Merge branch 'staging' into core-updates

7 files changed, 100 insertions, 51 deletions

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index d2baea0dd0..04b123b833 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -43,6 +43,7 @@
                 #:select (canonical-package glibc glibc-utf8-locales))
   #:use-module (gnu packages bash)
   #:use-module (gnu packages package-management)
+  #:use-module ((gnu packages gnupg) #:select (guile-gcrypt))
   #:use-module (gnu packages linux)
   #:use-module (gnu packages terminals)
   #:use-module ((gnu build file-systems)
@@ -50,6 +51,7 @@
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (guix modules)
+  #:use-module ((guix self) #:select (make-config.scm))
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
@@ -329,7 +331,7 @@ seconds after @code{SIGTERM} has been sent are terminated with
   `(("fstab" ,(plain-file "fstab"
                           (string-append
                            "\
-# This file was generated from your GuixSD configuration.  Any changes
+# This file was generated from your Guix configuration.  Any changes
 # will be lost upon reboot or reconfiguration.\n\n"
                            (string-join (map file-system->fstab-entry
                                              file-systems)
@@ -1481,16 +1483,14 @@ pam-limits-entry specified in LIMITS via pam_limits.so."
 
 (define* (guix-build-accounts count #:key
                               (group "guixbuild")
-                              (first-uid 30001)
                               (shadow shadow))
-  "Return a list of COUNT user accounts for Guix build users, with UIDs
-starting at FIRST-UID, and under GID."
+  "Return a list of COUNT user accounts for Guix build users with the given
+GID."
   (unfold (cut > <> count)
           (lambda (n)
             (user-account
              (name (format #f "guixbuilder~2,'0d" n))
              (system? #t)
-             (uid (+ first-uid n -1))
              (group group)
 
              ;; guix-daemon expects GROUP to be listed as a
@@ -1504,27 +1504,58 @@ starting at FIRST-UID, and under GID."
           1+
           1))
 
+(define not-config?
+  ;; Select (guix …) and (gnu …) modules, except (guix config).
+  (match-lambda
+    (('guix 'config) #f)
+    (('guix rest ...) #t)
+    (('gnu rest ...) #t)
+    (rest #f)))
+
 (define (hydra-key-authorization keys guix)
   "Return a gexp with code to register KEYS, a list of files containing 'guix
 archive' public keys, with GUIX."
-  #~(unless (file-exists? "/etc/guix/acl")
-      (for-each (lambda (key)
-                  (let ((pid (primitive-fork)))
-                    (case pid
-                      ((0)
-                       (let* ((port (open-file key "r0b")))
-                         (format #t "registering public key '~a'...~%" key)
-                         (close-port (current-input-port))
-                         (dup port 0)
-                         (execl #$(file-append guix "/bin/guix")
-                                "guix" "archive" "--authorize")
-                         (primitive-exit 1)))
-                      (else
-                       (let ((status (cdr (waitpid pid))))
-                         (unless (zero? status)
-                           (format (current-error-port) "warning: \
-failed to register public key '~a': ~a~%" key status)))))))
-                '(#$@keys))))
+  (define aaa
+    ;; XXX: Terrible hack to work around <https://bugs.gnu.org/15602>: this
+    ;; forces (guix config) and (guix utils) to be loaded upfront, so that
+    ;; their run-time symbols are defined.
+    (scheme-file "aaa.scm"
+                 #~(define-module (guix aaa)
+                     #:use-module (guix config)
+                     #:use-module (guix memoization))))
+
+  (define default-acl
+    (with-extensions (list guile-gcrypt)
+      (with-imported-modules `(((guix config) => ,(make-config.scm))
+                               ((guix aaa) => ,aaa)
+                               ,@(source-module-closure '((guix pki))
+                                                        #:select? not-config?))
+        (computed-file "acl"
+                       #~(begin
+                           (use-modules (guix pki)
+                                        (gcrypt pk-crypto)
+                                        (ice-9 rdelim))
+
+                           (define keys
+                             (map (lambda (file)
+                                    (call-with-input-file file
+                                      (compose string->canonical-sexp
+                                               read-string)))
+                                  '(#$@keys)))
+
+                           (call-with-output-file #$output
+                             (lambda (port)
+                               (write-acl (public-keys->acl keys)
+                                          port))))))))
+
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (unless (file-exists? "/etc/guix/acl")
+          (mkdir-p "/etc/guix")
+          (copy-file #+default-acl "/etc/guix/acl")
+          (chmod "/etc/guix/acl" #o600)))))
 
 (define %default-authorized-guix-keys
   ;; List of authorized substitute keys.
diff --git a/gnu/services/configuration.scm b/gnu/services/configuration.scm
index 707944cbe0..90f12a8d39 100644
--- a/gnu/services/configuration.scm
+++ b/gnu/services/configuration.scm
@@ -22,6 +22,7 @@
   #:use-module (guix packages)
   #:use-module (guix records)
   #:use-module (guix gexp)
+  #:use-module ((guix utils) #:select (source-properties->location))
   #:autoload   (texinfo) (texi-fragment->stexi)
   #:autoload   (texinfo serialize) (stexi->texi)
   #:use-module (ice-9 match)
@@ -129,6 +130,10 @@
                  #,(id #'stem #'% #'stem)
                  #,(id #'stem #'make- #'stem)
                  #,(id #'stem #'stem #'?)
+                 (%location #,(id #'stem #'-location)
+                            (default (and=> (current-source-location)
+                                            source-properties->location))
+                            (innate))
                  (field field-getter (default def))
                  ...)
                (define #,(id #'stem #'stem #'-fields)
diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index 715d333a71..9125139ef3 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -862,7 +862,7 @@ IPP specifications.")
         (define* (create-self-signed-certificate-if-absent
                   #:key private-key public-key (owner (getpwnam "root"))
                   (common-name (gethostname))
-                  (organization-name "GuixSD")
+                  (organization-name "Guix")
                   (organization-unit-name "Default Self-Signed Certificate")
                   (subject-parameters `(("CN" . ,common-name)
                                         ("O" . ,organization-name)
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 7940f28a26..0dee57e3bc 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -906,9 +906,13 @@ and extends polkit with the actions from @code{gnome-settings-daemon}."
           (service-extension profile-service-type
                              (compose list
                                       mate-package))))
+   (default-value (mate-desktop-configuration))
    (description "Run the MATE desktop environment.")))
 
-(define* (mate-desktop-service #:key (config (mate-desktop-configuration)))
+(define-deprecated (mate-desktop-service #:key
+                                         (config
+                                          (mate-desktop-configuration)))
+  mate-desktop-service-type
   "Return a service that adds the @code{mate} package to the system profile,
 and extends polkit with the actions from @code{mate-settings-daemon}."
   (service mate-desktop-service-type config))
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index fcaedd038b..a7e8c41d3a 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1485,7 +1485,7 @@ greyed out, instead of only later giving \"not selectable\" popup error.
         (define* (create-self-signed-certificate-if-absent
                   #:key private-key public-key (owner (getpwnam "root"))
                   (common-name (gethostname))
-                  (organization-name "GuixSD")
+                  (organization-name "Guix")
                   (organization-unit-name "Default Self-Signed Certificate")
                   (subject-parameters `(("CN" . ,common-name)
                                         ("O" . ,organization-name)
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index e70f1b70ef..11b41f2bf6 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -461,7 +461,7 @@ about using the hashed backend.  See also
     (log
      (maybe-string "*syslog")
      "Set logging options.  Advanced logging configuration is not yet supported
-by the GuixSD Prosody Service.  See @url{https://prosody.im/doc/logging}."
+by the Prosody service.  See @url{https://prosody.im/doc/logging}."
      common)
 
     (pidfile
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 611448b733..e1b1d9b236 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2018 Sou Bunnbu <iyzsong@member.fsf.org>
 ;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
-;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2018, 2019 Oleg Pykhalov <go.wigust@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,7 +29,8 @@
   #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix records)
-  #:use-module ((guix ui) #:select (display-hint))
+  #:use-module (guix utils)
+  #:use-module ((guix ui) #:select (display-hint G_))
   #:use-module (ice-9 match)
   #:use-module (ice-9 rdelim)
   #:use-module (srfi srfi-26)
@@ -509,13 +510,12 @@ create it manually.")
    (number 10051)
    "Zabbix server port."))
 
-(define zabbix-front-end-config
-  (match-lambda
-    (($ <zabbix-front-end-configuration>
-        _ db-host db-port db-name db-user db-password db-secret-file
-        zabbix-host zabbix-port)
-     (mixed-text-file "zabbix.conf.php"
-                      "\
+(define (zabbix-front-end-config config)
+  (match-record config <zabbix-front-end-configuration>
+    (%location db-host db-port db-name db-user db-password db-secret-file
+               zabbix-host zabbix-port)
+    (mixed-text-file "zabbix.conf.php"
+                     "\
 <?php
 // Zabbix GUI configuration file.
 global $DB;
@@ -525,20 +525,29 @@ $DB['SERVER']   = '" db-host "';
 $DB['PORT']     = '" (number->string db-port) "';
 $DB['DATABASE'] = '" db-name "';
 $DB['USER']     = '" db-user "';
-$DB['PASSWORD'] = '" (if (string-null? db-password)
-                         (if (string-null? db-secret-file)
-                             (raise (condition
-                                     (&message
-                                      (message "\
-you must provide either 'db-secret-file' or 'db-password'"))))
-                             (string-trim-both
-                              (with-input-from-file db-secret-file
-                                read-string)))
-                         (begin
-                           (display-hint "\
-Consider using @code{db-secret-file} instead of @code{db-password} and unset
-@code{db-password} for security in @code{zabbix-front-end-configuration}.")
-                           db-password)) "';
+$DB['PASSWORD'] = '" (let ((file (location-file %location))
+                           (line (location-line %location))
+                           (column (location-column %location)))
+                       (if (string-null? db-password)
+                           (if (string-null? db-secret-file)
+                               (raise (make-compound-condition
+                                       (condition
+                                        (&message
+                                         (message
+                                          (format #f "no '~A' or '~A' field in your '~A' record"
+                                                  'db-secret-file 'db-password
+                                                  'zabbix-front-end-configuration))))
+                                       (condition
+                                        (&error-location
+                                         (location %location)))))
+                               (string-trim-both
+                                (with-input-from-file db-secret-file
+                                  read-string)))
+                           (begin
+                             (display-hint (format #f (G_ "~a:~a:~a: ~a:
+Consider using @code{db-secret-file} instead of @code{db-password} for better
+security.") file line column 'zabbix-front-end-configuration))
+                             db-password))) "';
 
 // Schema name. Used for IBM DB2 and PostgreSQL.
 $DB['SCHEMA'] = '';
@@ -548,7 +557,7 @@ $ZBX_SERVER_PORT = '" (number->string zabbix-port) "';
 $ZBX_SERVER_NAME = '';
 
 $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
-"))))
+")))
 
 (define %maintenance.inc.php
   ;; Empty php file to allow us move zabbix-frontend configs to ‘/etc/zabbix’