TLS errors may be confusing to some users. Two comments are added: one
comment should help clarify the extra step required for root CA certificates
to be installed, while the other will help users keep their clocks
synchronized, another source of TLS errors due to clock drift.
* gnu/system/examples/bare-bones.tmpl: Add nss-cert and NTP service comments.
Signed-off-by: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a followup to 05a9d1f378, which
removed its sole user.
* gnu/system/vm.scm (%linux-vm-file-systems): Remove.
(mapping->file-system): Add comment about “cache=loose”.
This is a follow-up of e5ed1712da. Restore the
behaviour before d57cab7641 and produce
hybrid, BIOS and UEFI capable qcow2 images.
* gnu/system/image.scm (qcow2-image-type): Inherit from mbr-hybrid-disk-image.
When using grub-bootloader with a GPT image, GRUB will fail during
installation with a cryptic error message.
* gnu/system/image.scm (system-disk-image): Raise an error when trying to use
a non-EFI compatible bootloader with a GPT image partitioning.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
Until 209204e23b and
d57cab7641, the default image type used by "guix
system image" was an MBR image with an ESP partition.
Having both an MBR image and an ESP partition is handy because the image will
boot on most x86 based systems using legacy BIOS and/or UEFI.
We now have a distinction between MBR images and EFI images. Introduce a new
MBR hybrid image type and default to it to restore the default behaviour.
This also fixes the images section of (gnu ci) that was trying to install a
BIOS bootloader on an EFI, GPT image and failing to do so.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
This really removes the locale-2.33 dependency running `guix system build
bare-hurd.tmpl' on the Hurd, that somehow still managed to leak-in?
* gnu/system/hurd.scm (%base-packages/hurd)[locale-libcs]: New field.
This reverts commit e9a5eebc78, which
as far as I can tell breaks system roll-backs thusly:
[...]
In gnu/build/accounts.scm:
239:27 3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >)
In unknown file:
2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>)
In ice-9/boot-9.scm:
1685:16 1 (raise-exception _ #:continuable? _)
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure string-append: Wrong type (expecting string): #t
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
* gnu/system/image.scm (mbr-disk-image, mbr-raw-image-type): New variables.
(qcow2-image-type): Inherit mbr-disk-image.
* guix/scripts/system.scm (%default-options): Use mbr-raw-image-type by
default.
* gnu/tests/install.scm (run-install): Use mbr-raw in the tests.
* doc/guix-cookbook.texi (Guix System Image API): Update the list of image
types.
* doc/guix.texi (Invoking guix system, System Images, image-type Reference):
Add mbr-raw and switch documented default to it.
This is a followup to cf28f46930.
* gnu/system/examples/plasma.tmpl (services): Remove both
'gdm-service-type' and 'sddm-service-type' from %DESKTOP-SERVICES.
This led to a 'tests/guix-system.sh' failure on aarch64-linux:
…/plasma.tmpl:60:13: error: modify-services: service 'gdm' not found in service list
This is because 'gdm-service-type' is not among %DESKTOP-SERVICES on
that architecture.
* gnu/system/examples/plasma.tmpl (services): Use 'remove' rather
'modify-services' + 'delete'.
cgroup v2 is the next generation of the control groups API. This patch
replaces the cgroup v1 file systems with the unified cgroup v2 file
system.
cgroup v2 allows for things like containerd/podman to run rootless
containers and opens guix system up to running things like Kubernetes.
Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker
service change.
* gnu/system/file-systems.scm (%control-groups): Change to a single
"cgroup2" mount point.
* gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement'
field accordingly.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
When booting with pci-arbiter and rumpdisk and using 1024MB of memory for
qemu, booting hangs, or seems to hang, at the end of the rumpdisk boot
messages. At least 1200MB is required, currently.
* gnu/services/virtualization.scm (<hurd-vm-configuration>)[memory-size]: Bump
to 2048.
* gnu/system/examples/bare-hurd.tmpl: Suggest using 2048 here too. Update
example `guix system image' and "qemu" command lines too.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
This allows for the use of Guix within a non-privileged Docker container
produced by 'guix system image -t docker'.
* gnu/system/linux-container.scm (containerized-operating-system):
Change 'guix-configuration' to add "--disable-chroot".
Previously, (ntfs-uuid->string (string->ntfs-uuid"5234ED0D34ECF53F"))
would yield "5234EDD34ECF53F".
Reported by sughosha in #guix.
* gnu/system/uuid.scm (ntfs-uuid->string): Pad hex bytes with zero when
needed.
* gnu/system/image.scm (system-disk-image)[partition-image]: Adjust the
inputs used by the image-builder to only use the packages necessary to
build that partition.
* gnu/build/image.scm (make-unformatted-image): New procedure.
(make-partition-image): Add support for unformatted partition.
* gnu/system/image.scm (system-disk-image)[partition->gpt-type]: Add
case for using unformatted partition uuid.
This is a followup to dbbc7e9461:
'nscd-service-type' isn't necessarily present in OS, so we cannot use
the 'modify-services' as it would now error out. This was happening
with the "guix system docker-image" test in 'tests/guix-system.sh'.
* gnu/system/linux-container.scm (containerized-operating-system): Use
'filter-map' instead of 'remove' + 'modify-services'.
When the 'stop' method returns a truth value, shepherd interprets it as
potential failure and logs it.
* gnu/system/pam.scm (pam-shepherd-service): Change 'stop' method to
return #f.
* gnu/system/hurd.scm (%base-packages/hurd): Change shepherd to shepherd-0.8,
since the former uses fibers, and thus conflicts with the shepherd-0.8 we use in
the default essential services.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/61627>.
* gnu/system/linux-container.scm (container-essential-services): When
shared-network? is true, remove the hosts-service-type service kind.
* gnu/system/shadow.scm (default-skeleton): Update gdbinit to search for
more debug packages in guix-home and the system profile.
(skeleton-directory): Move .gdbinit to .config/gdb/gdbinit.
This follows up on commit c077345539, and
adds a comment to avoid this in future.
* gnu/system/file-systems.scm (invalid-file-system-flags):
Add 'no-diratime to the list of KNOWN-FLAGS.
Make it consistent with bash_profile generated by Guix Home.
* gnu/system/shadow.scm (default-skeletons)[bash_profile]: Source .profile in
skeleton bash_profile.
Users can override 'PS1' in ~/.bashrc if they wish.
Previously, on Guix Home, the "default" 'PS1' would be set in ~/.bashrc
when 'home-bash-configuration-guix-defaults?' is true, preventing users
from overriding it via the 'environment-variables' field of
'home-bash-extension'.
* gnu/system/shadow.scm (%default-bashrc): Remove 'PS1' setting.
* gnu/system.scm (operating-system-etc-service): Define PS1 in
/etc/bashrc.
* gnu/home/services/shells.scm (add-bash-configuration): When
'home-bash-configuration-guix-defaults?' is true, add a default 'PS1' to
~/.bash_profile.
* gnu/system/shadow.scm (%default-bashrc): New variable. Source
/etc/bashrc only if it exists.
(default-skeletons): Use it.
* gnu/home/services/shells.scm (guix-bashrc): Remove.
(add-bash-configuration): Refer to '%default-bashrc' instead.
Generating a raw-with-offset image would previously not be bootable with
U-Boot.
* gnu/system/image.scm (root-partition) [file-system-options]: New field.
Fixes <https://issues.guix.gnu.org/60010>.
Reported by pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de>.
Previously, the 'modprobe' executable would try and fail to load the
module from /lib/modules/*. Set 'LINUX_MODULE_DIRECTORY' to make sure
'modprobe' looks for the module in the right place.
* gnu/system/install.scm (uvesafb-shepherd-service)[modprobe]: New
variable.
In 'start' method, invoke it instead of KMOD/bin/modprobe.
This file was added in fe1cd098d2 but it's
not referenced from anywhere, not even gnu/local.mk. Furthermore, we
don't normally add full OS examples for the purposes of illustrating the
use of a single service.
* gnu/system/examples/yggdrasil.tmpl: Remove.
Previously, copying the image would consume a lot of space and was
I/O-intensive, to the point that the marionette connection timeout of
20s could be reached when running tests like "docker-system".
* gnu/system/vm.scm (common-qemu-options): Pass 'format=' for each
'-drive' option.
(system-qemu-image/shared-store-script)[copy-image]: New variable.
[builder]: Use it when VOLATILE? is false.
Rationale: It is only used in INSTALLATION-OS and doesn't make sense to be
used in another context, given that file systems now automatically pull their
dependencies since commit 45eac6cdf5 (services:
Add file system utilities to profile).
* gnu/system.scm (%base-packages-disk-utilities): Deprecate and rename to...
* gnu/system/install.scm (%installer-disk-utilities): ... this.
(installation-os) [packages]: Adjust accordingly.
* gnu/system/images/pine64.scm (pine64-barebones-os) [services]: Add
dhcp-client-service-type and ntp-service-type to the list of services.
[packages]: Add nss-certs to the list of packages.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
Rationale: It is only used in INSTALLATION-OS and doesn't make sense to be
used in another context, given that file systems now automatically pull their
dependencies since commit 45eac6cdf5 (services:
Add file system utilities to profile).
* gnu/system.scm (%base-packages-disk-utilities): Deprecate and rename to...
* gnu/system/install.scm (%installer-disk-utilities): ... this.
(installation-os) [packages]: Adjust accordingly.
* gnu/packages/raspberry-pi.scm (grub-efi-bootloader-chain-raspi-64): New
bootloader variable, capable to boot a Raspberry Pi over network or from a
local storage.
* gnu/system/examples/raspberry-pi-64.tmpl: New operating-system example.
* gnu/system/examples/raspberry-pi-64-nfs-root.tmpl: New operating-system
example for booting over network.
* Makefile.am (EXAMPLES): Register the new files.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Cross-building a docker image with:
$ guix system image --image-type=docker --target=aarch64-linux-gnu os.scm
results in an image where the architecture declared in its config.json is
the host architecture rather than the target one. The binaries are
correctly cross-compiled, so the image can be loaded and used despite the
warning message shown by docker:
$ docker load -i vcal7bvsqcijchifhqdvprpd1niqh8sk-docker-image.tar.gz
Loaded image: guix:latest
$ docker create guix:latest
WARNING: The requested image's platform (linux/amd64) does not match the
detected host platform (linux/arm64/v8) and no specific platform was
requested
40f06aa869ed690489c4a3824a7f7721bd4bf453b85f25ac7199266939fe2fba
$ echo $?
0
This is fixed by passing the correct triplet to the build-docker-image
function.
* gnu/system/image.scm (system-docker-image) Add ‘image-target’ variable.
[builder]: Pass ‘#:system’ argument to ‘build-docker-image’.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
Make the operating-system field mandatory as creating an image without it
makes no sense. Introduce a new macro, image-without-os for the specific cases
where the image is only created to be inherited from afterwards.
* gnu/image.scm (<image>)[operating-system]: Make it mandatory.
* gnu/system/image.scm (image-without-os): New macro.
(efi-disk-image, efi32-disk-image, iso9660-image, docker-image,
raw-with-offset-disk-image): Use it.
* gnu/system/images/hurd.scm (hurd-disk-image): Ditto.
Running the following command where my-pine.scm contains an operating-system
declaration:
guix system image --image-type=pine64-raw my-pine.scm
returns:
guix system: error: package linux-libre-arm64-generic@5.18.19 does not support
x86_64-linux
That's because there's no platform defined in the pine64-raw image-type, hence
the guix system image tries to build the image for the host architecture.
* gnu/system/images/novena.scm (novena-image-type): Use the armv7-linux platform.
* gnu/system/images/pine64.scm (pine64-image-type): Use the aarch64-linux platform.
* gnu/system/images/pinebook-pro.scm (pinebook-pro-image-type): Use the aarch64-linux platform.
* gnu/system/images/rock64.scm (rock64-image-type): Use the aarch64-linux platform.
* gnu/system/linux-container.scm (container-script): Accept command line
options to bind mount host directories into the container.
* doc/guix.texi (Invoking guix system): Document options.
* gnu/system/examples/vm-image.tmpl: Use the 'GUIX_DISPLAYED_VERSION'
environment variable in 'label'.
* gnu/system/install.scm (%installation-os): Likewise.
* Makefile.am (release): Set 'GUIX_DISPLAYED_VERSION'.
Fixes <https://issues.guix.gnu.org/53210>.
Reported by Mathieu Othacehe <othacehe@gnu.org>.
* gnu/system/install.scm (%installation-services): Set 'guix' to
use (current-guix) in 'guix-configuration'.
* gnu/system/examples/vm-image.tmpl: Likewise.
* gnu/tests/install.scm (operating-system-with-current-guix): Remove.
(run-install, installation-os-for-gui-tests): Remove its uses.
* Makefile.am (release): Remove intermediate use of
'update-guix-package.scm' and subsequent 'git commit' invocation.