Commit graph

576 commits

Author SHA1 Message Date
Tobias Geerinckx-Rice
d6c9754c56
services: setuid-program: Populate /run/privileged/bin.
Create /run/setuid-programs compatibility symlinks so that we can
migrate all users (both package and human) piecemeal at our leisure.

Apart from being symlinks, this should be a user-invisible change.

* gnu/build/activation.scm (%privileged-program-directory): New variable.
[activate-setuid-programs]: Put privileged copies in
%PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in
%SETUID-DIRECTORY.
* gnu/services.scm (setuid-program-service-type): Update docstring.
* doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
2024-08-11 02:00:00 +02:00
vicvbcun
2cbdec8bcd
file-systems: Allow specifying CIFS credentials in a file.
As files in the store and /etc/fstab are world readable, specifying the
password in the file-system record is suboptimal.  To mitigate this,
`mount.cifs' supports reading `username', `password' and `domain' options from
a file named by the `credentials' or `cred' option.

* gnu/build/file-systems.scm (mount-file-system): Read mount options from the
file specified via the `credentials' or `cred' option if specified.

Change-Id: I786c5da373fc26d45fe7a876c56a8c4854d18532
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-07-26 18:50:53 +02:00
Richard Sent
de0fbfbf0b
file-systems: Skip checking the cifs file-system type.
* gnu/build/file-systems.scm (check-file-system)[check-procedure]: Add cifs.

Change-Id: I891b18f03884ed45e92ac32556fe04b3087e20dd
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-07-20 12:12:16 +02:00
Richard Sent
3e87b207ce
file-systems: Add support for mounting CIFS file systems
* gnu/build/file-systems (canonicalize-device-name): Do not attempt to resolve
CIFS formatted device specifications.
(mount-file-systems): Add mount-cifs nested function.
* gnu/machine/ssh.scm (machine-check-file-system-availability): Skip checking
for CIFS availability, similar to NFS.
* guix/scripts/system.scm (check-file-system-availability): Likewise.

Change-Id: I182e290eba64bbe5d1332815eb93bb68c01e0c3c
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-06-04 12:08:34 +02:00
Richard Sent
9d6c4f5160
file-systems: Add host-to-ip nested function
* gnu/build/file-systems (mount-file-system): Split out getaddrinfo logic into a
dedicated function, (host-to-ip)

Change-Id: I522d70a10651ca79533a4fc60b96b884243a3526
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-06-04 12:08:34 +02:00
Maxim Cournoyer
afacfa33ec
gnu: linux-libre: Enable Zstd compression of kernel modules.
This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about
12%.

* gnu/packages/linux.scm (default-extra-linux-options)
[version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else
CONFIG_MODULE_COMPRESS_GZIP.
(make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment
variable to 19.
[native-inputs]: Add zstd.
* gnu/build/linux-modules.scm (module-regex): Add .zst to regexp.  Update doc.
(modinfo-section-contents): Extend support to Zstd compressed module.
(dot-ko): Register the 'zstd compression type.
(ensure-dot-ko, file-name->module-name, load-linux-module*)
(module-name->file-name/guess, write-module-name-database)
(write-module-alias-database, write-module-device-database): Update doc.
(module-name-lookup): Also consider zstd-compressed modules.
* gnu/installer.scm (installer-program): Add guile-zstd extension to gexp.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise.
Decompress zstd-compressed modules for use in initrd.
* guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp.

Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a
2024-05-29 22:01:23 -04:00
Hilton Chain
7995816ec4
linux-modules: Ignore nonexistent module files on boot.
This is a follow-up to 8f8ec56052, which only
covers building initrd, while the booting code still tries to load nonexistent
files for builtin modules.

* gnu/build/linux-modules.scm (load-linux-modules-from-directory): Ignore
nonexistent module files.

Change-Id: I09ef207e82397e915e671c8464b92bcf90f03dcf
2024-03-27 22:23:38 +08:00
Nicolas Graves
27ee6f06d0
services: activation: Ensure /run existence.
* gnu/build/activation.scm (activation-script): Ensure /var/run existence.
* gnu/build/install.scm (evaluate-populate-directive)
[directives]: Remove directory /run.

Change-Id: I19ca8e7605c0cff598ab89077a94e20390ba27b0
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-02-19 18:42:12 +01:00
Nicolas Graves
e73db355b1
services: activation: Ensure /var/run existence.
* gnu/services.scm (activation-script): Ensure /var/run existence.
* gnu/build/install.scm (evaluate-populate-directive)
[directives]: Remove directory /var/run.

Change-Id: I5fb93d33b6b1f045f1e5ba206b9b0b74b5184260
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-02-19 18:41:47 +01:00
Nicolas Graves
a5f66c2446
file-systems: Recognize “none” as a valid device spec.
* gnu/build/file-systems (canonicalize-device-name): Fallback to tmpfs
if spec is "none".

Change-Id: Ia55c715d04c7611ba8c979f23f1ad4a8ed2e75b6
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-02-19 18:41:10 +01:00
Ludovic Courtès
5f34796dc4
marionette: Add #:peek? to ‘wait-for-tcp-port?’.
* gnu/build/marionette.scm (wait-for-tcp-port): Add #:peek? parameter
and honor it.

Change-Id: Ie7515a5223299390ab8af6fe5aa3cf63ba5c8078
2024-02-10 22:59:56 +01:00
Ludovic Courtès
f331a667d3
services: secret-service: Make the endpoint configurable.
Until now, the secret service had a hard-coded TCP endpoint on port
1004.  This change lets users specify arbitrary socket addresses.

* gnu/build/secret-service.scm (socket-address->string): New procedure,
taken from Shepherd.
(secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust
accordingly.
(secret-service-receive-secrets): Likewise.
* gnu/services/virtualization.scm (secret-service-shepherd-services):
Likewise.
(secret-service-operating-system): Add optional ‘address’ parameter and
honor it.  Adjust ‘start’ method accordingly.

Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578
2024-02-10 22:59:43 +01:00
Josselin Poiret
93ac4c20bf
chromium-extension: Compute json at argument evaluation time.
* gnu/build/chromium-extension.scm (make-chromium-extension): Make use of the
make-signing-key procedure inside the argument field, making sure that it is
not evaluated at file-load time.  This would otherwise try to resolve gnutls
when we can't guarantee it's defined because of dependency cycles.

Change-Id: Ia7b13acfbca475c2df073e9a88fc8bb9264dd968
2023-12-27 17:18:52 +01:00
Ludovic Courtès
ca81317389
shepherd: Remove ‘make-forkexec-constructor/container’.
This was superseded by ‘least-authority-wrapper’.

* gnu/build/shepherd.scm (read-pid-file/container)
(make-forkexec-constructor/container): Remove.

Change-Id: I6acccdff2609a35807608f865a4d381146113a88
2023-12-22 00:31:42 +01:00
Jean-Pierre De Jesus DIAZ
c7d2faf178
gnu: cross-toolchain: Add set-cross-path for AVR.
* gnu/build/cross-toolchain.scm (set-cross-path/avr): New procedure.
(cross-gcc-build-phases) [string-prefix? "avr"]: Return
set-cross-path/avr procedure.

Signed-off-by: Jean-Pierre De Jesus DIAZ <me@jeandudey.tech>
Change-Id: I00bd39236ac2e31fef02164a7fffc8b56a166f0d
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2023-12-11 13:36:51 +02:00
Jean-Pierre De Jesus DIAZ
9095e10620
gnu: cross-gcc: Enable multilib for AVR.
* gnu/build/cross-toolchain.scm (patch-multilib-shebang): New procedure.
* gnu/packages/avr.scm (make-avr-gcc): Remove uneeded phases and flags
  for multilib.
* gnu/packages/cross-base (cross-gcc-arguments) <#:configure-flags>
  [target-avr?]: Remove --disable-multilib and add --enable-multilib.

Change-Id: Id68d803057ac898f0a670f10487b08bf0891ab0b
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2023-12-11 13:24:09 +02:00
Ludovic Courtès
1300c316e9
gnu: ‘make-icecat-extension’ inherits package location.
This is an improvement for the purposes of ‘guix edit’ & co.

* gnu/build/icecat-extension.scm (make-icecat-extension): Add ‘location’
field.

Change-Id: I896ae6823b3fe4ea013fa74e2c536f45664d8042
2023-12-10 21:46:52 +01:00
Tobias Geerinckx-Rice
d553249f72
linux-boot: Don't create /root before it's used.
* gnu/build/linux-boot.scm (boot-system): Postpone the MKDIR of /root.

Change-Id: I589316a5ddf41cada02173ed4dd5b7df09b795e8
2023-11-19 01:00:00 +01:00
Clément Lassieur
25043e01b6
gnu: icecat: Support Guix packaged extensions and native manifests.
* gnu/build/icecat-extension.scm: New file with a MAKE-ICECAT-EXTENSION
procedure that makes sure the add-on directory is a symlink, so that Icecat
can normalize it into a package store path.
* gnu/local.mk (dist_patch_DATA): Register it, as well as new patches.
* gnu/packages/browser-extensions.scm (ublock-origin)[properties]: Store the
add-on ID so that it is accessible in MAKE-ICECAT-EXTENSION.
[arguments]: Use the add-on ID as root directory.
(ublock-origin/icecat): New procedure.
* gnu/packages/gnuzilla.scm (icecat-minimal)[arguments]: Rewrite the unused
'apply-guix-specific-patches' phase so that it applies the following two
patches.
[native-search-paths]: New field.
* gnu/packages/patches/icecat-compare-paths.patch: New patch that compares
add-on paths (which are package store paths) to detect package changes.
* gnu/packages/patches/icecat-use-system-wide-dir.patch: New patch that
replaces "/usr/lib/mozilla" (the system-wide directory for extensions and
native manifests) with "$ICECAT_SYSTEM_DIR".
2023-10-23 11:19:02 +02:00
Tobias Geerinckx-Rice
47e265af75
linux-modules: Fix module dependency loading.
* gnu/build/linux-modules.scm (dot-ko): Make COMPRESSION optional,
as expected by callers RECURSIVE-MODULE-DEPENDENCIES and
LOAD-LINUX-MODULE*.
2023-10-15 02:00:00 +02:00
Ludovic Courtès
8b8ab17561
accounts: Fix typo in comment.
* gnu/build/accounts.scm (passwd->shadow): Fix typo in comment.
2023-10-12 18:53:06 +02:00
Ludovic Courtès
002c5bec07
accounts: Ensure ‘last-change’ field of shadow entries is never zero.
* gnu/build/accounts.scm (passwd->shadow): Add ‘max’ call so NOW is
greater than or equal to 1.
2023-10-08 23:43:49 +02:00
Ludovic Courtès
e90a972ce2
secret-service: Increase default handshake timeout.
* gnu/build/secret-service.scm (secret-service-send-secrets):
Increase #:handshake-timeout.
2023-10-01 22:58:19 +02:00
Janneke Nieuwenhuizen
0a1af11ff8
hurd-boot: Setup/dev/hdX, /dev/hdXsY IDE device node translators.
The gnumach builtin IDE hd devices are still used, unless booting with
"noide".

* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create /dev/hd{0..3},
/dev/hd{0..3}s{0..3}.
2023-10-01 15:51:23 +02:00
Tobias Geerinckx-Rice
5a2c3352d8
Revert "gnu: system: Add home-directory-permissions field to <user-account>."
This reverts commit e9a5eebc78, which
as far as I can tell breaks system roll-backs thusly:

[...]
In gnu/build/accounts.scm:
   239:27  3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >)
In unknown file:
           2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure string-append: Wrong type (expecting string): #t
2023-08-20 02:00:00 +02:00
David Thompson
e9a5eebc78
gnu: system: Add home-directory-permissions field to <user-account>.
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.

Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2023-08-25 15:12:54 +02:00
Bruno Victal
6a86e2d13a
marionette: Allow passing custom OCR arguments.
* gnu/build/marionette.scm (%default-ocrad-arguments): New variable.
(invoke-ocrad-ocr, invoke-tesseract-ocr, marionette-screen-text)
[ocr-arguments]: New argument.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2023-07-19 10:38:15 -04:00
Janneke Nieuwenhuizen
030b15d466
hurd-boot: Cater for netdde.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Setup translators for
netdde, eth{0,1}.  Create /servers/socket/{inet,inet6} symlinks.

Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2023-07-13 18:59:57 +02:00
Janneke Nieuwenhuizen
fe873fb417
hurd-boot: Setup pci-arbiter and rumpdisk translators.
* gnu/build/hurd-boot.scm (make-hurd-device-nodes): Create "servers/bus/pci.
(set-hurd-device-translators): Create transators for pci-arbiter, rumpdisk,
and /dev/wd0..3s1..4.

Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2023-07-13 18:58:58 +02:00
Efraim Flashner
cd55aa9801
gnu: image: Add support for unformatted partitions.
* gnu/build/image.scm (make-unformatted-image): New procedure.
(make-partition-image): Add support for unformatted partition.
* gnu/system/image.scm (system-disk-image)[partition->gpt-type]: Add
case for using unformatted partition uuid.
2023-06-14 14:52:21 +03:00
Josselin Poiret
e041801e61
hurd-boot: Symlink /hurd before setting up translators.
* gnu/build/hurd-boot.scm (boot-hurd-system): Symlink /hurd before setting up
translators.

Reviewed-by: Janneke Nieuwenhuizen <janneke@gnu.org>
2023-05-17 22:26:06 +02:00
Ludovic Courtès
e88bf64e6f
services: dbus-service, secret-service: Do not cause (fibers) to be loaded.
* gnu/build/dbus-service.scm (sleep*): Pass #:ensure #f to 'resolve-module'.
* gnu/build/secret-service.scm (wait-for-readable-fd): Likewise.
2023-05-06 17:12:45 +02:00
Tobias Geerinckx-Rice
4ef9a5dd5e
file-systems: Validate 'no-diratime flag.
This follows up on commit c077345539, and
adds a comment to avoid this in future.

* gnu/system/file-systems.scm (invalid-file-system-flags):
Add 'no-diratime to the list of KNOWN-FLAGS.
2023-02-26 01:00:07 +01:00
Ludovic Courtès
0ef8fe22ed
linux-container: 'container-excursion' forks to join the PID namespace.
Fixes <https://issues.guix.gnu.org/61156>.

* gnu/build/linux-container.scm (container-excursion): Add extra call to
'primitive-fork' and invoke THUNK in the child process.
* tests/containers.scm ("container-excursion"): Remove extra
'primitive-fork' call, now unnecessary.
("container-excursion*, /proc"): New test.
2023-01-30 22:24:27 +01:00
Ludovic Courtès
52eb3db19c
container: Correctly report exit status.
* gnu/build/linux-container.scm (container-excursion): Return the raw
status value.
* tests/containers.scm ("container-excursion, same namespaces"): Add
'status:exit-val' call.
* guix/scripts/container/exec.scm (guix-container-exec): Correctly
handle the different cases.
2023-01-30 22:24:27 +01:00
Ludovic Courtès
69fc67b6bb
hurd-boot: Fix list of devices with translators.
Fixes a regression introduced in
450f774028 and
e3c6575ee9, which introduced
unquote-splicing without changing quote to quasiquote.

* gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Use
quasiquote, note quote.
2022-12-24 00:45:47 +01:00
Marius Bakke
4d94cdf698
activation: Firmware activation handles missing support in kernel.
* gnu/build/activation.scm (activate-firmware): Check if firmware loading is
enabled before attempting to use it.
2022-12-17 17:08:50 +01:00
Ludovic Courtès
302a84a593
Merge branch 'version-1.4.0' 2022-12-12 15:03:35 +01:00
Efraim Flashner
45f5feb279
image: Use 512 byte blocks for EFI partitions.
Addresses <https://issues.guix.gnu.org/59695>.

* gnu/build/image.scm (make-vfat-image): When creating a fat filesystem
for UEFI bootable partition use 512 byte blocks.
2022-12-12 10:47:59 +02:00
Ludovic Courtès
61b7e96877
install: 'umount-cow-store' retries upon EBUSY.
Possibly fixes <https://issues.guix.gnu.org/59884>.

* gnu/build/install.scm (umount*): New procedure.
(unmount-cow-store): Use it instead of 'umount'.
2022-12-10 14:34:35 +01:00
Ludovic Courtès
e3c6575ee9
system: hurd: Create more ttys.
* gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Add
more /dev/ttyN nodes.
* gnu/system/hurd.scm (%base-services/hurd): Add more
'hurd-getty-service-type' instances.
2022-11-28 11:19:31 +01:00
Ludovic Courtès
b5e334aeb8
hurd-boot: Explain why 'getxattr' cannot be used on GNU/Hurd.
This is a followup to f25e8f76fe.

* gnu/build/hurd-boot.scm (translated?): Clarify why 'getxattr' cannot
be used on GNU/Hurd.
2022-11-28 11:19:30 +01:00
Ludovic Courtès
450f774028
hurd-boot: Create more PTY nodes.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create more
/dev/ptyp* and /dev/ttyp* nodes.
2022-11-28 11:19:30 +01:00
Ricardo Wurmus
c585b4bc68
file-systems: Always do recursive bind mounts.
Fixes <https://issues.guix.gnu.org/59185>.

* guix/build/syscalls.scm (MS_REC): New variable.
* gnu/build/file-systems.scm (mount-flags->bit-mask): Set MS_REC bit when
bind-mounting.
2022-11-20 21:27:10 +01:00
Ludovic Courtès
00b9ab0a83
tests: root-unmount: Wait for the first QEMU process to finish.
There was a tiny possibility that the first QEMU process would still be
running by the time we launch the second one.

* gnu/build/marionette.scm (marionette-pid): Export.
* gnu/tests/base.scm (run-root-unmount-test)[test]: Add 'waitpid' call.
2022-11-17 11:10:09 +01:00
Maxim Cournoyer
0bb872b379
install: Validate symlink target in evaluate-populate-directive.
* gnu/build/install.scm (evaluate-populate-directive): By default, error when
the target of a symlink doesn't exist.  Always ensure TARGET ends with "/".
(populate-root-file-system): Call evaluate-populate-directive with
 #:error-on-dangling-symlink #t and add comment.
2022-11-15 14:15:11 -05:00
Ludovic Courtès
afbd4d8470
linux-modules: Add 'load-pci-device-database'.
* gnu/build/linux-modules.scm (read-pci-device-database)
(load-pci-device-database): New procedures.
2022-11-15 12:16:43 +01:00
Ludovic Courtès
655fb8feac
linux-modules: Add support for listing PCI devices.
* gnu/build/linux-modules.scm (<pci-device>): New record type.
(pci-device-class-predicate, storage-pci-device?, network-pci-device?)
(display-pci-device?, pci-devices?): New procedures.
2022-11-15 12:16:42 +01:00
Marius Bakke
c1261b3a5d
file-systems: Gracefully handle EMEDIUMTYPE in 'read-partitions'.
* gnu/build/file-systems.scm (ENOENT-safe): Catch EMEDIUMTYPE and warn.
2022-11-03 20:00:31 +01:00
Ludovic Courtès
c077345539
file-systems: Support the 'no-diratime' mount flag.
* gnu/build/file-systems.scm (mount-flags->bit-mask): Handle 'no-diratime'.
* doc/guix.texi (File Systems): Document it.
2022-10-20 23:07:37 +02:00