New record <setuid-program> with fields for setting the specific user
and group, as well as specifically selecting the setuid and setgid bits,
for a program within the setuid-program-service.
* gnu/services.scm (setuid-program-file-like-deprecated): New function.
(setuid-program-service-type): Make use of
setuid-program->activation-gexp. Adjust the extend property to handle
<setuid-program>.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
<setuid-record> list for each program entry.
* gnu/system.scm: (operating-system-setuid-programs): Renamed to
%operating-system-setuid-programs and replace it with new procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Replace
operating-system-setuid-programs with
%operating-system-setuid-programs.
* gnu/system/setuid.scm: New file.
* doc/guix.texi (Setuid Programs): Document <setuid-program>.
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
* guix/scripts/pack.scm (self-contained-tarball/builder)
[extra-options]: New argument.
(self-contained-tarball, squashfs-image, docker-image)
(debian-archive): Likewise. Remove two TODO comments. Document
EXTRA-OPTIONS. Use the custom control files when provided.
(%deb-format-options): New variable.
(show-deb-format-options, show-deb-format-options/detailed): New procedures.
(%options): Register new options.
(show-help): Augment with new usage.
(guix-pack): Validate and propagate new argument values.
* doc/guix.texi (Invoking guix pack)[deb]: Document how to list advanced
options. Add an example.
* tests/pack.scm (deb archive...): Provide extra-options to the debian-archive
procedure, and validate that the provided files are embedded in the pack.
The output of the listing of available packages now contains a mix of tab and
space characters, so that its output is more pleasing to read. This preserves
most simple uses of 'cut', but the added extra space padding can cause a
change in behavior in some scenarios.
* doc/guix.texi (Invoking guix build): Replace 'cut' by 'awk' in one of the
examples.
Since the update to the 2.6.2 release, the closure size of zile has
increased. Switch to mg which is lighter.
* gnu/system.scm (%base-packages-interactive): Replace zile by mg.
* doc/guix.texi (Proceeding with the Installation,
Using the Configuration System): Adapt those sections.
* guix/build/utils.scm (search-input-directory): New procedure.
* doc/guix.texi (Build Utilities): Document it next to
'search-input-file'. Tweak wording.
This is a follow-up to c2ff06e5e4, in which
a link to the cookbook was added using a different name than the actual
section.
* doc/guix.texi (Using the Configuration System): Fix broken link to cookbook.
This is a follow-up to the discussion in <https://bugs.gnu.org/48974>.
* doc/guix-cookbook.texi (System Configuration): Add a brief guide that
explains auto login a user to one TTY.
* doc/guix.texi (System Services): Add an texinfo anchor, so that the cookbook
entry "Auto Login a User to a Specific TTY" can refer back to the precise
point that the GNU Guix Reference manual. Also add a reference to the
cookbook that shows how to auto login a specific user to one TTY.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
It will be used in the 'optional-tests' linter.
* guix/gexp.scm (gexp->approximate-sexp): New procedure.
* tests/gexp.scm
("no references", "unquoted gexp", "unquoted gexp (native)")
("spliced gexp", "unspliced gexp, approximated")
("unquoted gexp, approximated"): Test it.
* doc/gexp.scm ("G-Expressions"): Document it.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* .dir-locals.el (scheme-mode)[gexp->derivation]: Define indentation rule.
* guix/scripts/pack.scm (debian-archive): New procedure.
(%formats): Register the new deb format.
(show-formats): Add it to the usage string.
* tests/pack.scm (%ar-bootstrap): New variable.
(deb archive with symlinks): New test.
* doc/guix.texi (Invoking guix pack): Document it.
* NEWS: Add news entry.
* gnu/services/vpn.scm (<strongswan-configuration>): New record type.
(charon-plugins, strongswan-configuration-file)
(strongswan-shepherd-service, strongswan-service-type): New variables.
* doc/guix.tex (VPN Services): Document them all.
For some time, OpenSSH's option 'PermitRootLogin' has deprecated the
ambiguous argument 'without-password' with 'prohibit-password'.
* doc/guix.texi (Network Services): Replace 'without-password by
'prohibit-password.
* gnu/machine/digital-ocean.scm (guix-infect): Change system
configuration to use 'prohibit-password.
* gnu/services/ssh.scm (openssh-configuration): Change comment to use
'prohibit-password.
(openssh-config-file): Add support for 'prohibit-password to
'permit-root-login'. Warn about deprecated 'without-password usage.
* gnu/tests/ganeti.scm (%ganeti-os): Replace 'without-password by
'prohibit-password.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
Note: this merge actually changes the 'curl' and 'python-attrs' derivations,
as part of solving caf4a7a277 and
12964df69a respectively.
4604d43c0e (gnu: gnutls@3.6.16: Fix cross-compilation.) was ignored because it
cannot currently be tested.
Conflicts:
gnu/local.mk
gnu/packages/aidc.scm
gnu/packages/boost.scm
gnu/packages/curl.scm
gnu/packages/nettle.scm
gnu/packages/networking.scm
gnu/packages/python-xyz.scm
gnu/packages/tls.scm
In addition to substitutes from ci.guix.gnu.org. There are more changes that
can be made in the future, but these changes seem like a good start.
* config-daemon.ac (guix_substitute_urls): Add https://bordeaux.guix.gnu.org.
* guix/scripts/substitute.scm (%default-substitute-urls): Add
http://bordeaux.guix.gnu.org.
* guix/store.scm (%default-substitute-urls): Add bordeaux.guix.gnu.org.
* doc/guix.texi: Adjust accordingly.
* doc/contributing.texi: Adjust accordingly.
* doc/guix.texi (Globally-Visible Packages): Change "bind" variable
name to the actual variable name, "isc-bind".
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
The procedure ‘which’ from (guix build utils)
is used for two different purposes:
1. for finding the absolute file name of a binary
that needs to run during the build process
2. for finding the absolute file name of a binary,
for the target system (as in --target=TARGET),
e.g. for substituting sh->/gnu/store/.../bin/sh,
python->/gnu/store/.../bin/python.
When compiling natively (target=#f in Guix parlance),
this is perfectly fine.
However, when cross-compiling, there is a problem.
"which" looks in $PATH for binaries. That's good for purpose (1),
but incorrect for (2), as the $PATH contains binaries from native-inputs
instead of inputs.
This commit defines a ‘search-input-file’ procedure. It functions
like 'which', but instead of searching in $PATH, it searches in
the 'inputs' of the build phase, which must be passed to
‘search-input-file’ as an argument. Also, the file name must
include "bin/" or "sbin/" as appropriate.
* guix/build/utils.scm (search-input-file): New procedure.
* tests/build-utils.scm
("search-input-file: exception if not found")
("search-input-file: can find if existent"): Test it.
* doc/guix.texi (File Search): Document it.
Partially-Fixes: <https://issues.guix.gnu.org/47869>
Co-Authored-By: Ludovic Courtès <ludo@gnu.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* doc/guix.texi (Networking Services): Allow established and related incoming
connections in example iptables configuration.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
* gnu/tests/linux-modules.scm
(run-loadable-kernel-modules-service-test): Actually load the modules
with kernel-module-loader-service-type. Use a singleton service instead
of defining a custom one.
* doc/guix.texi (Service Reference): To give an example of
linux-loadable-module-service-type use a singleton instead of defining a
new service.
Fixes <https://issues.guix.gnu.org/48739>. It may seem silly, but when not
realizing this firsthand, it can be quite surprising and thus not obvious to
troubleshoot. Thanks to Eric Brown for their insightful comments on the
tracker.
* doc/guix.texi (Running Guix in a VM): Add a note that networking support
must be available in the Guix System operating system declaration used for the
VM.