* gnu/bootloader.scm (efi-arch, install-efi): New procedures.
(%efi-supported-systems, lazy-efibootmgr): New variables.
(bootloader-configuration)[efi-removable?, 32bit?]: New fields.
(match-bootloader-configuration, match-menu-entry): New macros.
* gnu/build/bootloader.scm (install-efi-loader): Delete procedure.
(install-efi): Rewrite to support installation of any efi bootloader.
* gnu/build/image.scm (initialize-efi32-partition): Deprecate.
(initialize-efi-partitition): Only create EFI directory.
* gnu/image.scm (partition)[target]: New field in order to support
dynamic provision of image partitions as bootloader targets.
* gnu/system/image.scm (root-partition, esp-partition): Use target
field.
* gnu/system/image.scm (esp32-partition, efi32-disk-partition,
efi32-raw-image-type): Deprecate.
* doc/guix.texi (Creating System Images)[image Reference]<partition
Reference>: Add target field.
[Instantiate an Image]: Update examples and update formatting.
<efi32-disk-image, efi32-raw-image-type>: Delete.
<pinebook-pro-image-type, rock64-image-type>: Reword slightly.
Change-Id: I3654d160f7306bb45a78b82ea6b249ff4281f739
Fixes <https://issues.guix.gnu.org/47584>.
I removed the 'Based upon mkdir-p from (guix build utils)'
comment because it's quite a bit different now.
* gnu/build/activation.scm (verify-not-symbolic): Delete.
(mkdir-p/perms): Rewrite in terms of 'openat'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: Id2f5bcbb903283afd45f6109190210d02eb383c7
* gnu/system/privilege.scm (<privileged-program>): Add a field
representing the program's POSIX capabilities.
(privileged-program-capabilities): New public procedure.
* doc/guix.texi (Privileged Programs): Document it.
* gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP
package argument providing setcap(8) to apply said capabilities.
* gnu/services.scm (privileged-program->activation-gexp): Pass said
package argument where supported. Include privileged-program-capabilities
in the compatibility hack.
* gnu/build/activation.scm (activate-setuid-programs): Rename this…
(activate-privileged-programs): …to this.
Operate on a list of <privileged-program> records.
* gnu/services.scm (setuid-program->activation-gexp): Adjust caller.
Create /run/setuid-programs compatibility symlinks so that we can
migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
* gnu/build/activation.scm (%privileged-program-directory): New variable.
[activate-setuid-programs]: Put privileged copies in
%PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in
%SETUID-DIRECTORY.
* gnu/services.scm (setuid-program-service-type): Update docstring.
* doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
As files in the store and /etc/fstab are world readable, specifying the
password in the file-system record is suboptimal. To mitigate this,
`mount.cifs' supports reading `username', `password' and `domain' options from
a file named by the `credentials' or `cred' option.
* gnu/build/file-systems.scm (mount-file-system): Read mount options from the
file specified via the `credentials' or `cred' option if specified.
Change-Id: I786c5da373fc26d45fe7a876c56a8c4854d18532
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about
12%.
* gnu/packages/linux.scm (default-extra-linux-options)
[version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else
CONFIG_MODULE_COMPRESS_GZIP.
(make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment
variable to 19.
[native-inputs]: Add zstd.
* gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc.
(modinfo-section-contents): Extend support to Zstd compressed module.
(dot-ko): Register the 'zstd compression type.
(ensure-dot-ko, file-name->module-name, load-linux-module*)
(module-name->file-name/guess, write-module-name-database)
(write-module-alias-database, write-module-device-database): Update doc.
(module-name-lookup): Also consider zstd-compressed modules.
* gnu/installer.scm (installer-program): Add guile-zstd extension to gexp.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise.
Decompress zstd-compressed modules for use in initrd.
* guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp.
Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a
This is a follow-up to 8f8ec56052, which only
covers building initrd, while the booting code still tries to load nonexistent
files for builtin modules.
* gnu/build/linux-modules.scm (load-linux-modules-from-directory): Ignore
nonexistent module files.
Change-Id: I09ef207e82397e915e671c8464b92bcf90f03dcf
Until now, the secret service had a hard-coded TCP endpoint on port
1004. This change lets users specify arbitrary socket addresses.
* gnu/build/secret-service.scm (socket-address->string): New procedure,
taken from Shepherd.
(secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust
accordingly.
(secret-service-receive-secrets): Likewise.
* gnu/services/virtualization.scm (secret-service-shepherd-services):
Likewise.
(secret-service-operating-system): Add optional ‘address’ parameter and
honor it. Adjust ‘start’ method accordingly.
Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578
* gnu/build/chromium-extension.scm (make-chromium-extension): Make use of the
make-signing-key procedure inside the argument field, making sure that it is
not evaluated at file-load time. This would otherwise try to resolve gnutls
when we can't guarantee it's defined because of dependency cycles.
Change-Id: Ia7b13acfbca475c2df073e9a88fc8bb9264dd968
This was superseded by ‘least-authority-wrapper’.
* gnu/build/shepherd.scm (read-pid-file/container)
(make-forkexec-constructor/container): Remove.
Change-Id: I6acccdff2609a35807608f865a4d381146113a88
This is an improvement for the purposes of ‘guix edit’ & co.
* gnu/build/icecat-extension.scm (make-icecat-extension): Add ‘location’
field.
Change-Id: I896ae6823b3fe4ea013fa74e2c536f45664d8042
* gnu/build/icecat-extension.scm: New file with a MAKE-ICECAT-EXTENSION
procedure that makes sure the add-on directory is a symlink, so that Icecat
can normalize it into a package store path.
* gnu/local.mk (dist_patch_DATA): Register it, as well as new patches.
* gnu/packages/browser-extensions.scm (ublock-origin)[properties]: Store the
add-on ID so that it is accessible in MAKE-ICECAT-EXTENSION.
[arguments]: Use the add-on ID as root directory.
(ublock-origin/icecat): New procedure.
* gnu/packages/gnuzilla.scm (icecat-minimal)[arguments]: Rewrite the unused
'apply-guix-specific-patches' phase so that it applies the following two
patches.
[native-search-paths]: New field.
* gnu/packages/patches/icecat-compare-paths.patch: New patch that compares
add-on paths (which are package store paths) to detect package changes.
* gnu/packages/patches/icecat-use-system-wide-dir.patch: New patch that
replaces "/usr/lib/mozilla" (the system-wide directory for extensions and
native manifests) with "$ICECAT_SYSTEM_DIR".
The gnumach builtin IDE hd devices are still used, unless booting with
"noide".
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create /dev/hd{0..3},
/dev/hd{0..3}s{0..3}.
This reverts commit e9a5eebc78, which
as far as I can tell breaks system roll-backs thusly:
[...]
In gnu/build/accounts.scm:
239:27 3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >)
In unknown file:
2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>)
In ice-9/boot-9.scm:
1685:16 1 (raise-exception _ #:continuable? _)
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure string-append: Wrong type (expecting string): #t
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
* gnu/build/image.scm (make-unformatted-image): New procedure.
(make-partition-image): Add support for unformatted partition.
* gnu/system/image.scm (system-disk-image)[partition->gpt-type]: Add
case for using unformatted partition uuid.
This follows up on commit c077345539, and
adds a comment to avoid this in future.
* gnu/system/file-systems.scm (invalid-file-system-flags):
Add 'no-diratime to the list of KNOWN-FLAGS.
Fixes <https://issues.guix.gnu.org/61156>.
* gnu/build/linux-container.scm (container-excursion): Add extra call to
'primitive-fork' and invoke THUNK in the child process.
* tests/containers.scm ("container-excursion"): Remove extra
'primitive-fork' call, now unnecessary.
("container-excursion*, /proc"): New test.
* gnu/build/linux-container.scm (container-excursion): Return the raw
status value.
* tests/containers.scm ("container-excursion, same namespaces"): Add
'status:exit-val' call.
* guix/scripts/container/exec.scm (guix-container-exec): Correctly
handle the different cases.
Fixes a regression introduced in
450f774028 and
e3c6575ee9, which introduced
unquote-splicing without changing quote to quasiquote.
* gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Use
quasiquote, note quote.
Addresses <https://issues.guix.gnu.org/59695>.
* gnu/build/image.scm (make-vfat-image): When creating a fat filesystem
for UEFI bootable partition use 512 byte blocks.