* gnu/system/pam.scm (unix-pam-service): Add account and session PAM entries
for pam-gnupg. Don't pass "#f" to "allow-root?" argument, because "lambda*"
already does this by default.
* doc/guix.texi (X Window): Document this.
* gnu/services/xorg.scm (<slim-configuration>)[gnupg?]: New record field.
(slim-pam-service): Pass "#:gnupg?" argument to "unix-pam-service".
This is a followup to a7ac19851b.
* gnu/system/install.scm (installation-os)[setuid-programs]: Use
'setuid-program'.
* gnu/system/hurd.scm (%setuid-programs/hurd): Use 'file-like->setuid-program'.
Thanks to Guillem Jover <guillem@debian.org> on the OFTC's #debian-dpkg
channel for helping with troubleshooting.
Letting GNU Tar recursively walk the complete files hierarchy side-steps the
risks associated with providing a list of file names:
1. Duplicated files in the archive (recorded as hard links by GNU Tar)
2. Missing parent directories.
The above would cause dpkg to malfunction, for example by aborting early and
skipping triggers when there were missing parent directories.
* guix/scripts/pack.scm (self-contained-tarball/builder): Do not call
POPULATE-SINGLE-PROFILE-DIRECTORY, which creates extraneous files such as
/root. Instead, call POPULATE-STORE and INSTALL-DATABASE-AND-GC-ROOTS
individually to more precisely generate the file system. Replace the list of
files by the current directory, "." and streamline the way options are passed.
* gnu/system/file-systems.scm (reduce-directories): Remove procedure.
* tests/file-systems.scm ("reduce-directories"): Remove test.
Tar translate duplicate files in the archive into hard links. These can cause
problems, as not every tool support them; for example dpkg doesn't.
* gnu/system/file-systems.scm (reduce-directories): New procedure.
(file-prefix?): Lift the restriction on file prefix. The procedure can be
useful for comparing relative file names. Adjust doc.
(file-name-depth): New procedure, extracted from ...
(btrfs-store-subvolume-file-name): ... here.
* guix/scripts/pack.scm (self-contained-tarball/builder): Use
reduce-directories.
* tests/file-systems.scm ("reduce-directories"): New test.
Inspired by
1270b2e209.
The price to pay is about 5% of a CPU core usage in the guest in the worst
scenario.
* gnu/system/examples/vm-image.tmpl
(auto-update-resolution-crutch): New mcron job.
[services]: Extend the mcron-service with it.
Having 2.29 is most likely no longer justified. Removing it reduces the
closure size returned by:
guix size $(guix system build gnu/system/install.scm)
from 1.6G to 1.5G.
* gnu/system/locale.scm (%default-locale-libcs): Remove GLIBC-2.29.
Fixes <https://issues.guix.gnu.org/47225>.
* gnu/system/vm.scm (%default-msize-value): New variable.
(%linux-vm-file-systems): Use it as the value of the msize option.
(mapping->file-system): Likewise.
Reported-by: Leo Famulari <leo@famulari.name>
Some services require networking, I'm looking at the Guix Build Coordinator
agent. Networking seems to work in the childhurd VM, so I think this change
makes sense.
* gnu/system/hurd.scm (%base-services/hurd): Add 'networking to the provision
parameter for the static-networking service.
Remove the 'vm-image' command that has been superseded by the 'image'
command.
* gnu/system/vm.scm (system-qemu-image): Remove it.
* guix/scripts/system.scm (system-derivation-for-action): Mark 'vm-image'
command as deprecated and use the image API to produce the VM image.
(perform-action, show-help): Adapt accordingly.
* tests/guix-system.sh: Ditto.
* doc/guix.texi (Invoking guix system,
Running Guix in a VM): Ditto.
* etc/completion/fish/guix.fish: Ditto.
* etc/completion/zsh/_guix: Ditto.
* gnu/system/shadow.scm (account-activation): Delete duplicate (eq?) users
and groups before transforming them to specs and asserting, that names are
unique.
The change from formatted message causes the line to no longer automatically
be ended. This will need to be reverted once again, when duplicate names
become hard errors.
* gnu/system/shadow.scm (assert-unique-account-names)
(assert-unique-group-names): End format strings in ~%.
This reverts commit a3002104a8, which
breaks certain system configurations like:
$ guix system reconfigure config.scm
guix system: error: the following groups appear more than once: lp
*gnu/system/shadow.scm (find-duplicates): New variable.
(assert-unique-account-names, assert-unique-group-names): New variables.
(account-activation): Use them here.
Until now deduplication was performed as an additional pass after
copying files, which involve re-traversing all the files that had just
been copied.
* guix/store/deduplication.scm (copy-file/deduplicate): New procedure.
* tests/store-deduplication.scm ("copy-file/deduplicate"): New test.
* guix/build/store-copy.scm (populate-store): Add #:deduplicate?
parameter and honor it.
* tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f
to 'populate-store'.
* gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate?
to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
* gnu/build/install.scm (populate-single-profile-directory): Pass
#:deduplicate? #f to 'populate-store'.
* gnu/build/linux-initrd.scm (build-initrd): Likewise.
* guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New
procedure.
[build]: Pass it as an argument to 'source-module-closure'.
* guix/scripts/pack.scm (squashfs-image)[build]: Wrap in
'with-extensions'.
* gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New
procedure.
[builder]: Pass it to 'source-module-closure'.
* gnu/system/install.scm (cow-store-service-type)[import-module?]: New
procedure. Pass it to 'source-module-closure'.
* gnu/system/linux-initrd.scm (file-system-packages): Add
bcachefs-tools/static.
(file-system-type-modules): Add an entry for the "bcachefs" type and
module.
When the image type is "raw" or derived from it (such as "qcow2"), an ESP
partition and file system is already added by the image generator. If a
conflicting user-provided EFI file system is provided, it causes the boot to
fail, as happens for the lightweight-desktop.tmpl and desktop.tmpl templates
under gnu/system/examples.
* gnu/system/image.scm (operating-system-for-image): Remove file systems whose
mount point is "/boot/efi".
Fixes <https://bugs.gnu.org/44511>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.
* gnu/system/vm.scm (system-qemu-image): Add 'bootloader' field to OS.
* gnu/system/vm.scm (system-qemu-image)[file-systems-to-keep]: Check
whether SOURCE is a string before calling 'string-prefix?'. Remove
UUIDs and file system labels as well.
This builds are extremely I/O-intensive so they'd rather not run on the
head node of the build farm.
* gnu/system/image.scm (system-disk-image, system-iso9660-image): Pass
#:local-build? #f.
* gnu/system/image.scm (arm32-disk-image, arm32-image-type): New variables.
(arm64-disk-image): Inherit from arm32-disk-image.
(arm64-image-type): Change name to 'arm64-raw.
* gnu/build/vm.scm (load-in-linux-vm): Rename the RNG.
* gnu/system/vm.scm (common-qemu-options): Likewise.
(system-docker-image): Rename the ROOT-DIRECTORY.
* gnu/packages/crypto.scm (eschalot)[arguments]: Use a different
arbitrary string.
* gnu/packages/wicd.scm (wicd)[arguments]: Remove unused configure flag.
* gnu/packages/xorg.scm (xorg-server): Set a more accurate OS vendor.
* gnu/system/images/pine64.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/system/image.scm (arm64-disk-image, arm64-image-type): New variables.
This is a follow-up of f19cf27c2b. The
bootloader installation must be done on the final disk-image, hence using
"disk-image-installer" instead of "installer" callback.
* gnu/bootloader/u-boot.scm: Turn all installer callbacks into
disk-image-installer callbacks.
* gnu/build/bootloader.scm (write-file-on-device): Open the output file with
'no-truncate and 'no-create options.
* gnu/system/image.scm (with-imported-modules*): Add (gnu build bootloader)
module.
* gnu/system/linux-container.scm (%nscd-container-caches): New variable.
(containerized-operating-system): Instantiate nscd-service with smaller caches
and add it to the generated operating-system, replacing any nscd-service
specified by the caller.
* gnu/system/file-systems.scm: (%network-file-mappings): Remove "/var/run/nscd".
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu/system/image.scm (image-with-os): New macro. Rename the old
"image-with-os" procedure to ...
(image-with-os*): ... this new procedure,
(system-image): adapt according,
(raw-image-type, iso-image-type, uncompressed-iso-image-type
%image-types): new variables,
(lookup-image-type-by-name): new procedure.
(find-image): remove it.
* gnu/system/images/hurd.scm (hurd-image-type): New variable,
use it to define ...
(hurd-disk-image): ... this variable, using "os->image" procedure.
* gnu/tests/install.scm (run-install): Rename
installation-disk-image-file-system-type parameter to installation-image-type,
use os->config instead of find-image to compute the image passed to system-image,
(%test-iso-image-installer) adapt accordingly,
(guided-installation-test): ditto.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu/build/image.scm (convert-disk-image): New procedure.
(genimage): Remove target argument.
* gnu/system/image.scm (system-disk-image): Add support for 'compressed-qcow2
image format. Call "convert-disk-image" to apply image conversions on the
final image. Add "qemu-minimal" to the build inputs.
(system-image): Also add support for 'compressed-qcow2.
Move the cow-store procedure from the service declaration in (gnu system
install) to (gnu build install), so that it can be called from within a
different context than Shepherd.
* gnu/build/install.scm (mount-cow-store, unmount-cow-store): New procedures.
* gnu/system/install.scm (make-cow-store): Remove it,
(cow-store-service-type): adapt it accordingly.
* guix/scripts/system.scm (%options): Add `--label'.
(system-derivation-for-action): Take a #:label key to set volume ID.
(perform-action): Take a #:label key.
(%default-options): Add default label value.
(process-action): Pass label value from command-line to perform-action.
* gnu/system/image.scm (image-with-label): New procedure.
Only use the current glibc, as adding glibc-2.29 for compatibility adds
~100MiB to the barebones system closure.
* gnu/system/locale.scm (%default-locale-libcs): Remove glibc-2.29.
Image files can be very large (multiple gigabytes), and the process of
generating them is primarily I/O bound. As disk access is typically faster
than network access, it makes sense build them locally.
* gnu/system/image.scm (system-disk-image): Pass the #:local-build? #t
parameter to computed-file calls dealing with generating image files.
(system-iso9660-image): Likewise.
This is a follow-up of 755f365b02.
As (zlib) is autoloaded in (gnu build linux-modules), "guile-zlib" is needed
as an extension only when it is effectively used.
* gnu/installer.scm (installer-program): Remove "guile-zlib" from the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/shadow.scm (account-shepherd-service): Ditto.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
Instead of hard coding the debug directory to that of the user profile, use
Guile scripting in combination with a new search path specification on GDB to
specify the debug file directories.
* gnu/packages/gdb.scm (gdb-9.1): Add a search path specification for the
GDB_DEBUG_FILE_DIRECTORY environment variable.
* gnu/system/shadow.scm (default-skeletons)[gdbinit]: Derive the value of
DEBUG-FILE-DIRECTORY via the GDB_DEBUG_FILE_DIRECTORY environment variable.
* doc/guix.texi (Installing Debugging Files): Document it.
Tools such as efibootmgr rely on the deprecated /sys/firmware/efi/vars API as
well as on the new /sys/firmware/efi/efivars API. The latter needs to be
mounted.
Reported by Keyhenge here:
https://lists.gnu.org/archive/html/bug-guix/2020-04/msg00274.html
Here is the efivarfs documentation:
https://www.kernel.org/doc/Documentation/filesystems/efivarfs.txt.
* gnu/system/file-systems.scm (%efivars-file-system): New exported variable,
(%base-file-systems): add it.
* gnu/system/install.scm (%efivars-file-system): Add it.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu/system/file-systems.scm (<file-system>): Add a mount-may-fail? field.
(file-system->spec): adapt accordingly,
(spec->file-system): ditto.
* gnu/build/file-systems.scm (mount-file-system): If 'system-error is raised
and mount-may-fail? is true, ignore it. Otherwise, re-raise the exception.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>