It was never guaranteed to be run for non-root file systems. It was for
root file systems only due to a bug now fixed.
* gnu/build/file-systems.scm (check-btrfs-file-system): Don't invoke
‘btrfs device scan’ here.
* gnu/system/linux-initrd.scm (raw-initrd): Do so here if any btrfs file
systems are present.
* gnu/build/file-systems.scm (check-ext2-file-system)
(check-bcachefs-file-system, check-btrfs-file-system)
(check-fat-file-system, check-jfs-file-system, check-f2fs-file-system)
(check-ntfs-file-system, check-file-system): Take and honour new FORCE?
and REPAIR arguments. Update the docstring. Adjust all callers.
* gnu/system/file-systems.scm <file-system>: Add new SKIP-CHECK-IF-CLEAN?
and REPAIR fields.
(file-system->spec, spec->file-system): Adjust accordingly.
* gnu/build/linux-boot.scm (mount-root-file-system): Take new
SKIP-CHECK-IF-CLEAN? and REPAIR keyword arguments. Thread them through
to CHECK-FILE-SYSTEM.
* doc/guix.texi (File Systems): Document both new <file-system> options.
This broke compilation of Guix with guile@3.0.2 with:
In procedure make-regexp: Invalid range end
The fix is to replace [0-9A-f] with [0-9A-Fa-f].
* gnu/build/jami-service.scm (account-fingerprint-rx): Correct regexp.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
New record <setuid-program> with fields for setting the specific user
and group, as well as specifically selecting the setuid and setgid bits,
for a program within the setuid-program-service.
* gnu/services.scm (setuid-program-file-like-deprecated): New function.
(setuid-program-service-type): Make use of
setuid-program->activation-gexp. Adjust the extend property to handle
<setuid-program>.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
<setuid-record> list for each program entry.
* gnu/system.scm: (operating-system-setuid-programs): Renamed to
%operating-system-setuid-programs and replace it with new procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Replace
operating-system-setuid-programs with
%operating-system-setuid-programs.
* gnu/system/setuid.scm: New file.
* doc/guix.texi (Setuid Programs): Document <setuid-program>.
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
This broke compilation of Guix with guile@3.0.2 with:
In procedure make-regexp: Invalid range end
The fix is to replace [0-9A-f] with [0-9A-Fa-f].
* gnu/build/jami-service.scm (account-fingerprint-rx): Correct regexp.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This reverts commit 4673f81793, which reverted
commit 69dcc24c9f with the fix detailed below.
Thanks to Christopher Baines for reporting the failure and proposing a fix.
* guix/self.scm (compiled-guix) [*system-test-modules*]: Add the test data
files via the 'extra-files' argument.
* gnu/local.mk (dist_patch_DATA): Move the tests/data/jami-dummy-account.dat
file to...
* gnu/local.mk (MODULES_NOT_COMPILED): ... here.
* gnu/services/telephony.scm (string-or-computed-file?)
(string-list?, account-fingerprint-list?): New procedures.
(maybe-string-list, maybe-account-fingerprint-list)
(maybe-boolean, maybe-string, jami-account-list): New configuration field
types.
(serialize-string-list, serialize-boolean, serialize-string)
(jami-account, jami-account->alist, jami-configuration)
(jami-account-list?, jami-account-list-maybe): New procedures.
(%jami-accounts): New variable.
(jami-configuration->command-line-arguments): New procedure.
(jami-dbus-session-activation, jami-shepherd-services): New procedures.
(jami-service-type): New variable.
* gnu/build/jami-service.scm: New file.
* gnu/tests/data/jami-dummy-account.dat: Likewise.
* gnu/tests/telephony.scm: Likewise.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register them.
* Makefile.am (SCM_TESTS): Register the test file.
(dist_patch_DATA): Register the new data file.
* doc/guix.texi (Telephony Services): Document it.
Instead of imperative module-autoload! directives.
* gnu/build/shepherd.scm: Replace module-autoload! directives by autoload
arguments for define-module.
Note: this merge actually changes the 'curl' and 'python-attrs' derivations,
as part of solving caf4a7a277 and
12964df69a respectively.
4604d43c0e (gnu: gnutls@3.6.16: Fix cross-compilation.) was ignored because it
cannot currently be tested.
Conflicts:
gnu/local.mk
gnu/packages/aidc.scm
gnu/packages/boost.scm
gnu/packages/curl.scm
gnu/packages/nettle.scm
gnu/packages/networking.scm
gnu/packages/python-xyz.scm
gnu/packages/tls.scm
* gnu/build/linux-boot.scm (mount-root-file-system): Take a new #:CHECK?
keyword argument. Add it to the docstring. Conditionally call
CHECK-FILE-SYSTEM.
(boot-system): Adjust its only caller to pass the <file-system>'s CHECK?
option through, if available.
Previously, (read-partition-uuid "/does/not/exist") would return #f.
With this change, a 'system-error exception is raised as expected.
* gnu/build/file-systems.scm (ENOENT-safe): Clarify docstring.
(partition-field-reader): Remove use of 'ENOENT-safe'.
(partition-predicate): Wrap READER in 'ENOENT-safe'.
Fixes <https://bugs.gnu.org/47584>.
* gnu/build/activation.scm (copy-account-skeletons): Do not chown the
home directory; leave this to 'activate-user-home'.
(activate-user-home): Only chown the home directory after the account
skeletons have been copied.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
Fixes <https://bugs.gnu.org/47007>.
Reported by Jelle Licht <jlicht@fsfe.org>.
Since commit dcb640f02b, we could end up
applying the wrong mount flags because the (find ...) expression could
pick the "wrong" mount point in the presence of bind mounts.
* gnu/build/file-systems.scm (mount-file-system): Use 'statfs' to
compute FLAGS whe FS is a bind mount.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/46395>.
Reported by Duncan Overbruck <mail@duncano.de>.
* gnu/build/activation.scm (activate-setuid-programs): Change TARGET
mode to not be setgid.
It is now up to the caller to deduplicate store contents.
* guix/store/database.scm (register-items): Remove #:deduplicate?
parameter and call to 'deduplicate'.
(register-path): Call 'deduplicate' when #:deduplicate? is true.
* gnu/build/image.scm (register-closure): Adjust call accordingly.
* gnu/build/vm.scm (register-closure): Likewise.
* guix/nar.scm (finalize-store-file): Likewise.
* guix/scripts/pack.scm (store-database): Likewise.
Until now deduplication was performed as an additional pass after
copying files, which involve re-traversing all the files that had just
been copied.
* guix/store/deduplication.scm (copy-file/deduplicate): New procedure.
* tests/store-deduplication.scm ("copy-file/deduplicate"): New test.
* guix/build/store-copy.scm (populate-store): Add #:deduplicate?
parameter and honor it.
* tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f
to 'populate-store'.
* gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate?
to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
* gnu/build/install.scm (populate-single-profile-directory): Pass
#:deduplicate? #f to 'populate-store'.
* gnu/build/linux-initrd.scm (build-initrd): Likewise.
* guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New
procedure.
[build]: Pass it as an argument to 'source-module-closure'.
* guix/scripts/pack.scm (squashfs-image)[build]: Wrap in
'with-extensions'.
* gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New
procedure.
[builder]: Pass it to 'source-module-closure'.
* gnu/system/install.scm (cow-store-service-type)[import-module?]: New
procedure. Pass it to 'source-module-closure'.
The assumption now is that the caller took care of resetting timestamps
and permissions.
* guix/store/database.scm (register-items): Remove #:reset-timestamps?
parameter and the call to 'reset-timestamps'.
(register-path): Adjust accordingly and add call to 'reset-timestamps'.
* gnu/build/image.scm (register-closure): Remove #:reset-timestamps?
parameter to 'register-items'.
* gnu/build/vm.scm (register-closure): Likewise.
* guix/nar.scm (finalize-store-file): Adjust accordingly.
* guix/scripts/pack.scm (store-database)[build]: Likewise.
Until now, 'populate-store' would reset permissions but not timestamps,
so callers would resort to going through an extra directory traversal to
reset timestamps.
* guix/build/store-copy.scm (reset-permissions): Remove.
(copy-recursively): New procedure.
(populate-store): Pass #:keep-permissions? to 'copy-recursively'.
Remove call to 'reset-permissions'.
* tests/gexp.scm ("gexp->derivation, store copy"): In BUILD-DRV, check
whether 'populate-store' canonicalizes permissions and timestamps.
* gnu/build/image.scm (initialize-root-partition): Pass #:reset-timestamps? #f
to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
This broke 'guix environment --container' on non-Debian distributions.
Fixes <https://bugs.gnu.org/45066>. Reported by luhux <luhux@outlook.com>.
This reverts commit 8bc5ca5160.
Bit 1 means the target device was mounted read-only whilst checking.
This should never happen in an initrd context but is not an error.
* gnu/build/file-systems.scm (check-bcachefs-file-system): Ignore status
bits that don't signal an error. Remove the 'reboot-required case.
Fixes <https://bugs.gnu.org/31977>.
Reported by Paul Garlick <pgarlick@tourbillion-technology.com>.
* gnu/build/linux-container.scm (unprivileged-user-namespace-supported?):
Return #f when the 'userns-file' does not exist.
Since commit 8ce6f4dc28, importing this
module in a gexp would pull in (guix config) from the host, thereby
leading to non-reproducible derivations. Users in (gnu services ...) do
not expect that so simply remove the (guix utils) dependency for now.
* gnu/build/shepherd.scm (fork+exec-command/container)[strip-pid]: New
procedure.
Use it instead of 'strip-keyword-arguments'.
* gnu/build/image.scm (make-partition-image): Use 'raise' instead of
'format' when TYPE is not supported.
(convert-disk-image): Remove unneeded 'begin'.
Fixes: <https://issues.guix.gnu.org/44101>.
* gnu/build/bootloader.scm (write-file-on-device): Pass 'no-fail flag instead
of 'no-create. Use a latin-1 transcoder.
* guix/scripts/system/reconfigure.scm (install-bootloader-program): Add a
"disk-installer" argument and use it as a fallback.
(install-bootloader): Adapt accordingly.
* gnu/tests/reconfigure.scm (run-install-bootloader-test): Ditto.
* gnu/build/vm.scm (load-in-linux-vm): Rename the RNG.
* gnu/system/vm.scm (common-qemu-options): Likewise.
(system-docker-image): Rename the ROOT-DIRECTORY.
* gnu/packages/crypto.scm (eschalot)[arguments]: Use a different
arbitrary string.
* gnu/packages/wicd.scm (wicd)[arguments]: Remove unused configure flag.
* gnu/packages/xorg.scm (xorg-server): Set a more accurate OS vendor.
This is a follow-up of f19cf27c2b. The
bootloader installation must be done on the final disk-image, hence using
"disk-image-installer" instead of "installer" callback.
* gnu/bootloader/u-boot.scm: Turn all installer callbacks into
disk-image-installer callbacks.
* gnu/build/bootloader.scm (write-file-on-device): Open the output file with
'no-truncate and 'no-create options.
* gnu/system/image.scm (with-imported-modules*): Add (gnu build bootloader)
module.
This allows the client running on the host to know when it's actually
connect to the server running in the guest. Failing that, the client
would connect right away to QEMU and send secrets even though the server
is not running yet in the guest, which is unreliable.
* gnu/build/secret-service.scm (secret-service-send-secrets): Add
#:handshake-timeout. Read from SOCK an initial message from the
server. Return #f on error.
(secret-service-receive-secrets): Send 'secret-service-server' message
to the client. Close SOCK upon timeout.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start'
method returns #f when 'secret-service-send-secrets' returns #f.
* gnu/build/secret-service.scm (secret-service-receive-secrets)
[wait-for-client]: Call 'select' with a 60s timeout before 'accept'.
Return #f upon timeout.
[read-secrets]: Return FILES on success.
Adjust caller of 'wait-for-client' to handle #f.
* gnu/build/image.scm (convert-disk-image): New procedure.
(genimage): Remove target argument.
* gnu/system/image.scm (system-disk-image): Add support for 'compressed-qcow2
image format. Call "convert-disk-image" to apply image conversions on the
final image. Add "qemu-minimal" to the build inputs.
(system-image): Also add support for 'compressed-qcow2.
Fixes: <https://issues.guix.gnu.org/43533>.
* gnu/build/shepherd.scm (fork+exec-command/container): Check if containers
are supported before joining PID namespaces.
This is a follow-up of 5316dfc0f1. Some users of
run-container may expect that the container is jailed, even if there are no
mounts. This is the case for some Guix tests.
* gnu/build/linux-container.scm (run-container): Do not jail the container
when the requested root is "/".
When the store overlay is mounted, other processes such as kmscon, udev
and guix-daemon may open files from the store, preventing the
underlying install support from being umounted. See:
https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html.
To avoid this situation, mount the store overlay inside a container,
and run the installation from within that container.
* gnu/build/shepherd.scm (fork+exec-command/container): New procedure.
* gnu/services/base.scm (guix-shepherd-service): Support an optional PID
argument passed to the "start" method. If that argument is passed, ensure that
guix-daemon enters the given PID MNT namespace by using
fork+exec-command/container procedure.
* gnu/installer/final.scm (umount-cow-store): Remove it,
(install-system): run the installation from within a container.
* gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
We may want to run a container inside the MNT namespace, without jailing the
container. If RUN-CONTAINER is passed a null MOUNTS list, do not jail the
container.
* gnu/build/linux-container.scm (run-container): Do not call
MOUNT-FILE-SYSTEMS if MOUNTS list is empty.
Move the cow-store procedure from the service declaration in (gnu system
install) to (gnu build install), so that it can be called from within a
different context than Shepherd.
* gnu/build/install.scm (mount-cow-store, unmount-cow-store): New procedures.
* gnu/system/install.scm (make-cow-store): Remove it,
(cow-store-service-type): adapt it accordingly.
This adds a "secret-service" that can be added to a Childhurd VM to receive
out-of-band secrets (keys) sent from the host.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (secret-service-activation): New procedure.
(secret-service-type): New variable.
* gnu/build/secret-service.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
* gnu/system/file-systems.scm (<file-system>): Add a mount-may-fail? field.
(file-system->spec): adapt accordingly,
(spec->file-system): ditto.
* gnu/build/file-systems.scm (mount-file-system): If 'system-error is raised
and mount-may-fail? is true, ignore it. Otherwise, re-raise the exception.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
This fixes <https://bugs.gnu.org/42151>.
* gnu/system/images/hurd.scm (hurd-initialize-root-partition): Use #:wal-mode #f
in call to ...
* gnu/build/image.scm (initialize-root-partition): ... this, add #:wal-mode?
parameter, pass it to ...
(register-closure): ... this, add #:wal-mode? parameter, pass it to ...
* guix/store/database.scm (with-database): ... this, add #:wal-mode?
parameter, pass it to ...
(call-with-database): ... this, add #:wal-mode? parameter; when
set to #f, do not set journal_model=WAL.
The "image-root" derivation output is used as a temporary directory that is
passed to mke2fs and mkdosfs later on. By merging the creation of this
directory and the production of partition images, we can get rid of the
derivation.
As mke2fs and mkdosfs are not able to override file permissions, call those
commands with fakeroot. This way, all the image files will be owned by root,
even if image generation is done in an unprivilegded context.
* gnu/system/image.scm (system-disk-image): Merge "image-root" and
"iso9660-image" derivations so that we spare an extra derivation. Also add
"fakeroot" and its runtime dependencies to the inputs.
* gnu/build/image.scm (make-ext-image, make-vfat-image): Make sure that mke2fs
and mkdosfs are respectively called by fakeroot.
Note: Using `getxattr' on the Hurd instead of running showtrans does not
work (yet?).
* gnu/build/hurd-boot.scm (setup-translator): Use 'setxattr' instead of
invoking settrans.
* gnu/system.scm (hurd-multiboot-modules): Add --x-xattr-translator-records to
enable xattr-embedding of translators.
* gnu/build/hurd-boot.scm (make-hurd-device-nodes): Do not create
dev/{null,zero,full,random,urandom} mount points.
(passive-translator-xattr?, passive-translator-installed?, translated?,
set-translator, set-hurd-device-translators): New procedures.
(false-if-EEXIST): New macro.
(boot-hurd-system): Use them instead of running MAKEDEV.
This mirrors a change made in the Shepherd 0.8.0. Previously, upon
startup failure, we could have left processes behind.
* gnu/build/shepherd.scm (read-pid-file/container): Kill (- PID) instead
of PID.
Fixes <https://bugs.gnu.org/41791>.
Reported by Tobias Geerinckx-Rice <me@tobias.gr>.
This change mirrors changes made in the Shepherd 0.8.1, where signals
are blocked in the shepherd process in support of 'signalfd'. The
regression was introduced with the switch to 0.8.1 in
3f9c62d1a8: child processes would not
receive SIGTERM upon 'herd stop SERVICE'.
* gnu/build/shepherd.scm <top level>: Autoload (shepherd system).
(make-forkexec-constructor/container): Call call to 'sigaction' and
'unblock-signals'.
* gnu/build/activation.scm (boot-time-system):
Evaluate the linux-command-line thunk for linux systems to boot
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Calling "mknod" without root permissions fails. Plus those device nodes do not
appear to be needed to boot.
* gnu/build/image.scm (initialize-root-partition): Do not use
make-essential-device-nodes as default make-device-nodes procedure.
This decouples startup of the Hurd from the "hurd" package, moving the RC
script into SYSTEM.
* gnu/packages/hurd.scm (hurd)[inputs]: Remove hurd-rc-script.
[arguments]: Do not substitute it. Update "runsystem.sh" to parse kernel
arguments and exec into --system=SYSTEM/rc.
(hurd-rc-script): Move to...
* gnu/services.scm (%hurd-rc-file): ...this new variable.
(hurd-rc-entry): New procedure.
(%hurd-startup-service): Use it in new variable.
* gnu/system.scm (hurd-default-essential-services): Use it.
* gnu/build/activation.scm (boot-time-system): Use "command-line" for the
Hurd.
* gnu/system.scm (hurd-default-essential-services): Add %boot-service and
%activation-service.
* gnu/system/vm.scm (expression->derivation-in-linux-vm): Remove #:target.
[builder]: Use #+. Don't pass #:target-arm32? and #:target-aarch64? to
'load-in-linux-vm'.
Pass #:target #f to 'gexp->derivation'.
(qemu-image): Adjust accordingly.
* gnu/build/vm.scm (load-in-linux-vm): Remove #:target-aarch64?
and #:target-arm32?. Define them as local variables.
* gnu/build/image.scm (initialize-root-partition): Add bootloader-package and
bootloader-installer arguments. Run the bootloader-installer if defined.
* gnu/system/image.scm (system-disk-image): Adapt the partition initializer
call accordingly.
* gnu/build/image.scm (make-ext4-image): Rename to ...
(make-ext-image): ... it, and pass the file-system type to mke2fs,
(make-partition-image): Adapt to call "make-ext-image" if the partition
file-system is prefixed by "ext".
The --root option can now be omitted, and inferred from the root file system
declaration instead.
* gnu/build/file-systems.scm (canonicalize-device-spec): Extend to support NFS
directly, and...
* gnu/build/linux-boot.scm (boot-system): ...remove NFS special casing from
here. Remove nested definitions for root-fs-type, root-fs-flags and
root-fs-options, and bind those inside the let* instead. Make "--root" take
precedence over the device field string representation of the root file
system.
* doc/guix.texi (Initial RAM Disk): Document that "--root" can be left
unspecified.