more accurate.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* doc/guix.texi (Virtualization Services): Document the necessity of being
part of the "libvirt" group and augment example. Remove extraneous
"(unix-sock-group "libvirt")" from example, as this is now the default value.
Update default documented value from "root" to "libvirt".
Fixes: https://issues.guix.gnu.org/34611
Reported-by: Brett Gilio <brettg@posteo.net>
Change-Id: I5fe17706f69db55fbd661e0a43115c56d0ffd9a9
This adds a set of home Shepherd services which will start the required
services for a functional PipeWire setup.
* gnu/home/services/sound.scm (home-pipewire-shepherd-service,
home-wireplumber-shepherd-service, home-pipewire-shepherd-services,
home-pipewire-asoundrc, home-pipewire-xdg-configuration,
home-pipewire-pulseaudio-shepherd-service): New procedures.
(home-pipewire-service-type): New service type.
(home-pipewire-configuration): New struct.
(home-pipewire-disable-pulseaudio-auto-start): New variable.
* doc/guix.texi (Sound Home Services): Document it.
Change-Id: I99e0ae860de91d459c3c554ec5503bf35f785a2a
Signed-off-by: Oleg Pykhalov <go.wigust@gmail.com>
This has been effectively replaced by the bffe.
* gnu/services/guix.scm (<guix-data-service-configuration>): Remove record
type.
(guix-build-coordinator-queue-builds-shepherd-services,
guix-build-coordinator-queue-builds-activation,
guix-build-coordinator-queue-builds-account): Remove procedures
(guix-build-coordinator-queue-builds-service-type): Remove service type.
Change-Id: I2a233fb10b12cc9bfddebaa35928b25c243f82a2
* gnu/services/base.scm (guix-machines-files-installation): Handle
machines being a mixed list of build-machines and lists of
build-machines.
* doc/guix.texi (Base Services): Document it.
Change-Id: Ie404562ca0b564413233c3a624046da831893dc3
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
The goal is to make it easier to diagnose substitute
misconfiguration (where we’re passing a substitute URL whose
corresponding key is not authorized).
Suggested by Emmanuel Agullo.
* guix/scripts/weather.scm (check-narinfo-authorization): New procedure.
(report-server-coverage): Use it.
* doc/guix.texi (Invoking guix weather): Document it.
(Getting Substitutes from Other Servers): Add “Troubleshooting” frame.
Change-Id: I0a049c39eefb10d6a06634c8b16aa86902769791
On foreign distros, not using pre-inst-env when using git-send-email results
in a backtrace ending with: no code for module (guix ui)
This can be confusing as users did not have to use pre-inst-env to use
git-send-email before.
* doc/contributing.texi (Sending a Patch Series): add a note to suggest using
pre-inst-env when calling git-send-email on foreign distros.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This was prompted by <https://issues.guix.gnu.org/66537>, where someone
tried to build Guix within ‘guix shell --pure’ on a foreign distro and
found that ./configure would pick software from the host system.
Suggested by Hiep Pham <hiepph9@proton.me>.
* doc/contributing.texi (Building from Git): Recommend ‘guix shell -CPW’.
Change-Id: I7694b482d982917fef6ec404f68ddacea761f482
* doc/guix.texi (Networking Services): Update the sample yggdrasil-private.conf.
Remove obsolete options that may contain a file whose path is specified in the
config-file field of yggdrasil-configuration.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* doc/contributing.texi(Alternative Setups)[Vim and Neovim]: Fix broken link
to fugitive.vim.
Change-Id: Ib86239d98c39383169a9cdebc7549477b648206e
Signed-off-by: Christopher Baines <mail@cbaines.net>
Discussed in <https://issues.guix.gnu.org/65924#98-lineno27>.
* doc/contributing.texi (Modules): Add new context indices, and provide a
real-life counter-example, and its ramifications.
Reported-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I06975fb24f0d67c833884313a727dc550f61d8a0
* guix/build/git.scm (git-fetch) [lfs?]: New argument, doc and setup code.
(git-fetch-with-fallback) [lfs?]: New argument. Pass it to git-fetch.
* guix/git-download.scm (git-lfs-package): New procedure.
(git-fetch/in-band*): New procedure, made of the logic of git-fetch/in-band,
with new git-lfs specifics, with the following changes:
New #:git-lfs argument.
<inputs>: Remove labels. Conditionally add git-lfs.
<build>: Read "git lfs?" environment
variable and pass its value to the #:lfs? argument of git-fetch-with-fallback.
Use INPUTS directly; update comment.
<gexp->derivation>: Add "git lfs?" to #:env-vars.
(git-fetch/in-band): Express in terms of git-fetch/in-band*.
(git-fetch/lfs): New procedure.
* doc/guix.texi (origin Reference): Document it.
Change-Id: I5b233b8642a7bdb8737b9d9b740e7254a89ccb25
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
* doc/contributing.texi (Contributing) [Reviewing the Work of Others]: New
section.
(Debbugs Usertags): Expound with Emacs Debbugs information and document the
'reviewed-looks-good' usertag.
* etc/git/gitconfig [b4]: New section.
Change-Id: I56630b15ec4fbc5c67e5420dbf2838556a005d6b
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
The contributing documentation makes a reference to dunst.scm as an example of
the build process failing after an update. This patch replaces that reference
with a much more permanent linux.scm.
* doc/contributing.texi: Replace reference to dunst.scm.
Change-Id: I89a4157eb253e25979bc35d6d3b12201a0d19951
Signed-off-by: Christopher Baines <mail@cbaines.net>
Multiple profiles are relatively hard to set up and maintain, especially
for newcomers. Thus, suggest ‘guix shell’ as an alternative.
* doc/guix-cookbook.texi (Guix Profiles in Practice): Add note
linking to ‘guix shell’.
(The benefits of manifests): Remove outdated info about ‘guix
environment’ and profiles that may be GC’d. Update.
So far this section would appear before “Getting Started”. This moves
it right after “System Configuration”.
* doc/guix.texi (System Troubleshooting Tips): Move after “System
Configuration”.