From man 5 ssh_config:
Unless noted otherwise, for each parameter, the first obtained value
will be used.
We want to allow falling through to the first explicitly chosen user
defined value.
* gnu/home/services.ssh.scm (define-maybe boolean): New configuration.
(openssh-host)[forward-x11?, forward-x11-trusted?, forward-agent?,
compression?]: Replace default value with maybe-boolean.
* doc/guix.texi (Secure Shell): Update documentation to match the
changes in the code.
Move away from using staging and core-updates, and make the strategy
independant of branch names.
Keep the 300 dependent threshold for changes to master, as I don't have any
specific reason to change this.
Most importantly, require using guix-patches issues to coordinate merging of
the branches, as I think that'll address the key issues that have shown up
recently where it's been unclear which branch should be merged next.
* doc/contributing.texi (Submitting Patches): Move the branching strategy to a
new Managing Patches and Branches section.
(Managing Patches and Branches): New section.
(Commit Policy): Simplify through referencing the new Managing Patches and
Branches section.
Signed-off-by: Christopher Baines <mail@cbaines.net>
* gnu/home/services/ssh.scm (<home-openssh-configuration>)[add-keys-to-agent]:
New field.
(serialize-add-keys-to-agent): New procedure.
(openssh-configuration->string): Use it.
* doc/guix.texi (Secure Shell): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
In an effort to homogenize things, commit
3c40dfe285 replaced:
@deffn {Scheme Procedure}
with:
@defun
However, the latter prints "Function" when all existing material about
Scheme uses the term "procedure".
Thus, for consistency, this commit switches to:
@deffn {Procedure}
* doc/guix.texi, doc/contributing.texi: Use "@deffn {Procedure}"
consistently rather than "@defun" or similar.
Thanks to Alexandros Prekates and Markku Korkeala for pointing out the bug in
the documentation. [1]
[1] https://lists.gnu.org/archive/html/help-guix/2023-05/msg00220.html
* doc/gnu.texi (Secure Shell): Replace reference to non-existing (gnu home
services ssh-agent)
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
screen-locker-service-type by default does both define PAM entry
and make program setuid binary. Normally both methods are
mutually exclusive, if binary has setuid set it does not really
needs PAM, otherway around also similar, if PAM is enabled
binary should not relay on setuid.
Recent swaylock package now compiled with PAM support. When PAM
support is compiled in, swaylock rejects executing if binary is
also setuid program.
This change turns screen-locker-configuration from strict
PAM AND setuid to more flexible PAM AND/OR setuid. Allowing
swaylock to be configured properly while supporting other
screen locker preferences.
* gnu/services/xorg.scm (screen-locker-configuration): Switch from
define-record-type to define-configuration.
[using-pam?]: New field to control PAM entry existence.
[using-setuid?]: New field to control setuid binary existence.
(screen-locker-pam-services): Should not make unix-pam-service if
using-pam? is set to #f.
(screen-locker-setuid-programs): Should not make program setuid
program if using-setuid? is set to #f.
(screen-locker-generate-doc): Internal function to generate
configuration documentation.
(screen-locker-service): Adapt to new screen-locker-configuration.
* gnu/services/desktop.scm (desktop-services-for-system): Adapt to
new screen-locker-configuration.
* doc/guix.texi: Reflect new changes to screen-locker-configuration.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
* guix/upstream.scm (update-package-inputs)[filtered-inputs]
[regular-inputs, native-inputs, propagated-inputs]: New procedures.
Use them in 'update-field' calls.
* tests/guix-refresh.sh (GUIX_TEST_UPDATER_TARGETS): Add "libreoffice"
to the dependencies of "the-test-package". Add 'updater-ignored-inputs'
property to "the-test-package".
* doc/guix.texi (Invoking guix refresh): Document it.
Previously, 'guix refresh r-ggplot2 -u' and similar commands would print
of list of input changes that would have to be made manually. With this
change, 'guix refresh -u' takes care of updating input fields
automatically.
* guix/upstream.scm (update-package-inputs): New procedure.
(update-package-source): Call it when 'upstream-source-inputs' returns
true.
* guix/scripts/refresh.scm (update-package): Remove iteration over the
result of 'changed-inputs'.
* guix/import/test.scm (available-updates): Add support for input
lists.
* tests/guix-refresh.sh (GUIX_TEST_UPDATER_TARGETS): Add input list for
"the-test-package".
Make sure 'guix refresh -u' updates 'inputs' accordingly.
* doc/guix.texi (Invoking guix refresh): Mention it.
* gnu/home/services/mail.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Mail Home Services): New node.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* doc/guix.texi (SELinux Support): Add note about 'guix-install.sh'.
Provide the absolute file name of 'guix-daemon.cil'. Wrap important
commands in @example. Suggest relabeling just /gnu and /var/guix
instead of all of /. Add "systemctl restart guix-daemon".
The default was an empty list which would remove any ~/.ssh/authorized_keys
file and replace it with a symlink to an empty file. On some systems, notably
Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not
allow login.
* doc/guix.texi (Secure Shell): Update, describe default #false value.
* gnu/home/services/ssh.scm (<home-openssh-configuration>)
[authorized-keys]: Change default to #f.
(openssh-configuration-files): Cater for default #f value: Do not register
"authorized_keys".
Passing '-DBUILD_COMPLEX=OFF' to lapack would eventually lead to a link
error.
Reported by Florian Pelz <pelzflorian@pelzflorian.de>.
* doc/guix.texi (Package Transformation Options): Change
'--with-configure-flag' example.
* etc/news.scm: Likewise.
* gnu/services/guix.scm (nar-herder-configuration-extra-environment-variables):
New procedure.
(nar-herder-shepherd-services): Pass the environment variables to the
shepherd.
* doc/guix.texi (Guix Services): Document it.
This should be usable with the new guile-gnutls.
* gnu/services/guix.scm
(guix-build-coordinator-agent-configuration-max-parallel-uploads): New
procedure.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Use
the new argument.
* doc/guix.texi (Guix Services): Document it.
I'm looking at this because I need to do some debugging of Guile's GC, and
there are some useful environment variables for that, but it should be
generally useful.
* gnu/services/guix.scm (guix-build-coordinator-configuration-extra-environment-variables):
New procedure.
(guix-build-coordinator-shepherd-services): Pass the environment variables to
the shepherd.
* doc/guix.texi (Guix Services): Document it.
Automated via 'M-x texinfo-all-menus-update' in Emacs, and dropping
the *Contributing menu removal, which is erroneously removed because defined
in a different Texinfo file.
* doc/guix.texi: Update all menus.
* doc/contributing.texi (Submitting Patches): Likewise.
Fixes <https://issues.guix.gnu.org/58813>. No longer suggests to splice the
output of etc/teams.scm commands into the 'git send-email' command line; this
is now transparently handled by the Git configuration, which is also
automatic.
* doc/contributing.texi (Configuring Git): Streamline section, now automated
via Automake.
(Sending a Patch Series): Do not specify options configured as default by the
above. Prefer long option names, for readability.
(Teams): Rewrite the examples to use --header-cmd.
(Commit Access): Refer to the Configuring Git section instead of detailing
manual steps.
Due to (now renamed) 'hidden-service' record type not being exported, the only
way Onion services (formely hidden services) could have worked is through the
now deprecated 'tor-hidden-service' procedure.
This commit updates the Tor service documentation, corrects some inconsistently
named accessors in <tor-configuration> record-type, renames and refactors
tor-hidden-service-configuration to tor-onion-service-configuration using
define-configuration and also exports it, allowing Onion services to be
configured directly within a <tor-configuration> record.
Lastly, it also deprecates the 'tor-hidden-service' procedure.
* doc/guix.texi (Networking Services): Substitute mentions of “Hidden services”
with “Onion Services”. Add a Tor Onion service configuration example.
Document <tor-onion-service-configuration>. Remove mention of
'tor-hidden-service' procedure.
* gnu/services/networking.scm: Export tor-configuration-tor,
tor-configuration-config-file, tor-configuration-hidden-services,
tor-configuration-socks-socket-type, tor-configuration-control-socket-path,
tor-onion-service-configuration, tor-onion-service-configuration?,
tor-onion-service-configuration-name, tor-onion-service-configuration-mapping.
(<tor-configuration>)[control-socket?]: Rename accessor.
(<hidden-service>): Replace with …
(<tor-onion-service-configuration>): … this.
(tor-configuration->torrc): Update record-type name.
(tor-activation): Ditto.
(tor-hidden-service-type): Remove variable.
(tor-hidden-service): Deprecate procedure.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Add a new 'proxy' field to openssh-host to allow ProxyCommand or
ProxyJump, but not both, to be configured. Configuring both would cause
the serialization order to determine which one is used. Deprecate the
'proxy-command' field because the 'proxy' field replaces it.
* gnu/home/services/ssh.scm (proxy-jump->string,
proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list,
sanitize-proxy-command): New procedure.
(proxy-jump, proxy-command): New record type.
(openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH
can't have ProxyCommand and ProxyJump configured at the same time.
* doc/guix.texi (Secure Shell): Update to match the changes to the
service.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>