* gnu/build/file-systems.scm (ext2-superblock-volume-name)
(bcachefs-superblock-volume-name, btrfs-superblock-volume-name)
(fat32-superblock-volume-name, fat16-superblock-volume-name)
(iso9660-superblock-volume-name, jfs-superblock-volume-name)
(f2fs-superblock-volume-name): Mention the file system type in the
docstring for consistency with the other superblock procedures.
* guix/cpio.scm (device-number, device->major+minor):
Move to, and subsequently import from, …
* guix/build/syscalls.scm (device-number, device-number->major+minor):
…here. Note the slight name change.
(mounts): Replace 16-bit open code with a DEVICE-NUMBER call.
* gnu/build/linux-boot.scm (device-number):
Remove duplicate 16-bit implementation in favour of the one above.
(resume-if-hibernated): Reuse DEVICE-NUMBER->MAJOR+MINOR.
It was never guaranteed to be run for non-root file systems. It was for
root file systems only due to a bug now fixed.
* gnu/build/file-systems.scm (check-btrfs-file-system): Don't invoke
‘btrfs device scan’ here.
* gnu/system/linux-initrd.scm (raw-initrd): Do so here if any btrfs file
systems are present.
* gnu/build/file-systems.scm (check-ext2-file-system)
(check-bcachefs-file-system, check-btrfs-file-system)
(check-fat-file-system, check-jfs-file-system, check-f2fs-file-system)
(check-ntfs-file-system, check-file-system): Take and honour new FORCE?
and REPAIR arguments. Update the docstring. Adjust all callers.
* gnu/system/file-systems.scm <file-system>: Add new SKIP-CHECK-IF-CLEAN?
and REPAIR fields.
(file-system->spec, spec->file-system): Adjust accordingly.
* gnu/build/linux-boot.scm (mount-root-file-system): Take new
SKIP-CHECK-IF-CLEAN? and REPAIR keyword arguments. Thread them through
to CHECK-FILE-SYSTEM.
* doc/guix.texi (File Systems): Document both new <file-system> options.
This broke compilation of Guix with guile@3.0.2 with:
In procedure make-regexp: Invalid range end
The fix is to replace [0-9A-f] with [0-9A-Fa-f].
* gnu/build/jami-service.scm (account-fingerprint-rx): Correct regexp.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This reverts commit 4673f81793, which reverted
commit 69dcc24c9f with the fix detailed below.
Thanks to Christopher Baines for reporting the failure and proposing a fix.
* guix/self.scm (compiled-guix) [*system-test-modules*]: Add the test data
files via the 'extra-files' argument.
* gnu/local.mk (dist_patch_DATA): Move the tests/data/jami-dummy-account.dat
file to...
* gnu/local.mk (MODULES_NOT_COMPILED): ... here.
* gnu/services/telephony.scm (string-or-computed-file?)
(string-list?, account-fingerprint-list?): New procedures.
(maybe-string-list, maybe-account-fingerprint-list)
(maybe-boolean, maybe-string, jami-account-list): New configuration field
types.
(serialize-string-list, serialize-boolean, serialize-string)
(jami-account, jami-account->alist, jami-configuration)
(jami-account-list?, jami-account-list-maybe): New procedures.
(%jami-accounts): New variable.
(jami-configuration->command-line-arguments): New procedure.
(jami-dbus-session-activation, jami-shepherd-services): New procedures.
(jami-service-type): New variable.
* gnu/build/jami-service.scm: New file.
* gnu/tests/data/jami-dummy-account.dat: Likewise.
* gnu/tests/telephony.scm: Likewise.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register them.
* Makefile.am (SCM_TESTS): Register the test file.
(dist_patch_DATA): Register the new data file.
* doc/guix.texi (Telephony Services): Document it.
Instead of imperative module-autoload! directives.
* gnu/build/shepherd.scm: Replace module-autoload! directives by autoload
arguments for define-module.
New record <setuid-program> with fields for setting the specific user
and group, as well as specifically selecting the setuid and setgid bits,
for a program within the setuid-program-service.
* gnu/services.scm (setuid-program-file-like-deprecated): New function.
(setuid-program-service-type): Make use of
setuid-program->activation-gexp. Adjust the extend property to handle
<setuid-program>.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
<setuid-record> list for each program entry.
* gnu/system.scm: (operating-system-setuid-programs): Renamed to
%operating-system-setuid-programs and replace it with new procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Replace
operating-system-setuid-programs with
%operating-system-setuid-programs.
* gnu/system/setuid.scm: New file.
* doc/guix.texi (Setuid Programs): Document <setuid-program>.
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
* gnu/build/linux-boot.scm (mount-root-file-system): Take a new #:CHECK?
keyword argument. Add it to the docstring. Conditionally call
CHECK-FILE-SYSTEM.
(boot-system): Adjust its only caller to pass the <file-system>'s CHECK?
option through, if available.
Previously, (read-partition-uuid "/does/not/exist") would return #f.
With this change, a 'system-error exception is raised as expected.
* gnu/build/file-systems.scm (ENOENT-safe): Clarify docstring.
(partition-field-reader): Remove use of 'ENOENT-safe'.
(partition-predicate): Wrap READER in 'ENOENT-safe'.
Fixes <https://bugs.gnu.org/47584>.
* gnu/build/activation.scm (copy-account-skeletons): Do not chown the
home directory; leave this to 'activate-user-home'.
(activate-user-home): Only chown the home directory after the account
skeletons have been copied.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
Fixes <https://bugs.gnu.org/47007>.
Reported by Jelle Licht <jlicht@fsfe.org>.
Since commit dcb640f02b, we could end up
applying the wrong mount flags because the (find ...) expression could
pick the "wrong" mount point in the presence of bind mounts.
* gnu/build/file-systems.scm (mount-file-system): Use 'statfs' to
compute FLAGS whe FS is a bind mount.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/46395>.
Reported by Duncan Overbruck <mail@duncano.de>.
* gnu/build/activation.scm (activate-setuid-programs): Change TARGET
mode to not be setgid.
It is now up to the caller to deduplicate store contents.
* guix/store/database.scm (register-items): Remove #:deduplicate?
parameter and call to 'deduplicate'.
(register-path): Call 'deduplicate' when #:deduplicate? is true.
* gnu/build/image.scm (register-closure): Adjust call accordingly.
* gnu/build/vm.scm (register-closure): Likewise.
* guix/nar.scm (finalize-store-file): Likewise.
* guix/scripts/pack.scm (store-database): Likewise.
Until now deduplication was performed as an additional pass after
copying files, which involve re-traversing all the files that had just
been copied.
* guix/store/deduplication.scm (copy-file/deduplicate): New procedure.
* tests/store-deduplication.scm ("copy-file/deduplicate"): New test.
* guix/build/store-copy.scm (populate-store): Add #:deduplicate?
parameter and honor it.
* tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f
to 'populate-store'.
* gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate?
to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
* gnu/build/install.scm (populate-single-profile-directory): Pass
#:deduplicate? #f to 'populate-store'.
* gnu/build/linux-initrd.scm (build-initrd): Likewise.
* guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New
procedure.
[build]: Pass it as an argument to 'source-module-closure'.
* guix/scripts/pack.scm (squashfs-image)[build]: Wrap in
'with-extensions'.
* gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New
procedure.
[builder]: Pass it to 'source-module-closure'.
* gnu/system/install.scm (cow-store-service-type)[import-module?]: New
procedure. Pass it to 'source-module-closure'.
The assumption now is that the caller took care of resetting timestamps
and permissions.
* guix/store/database.scm (register-items): Remove #:reset-timestamps?
parameter and the call to 'reset-timestamps'.
(register-path): Adjust accordingly and add call to 'reset-timestamps'.
* gnu/build/image.scm (register-closure): Remove #:reset-timestamps?
parameter to 'register-items'.
* gnu/build/vm.scm (register-closure): Likewise.
* guix/nar.scm (finalize-store-file): Adjust accordingly.
* guix/scripts/pack.scm (store-database)[build]: Likewise.
Until now, 'populate-store' would reset permissions but not timestamps,
so callers would resort to going through an extra directory traversal to
reset timestamps.
* guix/build/store-copy.scm (reset-permissions): Remove.
(copy-recursively): New procedure.
(populate-store): Pass #:keep-permissions? to 'copy-recursively'.
Remove call to 'reset-permissions'.
* tests/gexp.scm ("gexp->derivation, store copy"): In BUILD-DRV, check
whether 'populate-store' canonicalizes permissions and timestamps.
* gnu/build/image.scm (initialize-root-partition): Pass #:reset-timestamps? #f
to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
This broke 'guix environment --container' on non-Debian distributions.
Fixes <https://bugs.gnu.org/45066>. Reported by luhux <luhux@outlook.com>.
This reverts commit 8bc5ca5160.
Bit 1 means the target device was mounted read-only whilst checking.
This should never happen in an initrd context but is not an error.
* gnu/build/file-systems.scm (check-bcachefs-file-system): Ignore status
bits that don't signal an error. Remove the 'reboot-required case.
Fixes <https://bugs.gnu.org/31977>.
Reported by Paul Garlick <pgarlick@tourbillion-technology.com>.
* gnu/build/linux-container.scm (unprivileged-user-namespace-supported?):
Return #f when the 'userns-file' does not exist.
Since commit 8ce6f4dc28, importing this
module in a gexp would pull in (guix config) from the host, thereby
leading to non-reproducible derivations. Users in (gnu services ...) do
not expect that so simply remove the (guix utils) dependency for now.
* gnu/build/shepherd.scm (fork+exec-command/container)[strip-pid]: New
procedure.
Use it instead of 'strip-keyword-arguments'.
* gnu/build/image.scm (make-partition-image): Use 'raise' instead of
'format' when TYPE is not supported.
(convert-disk-image): Remove unneeded 'begin'.
Fixes: <https://issues.guix.gnu.org/44101>.
* gnu/build/bootloader.scm (write-file-on-device): Pass 'no-fail flag instead
of 'no-create. Use a latin-1 transcoder.
* guix/scripts/system/reconfigure.scm (install-bootloader-program): Add a
"disk-installer" argument and use it as a fallback.
(install-bootloader): Adapt accordingly.
* gnu/tests/reconfigure.scm (run-install-bootloader-test): Ditto.
This is a follow-up of f19cf27c2b. The
bootloader installation must be done on the final disk-image, hence using
"disk-image-installer" instead of "installer" callback.
* gnu/bootloader/u-boot.scm: Turn all installer callbacks into
disk-image-installer callbacks.
* gnu/build/bootloader.scm (write-file-on-device): Open the output file with
'no-truncate and 'no-create options.
* gnu/system/image.scm (with-imported-modules*): Add (gnu build bootloader)
module.
