Commit graph

475 commits

Author SHA1 Message Date
Marius Bakke
f59bb27557
chromium-extension: Simplify builder code.
* gnu/build/chromium-extension.scm (chromium-json->profile-object): Remove
variable.
(file-sha256): New variable.
(make-chromium-extension): Rename OUTPUT parameter to prevent conflict.
Adjust other variable names for clarity.
[inputs]: Clear.
[arguments]: Inline and simplify the final transformation with a gexp.
2021-12-16 22:21:13 +01:00
Tobias Geerinckx-Rice via Guix-patches via
13f1355443
linux-modules: Ignore EINVAL in ‘modprobe’ mode.
Loading the framebuffer-coreboot module simply fails with EINVAL on a
non-Corebooted system.  Crashing the system with a kernel panic is not
a reasonable reaction to loading valid modules on unsupported hardware.
The kernel should log an error, which the user is expected to see.

Bogus module names will still be fatally reported by linux-modules.drv.

* gnu/build/linux-modules.scm (load-linux-module*):
Ignore EINVAL errors when operating recursively.
2021-12-16 12:53:52 -05:00
Ludovic Courtès
1052ae5f03
Merge branch 'master' into core-updates-frozen 2021-12-13 11:49:15 +01:00
Ludovic Courtès
223f1b1eb3
services: static-networking: Change interface to mimic netlink.
* gnu/services/base.scm (<static-networking>)[interface, ip, netmask]
[gateway]: Remove.
[addresses, links, routes]: New fields.
[requirement]: Default to '(udev).
(<network-address>, <network-link>, <network-route>): New record types.
(ensure-no-separate-netmask, %ensure-no-separate-netmask): Remove.
(ipv6-address?, cidr->netmask, ip+netmask->cidr)
(network-set-up/hurd, network-tear-down/hurd)
(network-set-up/linux, network-tear-down/linux)
(static-networking->hurd-pfinet-options): New procedures.
(static-networking-shepherd-service): New procedure.
(static-networking-shepherd-services): Rewrite in terms of the above.
(static-networking-service): Deprecate.  Adjust to new
'static-networking' API.
(%base-services): Likewise.
* gnu/system/install.scm (%installation-services): Likewise.
* gnu/system/hurd.scm (%base-services/hurd): Likewise, and separate
'loopback' from 'networking'.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Remove
"servers/socket/2".
* gnu/tests/networking.scm (run-openvswitch-test)["networking has
started on ovs0"]: Check for 'networking instead of 'networking-ovs0,
which is no longer provided.
* doc/guix.texi (Networking Setup): Document the new interface.  Remove
documentation of 'static-networking-service'.
(Virtualization Services): Change Ganeti example to use the new
interface.
2021-12-12 23:20:49 +01:00
Ludovic Courtès
39e3b4b7ce
services: secret-service: Turn into a Shepherd service.
* gnu/services/virtualization.scm (secret-service-activation): Remove.
(secret-service-shepherd-services): New procedure.
(secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE
extension.  Add SHEPHERD-ROOT-SERVICE-TYPE and
USER-PROCESSES-SERVICE-TYPE extensions.
* gnu/build/secret-service.scm (delete-file*): New procedure.
(secret-service-receive-secrets): Use it.
2021-12-12 23:20:49 +01:00
Ludovic Courtès
b15e543d30
Merge branch 'master' into core-updates-frozen 2021-11-23 11:29:38 +01:00
Josselin Poiret
0831dfab75
system: Add swap flags.
* gnu/system/file-systems.scm (swap-space)[priority, discard?]: Add
them.
* guix/build/syscalls.scm (SWAP_FLAG_PREFER, SWAP_FLAG_PRIO_MASK,
SWAP_FLAG_PRIO_SHIFT, SWAP_FLAG_DISCARD): Add them.
* gnu/build/file-systems.scm (swap-space->flags-bit-mask): Add it.
* gnu/services/base.scm (swap-service-type): Use it.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-11-23 10:24:27 +01:00
Ludovic Courtès
3a317f7476
Merge branch 'master' into core-updates-frozen 2021-11-17 23:43:14 +01:00
Mathieu Othacehe
fb3df20116
build: bootloader: Add GPT support.
* gnu/build/bootloader.scm (install-efi-loader): Add GPT support.
2021-11-12 13:26:52 +00:00
Mathieu Othacehe
e486b2b674
Merge remote-tracking branch 'signed/master' into core-updates 2021-10-18 14:37:26 +00:00
Ludovic Courtès
3275c9e1f5
hurd-boot: Set pfinet on the right node for AF_INET6.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Fix /servers
file name for AF_INET6.
2021-10-18 10:00:50 +02:00
Mathieu Othacehe
a1eca979fb
Merge remote-tracking branch 'origin/master' into core-updates-frozen. 2021-10-12 17:46:23 +00:00
Tobias Geerinckx-Rice
e91c9ce32e
file-systems: Prefer low-memory mode of ‘btrfs check’.
* gnu/build/file-systems.scm (check-btrfs-file-system):
Add ‘--mode lowmem’ arguments when supported.

Reported by Noisytoot on #guix.
2021-09-28 22:08:23 +02:00
Ludovic Courtès
9980ac0f99
marionette: Print a line when a test succeeds.
* gnu/build/marionette.scm (system-test-runner): Add call to
'test-runner-on-test-end!'.
2021-09-26 23:35:58 +02:00
Ludovic Courtès
7d72829448
marionette: 'system-test-runner' can create output directory.
* gnu/build/marionette.scm (system-test-runner): Take optional
'log-directory' parameter.  Add 'test-begin' handler and honor
LOG-DIRECTORY.
2021-09-26 23:10:29 +02:00
Ludovic Courtès
9b9bfc7ac2
marionette: 'system-test-runner' dumps test log upon failure.
* gnu/build/marionette.scm (system-test-runner): In 'test-end' handler,
when SUCCESS? is false, dump log content to the current error port.
2021-09-26 23:09:23 +02:00
Ludovic Courtès
1fb75128a5
tests: Adjust to SRFI-64 as found in Guile 3.0.7.
In Guile 3.0.7, 'test-runner-current' is set to #f upon 'test-end'.
Consequently, the previous strategy, where we'd call
'test-runner-current' after 'test-end', no longer works.  Instead, set
the test runner in each test right before 'test-begin'.

* gnu/build/marionette.scm (system-test-runner): New procedure.
* gnu/tests/audio.scm (run-mpd-test): Replace (exit (= ...)) idiom
by (test-runner-current (system-test-runner)).
* gnu/tests/base.scm (run-basic-test)
(run-cleanup-test, run-mcron-test, run-nss-mdns-test): Likewise.
* gnu/tests/ci.scm (run-laminar-test): Likewise.
* gnu/tests/cups.scm (run-cups-test): Likewise.
* gnu/tests/databases.scm (run-memcached-test)
(run-postgresql-test, run-mysql-test): Likewise.
* gnu/tests/desktop.scm (run-elogind-test): Likewise.
* gnu/tests/dict.scm (run-dicod-test): Likewise.
* gnu/tests/docker.scm (run-docker-test): Likewise.
(run-docker-system-test): Likewise.
* gnu/tests/file-sharing.scm (run-transmission-daemon-test): Likewise.
* gnu/tests/ganeti.scm (run-ganeti-test): Likewise.
* gnu/tests/guix.scm (run-guix-build-coordinator-test): Likewise.
(run-guix-data-service-test): Likewise.
* gnu/tests/ldap.scm (run-ldap-test): Likewise.
* gnu/tests/linux-modules.scm (run-loadable-kernel-modules-test-base): Likewise.
* gnu/tests/mail.scm (run-opensmtpd-test)
(run-exim-test, run-dovecot-test, run-getmail-test): Likewise.
* gnu/tests/messaging.scm (run-xmpp-test)
(run-bitlbee-test, run-quassel-test): Likewise.
* gnu/tests/monitoring.scm (run-prometheus-node-exporter-server-test)
(run-zabbix-server-test): Likewise.
* gnu/tests/networking.scm (run-inetd-test, run-openvswitch-test)
(run-dhcpd-test, run-tor-test, run-iptables-test, run-ipfs-test): Likewise.
* gnu/tests/nfs.scm (run-nfs-test)
(run-nfs-server-test, run-nfs-root-fs-test): Likewise.
* gnu/tests/package-management.scm (run-nix-test): Likewise.
* gnu/tests/reconfigure.scm (run-switch-to-system-test)
(run-upgrade-services-test, run-install-bootloader-test): Likewise.
* gnu/tests/rsync.scm (run-rsync-test): Likewise.
* gnu/tests/security-token.scm (run-pcscd-test): Likewise.
* gnu/tests/singularity.scm (run-singularity-test): Likewise.
* gnu/tests/ssh.scm (run-ssh-test): Likewise.
* gnu/tests/telephony.scm (run-jami-test): Likewise.
* gnu/tests/version-control.scm (run-cgit-test): Likewise.
(run-git-http-test, run-gitolite-test, run-gitile-test): Likewise.
* gnu/tests/virtualization.scm (run-libvirt-test, run-childhurd-test): Likewise.
* gnu/tests/web.scm (run-webserver-test, run-php-fpm-test)
(run-hpcguix-web-server-test, run-tailon-test, run-patchwork-test): Likewise.
2021-09-25 18:52:05 +02:00
Tobias Geerinckx-Rice
34c105f929
file-systems: Add support for XFS.
* gnu/build/file-systems.scm (%xfs-endianness): New syntax.
(xfs-superblock?, read-xfs-superblock, xfs-superblock-uuid)
(xfs-superblock-volume-name, check-xfs-file-system): New procedures.
(%partition-label-readers, %partition-uuid-readers, check-file-system):
Register them.
* doc/guix.texi (Keyboard Layout and Networking and Partitioning):
Note XFS support.
2021-09-23 18:17:17 +02:00
Tobias Geerinckx-Rice
09a8fb1f37
file-systems: Add file system to *-SUPERBLOCK-VOLUME-NAME docstrings.
* gnu/build/file-systems.scm (ext2-superblock-volume-name)
(bcachefs-superblock-volume-name, btrfs-superblock-volume-name)
(fat32-superblock-volume-name, fat16-superblock-volume-name)
(iso9660-superblock-volume-name, jfs-superblock-volume-name)
(f2fs-superblock-volume-name): Mention the file system type in the
docstring for consistency with the other superblock procedures.
2021-09-23 18:17:17 +02:00
Tobias Geerinckx-Rice
348f0c61ef
syscalls: Deduplicate device number conversion.
* guix/cpio.scm (device-number, device->major+minor):
Move to, and subsequently import from, …
* guix/build/syscalls.scm (device-number, device-number->major+minor):
…here.  Note the slight name change.
(mounts): Replace 16-bit open code with a DEVICE-NUMBER call.
* gnu/build/linux-boot.scm (device-number):
Remove duplicate 16-bit implementation in favour of the one above.
(resume-if-hibernated): Reuse DEVICE-NUMBER->MAJOR+MINOR.
2021-09-23 18:17:16 +02:00
Tobias Geerinckx-Rice
68b219b9f4
gnu: Don't abuse check-btrfs-file-system to scan.
It was never guaranteed to be run for non-root file systems.  It was for
root file systems only due to a bug now fixed.

* gnu/build/file-systems.scm (check-btrfs-file-system): Don't invoke
‘btrfs device scan’ here.
* gnu/system/linux-initrd.scm (raw-initrd): Do so here if any btrfs file
systems are present.
2021-09-23 18:17:16 +02:00
Tobias Geerinckx-Rice
a75a3d7132
linux-boot: Honour fsck.mode & fsck.repair.
* gnu/build/linux-boot.scm (boot-system): Honour ‘fsck.mode=’ and
‘fsck.repair=’ kernel command line options.
* doc/guix.texi (Initial RAM Disk): Document both.
2021-09-23 18:17:16 +02:00
Tobias Geerinckx-Rice
602994847b
file-systems: Support forced checks & repairs.
* gnu/build/file-systems.scm (check-ext2-file-system)
(check-bcachefs-file-system, check-btrfs-file-system)
(check-fat-file-system, check-jfs-file-system, check-f2fs-file-system)
(check-ntfs-file-system, check-file-system): Take and honour new FORCE?
and REPAIR arguments.  Update the docstring.  Adjust all callers.
* gnu/system/file-systems.scm <file-system>: Add new SKIP-CHECK-IF-CLEAN?
and REPAIR fields.
(file-system->spec, spec->file-system): Adjust accordingly.
* gnu/build/linux-boot.scm (mount-root-file-system): Take new
SKIP-CHECK-IF-CLEAN? and REPAIR keyword arguments.  Thread them through
to CHECK-FILE-SYSTEM.
* doc/guix.texi (File Systems): Document both new <file-system> options.
2021-09-23 18:17:15 +02:00
Marius Bakke
5c3cb22c9b
Merge branch 'master' into core-updates-frozen
Conflicts:
	gnu/packages/bioinformatics.scm
	gnu/packages/chez.scm
	gnu/packages/docbook.scm
	gnu/packages/ebook.scm
	gnu/packages/gnome.scm
	gnu/packages/linux.scm
	gnu/packages/networking.scm
	gnu/packages/python-web.scm
	gnu/packages/python-xyz.scm
	gnu/packages/tex.scm
	gnu/packages/version-control.scm
	gnu/packages/xml.scm
	guix/build-system/dune.scm
	guix/build-system/go.scm
	guix/build-system/linux-module.scm
	guix/packages.scm
2021-09-17 01:25:52 +02:00
Tobias Geerinckx-Rice
ca23fd62f1
linux-boot: Remove mummified comment.
* gnu/build/linux-boot.scm (configure-qemu-networking): Delete 2014
comment about not doing something here.
2021-09-12 14:12:29 +02:00
Ludovic Courtès
d9dfbf886d
Merge branch 'master' into core-updates-frozen 2021-09-07 14:19:08 +02:00
Maxime Devos
d3d2fae2ce
build/jami-service: Fix range ends in account-fingerprint-rx.
This broke compilation of Guix with guile@3.0.2 with:

  In procedure make-regexp: Invalid range end

The fix is to replace [0-9A-f] with [0-9A-Fa-f].

* gnu/build/jami-service.scm (account-fingerprint-rx): Correct regexp.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2021-08-31 19:50:30 +03:00
Marius Bakke
c4133c43c7
Merge branch 'master' into core-updates-frozen
Conflicts:
	gnu/packages/algebra.scm
	gnu/packages/games.scm
	gnu/packages/golang.scm
	gnu/packages/kerberos.scm
	gnu/packages/mail.scm
	gnu/packages/python.scm
	gnu/packages/ruby.scm
	gnu/packages/scheme.scm
	gnu/packages/tex.scm
	gnu/packages/tls.scm
	gnu/packages/version-control.scm
2021-08-12 00:30:27 +02:00
Marius Bakke
b029be2ee0
Merge branch 'master' into core-updates-frozen
Conflicts:
	gnu/packages/bioinformatics.scm
	gnu/packages/cmake.scm
	gnu/packages/curl.scm
	gnu/packages/emacs-xyz.scm
	gnu/packages/gpodder.scm
	gnu/packages/music.scm
	gnu/packages/patches/glibc-bootstrap-system.patch
	gnu/packages/python-xyz.scm
	gnu/packages/shells.scm
	gnu/packages/statistics.scm
2021-07-29 22:34:57 +02:00
Chris Lemmer-Webber
a7ac19851b
services: setuid: More configurable setuid support.
New record <setuid-program> with fields for setting the specific user
and group, as well as specifically selecting the setuid and setgid bits,
for a program within the setuid-program-service.

* gnu/services.scm (setuid-program-file-like-deprecated): New function.
  (setuid-program-service-type): Make use of
  setuid-program->activation-gexp.  Adjust the extend property to handle
  <setuid-program>.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
  <setuid-record> list for each program entry.
* gnu/system.scm: (operating-system-setuid-programs): Renamed to
  %operating-system-setuid-programs and replace it with new procedure.
  (operating-system-default-essential-services,
  hurd-default-essential-services): Replace
  operating-system-setuid-programs with
  %operating-system-setuid-programs.
* gnu/system/setuid.scm: New file.
* doc/guix.texi (Setuid Programs): Document <setuid-program>.

Co-authored-by: Brice Waegeneire <brice@waegenei.re>
2021-07-29 11:32:08 -04:00
Maxime Devos
a3bfe953d2
build/jami-service: Fix range ends in account-fingerprint-rx.
This broke compilation of Guix with guile@3.0.2 with:

  In procedure make-regexp: Invalid range end

The fix is to replace [0-9A-f] with [0-9A-Fa-f].

* gnu/build/jami-service.scm (account-fingerprint-rx): Correct regexp.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2021-08-30 14:09:32 -04:00
Christopher Lemmer Webber
9455143907
Update copyright/name notices for Christine Lemmer-Webber.
* doc/guix-cookbook.texi: Update copyright/name for Christine Lemmer-Webber.
* gnu/build/image.scm: Likewise.
* gnu/build/vm.scm: Likewise.
* gnu/packages/admin.scm: Likewise.
* gnu/packages/assembly.scm: Likewise.
* gnu/packages/audio.scm: Likewise.
* gnu/packages/backup.scm: Likewise.
* gnu/packages/check.scm: Likewise.
* gnu/packages/databases.scm: Likewise.
* gnu/packages/emacs-xyz.scm: Likewise.
* gnu/packages/finance.scm: Likewise.
* gnu/packages/gnupg.scm: Likewise.
* gnu/packages/guile-xyz.scm: Likewise.
* gnu/packages/guile.scm: Likewise.
* gnu/packages/haskell-xyz.scm: Likewise.
* gnu/packages/linux.scm: Likewise.
* gnu/packages/mail.scm: Likewise.
* gnu/packages/password-utils.scm: Likewise.
* gnu/packages/perl.scm: Likewise.
* gnu/packages/python-web.scm: Likewise.
* gnu/packages/python-xyz.scm: Likewise.
* gnu/packages/python.scm: Likewise.
* gnu/packages/sphinx.scm: Likewise.
* gnu/packages/ssh.scm: Likewise.
* gnu/packages/xdisorg.scm: Likewise.
* gnu/services/networking.scm: Likewise.
* gnu/system/vm.scm: Likewise.
2021-08-15 14:15:37 -04:00
Maxim Cournoyer
10f554700c
Reinstate "services: Add a service for Jami."
This reverts commit 4673f81793, which reverted
commit 69dcc24c9f with the fix detailed below.

Thanks to Christopher Baines for reporting the failure and proposing a fix.

* guix/self.scm (compiled-guix) [*system-test-modules*]: Add the test data
files via the 'extra-files' argument.
* gnu/local.mk (dist_patch_DATA): Move the tests/data/jami-dummy-account.dat
file to...
* gnu/local.mk (MODULES_NOT_COMPILED): ... here.
2021-08-02 17:23:30 -04:00
Maxim Cournoyer
4673f81793
Revert "services: Add a service for Jami."
This reverts commit 69dcc24c9f.  It broke 'guix
pull'.
2021-08-02 15:48:59 -04:00
Maxim Cournoyer
69dcc24c9f
services: Add a service for Jami.
* gnu/services/telephony.scm (string-or-computed-file?)
(string-list?, account-fingerprint-list?): New procedures.
(maybe-string-list, maybe-account-fingerprint-list)
(maybe-boolean, maybe-string, jami-account-list): New configuration field
types.
(serialize-string-list, serialize-boolean, serialize-string)
(jami-account, jami-account->alist, jami-configuration)
(jami-account-list?, jami-account-list-maybe): New procedures.
(%jami-accounts): New variable.
(jami-configuration->command-line-arguments): New procedure.
(jami-dbus-session-activation, jami-shepherd-services): New procedures.
(jami-service-type): New variable.
* gnu/build/jami-service.scm: New file.
* gnu/tests/data/jami-dummy-account.dat: Likewise.
* gnu/tests/telephony.scm: Likewise.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register them.
* Makefile.am (SCM_TESTS): Register the test file.
(dist_patch_DATA): Register the new data file.
* doc/guix.texi (Telephony Services): Document it.
2021-08-02 15:15:02 -04:00
Maxim Cournoyer
5b2b834269
build: shepherd: Use autoload to lazily bind Shepherd modules.
Instead of imperative module-autoload! directives.

* gnu/build/shepherd.scm: Replace module-autoload! directives by autoload
arguments for define-module.
2021-08-02 14:16:22 -04:00
Marius Bakke
6f9a80b331
Merge branch 'master' into core-updates
Note: this merge actually changes the 'curl' and 'python-attrs' derivations,
as part of solving caf4a7a277 and
12964df69a respectively.

4604d43c0e (gnu: gnutls@3.6.16: Fix cross-compilation.) was ignored because it
cannot currently be tested.

 Conflicts:
	gnu/local.mk
	gnu/packages/aidc.scm
	gnu/packages/boost.scm
	gnu/packages/curl.scm
	gnu/packages/nettle.scm
	gnu/packages/networking.scm
	gnu/packages/python-xyz.scm
	gnu/packages/tls.scm
2021-06-19 17:38:47 +02:00
Tobias Geerinckx-Rice
9c28fdcae3
gnu: Respect ‘rootdelay’ kernel command-line argument.
* gnu/build/linux-boot.scm (boot-system): Sleep for "rootdelay=SECONDS"
when specified on the kernel command line.
2021-06-16 12:13:40 +02:00
Marius Bakke
8d59c262ad
Merge branch 'master' into core-updates
Conflicts:
	gnu/local.mk
	gnu/packages/algebra.scm
	gnu/packages/bioinformatics.scm
	gnu/packages/curl.scm
	gnu/packages/docbook.scm
	gnu/packages/emacs-xyz.scm
	gnu/packages/maths.scm
	gnu/packages/plotutils.scm
	gnu/packages/python-web.scm
	gnu/packages/python-xyz.scm
	gnu/packages/radio.scm
	gnu/packages/readline.scm
	gnu/packages/tls.scm
	gnu/packages/xml.scm
	gnu/packages/xorg.scm
2021-06-06 21:16:32 +02:00
Tobias Geerinckx-Rice
169cbd808a
gnu: Respect the root file-system's CHECK? field.
* gnu/build/linux-boot.scm (mount-root-file-system): Take a new #:CHECK?
keyword argument.  Add it to the docstring.  Conditionally call
CHECK-FILE-SYSTEM.
(boot-system): Adjust its only caller to pass the <file-system>'s CHECK?
option through, if available.
2021-05-23 23:38:52 +02:00
Marius Bakke
f034264204
Merge branch 'master' into core-updates
Conflicts:
	gnu/local.mk
	gnu/packages/bioinformatics.scm
	gnu/packages/django.scm
	gnu/packages/gtk.scm
	gnu/packages/llvm.scm
	gnu/packages/python-web.scm
	gnu/packages/python.scm
	gnu/packages/tex.scm
	guix/build-system/asdf.scm
	guix/build/emacs-build-system.scm
	guix/profiles.scm
2021-05-09 21:29:46 +02:00
Tobias Geerinckx-Rice
71f15ca871
file-systems: Rewrite comment.
* gnu/build/file-systems.scm (read-bcachefs-superblock): Make comment
less damned negative.
2021-05-04 15:40:32 +02:00
Tobias Geerinckx-Rice
b6269fb7bc
file-systems: Handle abnormal ‘bcachefs fsck’ exits.
* gnu/build/file-systems.scm (check-bcachefs-file-system): Handle a STATUS:EXIT-VAL of #F.
2021-05-04 15:40:32 +02:00
Ludovic Courtès
09ce4568f2
file-systems: read-partition-{uuid,label} don't swallow ENOENT & co.
Previously, (read-partition-uuid "/does/not/exist") would return #f.
With this change, a 'system-error exception is raised as expected.

* gnu/build/file-systems.scm (ENOENT-safe): Clarify docstring.
(partition-field-reader): Remove use of 'ENOENT-safe'.
(partition-predicate): Wrap READER in 'ENOENT-safe'.
2021-04-23 00:32:30 +02:00
Vagrant Cascadian
65b86c71ca
image: Fix spelling of "evaluate"
* gnu/build/image.scm: Fix typo.
2021-04-21 08:30:32 -07:00
Efraim Flashner
fcc39864db
Merge remote-tracking branch 'origin/master' into core-updates
Conflicts:
	gnu/local.mk
	gnu/packages/boost.scm
	gnu/packages/chez.scm
	gnu/packages/compression.scm
	gnu/packages/crates-io.scm
	gnu/packages/docbook.scm
	gnu/packages/engineering.scm
	gnu/packages/gcc.scm
	gnu/packages/gl.scm
	gnu/packages/gtk.scm
	gnu/packages/nettle.scm
	gnu/packages/python-check.scm
	gnu/packages/python-xyz.scm
	gnu/packages/radio.scm
	gnu/packages/rust.scm
	gnu/packages/sqlite.scm
	guix/build-system/node.scm
2021-04-16 14:39:48 +03:00
Maxime Devos
2161820ebb
activation: Do not dereference symlinks during home directory creation.
Fixes <https://bugs.gnu.org/47584>.

* gnu/build/activation.scm (copy-account-skeletons): Do not chown the
home directory; leave this to 'activate-user-home'.
(activate-user-home): Only chown the home directory after the account
skeletons have been copied.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
2021-04-03 22:08:34 +02:00
Efraim Flashner
2aab587f84
Merge remote-tracking branch 'origin/master' into core-updates 2021-03-24 20:50:44 +02:00
Ludovic Courtès
b665dd4a99
file-systems: 'mount-file-system' preserves the right mount flags.
Fixes <https://bugs.gnu.org/47007>.
Reported by Jelle Licht <jlicht@fsfe.org>.

Since commit dcb640f02b, we could end up
applying the wrong mount flags because the (find ...) expression could
pick the "wrong" mount point in the presence of bind mounts.

* gnu/build/file-systems.scm (mount-file-system): Use 'statfs' to
compute FLAGS whe FS is a bind mount.
2021-03-10 23:21:33 +01:00
Maxime Devos
520bac7ed0
services: Prevent following symlinks during activation.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files.  However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.

Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>

* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
  (%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-03-10 18:01:47 +01:00