screen-locker-service-type by default does both define PAM entry
and make program setuid binary. Normally both methods are
mutually exclusive, if binary has setuid set it does not really
needs PAM, otherway around also similar, if PAM is enabled
binary should not relay on setuid.
Recent swaylock package now compiled with PAM support. When PAM
support is compiled in, swaylock rejects executing if binary is
also setuid program.
This change turns screen-locker-configuration from strict
PAM AND setuid to more flexible PAM AND/OR setuid. Allowing
swaylock to be configured properly while supporting other
screen locker preferences.
* gnu/services/xorg.scm (screen-locker-configuration): Switch from
define-record-type to define-configuration.
[using-pam?]: New field to control PAM entry existence.
[using-setuid?]: New field to control setuid binary existence.
(screen-locker-pam-services): Should not make unix-pam-service if
using-pam? is set to #f.
(screen-locker-setuid-programs): Should not make program setuid
program if using-setuid? is set to #f.
(screen-locker-generate-doc): Internal function to generate
configuration documentation.
(screen-locker-service): Adapt to new screen-locker-configuration.
* gnu/services/desktop.scm (desktop-services-for-system): Adapt to
new screen-locker-configuration.
* doc/guix.texi: Reflect new changes to screen-locker-configuration.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
* guix/upstream.scm (update-package-inputs)[filtered-inputs]
[regular-inputs, native-inputs, propagated-inputs]: New procedures.
Use them in 'update-field' calls.
* tests/guix-refresh.sh (GUIX_TEST_UPDATER_TARGETS): Add "libreoffice"
to the dependencies of "the-test-package". Add 'updater-ignored-inputs'
property to "the-test-package".
* doc/guix.texi (Invoking guix refresh): Document it.
Previously, 'guix refresh r-ggplot2 -u' and similar commands would print
of list of input changes that would have to be made manually. With this
change, 'guix refresh -u' takes care of updating input fields
automatically.
* guix/upstream.scm (update-package-inputs): New procedure.
(update-package-source): Call it when 'upstream-source-inputs' returns
true.
* guix/scripts/refresh.scm (update-package): Remove iteration over the
result of 'changed-inputs'.
* guix/import/test.scm (available-updates): Add support for input
lists.
* tests/guix-refresh.sh (GUIX_TEST_UPDATER_TARGETS): Add input list for
"the-test-package".
Make sure 'guix refresh -u' updates 'inputs' accordingly.
* doc/guix.texi (Invoking guix refresh): Mention it.
* gnu/home/services/mail.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Mail Home Services): New node.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Prior to ceb5ef8347, (@ (gnu packages
texinfo) texinfo), which is what is used here, was pointing to version 6.7.
* doc/build.scm (html-manual-identifier-index)[build](worthy-entry?):
Adjust patterns for Texinfo 6.8.
(syntax-highlighted-html)[build](syntax-highlight): Likewise.
* doc/guix.texi (SELinux Support): Add note about 'guix-install.sh'.
Provide the absolute file name of 'guix-daemon.cil'. Wrap important
commands in @example. Suggest relabeling just /gnu and /var/guix
instead of all of /. Add "systemctl restart guix-daemon".
The documentation for git send-email recommends the use of an equal sign when
specifying a recipient with the --to option. [1] Adjusts the reference manual
accordingly.
[1] https://git-scm.com/docs/git-send-email
* doc (contributing.texi): Specify recipient via equal sign in
'git send-email --to'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The default was an empty list which would remove any ~/.ssh/authorized_keys
file and replace it with a symlink to an empty file. On some systems, notably
Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not
allow login.
* doc/guix.texi (Secure Shell): Update, describe default #false value.
* gnu/home/services/ssh.scm (<home-openssh-configuration>)
[authorized-keys]: Change default to #f.
(openssh-configuration-files): Cater for default #f value: Do not register
"authorized_keys".
Passing '-DBUILD_COMPLEX=OFF' to lapack would eventually lead to a link
error.
Reported by Florian Pelz <pelzflorian@pelzflorian.de>.
* doc/guix.texi (Package Transformation Options): Change
'--with-configure-flag' example.
* etc/news.scm: Likewise.
* gnu/services/guix.scm (nar-herder-configuration-extra-environment-variables):
New procedure.
(nar-herder-shepherd-services): Pass the environment variables to the
shepherd.
* doc/guix.texi (Guix Services): Document it.
This should be usable with the new guile-gnutls.
* gnu/services/guix.scm
(guix-build-coordinator-agent-configuration-max-parallel-uploads): New
procedure.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Use
the new argument.
* doc/guix.texi (Guix Services): Document it.
I'm looking at this because I need to do some debugging of Guile's GC, and
there are some useful environment variables for that, but it should be
generally useful.
* gnu/services/guix.scm (guix-build-coordinator-configuration-extra-environment-variables):
New procedure.
(guix-build-coordinator-shepherd-services): Pass the environment variables to
the shepherd.
* doc/guix.texi (Guix Services): Document it.
Automated via 'M-x texinfo-all-menus-update' in Emacs, and dropping
the *Contributing menu removal, which is erroneously removed because defined
in a different Texinfo file.
* doc/guix.texi: Update all menus.
* doc/contributing.texi (Submitting Patches): Likewise.
The section insisted on GUIX_PACKAGE_PATH, mentioned version 0.16, and
didn't say much about channels, which made it look obsolete.
* doc/guix-cookbook.texi (GUIX_PACKAGE_PATH): Remove section.
(Guix channels): Rename to...
(Channels): ... this. Merge most of the explanations previously in the
GUIX_PACKAGE_PATH section. Say more about channels and add
cross-references.
Fixes <https://issues.guix.gnu.org/58813>. No longer suggests to splice the
output of etc/teams.scm commands into the 'git send-email' command line; this
is now transparently handled by the Git configuration, which is also
automatic.
* doc/contributing.texi (Configuring Git): Streamline section, now automated
via Automake.
(Sending a Patch Series): Do not specify options configured as default by the
above. Prefer long option names, for readability.
(Teams): Rewrite the examples to use --header-cmd.
(Commit Access): Refer to the Configuring Git section instead of detailing
manual steps.
Due to (now renamed) 'hidden-service' record type not being exported, the only
way Onion services (formely hidden services) could have worked is through the
now deprecated 'tor-hidden-service' procedure.
This commit updates the Tor service documentation, corrects some inconsistently
named accessors in <tor-configuration> record-type, renames and refactors
tor-hidden-service-configuration to tor-onion-service-configuration using
define-configuration and also exports it, allowing Onion services to be
configured directly within a <tor-configuration> record.
Lastly, it also deprecates the 'tor-hidden-service' procedure.
* doc/guix.texi (Networking Services): Substitute mentions of “Hidden services”
with “Onion Services”. Add a Tor Onion service configuration example.
Document <tor-onion-service-configuration>. Remove mention of
'tor-hidden-service' procedure.
* gnu/services/networking.scm: Export tor-configuration-tor,
tor-configuration-config-file, tor-configuration-hidden-services,
tor-configuration-socks-socket-type, tor-configuration-control-socket-path,
tor-onion-service-configuration, tor-onion-service-configuration?,
tor-onion-service-configuration-name, tor-onion-service-configuration-mapping.
(<tor-configuration>)[control-socket?]: Rename accessor.
(<hidden-service>): Replace with …
(<tor-onion-service-configuration>): … this.
(tor-configuration->torrc): Update record-type name.
(tor-activation): Ditto.
(tor-hidden-service-type): Remove variable.
(tor-hidden-service): Deprecate procedure.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Add a new 'proxy' field to openssh-host to allow ProxyCommand or
ProxyJump, but not both, to be configured. Configuring both would cause
the serialization order to determine which one is used. Deprecate the
'proxy-command' field because the 'proxy' field replaces it.
* gnu/home/services/ssh.scm (proxy-jump->string,
proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list,
sanitize-proxy-command): New procedure.
(proxy-jump, proxy-command): New record type.
(openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH
can't have ProxyCommand and ProxyJump configured at the same time.
* doc/guix.texi (Secure Shell): Update to match the changes to the
service.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Rationale: Even though the section 'X.509 Certificates' is part of the
System Configuration chapter, readers might also come here from a
cross-reference when reading about Application Setup on a foreign
distro.
* doc/guix.texi (System Configuration)[X.509 Certificates]: Clarify.
* gnu/home/services/gnupg.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (GNU Privacy Guard): New node.
(Secure Shell): Link to it.
* guix/scripts/environment.scm (show-environment-options-help)
(%options): Add '--nesting'.
(options/resolve-packages): Handle it.
(launch-environment/container): Add #:nesting? and honor it.
[nesting-mappings]: New procedure.
(guix-environment*): Add support for '--nesting'.
* guix/scripts/shell.scm (profile-cached-gc-root): Special-case
'nesting?'.
* tests/guix-environment-container.sh: Test it.
* doc/guix.texi (Invoking guix shell): Document it.
This is to make explicit something which until now had always been implicit.
* doc/contributing.texi (Commit Access): Mention that committers are expected
to employ consensus decision making.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/audio.scm (%mympd-user, %mympd-group)
(mympd-user-sanitizer, mympd-group-sanitizer): New variables.
(mympd-configuration)[user]: Use user-account as value type.
Sanitize via mympd-user-sanitizer.
[group]: Use user-group as value type.
Sanitize via mympd-group-sanitizer.
(mympd-serialize-configuration): Adjust accordingly.
(mympd-accounts): Likewise.
* doc/guix.texi (Audio Services)[myMPD]: Likewise.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>