Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.
In the example below, A is a common ancestor of the introductory commit
I and of commit X. Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:
X I
\ /
A
This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.
In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.
* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a is not a descendant of
$intro_commit. Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.
* doc/guix.texi (Monitoring Services): Document the various 'zabbix-*' service
types, and expand description of all Zabbix services. Use less marketing terms.
(Web Services): Add subsubheading for PHP-FPM, and anchors for
cross-referencing.
* gnu/services/monitoring.scm (zabbix-front-end-configuration): Use @ref
instead of @pxref for cross-referencing.
...to make them in line with the newly generated front-end documentation.
* doc/guix.texi (Monitoring Services): Regenerate zabbix-server-configuration
and zabbix-agent-configuration.
Commit e301f1a8ed removed the NGINX argument
entirely, but users may rely on and override it. Reported by rekado on #guix.
* gnu/services/monitoring.scm (%zabbix-front-end-nginx-configuration): Restore
exported variable.
(zabbix-front-end-nginx-extension): New procedure.
(zabbix-front-end-configuration): Remove FASTCGI-PARAMS field. Restore NGINX
field, but default to the empty list.
(zabbix-front-end-service-type): Extend NGINX-SERVICE-TYPE by
ZABBIX-FRONT-END-NGINX-EXTENSION.
* doc/guix.texi (Monitoring Services): Regenerate documentation.
* gnu/services/guix.scm (<nar-herder-configuration>): Add ttl and negative-ttl
fields.
(nar-herder-shepherd-services): Pass the ttl and negative-ttl values to the
service.
* doc/guix.texi (Guix Services): Document this.
* guix/profiles.scm (generation-number): Add optional 'base-profile'
parameter and use it.
* guix/scripts/system.scm (process-command): Add "/run/current-system"
as first argument to 'generation-number'.
* doc/guix.texi (Invoking guix system): Clarify that 'guix system
describe' shows the running system.
Suggested by Maxime Devos <maximedevos@telenet.be>
and Maxim Cournoyer <maxim.cournoyer@gmail.com>.
* doc/guix.texi (package Reference): Clarify 'native-search-paths'
vs. 'search-paths'.
(Search Paths): Link to it. Remove unnecessarily "define libxml2".
Reword 'file-pattern' description that said "When true".
Fixes <https://issues.guix.gnu.org/52766>.
Reported by Michael Rohleder <mike@rohleder.de>.
* gnu/machine/ssh.scm (<machine-ssh-configuration>)[safety-checks?]: New
field.
(machine-check-file-system-availability): Return the empty list when
'safety-checks?' is false.
(machine-check-initrd-modules): Likewise.
* doc/guix.texi (Invoking guix deploy): Document it.
Make sure that the images are created with a non volatile root by default and
the vm are created with a volatile root by default. Break the --volatile
option into --volatile-image and --persistent-vm options.
* guix/scripts/system.scm (perform-action): Turn volatile? argument into
volatile-vm-root?.
(show-help): Introduce --volatile-image and --persistent-vm options instead of
--volatile.
(%default-options): Adapt it.
(%options): Handle those options.
(process-action): Honor them.
* doc/guix.texi (Invoking guix system): Adapt it accordingly.
* gnu/services/telephony.scm (jami-configuration)[jamid]: Rename libring to
libjami.
* gnu/services/telephony.scm
(jami-configuration->command-line-arguments): Adjust daemon file name.
* gnu/services/telephony.scm (jami-service-type): Adjust doc.
* gnu/tests/telephony.scm (run-jami-test): Check for 'jamid' process, not
'dring'.
* doc/guix.texi (Telephony Services): Adjust doc for the jami-qt to jami and
libring to libjami packages renaming.
This enables profile caching not just when '-m' or '-f' is used, but
also when package specs are passed on the command line, as in:
guix shell -D guix git
It also changes profile cache keys to include the system type, which was
previously ignored.
* guix/scripts/shell.scm (options-with-caching)[single-file-for-caching]:
Remove.
Call 'profile-cached-gc-root' instead; adjust to accept two values.
(profile-cache-primary-key): New procedure.
(profile-cache-key): Remove.
(profile-file-cache-key, profile-spec-cache-key): New procedures.
(profile-cached-gc-root): Rewrite to include functionality formally in
'single-file-for-caching', but extend to handle package specs.
* gnu/packages.scm (cache-is-authoritative?): Export.
* guix/transformations.scm (transformation-option-key?): New procedure.
* doc/guix.texi (Invoking guix shell): Move '--rebuild-cache'
documentation to the bottom, just above '--root'. Explain caching and
how these two options relate to that.
The old output differs greatly from the current one and contains a typo.
* doc/guix.texi (Invoking guix home): Update ‘guix home search’ output
sample.
This is a followup to 05c962594c.
Discussed at <https://issues.guix.gnu.org/51307#24>.
* guix/scripts/hash.scm (%options): Warn about deprecation for
"--recursive", but not for '-r' as it's a convenient shorthand. Mention
'--serializer=nar' in the deprecation message.
* doc/guix.texi (Invoking guix hash): Adjust accordingly.
* guix/build/julia-build-system.scm (link-depot): Create 'Project.toml' file
when missing using data provided by the user.
(julia-create-package-toml): Remove from export.
* doc/guix.texi (Build Systems): Update julia-build-system section.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
nmtui does not benefit from being setuid. Oops.
* doc/guix.texi (Setuid Programs): Replace network-manager's /bin/nmtui
with nfs-utils' /sbin/mount.nfs. Change a @code{} to a @command{}.
Based on user feedback, the shadow / passwd example was too obscure for those
who aren't familiar with the shadow collection of tools. And it was also
considered confusing for the two examples to use different packages.
* doc/guix.texi (Setuid Programs): Use 'nmtui' in the examples.
Suggested by Alexander Asteroth <alexander.asteroth@h-brs.de>.
* doc/guix.texi (Defining Package Variants): Document all the supported
clauses of 'modify-inputs'.
This avoids issues where the coordinator component dependencies (like sqitch
and guile-fibers) make it harder to use the agent.
* gnu/packages/package-management.scm (guix-build-coordinator/agent-only): New
variable.
* gnu/services/guix.scm (<guix-build-coordinator-agent-configuration>): Use
the guix-build-coordinator/agent-only package by default.
* doc/guix.texi (Guix Services): Update accordingly.
Fixes <https://issues.guix.gnu.org/52539>.
Reported by Jacob First <jacob.first@member.fsf.org>.
* gnu/build/accounts.scm (allocate-passwd): Add comment as to why
'real-name' is taken from PREVIOUS. Add (not system?) to the
condition.
* gnu/system.scm (operating-system-etc-service) <login.defs>: Add
"CHFN_RESTRICT".
* gnu/system.scm (%setuid-programs): Add "chfn".
* gnu/system/pam.scm (base-pam-services): Add "chfn".
* doc/guix.texi (User Accounts): Document it.
* guix/scripts/system.scm (system-derivation-for-action): Use the image API to
generate the docker images and deprecate the docker-image command.
(process-action): Ditto.
* doc/guix.texi (Invoking guix system): Adapt it.
This code duplicates the (gnu system image) and (gnu build image) code. Using
VM for image generation is not needed, not portable and really slow. Remove
all the VM image generation code to make sure that only the image API is used.
* gnu/build/vm.scm: Remove it. Move the qemu-command procedure to ...
* gnu/build/marionette.scm: ... here.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adapt it.
* tests/modules.scm: Ditto.
* gnu/tests/install.scm: Ditto.
* gnu/system/vm.scm: Adapt it and remove expression->derivation-in-linux-vm,
qemu-img, system-qemu-image/shared-store and system-docker-image procedures.
* doc/guix.texi (G-Expressions): Adapt it.
Until now the rsync service would export a single module, named
"files". This allows users to specify as many modules as they want, in
line with rsyncd.conf(5).
* gnu/services/rsync.scm (warn-share-field-deprecation): New procedure.
(<rsync-configuration>)[modules]: New field.
[share-path, share-comment, read-only?, timeout]: Mark as deprecated.
(<rsync-module>): New record type.
(%default-modules): New variable.
(rsync-configuration-modules): New procedure.
(rsync-activation): Create the directory of each module.
(rsync-config-file): Generate configuration for each module.
(rsync-service-type)[description]: New field.
* doc/guix.texi (Networking Services): Adjust documentation. Augment
example.
* guix/scripts/hash.scm (git-hash): New procedure.
(%options): Use it.
* tests/guix-hash.sh: Test it.
* doc/guix.texi: Update.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/base.scm (%loopback-static-networking): New variable.
(%base-services): Use it.
* gnu/system/hurd.scm (%base-services/hurd): Use it.
* gnu/system/install.scm (%installation-services): Use it.
* doc/guix.texi (Networking Setup): Document it.
* gnu/services/base.scm (%qemu-static-networking): New variable.
* gnu/system/hurd.scm (%base-services/hurd): Use it.
* doc/guix.texi (Networking Setup): Document it.
* gnu/services/base.scm (<static-networking>)[interface, ip, netmask]
[gateway]: Remove.
[addresses, links, routes]: New fields.
[requirement]: Default to '(udev).
(<network-address>, <network-link>, <network-route>): New record types.
(ensure-no-separate-netmask, %ensure-no-separate-netmask): Remove.
(ipv6-address?, cidr->netmask, ip+netmask->cidr)
(network-set-up/hurd, network-tear-down/hurd)
(network-set-up/linux, network-tear-down/linux)
(static-networking->hurd-pfinet-options): New procedures.
(static-networking-shepherd-service): New procedure.
(static-networking-shepherd-services): Rewrite in terms of the above.
(static-networking-service): Deprecate. Adjust to new
'static-networking' API.
(%base-services): Likewise.
* gnu/system/install.scm (%installation-services): Likewise.
* gnu/system/hurd.scm (%base-services/hurd): Likewise, and separate
'loopback' from 'networking'.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Remove
"servers/socket/2".
* gnu/tests/networking.scm (run-openvswitch-test)["networking has
started on ovs0"]: Check for 'networking instead of 'networking-ovs0,
which is no longer provided.
* doc/guix.texi (Networking Setup): Document the new interface. Remove
documentation of 'static-networking-service'.
(Virtualization Services): Change Ganeti example to use the new
interface.
This should make it easier to find how to get started setting up
networking.
* doc/guix.texi (Networking Setup): New section.
(Networking Services): Remove 'static-networking-service',
'dhcp-client-service-type', 'network-manager-service-type',
'connman-service-type', 'wicd-service', 'modem-manager-service-type',
'usb-modeswitch-service-type', and 'wpa-supplicant-service-type'.
It configures QEMU to use the tty it was started in for IO (as opposed to
opening a separate graphical window). This enables copy-pasting and
scrollback. Exit QEMU with C-a x.
* gnu/system/vm.scm (system-qemu-image/shared-store-script): Also add the
'-nographic' QEMU argument when called with #:graphic? #false.
* guix/scripts/system.scm (system-derivation-for-action): Propagate
the #:graphic? keyword arg.
(perform-action): Add and propagate the #:graphic? keyword arg.
(show-help): Add --no-graphic CLI arg.
(%options): Process the new --no-graphic CLI arg.
(process-action): Feed in the CLI arg through the #:graphic? keyword arg.
* doc/guix.texi (Invoking guix system): Add example to combine guix system and
invoking the vm start script into one command. Split the description of the
various options into separate paragraphs. Add a paragraph to describe
--no-graphic.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu/packages/package-management.scm (guix-build-coordinator): Update to
0-40.226ec0f.
* doc/guix.texi (Guix Build Coordinator): Remove note about the service being
considered experimental, it's been stable for a while now.
* gnu/services/docker.scm (docker-configuration): Add the field
(docker-shepherd-service): Pass the list of defined variables to
make-forkexec-constructor.
* doc/guix.texi (Miscellaneous Services): Update doc.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Upstream raised these back in 2019 with CUPS 2.3.0.
* gnu/services/cups.scm (<cups-configuration>): Raise default
‘multiple-operation-timeout’ and ‘timeout’ from 300 to 900 seconds.
* doc/guix.texi (Printing Services): Adjust accordingly.
The meaning changed by accident when guix environment was replaced
by guix shell in 80edb7df65.
* doc/guix.texi (Debugging Build Failures): Add missing -D option.
This change is motivated by the need to disable the default 30 seconds timeout
that Meson uses (see: https://gitlab.gnome.org/GNOME/glib/-/issues/2522), and
also by desire to specify extra options to run the check phase without having
to override it.
* guix/build-system/meson.scm (meson-build) <test-target>: Replace argument
with...
<test-options>: ... this one.
* guix/build/meson-build-system.scm (check): Invoke 'meson test' instead of
'ninja test-target', as the former is configurable via options.
* doc/guix.texi (Build Systems) <meson-build-system>: Update doc.
* guix/import/cran.scm (download): Handle the case where URL is a list.
(fetch-description-from-tarball): New procedure.
(fetch-description): Add #:version parameter. Honor it when REPOSITORY
is 'cran. Use 'fetch-description-from-tarball' when REPOSITORY is
'bioconductor.
(description->package): SOURCE-URL may now be a list.
(cran->guix-package): Pass VERSION to 'fetch-description'.
(cran-recursive-import): Add #:version parameter.
* guix/scripts/import/cran.scm (guix-import-cran): Expect a spec rather
than a mere package name.
* doc/guix.texi (Invoking guix import): Document it.
This allows us to skip the expensive man-db profile hook in most cases.
Suggested by Liliana Marie Prikler <liliana.prikler@gmail.com>.
* guix/profiles.scm (manual-database/optional): New procedure.
(%default-profile-hooks): Use it instead of 'manual-database'.
* doc/guix.texi (Documentation): Add footnote about 'man -k' database
creation.
