* gnu/build/chromium-extension.scm (chromium-json->profile-object): Remove
variable.
(file-sha256): New variable.
(make-chromium-extension): Rename OUTPUT parameter to prevent conflict.
Adjust other variable names for clarity.
[inputs]: Clear.
[arguments]: Inline and simplify the final transformation with a gexp.
Loading the framebuffer-coreboot module simply fails with EINVAL on a
non-Corebooted system. Crashing the system with a kernel panic is not
a reasonable reaction to loading valid modules on unsupported hardware.
The kernel should log an error, which the user is expected to see.
Bogus module names will still be fatally reported by linux-modules.drv.
* gnu/build/linux-modules.scm (load-linux-module*):
Ignore EINVAL errors when operating recursively.
* gnu/services/base.scm (<static-networking>)[interface, ip, netmask]
[gateway]: Remove.
[addresses, links, routes]: New fields.
[requirement]: Default to '(udev).
(<network-address>, <network-link>, <network-route>): New record types.
(ensure-no-separate-netmask, %ensure-no-separate-netmask): Remove.
(ipv6-address?, cidr->netmask, ip+netmask->cidr)
(network-set-up/hurd, network-tear-down/hurd)
(network-set-up/linux, network-tear-down/linux)
(static-networking->hurd-pfinet-options): New procedures.
(static-networking-shepherd-service): New procedure.
(static-networking-shepherd-services): Rewrite in terms of the above.
(static-networking-service): Deprecate. Adjust to new
'static-networking' API.
(%base-services): Likewise.
* gnu/system/install.scm (%installation-services): Likewise.
* gnu/system/hurd.scm (%base-services/hurd): Likewise, and separate
'loopback' from 'networking'.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Remove
"servers/socket/2".
* gnu/tests/networking.scm (run-openvswitch-test)["networking has
started on ovs0"]: Check for 'networking instead of 'networking-ovs0,
which is no longer provided.
* doc/guix.texi (Networking Setup): Document the new interface. Remove
documentation of 'static-networking-service'.
(Virtualization Services): Change Ganeti example to use the new
interface.
* gnu/services/virtualization.scm (secret-service-activation): Remove.
(secret-service-shepherd-services): New procedure.
(secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE
extension. Add SHEPHERD-ROOT-SERVICE-TYPE and
USER-PROCESSES-SERVICE-TYPE extensions.
* gnu/build/secret-service.scm (delete-file*): New procedure.
(secret-service-receive-secrets): Use it.
* gnu/build/file-systems.scm (ext2-superblock-volume-name)
(bcachefs-superblock-volume-name, btrfs-superblock-volume-name)
(fat32-superblock-volume-name, fat16-superblock-volume-name)
(iso9660-superblock-volume-name, jfs-superblock-volume-name)
(f2fs-superblock-volume-name): Mention the file system type in the
docstring for consistency with the other superblock procedures.
* guix/cpio.scm (device-number, device->major+minor):
Move to, and subsequently import from, …
* guix/build/syscalls.scm (device-number, device-number->major+minor):
…here. Note the slight name change.
(mounts): Replace 16-bit open code with a DEVICE-NUMBER call.
* gnu/build/linux-boot.scm (device-number):
Remove duplicate 16-bit implementation in favour of the one above.
(resume-if-hibernated): Reuse DEVICE-NUMBER->MAJOR+MINOR.
It was never guaranteed to be run for non-root file systems. It was for
root file systems only due to a bug now fixed.
* gnu/build/file-systems.scm (check-btrfs-file-system): Don't invoke
‘btrfs device scan’ here.
* gnu/system/linux-initrd.scm (raw-initrd): Do so here if any btrfs file
systems are present.
* gnu/build/file-systems.scm (check-ext2-file-system)
(check-bcachefs-file-system, check-btrfs-file-system)
(check-fat-file-system, check-jfs-file-system, check-f2fs-file-system)
(check-ntfs-file-system, check-file-system): Take and honour new FORCE?
and REPAIR arguments. Update the docstring. Adjust all callers.
* gnu/system/file-systems.scm <file-system>: Add new SKIP-CHECK-IF-CLEAN?
and REPAIR fields.
(file-system->spec, spec->file-system): Adjust accordingly.
* gnu/build/linux-boot.scm (mount-root-file-system): Take new
SKIP-CHECK-IF-CLEAN? and REPAIR keyword arguments. Thread them through
to CHECK-FILE-SYSTEM.
* doc/guix.texi (File Systems): Document both new <file-system> options.
This broke compilation of Guix with guile@3.0.2 with:
In procedure make-regexp: Invalid range end
The fix is to replace [0-9A-f] with [0-9A-Fa-f].
* gnu/build/jami-service.scm (account-fingerprint-rx): Correct regexp.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
New record <setuid-program> with fields for setting the specific user
and group, as well as specifically selecting the setuid and setgid bits,
for a program within the setuid-program-service.
* gnu/services.scm (setuid-program-file-like-deprecated): New function.
(setuid-program-service-type): Make use of
setuid-program->activation-gexp. Adjust the extend property to handle
<setuid-program>.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
<setuid-record> list for each program entry.
* gnu/system.scm: (operating-system-setuid-programs): Renamed to
%operating-system-setuid-programs and replace it with new procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Replace
operating-system-setuid-programs with
%operating-system-setuid-programs.
* gnu/system/setuid.scm: New file.
* doc/guix.texi (Setuid Programs): Document <setuid-program>.
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
This broke compilation of Guix with guile@3.0.2 with:
In procedure make-regexp: Invalid range end
The fix is to replace [0-9A-f] with [0-9A-Fa-f].
* gnu/build/jami-service.scm (account-fingerprint-rx): Correct regexp.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This reverts commit 4673f81793, which reverted
commit 69dcc24c9f with the fix detailed below.
Thanks to Christopher Baines for reporting the failure and proposing a fix.
* guix/self.scm (compiled-guix) [*system-test-modules*]: Add the test data
files via the 'extra-files' argument.
* gnu/local.mk (dist_patch_DATA): Move the tests/data/jami-dummy-account.dat
file to...
* gnu/local.mk (MODULES_NOT_COMPILED): ... here.
* gnu/services/telephony.scm (string-or-computed-file?)
(string-list?, account-fingerprint-list?): New procedures.
(maybe-string-list, maybe-account-fingerprint-list)
(maybe-boolean, maybe-string, jami-account-list): New configuration field
types.
(serialize-string-list, serialize-boolean, serialize-string)
(jami-account, jami-account->alist, jami-configuration)
(jami-account-list?, jami-account-list-maybe): New procedures.
(%jami-accounts): New variable.
(jami-configuration->command-line-arguments): New procedure.
(jami-dbus-session-activation, jami-shepherd-services): New procedures.
(jami-service-type): New variable.
* gnu/build/jami-service.scm: New file.
* gnu/tests/data/jami-dummy-account.dat: Likewise.
* gnu/tests/telephony.scm: Likewise.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register them.
* Makefile.am (SCM_TESTS): Register the test file.
(dist_patch_DATA): Register the new data file.
* doc/guix.texi (Telephony Services): Document it.
Instead of imperative module-autoload! directives.
* gnu/build/shepherd.scm: Replace module-autoload! directives by autoload
arguments for define-module.
Note: this merge actually changes the 'curl' and 'python-attrs' derivations,
as part of solving caf4a7a277 and
12964df69a respectively.
4604d43c0e (gnu: gnutls@3.6.16: Fix cross-compilation.) was ignored because it
cannot currently be tested.
Conflicts:
gnu/local.mk
gnu/packages/aidc.scm
gnu/packages/boost.scm
gnu/packages/curl.scm
gnu/packages/nettle.scm
gnu/packages/networking.scm
gnu/packages/python-xyz.scm
gnu/packages/tls.scm
* gnu/build/linux-boot.scm (mount-root-file-system): Take a new #:CHECK?
keyword argument. Add it to the docstring. Conditionally call
CHECK-FILE-SYSTEM.
(boot-system): Adjust its only caller to pass the <file-system>'s CHECK?
option through, if available.
Previously, (read-partition-uuid "/does/not/exist") would return #f.
With this change, a 'system-error exception is raised as expected.
* gnu/build/file-systems.scm (ENOENT-safe): Clarify docstring.
(partition-field-reader): Remove use of 'ENOENT-safe'.
(partition-predicate): Wrap READER in 'ENOENT-safe'.
Fixes <https://bugs.gnu.org/47584>.
* gnu/build/activation.scm (copy-account-skeletons): Do not chown the
home directory; leave this to 'activate-user-home'.
(activate-user-home): Only chown the home directory after the account
skeletons have been copied.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
Fixes <https://bugs.gnu.org/47007>.
Reported by Jelle Licht <jlicht@fsfe.org>.
Since commit dcb640f02b, we could end up
applying the wrong mount flags because the (find ...) expression could
pick the "wrong" mount point in the presence of bind mounts.
* gnu/build/file-systems.scm (mount-file-system): Use 'statfs' to
compute FLAGS whe FS is a bind mount.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>